Fix remaining high CodeQL Issues

[TheAssembler1]

Remaining Issues

1. Validate Path Inputs

• (1-5) Validate paths obtained from environment variables.
• (6-9) Validate paths obtained from main() arguments.

Uncontrolled Data Used in Path Expression (9 High Severity Issues)

#	Code Snippet	Reference URL
1	char *user_specified_data_path = getenv("PDC_DATA_LOC")	https://github.com/TheAssembler1/pdc/security/code-scanning/384
2	user_specified_data_path = getenv("PDC_DATA_LOC")	https://github.com/TheAssembler1/pdc/security/code-scanning/140
3	char *bb_data_path = getenv("PDC_BB_LOC")	https://github.com/TheAssembler1/pdc/security/code-scanning/139
4	char *user_specified_data_path = getenv("PDC_DATA_LOC")	https://github.com/TheAssembler1/pdc/security/code-scanning/138
5	user_specified_data_path = getenv("PDC_DATA_LOC")	https://github.com/TheAssembler1/pdc/security/code-scanning/133
6	main(int argc, char *argv[]) char *file_name = argv[7]	https://github.com/TheAssembler1/pdc/security/code-scanning/137
7	main(int argc, char **argv) const char *dict_filename = argv[4]	https://github.com/TheAssembler1/pdc/security/code-scanning/136
8	main(int argc, char **argv) char *txtFilePath = argv[4]	https://github.com/TheAssembler1/pdc/security/code-scanning/135
9	main(int argc, char **argv) char *txtFilePath = argv[4]	https://github.com/TheAssembler1/pdc/security/code-scanning/134

---

2. Validate Allocation Sizes

• (1-2) Max size of metadata_server_objs_end->regions_end->reg_offset
• (3) Max size of checkpoint buffer
• (4) Max size of region_history->bin
• (5) Max size of region_history->range
• (6) Max kvtag size
• (7) Max kvtag name
• (8) Max hash table size
• (9) Max number of datart vnodes
• (10) Max dart replication factor
• (11-19) Max size for bin_file_ops operations

Uncontrolled Allocation Size (19 High Severity Issues)

#	Code Snippet	Reference URL
1	metadata_server_objs_end->regions_end->reg_offset = (uint64_t *)malloc(sizeof(uint64_t) * metadata_server_objs_end->ndim * 2)	https://github.com/TheAssembler1/pdc/security/code-scanning/122
2	metadata_server_objs_end->regions_end->reg_offset = (uint64_t *)malloc(sizeof(uint64_t) * metadata_server_objs_end->ndim * 2)	https://github.com/TheAssembler1/pdc/security/code-scanning/121
3	fread(&checkpoint_size, sizeof(uint64_t), 1, file) checkpoint_buf = (char *)malloc(checkpoint_size);	https://github.com/TheAssembler1/pdc/security/code-scanning/112
4	fread(&region_list->region_hist->nbin, sizeof(int), 1, file) region_list->region_hist->bin = (uint64_t *)malloc(sizeof(uint64_t) * region_list->region_hist->nbin)	https://github.com/TheAssembler1/pdc/security/code-scanning/111
5	fread(&region_list->region_hist->nbin, sizeof(int), 1, file) region_list->region_hist->range = (double *)malloc(sizeof(double) * region_list->region_hist->nbin * 2)	https://github.com/TheAssembler1/pdc/security/code-scanning/110
6	fread(&kvtag_list->kvtag->size, sizeof(uint32_t), 1, file) kvtag_list->kvtag->value = malloc(kvtag_list->kvtag->size)	https://github.com/TheAssembler1/pdc/security/code-scanning/109
7	fread(&key_len, sizeof(int), 1, file) kvtag_list->kvtag->name = malloc(key_len)	https://github.com/TheAssembler1/pdc/security/code-scanning/108
8	size_override = getenv("PROFILE_HASHTABLESIZE"); return htab_create_alloc(size, hash_f, eq_f, del_f, calloc, free)	https://github.com/TheAssembler1/pdc/security/code-scanning/107
9	fread(buffer, fsize, 1, fp) uint64_t *temp_out = (uint64_t *)calloc(dart->num_vnode, sizeof(uint64_t))	https://github.com/TheAssembler1/pdc/security/code-scanning/106
10	main(int argc, char *argv[]) out[0] = (uint64_t *)calloc(dart->replication_factor, sizeof(uint64_t))	https://github.com/TheAssembler1/pdc/security/code-scanning/105
11	fread(&length, sizeof(size_t), 1, stream) _data = (size_t *)calloc(length, sizeof(size_t))	https://github.com/TheAssembler1/pdc/security/code-scanning/104
12	fread(&length, sizeof(size_t), 1, stream) _data = (uint64_t *)calloc(length, sizeof(uint64_t))	https://github.com/TheAssembler1/pdc/security/code-scanning/103
13	fread(&length, sizeof(size_t), 1, stream) _data = (char *)calloc(length + 1, sizeof(char))	https://github.com/TheAssembler1/pdc/security/code-scanning/102
14	fread(&length, sizeof(size_t), 1, stream) _data = (double *)calloc(length, sizeof(double))	https://github.com/TheAssembler1/pdc/security/code-scanning/101
15	fread(&length, sizeof(size_t), 1, stream) _data = (int *)calloc(length, sizeof(int))	https://github.com/TheAssembler1/pdc/security/code-scanning/100
16	fread(&length, sizeof(size_t), 1, stream) _data = (size_t *)calloc(length, sizeof(size_t))	https://github.com/TheAssembler1/pdc/security/code-scanning/99
17	fread(&length, sizeof(size_t), 1, stream) _data = (uint64_t *)calloc(length, sizeof(uint64_t))	https://github.com/TheAssembler1/pdc/security/code-scanning/98
18	fread(&length, sizeof(size_t), 1, stream) _data = (char *)calloc(length + 1, sizeof(char))	https://github.com/TheAssembler1/pdc/security/code-scanning/97
19	fread(&length, sizeof(size_t), 1, stream) _data = (double *)calloc(length, sizeof(double))	https://github.com/TheAssembler1/pdc/security/code-scanning/96
20	fread(&length, sizeof(size_t), 1, stream) _data = (int *)calloc(length, sizeof(int))	https://github.com/TheAssembler1/pdc/security/code-scanning/95

[houjun]

(1-2) Max size of metadata_server_objs_end->regions_end->reg_offset: UINT64_MAX
(3) Max size of checkpoint buffer: 4GB
(4) Max size of region_history->bin: 65536
(5) Max size of region_history->range: 65536
(6) Max kvtag size: UINT64_MAX
(7) Max kvtag name: 4096
(8) Max hash table size: INT32_MAX
(9) Max number of datart vnodes: INT32_MAX
(10) Max dart replication factor: 1024
(11-19) Max size for bin_file_ops operations: INT32_MAX

[TheAssembler1]

@houjun shouldn't the kvtag size and hash table size fit in the checkpoint buffer? Since the checkpoint buffer is max 4GB should the upper bounds of the items within the checkpoint buffer be at most this large?