Replace all atoi calls with QUtil::string_to_int

The latter catches underflow/overflow.
2024-12-22 02:49:00 +00:00 · 2017-08-29 12:27:59 -04:00 · 2017-08-29 12:27:59 -04:00 · 1868a10f8b
commit 1868a10f8b
parent 742190bd98
9 changed files with 27 additions and 23 deletions
--- a/README-maintainer.md
+++ b/README-maintainer.md
@ -17,6 +17,7 @@
 * Test with clang.
 * Check all open issues in the sourceforge trackers and on github.
 * If any interfaces were added or changed, check C API to see whether changes are appropriate there as well.  If necessary, review the casting policy in the manual, and ensure that integer types are properly handled.
+* Avoid atoi. Use QUtil::string_to_int instead. It does overflow/underflow checking.
 * Remember to avoid using `operator[]` with `std::string` or `std::vector`. Instead, use `at()`. See README-hardening.md for details.
 * Increment shared library version information as needed (`LT_*` in `configure.ac`)
 * Update release notes in manual. Look at diffs and ChangeLog.
--- a/examples/pdf-parse-content.cc
+++ b/examples/pdf-parse-content.cc
@ -62,7 +62,7 @@ int main(int argc, char* argv[])
 	usage();
    }
    char const* filename = argv[1];
-    int pageno = atoi(argv[2]);
+    int pageno = QUtil::string_to_int(argv[2]);

    try
    {
--- a/libqpdf/QPDF.cc
+++ b/libqpdf/QPDF.cc
@ -440,8 +440,8 @@ QPDF::reconstruct_xref(QPDFExc& e)
                    (t3 == QPDFTokenizer::Token(QPDFTokenizer::tt_word, "obj")))
                {
                    in_obj = true;
-                    int obj = atoi(t1.getValue().c_str());
-                    int gen = atoi(t2.getValue().c_str());
+                    int obj = QUtil::string_to_int(t1.getValue().c_str());
+                    int gen = QUtil::string_to_int(t2.getValue().c_str());
                    insertXrefEntry(obj, 1, token_start, gen, true);
                }
            }
@ -610,8 +610,8 @@ QPDF::parse_xrefFirst(std::string const& line,
        ++p;
    }
    bytes = p - start;
-    obj = atoi(obj_str.c_str());
-    num = atoi(num_str.c_str());
+    obj = QUtil::string_to_int(obj_str.c_str());
+    num = QUtil::string_to_int(num_str.c_str());
    return true;
 }

@ -706,7 +706,7 @@ QPDF::parse_xrefEntry(std::string const& line,
    }

    f1 = QUtil::string_to_ll(f1_str.c_str());
-    f2 = atoi(f2_str.c_str());
+    f2 = QUtil::string_to_int(f2_str.c_str());

    return true;
 }
@ -1570,8 +1570,8 @@ QPDF::readObjectAtOffset(bool try_recovery,
 			  this->m->last_object_description, offset,
 			  "expected n n obj");
 	}
-	objid = atoi(tobjid.getValue().c_str());
-	generation = atoi(tgen.getValue().c_str());
+	objid = QUtil::string_to_int(tobjid.getValue().c_str());
+	generation = QUtil::string_to_int(tgen.getValue().c_str());

        if (objid == 0)
        {
@ -1855,7 +1855,7 @@ QPDF::resolveObjectsInStream(int obj_stream_number)
 			  "expected integer in object stream header");
 	}

-	int num = atoi(tnum.getValue().c_str());
+	int num = QUtil::string_to_int(tnum.getValue().c_str());
 	int offset = QUtil::string_to_ll(toffset.getValue().c_str());
 	offsets[num] = offset + first;
    }
--- a/libqpdf/QPDFWriter.cc
+++ b/libqpdf/QPDFWriter.cc
@ -661,8 +661,10 @@ QPDFWriter::disableIncompatibleEncryption(int major, int minor,
    }
    else
    {
-	int V = atoi(this->m->encryption_dictionary["/V"].c_str());
-	int R = atoi(this->m->encryption_dictionary["/R"].c_str());
+	int V = QUtil::string_to_int(
+            this->m->encryption_dictionary["/V"].c_str());
+	int R = QUtil::string_to_int(
+            this->m->encryption_dictionary["/R"].c_str());
 	if (compareVersions(major, minor, 1, 4) < 0)
 	{
 	    if ((V > 1) || (R > 2))
@ -705,12 +707,12 @@ void
 QPDFWriter::parseVersion(std::string const& version,
 			 int& major, int& minor) const
 {
-    major = atoi(version.c_str());
+    major = QUtil::string_to_int(version.c_str());
    minor = 0;
    size_t p = version.find('.');
    if ((p != std::string::npos) && (version.length() > p))
    {
-	minor = atoi(version.substr(p + 1).c_str());
+	minor = QUtil::string_to_int(version.substr(p + 1).c_str());
    }
    std::string tmp = QUtil::int_to_string(major) + "." +
 	QUtil::int_to_string(minor);
--- a/libtests/dct_compress.cc
+++ b/libtests/dct_compress.cc
@ -42,8 +42,8 @@ int main(int argc, char* argv[])

    char* infilename = argv[1];
    char* outfilename = argv[2];
-    unsigned int width = atoi(argv[3]);
-    unsigned int height = atoi(argv[4]);
+    int width = QUtil::string_to_int(argv[3]);
+    int height = QUtil::string_to_int(argv[4]);
    char* colorspace = argv[5];
    J_COLOR_SPACE cs =
        ((strcmp(colorspace, "rgb") == 0) ? JCS_RGB :
--- a/libtests/png_filter.cc
+++ b/libtests/png_filter.cc
@ -61,7 +61,7 @@ int main(int argc, char* argv[])
    }
    bool encode = (strcmp(argv[1], "encode") == 0);
    char* filename = argv[2];
-    int columns = atoi(argv[3]);
+    int columns = QUtil::string_to_int(argv[3]);

    try
    {
--- a/qpdf/pdf_from_scratch.cc
+++ b/qpdf/pdf_from_scratch.cc
@ -107,7 +107,7 @@ int main(int argc, char* argv[])

    try
    {
-	int n = atoi(argv[1]);
+	int n = QUtil::string_to_int(argv[1]);
 	runtest(n);
    }
    catch (std::exception& e)
--- a/qpdf/qpdf.cc
+++ b/qpdf/qpdf.cc
@ -1127,7 +1127,7 @@ static void parse_version(std::string const& full_version_string,
    if (p2 && *(p2 + 1))
    {
        *p2++ = '\0';
-        extension_level = atoi(p2);
+        extension_level = QUtil::string_to_int(p2);
    }
    version = v;
 }
@ -1233,7 +1233,7 @@ static void parse_rotation_parameter(Options& o, std::string const& parameter)
    if (range_valid &&
        ((angle_str == "90") || (angle_str == "180") || (angle_str == "270")))
    {
-        int angle = atoi(angle_str.c_str());
+        int angle = QUtil::string_to_int(angle_str.c_str());
        if (relative == -1)
        {
            angle = -angle;
@ -1492,7 +1492,8 @@ static void parse_options(int argc, char* argv[], Options& o)
            }
            else if (strcmp(arg, "split-pages") == 0)
            {
-                int n = ((parameter == 0) ? 1 : atoi(parameter));
+                int n = ((parameter == 0) ? 1 :
+                         QUtil::string_to_int(parameter));
                o.split_pages = n;
            }
            else if (strcmp(arg, "verbose") == 0)
@ -1547,9 +1548,9 @@ static void parse_options(int argc, char* argv[], Options& o)
                if ((gen = strchr(obj, ',')) != 0)
                {
                    *gen++ = 0;
-                    o.show_gen = atoi(gen);
+                    o.show_gen = QUtil::string_to_int(gen);
                }
-                o.show_obj = atoi(obj);
+                o.show_obj = QUtil::string_to_int(obj);
                o.require_outfile = false;
            }
            else if (strcmp(arg, "raw-stream-data") == 0)
--- a/qpdf/test_driver.cc
+++ b/qpdf/test_driver.cc
@ -1383,7 +1383,7 @@ int main(int argc, char* argv[])

    try
    {
-	int n = atoi(argv[1]);
+	int n = QUtil::string_to_int(argv[1]);
 	char const* filename1 = argv[2];
        char const* arg2 = argv[3];
 	runtest(n, filename1, arg2);