Security: use signed integers for string lengths and array lenghts by default

Standard functions, such as strnlen(), appear to operate on signed integers instead of unsigned.
Not being able to handle unsigned integers provides unknown behavior that could lead to potential security vulnerabilities.
Future versions of this project will likely need to abandon these methods for more flexible alternatives.

Example problem:
  sources/c/console.c:36:23: warning: 'strnlen' specified bound 18446744073709551615 exceeds maximum object size 9223372036854775807 [-Wstringop-overflow=]
     36 |       string_length = strnlen(argv[location], f_console_max_size);

That is 2^63 instead of the expected 2^64.

The array lengths were converted to signed as well.

diff --git a/level_0/f_strings/c/strings.h b/level_0/f_strings/c/strings.h
index 8c75076d28e93f208bdb9d7af3b5206d4c4f390d..341b7d20a07a9910b722e5ee1f1085e1993d2fec 100644 (file)
--- a/level_0/f_strings/c/strings.h
+++ b/level_0/f_strings/c/strings.h
@@ -62,16 +62,16 @@ extern "C" {
 #endif // _di_string_format_pointers_
 
 #ifndef _di_f_array_length_printf_
-  #define f_array_length_printf       string_format_unsigned
-  #define f_array_length_short_printf string_format_long_unsigned
-  #define f_array_length_long_printf  string_format_long_long_unsigned
+  #define f_array_length_printf       string_format_integer
+  #define f_array_length_short_printf string_format_short_integer
+  #define f_array_length_long_printf  string_format_long_integer
 #endif // _di_f_array_length_printf_
 
 // define the basic string type
 #ifndef _di_f_have_string_
   typedef f_autochar *f_string;
 
-  #define f_string_max_size   f_unsigned_long_size
+  #define f_string_max_size   f_signed_long_size
   #define f_string_initialize f_eos
 
   #define f_new_string(status, string, length)   status = f_new_array((f_void_p *) & string, sizeof(f_string), length)
@@ -88,7 +88,7 @@ extern "C" {
 #ifndef _di_f_string_length_
   typedef f_u_long f_string_length;
 
-  #define f_string_length_printf string_format_long_unsigned
+  #define f_string_length_printf string_format_long_integer
 
   #define f_new_string_length(status, string, length)   status = f_new_array((f_void_p *) & string, sizeof(f_string_length), length)
   #define f_delete_string_length(status, string)        status = f_delete((f_void_p *) & string)

diff --git a/level_0/f_types/c/types.h b/level_0/f_types/c/types.h
index b6ea66e6e34521f1c6b5feff203713a9f150847a..baf44aa0f696a93a2b65baa2b7d16f709bdd9d2b 100644 (file)
--- a/level_0/f_types/c/types.h
+++ b/level_0/f_types/c/types.h
@@ -158,9 +158,9 @@ extern "C" {
 
 // Defines a variable to be used by arrays.
 #ifndef _di_f_array_length_
-  typedef f_u_long      f_t_array_length;
-  typedef f_u_int       f_t_array_length_short;
-  typedef f_u_long_long f_t_array_length_long;
+  typedef f_s_long      f_array_length;
+  typedef f_s_int       f_array_length_short;
+  typedef f_s_long_long f_array_length_long;
 #endif // _di_f_array_length_
 
 #ifndef _di_f_gcc_specific_