octoleo
/
qpdf
mirror of https://github.com/qpdf/qpdf.git
2
1
Fork 0
Code Issues Releases Wiki Activity

Replace all atoi calls with QUtil::string_to_int 

The latter catches underflow/overflow.
This commit is contained in:
Jay Berkenbilt 2017-08-29 12:27:59 -04:00
parent 742190bd98
commit 1868a10f8b
9 changed files with 27 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
README-maintainer.md
View File

@ -17,6 +17,7 @@
* Test with clang.
* Check all open issues in the sourceforge trackers and on github.
* If any interfaces were added or changed, check C API to see whether changes are appropriate there as well. If necessary, review the casting policy in the manual, and ensure that integer types are properly handled.
* Avoid atoi. Use QUtil::string_to_int instead. It does overflow/underflow checking.
* Remember to avoid using `operator[]` with `std::string` or `std::vector`. Instead, use `at()`. See README-hardening.md for details.
* Increment shared library version information as needed (`LT_*` in `configure.ac`)
* Update release notes in manual. Look at diffs and ChangeLog.

2
examples/pdf-parse-content.cc
View File

@ -62,7 +62,7 @@ int main(int argc, char* argv[])
usage();
}
char const* filename = argv[1];
int pageno = atoi(argv[2]);
int pageno = QUtil::string_to_int(argv[2]);
try
{

16
libqpdf/QPDF.cc
View File

@ -440,8 +440,8 @@ QPDF::reconstruct_xref(QPDFExc& e)
(t3 == QPDFTokenizer::Token(QPDFTokenizer::tt_word, "obj")))
{
in_obj = true;
int obj = atoi(t1.getValue().c_str());
int gen = atoi(t2.getValue().c_str());
int obj = QUtil::string_to_int(t1.getValue().c_str());
int gen = QUtil::string_to_int(t2.getValue().c_str());
insertXrefEntry(obj, 1, token_start, gen, true);
}
}
@ -610,8 +610,8 @@ QPDF::parse_xrefFirst(std::string const& line,
++p;
}
bytes = p - start;
obj = atoi(obj_str.c_str());
num = atoi(num_str.c_str());
obj = QUtil::string_to_int(obj_str.c_str());
num = QUtil::string_to_int(num_str.c_str());
return true;
}
@ -706,7 +706,7 @@ QPDF::parse_xrefEntry(std::string const& line,
}
f1 = QUtil::string_to_ll(f1_str.c_str());
f2 = atoi(f2_str.c_str());
f2 = QUtil::string_to_int(f2_str.c_str());
return true;
}
@ -1570,8 +1570,8 @@ QPDF::readObjectAtOffset(bool try_recovery,
this->m->last_object_description, offset,
"expected n n obj");
}
objid = atoi(tobjid.getValue().c_str());
generation = atoi(tgen.getValue().c_str());
objid = QUtil::string_to_int(tobjid.getValue().c_str());
generation = QUtil::string_to_int(tgen.getValue().c_str());
if (objid == 0)
{
@ -1855,7 +1855,7 @@ QPDF::resolveObjectsInStream(int obj_stream_number)
"expected integer in object stream header");
}
int num = atoi(tnum.getValue().c_str());
int num = QUtil::string_to_int(tnum.getValue().c_str());
int offset = QUtil::string_to_ll(toffset.getValue().c_str());
offsets[num] = offset + first;
}

10
libqpdf/QPDFWriter.cc
View File

@ -661,8 +661,10 @@ QPDFWriter::disableIncompatibleEncryption(int major, int minor,
}
else
{
int V = atoi(this->m->encryption_dictionary["/V"].c_str());
int R = atoi(this->m->encryption_dictionary["/R"].c_str());
int V = QUtil::string_to_int(
this->m->encryption_dictionary["/V"].c_str());
int R = QUtil::string_to_int(
this->m->encryption_dictionary["/R"].c_str());
if (compareVersions(major, minor, 1, 4) < 0)
{
if ((V > 1) || (R > 2))
@ -705,12 +707,12 @@ void
QPDFWriter::parseVersion(std::string const& version,
int& major, int& minor) const
{
major = atoi(version.c_str());
major = QUtil::string_to_int(version.c_str());
minor = 0;
size_t p = version.find('.');
if ((p != std::string::npos) && (version.length() > p))
{
minor = atoi(version.substr(p + 1).c_str());
minor = QUtil::string_to_int(version.substr(p + 1).c_str());
}
std::string tmp = QUtil::int_to_string(major) + "." +
QUtil::int_to_string(minor);

4
libtests/dct_compress.cc
View File

@ -42,8 +42,8 @@ int main(int argc, char* argv[])
char* infilename = argv[1];
char* outfilename = argv[2];
unsigned int width = atoi(argv[3]);
unsigned int height = atoi(argv[4]);
int width = QUtil::string_to_int(argv[3]);
int height = QUtil::string_to_int(argv[4]);
char* colorspace = argv[5];
J_COLOR_SPACE cs =
((strcmp(colorspace, "rgb") == 0) ? JCS_RGB :

2
libtests/png_filter.cc
View File

@ -61,7 +61,7 @@ int main(int argc, char* argv[])
}
bool encode = (strcmp(argv[1], "encode") == 0);
char* filename = argv[2];
int columns = atoi(argv[3]);
int columns = QUtil::string_to_int(argv[3]);
try
{

2
qpdf/pdf_from_scratch.cc
View File

@ -107,7 +107,7 @@ int main(int argc, char* argv[])
try
{
int n = atoi(argv[1]);
int n = QUtil::string_to_int(argv[1]);
runtest(n);
}
catch (std::exception& e)

11
qpdf/qpdf.cc
View File

@ -1127,7 +1127,7 @@ static void parse_version(std::string const& full_version_string,
if (p2 && *(p2 + 1))
{
*p2++ = '\0';
extension_level = atoi(p2);
extension_level = QUtil::string_to_int(p2);
}
version = v;
}
@ -1233,7 +1233,7 @@ static void parse_rotation_parameter(Options& o, std::string const& parameter)
if (range_valid &&
((angle_str == "90") || (angle_str == "180") || (angle_str == "270")))
{
int angle = atoi(angle_str.c_str());
int angle = QUtil::string_to_int(angle_str.c_str());
if (relative == -1)
{
angle = -angle;
@ -1492,7 +1492,8 @@ static void parse_options(int argc, char* argv[], Options& o)
}
else if (strcmp(arg, "split-pages") == 0)
{
int n = ((parameter == 0) ? 1 : atoi(parameter));
int n = ((parameter == 0) ? 1 :
QUtil::string_to_int(parameter));
o.split_pages = n;
}
else if (strcmp(arg, "verbose") == 0)
@ -1547,9 +1548,9 @@ static void parse_options(int argc, char* argv[], Options& o)
if ((gen = strchr(obj, ',')) != 0)
{
*gen++ = 0;
o.show_gen = atoi(gen);
o.show_gen = QUtil::string_to_int(gen);
}
o.show_obj = atoi(obj);
o.show_obj = QUtil::string_to_int(obj);
o.require_outfile = false;
}
else if (strcmp(arg, "raw-stream-data") == 0)

2
qpdf/test_driver.cc
View File

@ -1383,7 +1383,7 @@ int main(int argc, char* argv[])
try
{
int n = atoi(argv[1]);
int n = QUtil::string_to_int(argv[1]);
char const* filename1 = argv[2];
char const* arg2 = argv[3];
runtest(n, filename1, arg2);