Fix cli vulnerabilities 2 (#15461)

Author: pnv1

ydb/library/benchmarks/gen/tpcds-dbgen/build_support.c

@@ -368,9 +368,16 @@ embed_string(char *szDest, char *szDist, int nValue, int nWeight, int nStream)
     char *szWord = NULL;
 
     pick_distribution(&szWord, szDist, nValue, nWeight, nStream);
-    nPosition = genrand_integer(NULL, DIST_UNIFORM, 0, strlen(szDest) - strlen(szWord) - 1, 0, nStream);
+    int destLen = strlen(szDest);
+    int wordLen = strlen(szWord);
+    nPosition = genrand_integer(NULL, DIST_UNIFORM, 0, destLen - wordLen - 1, 0, nStream);
     strncpy(&szDest[nPosition], szWord, strlen(szWord));
 
+    // strncpy can technically make szDest not null-terminated
+    // Even though it doesn't, due to nPosition + wordLen is less than destLen
+    // Prevent passing unterminated string. Fixing coverity issue STRING_NULL
+    szDest[destLen] = '\0';
+
     return(0);
 }
 

ydb/library/benchmarks/gen/tpcds-dbgen/tdefs.c

@@ -147,9 +147,13 @@ getTdefsByNumber(int nTable)
 }
 */
 
+int getStdefsMaxSize() {
+   return (int)(sizeof(s_tdefs) / sizeof(s_tdefs[0]));
+}
+
 void checkTdefsSize(int nTable) {
    // Prevent array overflow. Fixing coverity issue OVERRUN
-   if (nTable < 0 || nTable >= (int)(sizeof(s_tdefs) / sizeof(s_tdefs[0]))) {
+   if (nTable < 0 || nTable >= getStdefsMaxSize()) {
       INTERNAL("Array s_tdefs overflow");
       exit(EXIT_FAILURE);
    }
@@ -230,8 +234,8 @@ getTableFromColumn(int nColumn)
 {
     int i;
    tdef *pT;
-    
-    for (i=0; i <= MAX_TABLE; i++)
+
+    for (i=0; i < S_BRAND + getStdefsMaxSize(); i++)
     {
       pT = getSimpleTdefsByNumber(i);
       if ((nColumn >= pT->nFirstColumn) && (nColumn <= pT->nLastColumn))

ydb/library/benchmarks/gen/tpcds-dbgen/w_datetbl.c

@@ -113,10 +113,10 @@ mk_w_date (void * row, ds_key_t index)
     r->d_fy_year = r->d_year;
     r->d_fy_quarter_seq = r->d_quarter_seq;
     r->d_fy_week_seq = r->d_week_seq;
-    if (r->d_dow >= MAXINT) {
-      INTERNAL("Int overflow for d_dow");
+    if (r->d_dow >= 7) {
+      INTERNAL("weekday_names array overflow");
       exit(EXIT_FAILURE);
-   }
+    }
     r->d_day_name = weekday_names[r->d_dow + 1];
     dist_member (&r->d_holiday, "calendar", day_index, 8);
     if ((r->d_dow == 5) || (r->d_dow == 6))
@@ -294,10 +294,10 @@ vld_w_date(int nTable, ds_key_t kRow, int *Permutation)
     r->d_fy_year = r->d_year;
     r->d_fy_quarter_seq = r->d_quarter_seq;
     r->d_fy_week_seq = r->d_week_seq;
-    if (r->d_dow >= MAXINT) {
-      INTERNAL("Int overflow for d_dow");
+    if (r->d_dow >= 7) {
+      INTERNAL("weekday_names array overflow");
       exit(EXIT_FAILURE);
-   }
+    }
     r->d_day_name = weekday_names[r->d_dow + 1];
     dist_member (&r->d_holiday, "calendar", day_index, 8);
     if ((r->d_dow == 5) || (r->d_dow == 6))

ydb/library/benchmarks/gen/tpcds-dbgen/w_item.c

@@ -58,14 +58,6 @@
 struct W_ITEM_TBL g_w_item,
     g_OldValues;
 
-void validate_string(char *szString, unsigned long maxSize) {
-    // Prevent passing unterminated string. Fixing coverity issue STRING_NULL
-    if (strlen(szString) > maxSize) {
-      INTERNAL("Trying po pass unterminated string");
-      exit(EXIT_FAILURE);
-    }
-}
-
 /*
 * mk_item
 */
@@ -198,7 +190,6 @@ mk_w_item (void* row, ds_key_t index)
 
     gen_charset(r->i_formulation, DIGITS, RS_I_FORMULATION, RS_I_FORMULATION, I_FORMULATION);
     embed_string(r->i_formulation, "colors", 1, 2, I_FORMULATION);
-    validate_string(r->i_formulation, RS_I_FORMULATION);
     changeSCD(SCD_CHAR, &r->i_formulation, &rOldValues->i_formulation,  &nFieldChangeFlags,  bFirstRecord);
 
     pick_distribution (&r->i_color, "colors", 1, 2, I_COLOR);

ydb/library/benchmarks/gen/tpch-dbgen/print.c

@@ -69,7 +69,7 @@ print_prep(int table, int update)
 					this_segment=++insert_orders_segment;
 				else 
 					this_segment=++insert_lineitem_segment;
-				sprintf(upath, "%s%c%s.u%d.%d", 
+				snprintf(upath, 128, "%s%c%s.u%d.%d", 
 					env_config(PATH_TAG, PATH_DFLT),
 					PATH_SEP, tdefs[table].name, update%10000,this_segment);
 				}
@@ -83,13 +83,13 @@ print_prep(int table, int update)
 			if ( delete_segments )
 				{
 				++delete_segment;
-				sprintf(upath, "%s%cdelete.u%d.%d",
+				snprintf(upath, 128, "%s%cdelete.u%d.%d",
 					env_config(PATH_TAG, PATH_DFLT), PATH_SEP, -update%10000,
 					delete_segment);
 				}
 			else
 				{
-				sprintf(upath, "%s%cdelete.%d",
+				snprintf(upath, 128, "%s%cdelete.%d",
 				env_config(PATH_TAG, PATH_DFLT), PATH_SEP, -update);
 				}
 		return(fopen(upath, "w"));