From 226b072af82ab7000d26a2bf76ee585098b27875 Mon Sep 17 00:00:00 2001
From: Armin Novak <armin.novak@thincast.com>
Date: Mon, 10 Aug 2020 11:47:52 +0200
Subject: [PATCH 1/6] Fixed #6418: Warning due to invalid const qualifier

---
 libfreerdp/core/gateway/rdg.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libfreerdp/core/gateway/rdg.c b/libfreerdp/core/gateway/rdg.c
index 0c3fa6beb..08277cc3d 100644
--- a/libfreerdp/core/gateway/rdg.c
+++ b/libfreerdp/core/gateway/rdg.c
@@ -1427,7 +1427,7 @@ static BOOL rdg_process_keep_alive_packet(rdpRdg* rdg)
 
 static BOOL rdg_process_service_message(rdpRdg* rdg, wStream* s)
 {
-	const WCHAR* msg;
+	WCHAR* msg;
 	UINT16 msgLenBytes;
 	rdpContext* context = rdg->context;
 	assert(context);

From 57b405ca265966fd3790cb3f30d0b0c073268e7c Mon Sep 17 00:00:00 2001
From: Armin Novak <armin.novak@thincast.com>
Date: Mon, 10 Aug 2020 12:04:02 +0200
Subject: [PATCH 2/6] Fixed compilation warnings.

---
 channels/drdynvc/client/drdynvc_main.c         |  8 ++++----
 channels/urbdrc/client/data_transfer.c         |  8 +++++---
 channels/urbdrc/client/libusb/libusb_udevice.c |  5 +++--
 libfreerdp/codec/planar.c                      |  5 ++++-
 libfreerdp/core/gateway/rdg.c                  | 11 ++++++-----
 libfreerdp/core/orders.c                       |  5 +++--
 libfreerdp/crypto/crypto.c                     |  8 ++++----
 server/proxy/modules/capture/cap_main.c        |  6 +++---
 8 files changed, 32 insertions(+), 24 deletions(-)

diff --git a/channels/drdynvc/client/drdynvc_main.c b/channels/drdynvc/client/drdynvc_main.c
index 507305fc6..5c30b2966 100644
--- a/channels/drdynvc/client/drdynvc_main.c
+++ b/channels/drdynvc/client/drdynvc_main.c
@@ -415,7 +415,7 @@ static void dvcman_free(drdynvcPlugin* drdynvc, IWTSVirtualChannelManager* pChan
  */
 static UINT dvcman_init(drdynvcPlugin* drdynvc, IWTSVirtualChannelManager* pChannelMgr)
 {
-	size_t i;
+	int i;
 	DVCMAN* dvcman = (DVCMAN*)pChannelMgr;
 	UINT error = CHANNEL_RC_OK;
 
@@ -483,7 +483,7 @@ static UINT dvcman_close_channel_iface(IWTSVirtualChannel* pChannel)
 static UINT dvcman_create_channel(drdynvcPlugin* drdynvc, IWTSVirtualChannelManager* pChannelMgr,
                                   UINT32 ChannelId, const char* ChannelName)
 {
-	size_t i;
+	int i;
 	BOOL bAccept;
 	DVCMAN_CHANNEL* channel;
 	DrdynvcClientContext* context;
@@ -1606,7 +1606,7 @@ static UINT drdynvc_virtual_channel_event_terminated(drdynvcPlugin* drdynvc)
 static UINT drdynvc_virtual_channel_event_attached(drdynvcPlugin* drdynvc)
 {
 	UINT error = CHANNEL_RC_OK;
-	size_t i;
+	int i;
 	DVCMAN* dvcman;
 
 	if (!drdynvc)
@@ -1638,7 +1638,7 @@ fail:
 static UINT drdynvc_virtual_channel_event_detached(drdynvcPlugin* drdynvc)
 {
 	UINT error = CHANNEL_RC_OK;
-	size_t i;
+	int i;
 	DVCMAN* dvcman;
 
 	if (!drdynvc)
diff --git a/channels/urbdrc/client/data_transfer.c b/channels/urbdrc/client/data_transfer.c
index ecacc695f..fe6768c9b 100644
--- a/channels/urbdrc/client/data_transfer.c
+++ b/channels/urbdrc/client/data_transfer.c
@@ -454,11 +454,13 @@ static UINT urb_select_configuration(IUDEVICE* pdev, URBDRC_CHANNEL_CALLBACK* ca
 	if (MsConfig)
 		MsOutSize = MsConfig->MsOutSize;
 
-	if (MsOutSize > SIZE_MAX - 36)
-		return ERROR_INVALID_DATA;
-
 	if (MsOutSize > 0)
+	{
+		if ((size_t)MsOutSize > SIZE_MAX - 36)
+			return ERROR_INVALID_DATA;
+
 		out_size = 36 + MsOutSize;
+	}
 	else
 		out_size = 44;
 
diff --git a/channels/urbdrc/client/libusb/libusb_udevice.c b/channels/urbdrc/client/libusb/libusb_udevice.c
index 214cb7a7a..c863925c2 100644
--- a/channels/urbdrc/client/libusb/libusb_udevice.c
+++ b/channels/urbdrc/client/libusb/libusb_udevice.c
@@ -799,7 +799,7 @@ static UINT32 libusb_udev_control_query_device_text(IUDEVICE* idev, UINT32 TextT
 			if ((ret <= 0) || (ret <= 4) || (slen <= 4) || (locale != LIBUSB_DT_STRING) ||
 			    (ret > UINT8_MAX))
 			{
-				char* msg = "SHORT_DESCRIPTOR";
+				const char* msg = "SHORT_DESCRIPTOR";
 				if (ret < 0)
 					msg = libusb_error_name(ret);
 				WLog_Print(urbdrc->log, WLOG_DEBUG,
@@ -841,7 +841,8 @@ static UINT32 libusb_udev_control_query_device_text(IUDEVICE* idev, UINT32 TextT
 			sprintf_s(deviceLocation, sizeof(deviceLocation),
 			          "Port_#%04" PRIu8 ".Hub_#%04" PRIu8 "", device_address, bus_number);
 
-			len = strnlen(deviceLocation, MIN(sizeof(deviceLocation), inSize - 1));
+			len = strnlen(deviceLocation,
+			              MIN(sizeof(deviceLocation), (inSize > 0) ? inSize - 1U : 0));
 			for (i = 0; i < len; i++)
 				text[i] = (WCHAR)deviceLocation[i];
 			text[len++] = '\0';
diff --git a/libfreerdp/codec/planar.c b/libfreerdp/codec/planar.c
index 2a0861678..bedd2ed7a 100644
--- a/libfreerdp/codec/planar.c
+++ b/libfreerdp/codec/planar.c
@@ -482,6 +482,8 @@ static BOOL planar_subsample_expand(const BYTE* plane, size_t planeLength, UINT3
 {
 	size_t pos = 0;
 	UINT32 y;
+	WINPR_UNUSED(planeLength);
+
 	if (!plane || !deltaPlane)
 		return FALSE;
 
@@ -1195,7 +1197,8 @@ BYTE* freerdp_bitmap_planar_delta_encode_plane(const BYTE* inPlane, UINT32 width
 		{
 			INT32 delta = *srcPtr - *prevLinePtr;
 			s2c = (delta >= 0) ? (char)delta : (char)(~((BYTE)(-delta)) + 1);
-			s2c = (s2c >= 0) ? ((UINT32)s2c << 1) : (char)(((UINT32)(~((BYTE)s2c) + 1) << 1) - 1);
+			s2c = (s2c >= 0) ? (char)((UINT32)s2c << 1)
+			                 : (char)(((UINT32)(~((BYTE)s2c) + 1) << 1) - 1);
 			*outPtr = (BYTE)s2c;
 		}
 	}
diff --git a/libfreerdp/core/gateway/rdg.c b/libfreerdp/core/gateway/rdg.c
index 08277cc3d..d088061ec 100644
--- a/libfreerdp/core/gateway/rdg.c
+++ b/libfreerdp/core/gateway/rdg.c
@@ -244,7 +244,10 @@ static const char* capabilities_enum_to_string(UINT32 capabilities)
 
 static BOOL rdg_read_http_unicode_string(wStream* s, WCHAR** string, UINT16* lengthInBytes)
 {
-	WCHAR* str;
+	union {
+		BYTE* b;
+		WCHAR* w;
+	} str;
 	UINT16 strLenBytes;
 
 	/* Read length of the string */
@@ -253,7 +256,7 @@ static BOOL rdg_read_http_unicode_string(wStream* s, WCHAR** string, UINT16* len
 	Stream_Read_UINT16(s, strLenBytes);
 
 	/* Remember position of our string */
-	Stream_GetPointer(s, str);
+	Stream_GetPointer(s, str.b);
 
 	/* seek past the string - if this fails something is wrong */
 	if (!Stream_SafeSeek(s, strLenBytes))
@@ -261,7 +264,7 @@ static BOOL rdg_read_http_unicode_string(wStream* s, WCHAR** string, UINT16* len
 
 	/* return the string data (if wanted) */
 	if (string)
-		*string = str;
+		*string = str.w;
 	if (lengthInBytes)
 		*lengthInBytes = strLenBytes;
 
@@ -740,8 +743,6 @@ static BOOL rdg_process_tunnel_response_optional(rdpRdg* rdg, wStream* s, UINT16
 
 	if (fieldsPresent & HTTP_TUNNEL_RESPONSE_FIELD_SOH_REQ)
 	{
-		UINT16 certLen;
-
 		/* Seek over nonce (20 bytes) */
 		if (!Stream_SafeSeek(s, 20))
 		{
diff --git a/libfreerdp/core/orders.c b/libfreerdp/core/orders.c
index f2eaffbf1..715fb44fc 100644
--- a/libfreerdp/core/orders.c
+++ b/libfreerdp/core/orders.c
@@ -2618,10 +2618,11 @@ BOOL update_write_cache_glyph_v2_order(wStream* s, const CACHE_GLYPH_V2_ORDER* c
 }
 static BOOL update_decompress_brush(wStream* s, BYTE* output, size_t outSize, BYTE bpp)
 {
-	INT32 x, y, k;
+	size_t x, k;
+	INT8 y;
 	BYTE byte = 0;
 	const BYTE* palette = Stream_Pointer(s) + 16;
-	const INT32 bytesPerPixel = ((bpp + 1) / 8);
+	const size_t bytesPerPixel = ((bpp + 1) / 8);
 
 	if (Stream_GetRemainingLength(s) < 16 + bytesPerPixel * 4)
 		return FALSE;
diff --git a/libfreerdp/crypto/crypto.c b/libfreerdp/crypto/crypto.c
index 29c642ef1..cf512704b 100644
--- a/libfreerdp/crypto/crypto.c
+++ b/libfreerdp/crypto/crypto.c
@@ -110,15 +110,15 @@ static int crypto_rsa_common(const BYTE* input, int length, UINT32 key_length, c
 	if (!input || (length < 0) || (exponent_size < 0) || !modulus || !exponent || !output)
 		return -1;
 
-	if (exponent_size > SIZE_MAX / 2)
+	if ((size_t)exponent_size > SIZE_MAX / 2)
 		return -1;
 
 	if (key_length >= SIZE_MAX / 2 - exponent_size)
 		return -1;
 
 	bufferSize = 2ULL * key_length + exponent_size;
-	if (length > bufferSize)
-		bufferSize = length;
+	if ((size_t)length > bufferSize)
+		bufferSize = (size_t)length;
 
 	input_reverse = (BYTE*)calloc(bufferSize, 1);
 
@@ -163,7 +163,7 @@ static int crypto_rsa_common(const BYTE* input, int length, UINT32 key_length, c
 		goto fail;
 	crypto_reverse(output, output_length);
 
-	if (output_length < key_length)
+	if ((UINT32)output_length < key_length)
 		memset(output + output_length, 0, key_length - output_length);
 
 fail:
diff --git a/server/proxy/modules/capture/cap_main.c b/server/proxy/modules/capture/cap_main.c
index 8ff255309..f62858abe 100644
--- a/server/proxy/modules/capture/cap_main.c
+++ b/server/proxy/modules/capture/cap_main.c
@@ -127,7 +127,7 @@ static BOOL capture_plugin_session_end(proxyData* pdata)
 	wStream* s;
 
 	socket = capture_plugin_get_socket(pdata);
-	if (socket == -1)
+	if ((INT64)socket == -1LL)
 		return FALSE;
 
 	s = capture_plugin_packet_new(SESSION_END_PDU_BASE_SIZE, MESSAGE_TYPE_SESSION_END);
@@ -191,7 +191,7 @@ static BOOL capture_plugin_client_end_paint(proxyData* pdata)
 		return TRUE;
 
 	socket = capture_plugin_get_socket(pdata);
-	if (socket == -1)
+	if ((INT64)socket == -1LL)
 		return FALSE;
 
 	if (!capture_plugin_send_frame(pc, socket, gdi->primary_buffer))
@@ -211,7 +211,7 @@ static BOOL capture_plugin_client_post_connect(proxyData* pdata)
 	wStream* s;
 
 	socket = capture_plugin_init_socket();
-	if (socket == -1)
+	if ((INT64)socket == -1LL)
 	{
 		WLog_ERR(TAG, "failed to establish a connection");
 		return FALSE;

From 47d02a76ce07cbfc655754a1ccfe79a9b6bc9357 Mon Sep 17 00:00:00 2001
From: Armin Novak <armin.novak@thincast.com>
Date: Mon, 10 Aug 2020 12:26:33 +0200
Subject: [PATCH 3/6] Fixed missing input length check for color pointer.

---
 libfreerdp/codec/color.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/libfreerdp/codec/color.c b/libfreerdp/codec/color.c
index 988cd1569..6c29552de 100644
--- a/libfreerdp/codec/color.c
+++ b/libfreerdp/codec/color.c
@@ -241,6 +241,10 @@ BOOL freerdp_image_copy_from_icon_data(BYTE* pDstData, UINT32 DstFormat, UINT32
 			return FALSE;
 	}
 
+	/* Ensure we have enough source data bytes for image copy. */
+	if (cbBitsColor < nWidth * nHeight * GetBytesPerPixel(format))
+		return FALSE;
+
 	fill_gdi_palette_for_icon(colorTable, cbColorTable, &palette);
 	if (!freerdp_image_copy(pDstData, DstFormat, nDstStep, nXDst, nYDst, nWidth, nHeight, bitsColor,
 	                        format, 0, 0, 0, &palette, FREERDP_FLIP_VERTICAL))
@@ -576,6 +580,8 @@ static INLINE BOOL overlapping(const BYTE* pDstData, UINT32 nXDst, UINT32 nYDst,
 	const BYTE* pSrcStart = &pSrcData[nXSrc * srcBytesPerPixel + nYSrc * nSrcStep];
 	const BYTE* pSrcEnd = pSrcStart + nHeight * nSrcStep;
 
+	WINPR_UNUSED(nWidth);
+
 	if ((pDstStart >= pSrcStart) && (pDstStart <= pSrcEnd))
 		return TRUE;
 
@@ -771,8 +777,10 @@ BOOL freerdp_image_scale(BYTE* pDstData, DWORD DstFormat, UINT32 nDstStep, UINT3
                          UINT32 nSrcWidth, UINT32 nSrcHeight)
 {
 	BOOL rc = FALSE;
+#if defined(SWSCALE_FOUND) || defined(CAIRO_FOUND)
 	const BYTE* src = &pSrcData[nXSrc * GetBytesPerPixel(SrcFormat) + nYSrc * nSrcStep];
 	BYTE* dst = &pDstData[nXDst * GetBytesPerPixel(DstFormat) + nYDst * nDstStep];
+#endif
 
 	/* direct copy is much faster than scaling, so check if we can simply copy... */
 	if ((nDstWidth == nSrcWidth) && (nDstHeight == nSrcHeight))

From e50a8e09ee3feba4975c488618f5af350d851ad9 Mon Sep 17 00:00:00 2001
From: Armin Novak <armin.novak@thincast.com>
Date: Mon, 10 Aug 2020 12:26:46 +0200
Subject: [PATCH 4/6] Fixed warnings.

---
 client/X11/xf_rail.c      | 2 +-
 libfreerdp/core/message.c | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/client/X11/xf_rail.c b/client/X11/xf_rail.c
index d712604e0..51874640a 100644
--- a/client/X11/xf_rail.c
+++ b/client/X11/xf_rail.c
@@ -595,7 +595,7 @@ static xfRailIcon* RailIconCache_Lookup(xfRailIconCache* cache, UINT8 cacheId, U
  * in ARGB format (e.g., 0xFFFF0000L is opaque red), pixels are in normal,
  * left-to-right top-down order.
  */
-static BOOL convert_rail_icon(ICON_INFO* iconInfo, xfRailIcon* railIcon)
+static BOOL convert_rail_icon(const ICON_INFO* iconInfo, xfRailIcon* railIcon)
 {
 	BYTE* argbPixels = NULL;
 	BYTE* nextPixel;
diff --git a/libfreerdp/core/message.c b/libfreerdp/core/message.c
index 6febc14e4..7af29e94d 100644
--- a/libfreerdp/core/message.c
+++ b/libfreerdp/core/message.c
@@ -2804,6 +2804,8 @@ static int input_message_free_input_class(wMessage* msg, int type)
 {
 	int status = 0;
 
+	WINPR_UNUSED(msg);
+
 	switch (type)
 	{
 		case Input_SynchronizeEvent:

From 57de0aebb5ee1d3458f74f9a98b99245719aa2f4 Mon Sep 17 00:00:00 2001
From: Armin Novak <armin.novak@thincast.com>
Date: Mon, 10 Aug 2020 16:39:19 +0200
Subject: [PATCH 5/6] Refactored socket warning fixes to be more readable.

---
 server/proxy/modules/capture/cap_main.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/server/proxy/modules/capture/cap_main.c b/server/proxy/modules/capture/cap_main.c
index f62858abe..7e6f11bf2 100644
--- a/server/proxy/modules/capture/cap_main.c
+++ b/server/proxy/modules/capture/cap_main.c
@@ -127,7 +127,7 @@ static BOOL capture_plugin_session_end(proxyData* pdata)
 	wStream* s;
 
 	socket = capture_plugin_get_socket(pdata);
-	if ((INT64)socket == -1LL)
+	if (socket == INVALID_SOCKET)
 		return FALSE;
 
 	s = capture_plugin_packet_new(SESSION_END_PDU_BASE_SIZE, MESSAGE_TYPE_SESSION_END);
@@ -191,7 +191,7 @@ static BOOL capture_plugin_client_end_paint(proxyData* pdata)
 		return TRUE;
 
 	socket = capture_plugin_get_socket(pdata);
-	if ((INT64)socket == -1LL)
+	if (socket == INVALID_SOCKET)
 		return FALSE;
 
 	if (!capture_plugin_send_frame(pc, socket, gdi->primary_buffer))
@@ -211,7 +211,7 @@ static BOOL capture_plugin_client_post_connect(proxyData* pdata)
 	wStream* s;
 
 	socket = capture_plugin_init_socket();
-	if ((INT64)socket == -1LL)
+	if (socket == INVALID_SOCKET)
 	{
 		WLog_ERR(TAG, "failed to establish a connection");
 		return FALSE;

From bfa07e701d25fc936c84ad36d58c6ab1a9a33ec9 Mon Sep 17 00:00:00 2001
From: Armin Novak <armin.novak@thincast.com>
Date: Mon, 10 Aug 2020 16:39:49 +0200
Subject: [PATCH 6/6] Refactored rdg_read_http_unicode_string warning fixes

---
 libfreerdp/core/gateway/rdg.c | 15 ++++++---------
 1 file changed, 6 insertions(+), 9 deletions(-)

diff --git a/libfreerdp/core/gateway/rdg.c b/libfreerdp/core/gateway/rdg.c
index d088061ec..6400d6a05 100644
--- a/libfreerdp/core/gateway/rdg.c
+++ b/libfreerdp/core/gateway/rdg.c
@@ -242,12 +242,9 @@ static const char* capabilities_enum_to_string(UINT32 capabilities)
 	return flags_to_string(capabilities, capabilities_enum, ARRAYSIZE(capabilities_enum));
 }
 
-static BOOL rdg_read_http_unicode_string(wStream* s, WCHAR** string, UINT16* lengthInBytes)
+static BOOL rdg_read_http_unicode_string(wStream* s, const WCHAR** string, UINT16* lengthInBytes)
 {
-	union {
-		BYTE* b;
-		WCHAR* w;
-	} str;
+	WCHAR* str;
 	UINT16 strLenBytes;
 
 	/* Read length of the string */
@@ -256,7 +253,7 @@ static BOOL rdg_read_http_unicode_string(wStream* s, WCHAR** string, UINT16* len
 	Stream_Read_UINT16(s, strLenBytes);
 
 	/* Remember position of our string */
-	Stream_GetPointer(s, str.b);
+	str = (WCHAR*)Stream_Pointer(s);
 
 	/* seek past the string - if this fails something is wrong */
 	if (!Stream_SafeSeek(s, strLenBytes))
@@ -264,7 +261,7 @@ static BOOL rdg_read_http_unicode_string(wStream* s, WCHAR** string, UINT16* len
 
 	/* return the string data (if wanted) */
 	if (string)
-		*string = str.w;
+		*string = str;
 	if (lengthInBytes)
 		*lengthInBytes = strLenBytes;
 
@@ -761,7 +758,7 @@ static BOOL rdg_process_tunnel_response_optional(rdpRdg* rdg, wStream* s, UINT16
 
 	if (fieldsPresent & HTTP_TUNNEL_RESPONSE_FIELD_CONSENT_MSG)
 	{
-		WCHAR* msg;
+		const WCHAR* msg;
 		UINT16 msgLenBytes;
 		rdpContext* context = rdg->context;
 
@@ -1428,7 +1425,7 @@ static BOOL rdg_process_keep_alive_packet(rdpRdg* rdg)
 
 static BOOL rdg_process_service_message(rdpRdg* rdg, wStream* s)
 {
-	WCHAR* msg;
+	const WCHAR* msg;
 	UINT16 msgLenBytes;
 	rdpContext* context = rdg->context;
 	assert(context);