Fix memory safety issues and buffer handling bugs

- Fix memmove bug in KSFileUtils.c fillReadBuffer that used wrong byte count
- Add explicit (size_t) casts to prevent signed/unsigned conversion warnings
- Replace sprintf with snprintf to prevent potential buffer overflows
- Update test bundle accessor to use modern SPM resource bundle API

Author: naftaly

Package.swift

@@ -470,10 +470,10 @@ let package = Package(
                 .copy("Resources/PrivacyInfo.xcprivacy")
             ],
             cSettings: [
-                .unsafeFlags(warningFlags),
+                .unsafeFlags(warningFlags)
             ],
             cxxSettings: [
-                .unsafeFlags(warningFlags),
+                .unsafeFlags(warningFlags)
             ]
         ),
         .testTarget(

Sources/KSCrashRecording/KSCrashReportC.c

@@ -907,7 +907,7 @@ static void writeNotableStackContents(const KSCrashReportWriter *const writer,
     char nameBuffer[40];
     for (uintptr_t address = lowAddress; address < highAddress; address += sizeof(address)) {
         if (ksmem_copySafely((void *)address, &contentsAsPointer, sizeof(contentsAsPointer))) {
-            sprintf(nameBuffer, "stack@%p", (void *)address);
+            snprintf(nameBuffer, sizeof(nameBuffer), "stack@%p", (void *)address);
             writeMemoryContentsIfNotable(writer, nameBuffer, contentsAsPointer);
         }
     }

Sources/KSCrashRecording/KSCrashReportFixer.c

@@ -235,7 +235,7 @@ static int addJSONData(const char *data, int length, void *userData)
     if (length > context->outputBytesLeft) {
         return KSJSON_ERROR_DATA_TOO_LONG;
     }
-    memcpy(context->outputPtr, data, length);
+    memcpy(context->outputPtr, data, (size_t)length);
     context->outputPtr += length;
     context->outputBytesLeft -= length;
 
@@ -265,7 +265,7 @@ static char *kscrf_fixupCrashReportWithVersionComponents(const char *crashReport
     char *stringBuffer = malloc((unsigned)stringBufferLength);
     int crashReportLength = (int)strlen(crashReport);
     int fixedReportLength = (int)(crashReportLength * 1.5);
-    char *fixedReport = malloc((unsigned)fixedReportLength);
+    char *fixedReport = malloc((unsigned)fixedReportLength + 1);  // +1 for null terminator
     KSJSONEncodeContext encodeContext;
     FixupContext fixupContext = {
         .encodeContext = &encodeContext,

Sources/KSCrashRecording/KSCrashReportStoreC.c

@@ -67,7 +67,7 @@ static void getCrashReportPathByID(int64_t id, char *pathBuffer, const KSCrashRe
 static int64_t getReportIDFromFilename(const char *filename, const KSCrashReportStoreCConfiguration *const config)
 {
     char scanFormat[100];
-    sprintf(scanFormat, "%s-report-%%" PRIx64 ".json", config->appName);
+    snprintf(scanFormat, sizeof(scanFormat), "%s-report-%%" PRIx64 ".json", config->appName);
 
     int64_t reportID = 0;
     sscanf(filename, scanFormat, &reportID);

Sources/KSCrashRecording/Monitors/KSCrashMonitor_CPPException.cpp

@@ -134,7 +134,7 @@ static void CPPExceptionTerminate(void)
         KSCrash_MonitorContext *crashContext = g_state.callbacks.notify(
             thisThread,
             (KSCrash_ExceptionHandlingRequirements) {
-                .asyncSafety = true, .isFatal = true, .shouldRecordAllThreads = true, .shouldWriteReport = true });
+                .shouldRecordAllThreads = true, .shouldWriteReport = true, .isFatal = true, .asyncSafety = true });
         if (crashContext->requirements.shouldExitImmediately) {
             goto skip_handling;
         }

Sources/KSCrashRecordingCore/KSFileUtils.c

@@ -148,14 +148,14 @@ static bool deletePathContents(const char *path, bool deleteTopLevelPathAlso)
 
         int bufferLength = KSFU_MAX_PATH_LENGTH;
         char *pathBuffer = malloc((unsigned)bufferLength);
-        snprintf(pathBuffer, bufferLength, "%s/", path);
+        snprintf(pathBuffer, (size_t)bufferLength, "%s/", path);
         char *pathPtr = pathBuffer + strlen(pathBuffer);
         int pathRemainingLength = bufferLength - (int)(pathPtr - pathBuffer);
 
         for (int i = 0; i < entryCount; i++) {
             char *entry = entries[i];
             if (entry != NULL && canDeletePath(entry)) {
-                strncpy(pathPtr, entry, pathRemainingLength);
+                strncpy(pathPtr, entry, (size_t)pathRemainingLength);
                 deletePathContents(pathBuffer, true);
             }
         }
@@ -421,7 +421,7 @@ bool ksfu_writeBufferedWriter(KSBufferedWriter *writer, const char *restrict con
     if (length > writer->bufferLength) {
         return ksfu_writeBytesToFD(writer->fd, data, length);
     }
-    memcpy(writer->buffer + writer->position, data, length);
+    memcpy(writer->buffer + writer->position, data, (size_t)length);
     writer->position += length;
     return true;
 }
@@ -442,8 +442,9 @@ static inline bool isReadBufferEmpty(KSBufferedReader *reader) { return reader->
 static bool fillReadBuffer(KSBufferedReader *reader)
 {
     if (reader->dataStartPos > 0) {
-        memmove(reader->buffer, reader->buffer + reader->dataStartPos, reader->dataStartPos);
-        reader->dataEndPos -= reader->dataStartPos;
+        int remainingData = reader->dataEndPos - reader->dataStartPos;
+        memmove(reader->buffer, reader->buffer + reader->dataStartPos, (size_t)remainingData);
+        reader->dataEndPos = remainingData;
         reader->dataStartPos = 0;
         reader->buffer[reader->dataEndPos] = '\0';
     }
@@ -480,7 +481,7 @@ int ksfu_readBufferedReader(KSBufferedReader *reader, char *dstBuffer, int byteC
         }
         int bytesToCopy = bytesInReader <= bytesRemaining ? bytesInReader : bytesRemaining;
         char *pSrc = reader->buffer + reader->dataStartPos;
-        memcpy(pDst, pSrc, bytesToCopy);
+        memcpy(pDst, pSrc, (size_t)bytesToCopy);
         pDst += bytesToCopy;
         reader->dataStartPos += bytesToCopy;
         bytesConsumed += bytesToCopy;
@@ -507,7 +508,7 @@ bool ksfu_readBufferedReaderUntilChar(KSBufferedReader *reader, int ch, char *ds
                 bytesToCopy = bytesToChar;
             }
         }
-        memcpy(pDst, pSrc, bytesToCopy);
+        memcpy(pDst, pSrc, (size_t)bytesToCopy);
         pDst += bytesToCopy;
         reader->dataStartPos += bytesToCopy;
         bytesConsumed += bytesToCopy;

Sources/KSCrashRecordingCore/KSID.c

@@ -31,9 +31,9 @@ void ksid_generate(char *destinationBuffer37Bytes)
 {
     uuid_t uuid;
     uuid_generate(uuid);
-    sprintf(destinationBuffer37Bytes, "%02X%02X%02X%02X-%02X%02X-%02X%02X-%02X%02X-%02X%02X%02X%02X%02X%02X",
-            (unsigned)uuid[0], (unsigned)uuid[1], (unsigned)uuid[2], (unsigned)uuid[3], (unsigned)uuid[4],
-            (unsigned)uuid[5], (unsigned)uuid[6], (unsigned)uuid[7], (unsigned)uuid[8], (unsigned)uuid[9],
-            (unsigned)uuid[10], (unsigned)uuid[11], (unsigned)uuid[12], (unsigned)uuid[13], (unsigned)uuid[14],
-            (unsigned)uuid[15]);
+    snprintf(destinationBuffer37Bytes, 37, "%02X%02X%02X%02X-%02X%02X-%02X%02X-%02X%02X-%02X%02X%02X%02X%02X%02X",
+             (unsigned)uuid[0], (unsigned)uuid[1], (unsigned)uuid[2], (unsigned)uuid[3], (unsigned)uuid[4],
+             (unsigned)uuid[5], (unsigned)uuid[6], (unsigned)uuid[7], (unsigned)uuid[8], (unsigned)uuid[9],
+             (unsigned)uuid[10], (unsigned)uuid[11], (unsigned)uuid[12], (unsigned)uuid[13], (unsigned)uuid[14],
+             (unsigned)uuid[15]);
 }

Sources/KSCrashRecordingCore/KSJSONCodec.c

@@ -739,7 +739,7 @@ static int decodeString(KSJSONDecodeContext *context, char *dstBuffer, int dstBu
     // If no escape characters were encountered, we can fast copy.
     likely_if(fastCopy)
     {
-        memcpy(dstBuffer, src, length);
+        memcpy(dstBuffer, src, (size_t)length);
         dstBuffer[length] = 0;
         return KSJSON_OK;
     }
@@ -1038,7 +1038,7 @@ static int decodeElement(const char *const name, KSJSONDecodeContext *context)
                 KSLOG_DEBUG("Number is too long.");
                 return KSJSON_ERROR_DATA_TOO_LONG;
             }
-            strncpy(context->stringBuffer, start, len);
+            strncpy(context->stringBuffer, start, (size_t)len);
             context->stringBuffer[len] = '\0';
 
             sscanf(context->stringBuffer, "%lg", &value);
@@ -1105,7 +1105,7 @@ static void updateDecoder_readFile(struct JSONFromFileContext *context)
         unlikely_if(remainingLength < bufferLength / 2)
         {
             int fillLength = bufferLength - remainingLength;
-            memcpy(start, ptr, remainingLength);
+            memcpy(start, ptr, (size_t)remainingLength);
             context->decodeContext->bufferPtr = start;
             int bytesRead = (int)read(context->fd, start + remainingLength, (unsigned)fillLength);
             unlikely_if(bytesRead < fillLength)

Sources/KSCrashRecordingCore/KSObjC.c

@@ -452,7 +452,7 @@ static int stringPrintf(char *buffer, int bufferLength, const char *fmt, ...)
 
     va_list args;
     va_start(args, fmt);
-    int printLength = vsnprintf(buffer, bufferLength, fmt, args);
+    int printLength = vsnprintf(buffer, (size_t)bufferLength, fmt, args);
     va_end(args);
 
     unlikely_if(printLength < 0)

Sources/KSCrashRecordingCore/KSThread.c

@@ -151,7 +151,7 @@ bool ksthread_getQueueName(const KSThread thread, char *const buffer, int bufLen
         return false;
     }
     bufLength = MIN(length, bufLength - 1);  // just strlen, without null-terminator
-    strncpy(buffer, queue_name, bufLength);
+    strncpy(buffer, queue_name, (size_t)bufLength);
     buffer[bufLength] = 0;  // terminate string
     KSLOG_TRACE("Queue label = %s", buffer);
     return true;