Kelsi bf75ccd15b fix(security): close remaining CodeQL critical/high alerts ...

Closes the 5 remaining cpp/command-line-injection alerts plus 3
cpp/integer-multiplication-cast-to-long and 1 cpp/uncontrolled-arithmetic
in tools/editor/. (The other open high alerts are all in extern/
third-party headers — imgui, stb_image, miniaudio — and are out of
scope for us to patch.)

Critical (cmd-injection) → shell-free runChild() helper:
- cli_zone_packs.cpp:41,175,182 (+ a 4th site at line 235 that the
  alert tooling missed). runSilently() refactored to take argv0+args.
- cli_audits.cpp:68 — per-zone `--validate-…` self-invocation.
- cli_gen_audio.cpp:386 — per-tone `--gen-audio-tone` self-invocation.
- editor_ui.cpp:3038 — manifest "open in default app" used a shell
  concat (open / start / xdg-open). Now uses cli_subprocess::runChild
  with the platform binary directly.

High (int-mul overflow) → widen one operand to size_t:
- wowee_terrain.cpp:272 — `resolution * resolution * 3` for the zone
  map pixel buffer.
- terrain_editor.cpp:1848,1859 — `w * h` for stbi_load{,_16} heightmap
  resize loops; precomputed pixelCount and switched the loop counter
  to size_t.

High (uncontrolled-arithmetic) → bounded increment:
- editor_ui.cpp:987 — noise-seed `>>` button incremented `int` without
  bound. Clamp to INT_MAX.

2026-05-13 19:43:42 -07:00

159 KiB

Raw Permalink Blame History

View Raw