Mark secure CRT warnings with comment

Put a specific comment marker next to every piece of code that MSVC
gives warning 4996 for.  This warning is generated for calls to
functions that Microsoft considers insecure or deprecated.  This
change is in preparation for fixing all these cases even though none
of them are actually incorrect or insecure as used in qpdf.  The
comment marker makes them easier to find so they can be fixed in
subsequent commits.

libqpdf/FileInputSource.cc

@@ -16,7 +16,7 @@ FileInputSource::setFilename(char const* filename)
     this->filename = filename;
     this->close_file = true;
     this->file = QUtil::fopen_wrapper(std::string("open ") + this->filename,
-				      fopen(this->filename.c_str(), "rb"));
+				      fopen(this->filename.c_str(), "rb")); // XXXX
 }
 
 void

libqpdf/MD5.cc

@@ -330,7 +330,7 @@ void MD5::encodeFile(char const *filename, int up_to_size)
 
     FILE *file = QUtil::fopen_wrapper(
 	std::string("MD5: open ") + filename,
-	fopen(filename, "rb"));
+	fopen(filename, "rb")); // XXXX
 
     size_t len;
     int so_far = 0;

libqpdf/Pl_ASCIIHexDecoder.cc

@@ -9,7 +9,7 @@ Pl_ASCIIHexDecoder::Pl_ASCIIHexDecoder(char const* identifier, Pipeline* next) :
     pos(0),
     eod(false)
 {
-    strcpy(this->inbuf, "00");
+    strcpy(this->inbuf, "00");  // XXXX
 }
 
 Pl_ASCIIHexDecoder::~Pl_ASCIIHexDecoder()
@@ -98,7 +98,7 @@ Pl_ASCIIHexDecoder::flush()
     getNext()->write(&ch, 1);
 
     this->pos = 0;
-    strcpy(this->inbuf, "00");
+    strcpy(this->inbuf, "00");  // XXXX
 }
 
 void

libqpdf/Pl_StdioFile.cc

@@ -37,7 +37,7 @@ Pl_StdioFile::write(unsigned char* buf, size_t len)
 void
 Pl_StdioFile::finish()
 {
-    if (fileno(this->file) != -1)
+    if (fileno(this->file) != -1) // XXXX
     {
 	fflush(this->file);
     }

libqpdf/QPDFWriter.cc

@@ -105,7 +105,7 @@ QPDFWriter::setOutputFilename(char const* filename)
     {
 	QTC::TC("qpdf", "QPDFWriter write to file");
 	f = QUtil::fopen_wrapper(std::string("open ") + filename,
-                                 fopen(filename, "wb+"));
+                                 fopen(filename, "wb+")); // XXXX
 	close_file = true;
     }
     setOutputFile(description, f, close_file);

libqpdf/QPDF_String.cc

@@ -140,7 +140,7 @@ QPDF_String::unparse(bool force_binary)
 		}
 		else
 		{
-		    sprintf(num, "\\%03o", static_cast<unsigned char>(ch));
+		    sprintf(num, "\\%03o", static_cast<unsigned char>(ch)); // XXXX
 		    result += num;
 		}
 		break;

libqpdf/QTC.cc

@@ -39,7 +39,7 @@ void QTC::TC(char const* const scope, char const* const ccase, int n)
 
     FILE* tc =
 	QUtil::fopen_wrapper("open test coverage file (" + filename + ")",
-			     fopen(filename.c_str(), "ab"));
+			     fopen(filename.c_str(), "ab")); // XXXX
     fprintf(tc, "%s %d\n", ccase, n);
     fclose(tc);
 }

libqpdf/QUtil.cc

@@ -84,7 +84,7 @@ QUtil::unsigned_char_pointer(char const* str)
 void
 QUtil::throw_system_error(std::string const& description)
 {
-    throw std::runtime_error(description + ": " + strerror(errno));
+    throw std::runtime_error(description + ": " + strerror(errno)); // XXXX
 }
 
 int
@@ -159,7 +159,7 @@ QUtil::hex_encode(std::string const& input)
     buf[hex_size - 1] = '\0';
     for (unsigned int i = 0; i < input_size; ++i)
     {
-        sprintf(buf + i * 2, "%02x", static_cast<unsigned char>(input[i]));
+        sprintf(buf + i * 2, "%02x", static_cast<unsigned char>(input[i])); // XXXX
     }
     return buf;
 }

libtests/aes.cc

@@ -89,14 +89,14 @@ int main(int argc, char* argv[])
     unsigned int hexkeylen = strlen(hexkey);
     unsigned int keylen = hexkeylen / 2;
 
-    FILE* infile = fopen(infilename, "rb");
+    FILE* infile = fopen(infilename, "rb"); // XXXX
     if (infile == 0)
     {
 	std::cerr << "can't open " << infilename << std::endl;
 	exit(2);
     }
 
-    FILE* outfile = fopen(outfilename, "wb");
+    FILE* outfile = fopen(outfilename, "wb"); // XXXX
     if (outfile == 0)
     {
 	std::cerr << "can't open " << outfilename << std::endl;

libtests/flate.cc

@@ -10,10 +10,10 @@
 
 FILE* safe_fopen(char const* filename, char const* mode)
 {
-    FILE* result = fopen(filename, mode);
+    FILE* result = fopen(filename, mode); // XXXX
     if (result == 0)
     {
-	std::cerr << "fopen " << filename << " failed: " << strerror(errno)
+	std::cerr << "fopen " << filename << " failed: " << strerror(errno) // XXXX
 		  << std::endl;
 	exit(2);
     }

libtests/lzw.cc

@@ -27,9 +27,9 @@ int main(int argc, char* argv[])
 	char* outfilename = argv[2];
 
 	FILE* infile = QUtil::fopen_wrapper("open input file",
-					    fopen(infilename, "rb"));
+					    fopen(infilename, "rb")); // XXXX
 	FILE* outfile = QUtil::fopen_wrapper("open output file",
-					     fopen(outfilename, "wb"));
+					     fopen(outfilename, "wb")); // XXXX
 
 	Pl_StdioFile out("output", outfile);
 	Pl_LZWDecoder decode("decode", &out, early_code_change);

libtests/md5.cc

@@ -46,7 +46,7 @@ int main(int, char*[])
     Pl_MD5 p("MD5", &d);
     for (int i = 0; i < 2; ++i)
     {
-	FILE* f = fopen("md5.in", "rb");
+	FILE* f = fopen("md5.in", "rb"); // XXXX
 	if (f)
 	{
 	    // buffer size < size of md5.in

libtests/png_filter.cc

@@ -9,10 +9,10 @@
 
 FILE* safe_fopen(char const* filename, char const* mode)
 {
-    FILE* result = fopen(filename, mode);
+    FILE* result = fopen(filename, mode); // XXXX
     if (result == 0)
     {
-	std::cerr << "fopen " << filename << " failed: " << strerror(errno)
+	std::cerr << "fopen " << filename << " failed: " << strerror(errno) // XXXX
 		  << std::endl;
 	exit(2);
     }

libtests/qutil.cc

@@ -66,7 +66,7 @@ void fopen_wrapper_test()
     {
 	std::cout << "before fopen" << std::endl;
 	f = QUtil::fopen_wrapper("fopen file",
-				 fopen("/this/file/does/not/exist", "r"));
+				 fopen("/this/file/does/not/exist", "r")); // XXXX
 	std::cout << "after fopen" << std::endl;
 	(void) fclose(f);
     }
@@ -89,7 +89,7 @@ void getenv_test()
 static void print_utf8(unsigned long val)
 {
     char t[20];
-    sprintf(t, "%lx", val);
+    sprintf(t, "%lx", val);   // XXXX
     std::string result = QUtil::toUTF8(val);
     std::cout << "0x" << t << " ->";
     if (val < 0xfffe)
@@ -105,7 +105,7 @@ static void print_utf8(unsigned long val)
 	     iter != result.end(); ++iter)
 	{
 	    char t[3];
-	    sprintf(t, "%02x", static_cast<unsigned char>(*iter));
+	    sprintf(t, "%02x", static_cast<unsigned char>(*iter)); // XXXX
 	    std::cout << " " << t;
 	}
     }

libtests/rc4.cc

@@ -22,7 +22,7 @@ int main(int argc, char* argv[])
     unsigned char* key = new unsigned char[keylen + 1];
     key[keylen] = '\0';
 
-    FILE* infile = fopen(infilename, "rb");
+    FILE* infile = fopen(infilename, "rb"); // XXXX
     if (infile == 0)
     {
 	std::cerr << "can't open " << infilename << std::endl;
@@ -40,7 +40,7 @@ int main(int argc, char* argv[])
 	key[i/2] = static_cast<unsigned char>(val);
     }
 
-    FILE* outfile = fopen(outfilename, "wb");
+    FILE* outfile = fopen(outfilename, "wb"); // XXXX
     if (outfile == 0)
     {
 	std::cerr << "can't open " << outfilename << std::endl;

qpdf/qpdf-ctest.c

@@ -56,11 +56,11 @@ static void read_file_into_memory(char const* filename,
     size_t bytes_read = 0;
     size_t len = 0;
 
-    f = fopen(filename, "rb");
+    f = fopen(filename, "rb"); /* XXXX */
     if (f == NULL)
     {
 	fprintf(stderr, "%s: unable to open %s: %s\n",
-		whoami, filename, strerror(errno));
+		whoami, filename, strerror(errno)); /* XXXX */
 	exit(2);
     }
     fseek(f, 0, SEEK_END);
@@ -364,11 +364,11 @@ static void test16(char const* infile,
     qpdf_set_static_aes_IV(qpdf, QPDF_TRUE);
     qpdf_set_stream_data_mode(qpdf, qpdf_s_uncompress);
     qpdf_write(qpdf);
-    f = fopen(outfile, "wb");
+    f = fopen(outfile, "wb"); /* XXXX */
     if (f == NULL)
     {
 	fprintf(stderr, "%s: unable to open %s: %s\n",
-		whoami, outfile, strerror(errno));
+		whoami, outfile, strerror(errno)); /* XXXX */
 	exit(2);
     }
     buflen = qpdf_get_buffer_length(qpdf);

qpdf/test_driver.cc

@@ -166,7 +166,7 @@ void runtest(int n, char const* filename1, char const* arg2)
         {
 	    QTC::TC("qpdf", "exercise processFile(FILE*)");
             filep = QUtil::fopen_wrapper(std::string("open ") + filename1,
-                                         fopen(filename1, "rb"));
+                                         fopen(filename1, "rb")); // XXXX
             pdf.processFile(filename1, filep, false);
         }
     }
@@ -174,7 +174,7 @@ void runtest(int n, char const* filename1, char const* arg2)
     {
         QTC::TC("qpdf", "exercise processMemoryFile");
 	FILE* f = QUtil::fopen_wrapper(std::string("open ") + filename1,
-				       fopen(filename1, "rb"));
+				       fopen(filename1, "rb")); // XXXX
 	fseek(f, 0, SEEK_END);
 	size_t size = QUtil::tell(f);
 	fseek(f, 0, SEEK_SET);
@@ -719,7 +719,7 @@ void runtest(int n, char const* filename1, char const* arg2)
             Buffer* b = w.getBuffer();
             std::string const filename = (i == 0 ? "a.pdf" : "b.pdf");
             FILE* f = QUtil::fopen_wrapper("open " + filename,
-                                           fopen(filename.c_str(), "wb"));
+                                           fopen(filename.c_str(), "wb")); // XXXX
             fwrite(b->getBuffer(), b->getSize(), 1, f);
             fclose(f);
             delete b;
@@ -803,7 +803,7 @@ void runtest(int n, char const* filename1, char const* arg2)
 
         // Exercise writing to FILE*
         FILE* out =  QUtil::fopen_wrapper(std::string("open a.pdf"),
-                                          fopen("a.pdf", "wb"));
+                                          fopen("a.pdf", "wb")); // XXXX
 	QPDFWriter w(pdf, "FILE* a.pdf", out, true);
 	w.setStaticID(true);
 	w.setStreamDataMode(qpdf_s_preserve);
@@ -1184,7 +1184,7 @@ void runtest(int n, char const* filename1, char const* arg2)
         w.write();
         PointerHolder<Buffer> b = p.getBuffer();
         FILE* f = QUtil::fopen_wrapper("open a.pdf",
-                                       fopen("a.pdf", "wb"));
+                                       fopen("a.pdf", "wb")); // XXXX
         fwrite(b->getBuffer(), b->getSize(), 1, f);
         fclose(f);
     }