From 3acb5cc19e005e489951fe8e25bcfc9f723f1682 Mon Sep 17 00:00:00 2001 From: Matthew Burket Date: Fri, 9 Jan 2026 13:33:56 -0600 Subject: [PATCH 1/3] Fix unsigned difference expression compared to zero Fixes: https://github.com/OpenSCAP/openscap/security/code-scanning/1414 --- src/XCCDF_POLICY/xccdf_policy_remediate.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/XCCDF_POLICY/xccdf_policy_remediate.c b/src/XCCDF_POLICY/xccdf_policy_remediate.c index 5e4a0b1116..2ba2de7a77 100644 --- a/src/XCCDF_POLICY/xccdf_policy_remediate.c +++ b/src/XCCDF_POLICY/xccdf_policy_remediate.c @@ -790,7 +790,7 @@ static inline int _parse_ansible_fix(const char *fix_text, struct oscap_list *va int ovector[9]; const size_t fix_text_len = strlen(fix_text); - int start_offset = 0; + size_t start_offset = 0; while (true) { const int match = oscap_pcre_exec(re, fix_text, fix_text_len, start_offset, 0, ovector, sizeof(ovector) / sizeof(ovector[0])); From d1f501c752b2fd5ccaa36a56fd70f8cfd01780d8 Mon Sep 17 00:00:00 2001 From: Matthew Burket Date: Mon, 12 Jan 2026 16:31:33 -0600 Subject: [PATCH 2/3] Fix type for _oscap_pcre_opts_to_pcre PCRE2 is expecting uint32_t, not int --- src/common/oscap_pcre.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/common/oscap_pcre.c b/src/common/oscap_pcre.c index 3b3a830556..b77bf7183c 100644 --- a/src/common/oscap_pcre.c +++ b/src/common/oscap_pcre.c @@ -43,9 +43,9 @@ struct oscap_pcre { }; -static inline int _oscap_pcre_opts_to_pcre(oscap_pcre_options_t opts) +static inline uint32_t _oscap_pcre_opts_to_pcre(oscap_pcre_options_t opts) { - int res = 0; + uint32_t res = 0; if (opts & OSCAP_PCRE_OPTS_UTF8) res |= PCRE2_UTF; if (opts & OSCAP_PCRE_OPTS_MULTILINE) From 78fdb80e5b28a1017e6840f25dbd8eba6359d60f Mon Sep 17 00:00:00 2001 From: Matthew Burket Date: Mon, 12 Jan 2026 16:32:39 -0600 Subject: [PATCH 3/3] Fix type in oscap_pcre_exec Should be size_t not int, per the types on pcre2_match_8. --- src/common/oscap_pcre.c | 2 +- src/common/oscap_pcre.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/common/oscap_pcre.c b/src/common/oscap_pcre.c index b77bf7183c..3ba597bdd3 100644 --- a/src/common/oscap_pcre.c +++ b/src/common/oscap_pcre.c @@ -131,7 +131,7 @@ void oscap_pcre_set_match_limit_recursion(oscap_pcre_t *opcre, unsigned long lim } int oscap_pcre_exec(const oscap_pcre_t *opcre, const char *subject, - int length, int startoffset, oscap_pcre_options_t options, + size_t length, size_t startoffset, oscap_pcre_options_t options, int *ovector, int ovecsize) { int rc = 0; diff --git a/src/common/oscap_pcre.h b/src/common/oscap_pcre.h index 839b6d68b6..b9f54d97d7 100644 --- a/src/common/oscap_pcre.h +++ b/src/common/oscap_pcre.h @@ -73,7 +73,7 @@ oscap_pcre_t* oscap_pcre_compile(const char *pattern, oscap_pcre_options_t optio * negative error code on failure */ int oscap_pcre_exec(const oscap_pcre_t *opcre, const char *subject, - int length, int startoffset, oscap_pcre_options_t options, + size_t length, size_t startoffset, oscap_pcre_options_t options, int *ovector, int ovecsize); /**