mirror of
https://github.com/qpdf/qpdf.git
synced 2024-11-13 16:26:28 +00:00
d71f05ca07
This makes all integer type conversions that have potential data loss explicit with calls that do range checks and raise an exception. After this commit, qpdf builds with no warnings when -Wsign-conversion -Wconversion is used with gcc or clang or when -W3 -Wd4800 is used with MSVC. This significantly reduces the likelihood of potential crashes from bogus integer values. There are some parts of the code that take int when they should take size_t or an offset. Such places would make qpdf not support files with more than 2^31 of something that usually wouldn't be so large. In the event that such a file shows up and is valid, at least qpdf would raise an error in the right spot so the issue could be legitimately addressed rather than failing in some weird way because of a silent overflow condition.
58 lines
2.0 KiB
C++
58 lines
2.0 KiB
C++
#include <qpdf/QIntC.hh>
|
|
#include <stdint.h>
|
|
#include <cassert>
|
|
|
|
#define try_convert(exp_pass, fn, i) \
|
|
try_convert_real(#fn "(" #i ")", exp_pass, fn, i)
|
|
|
|
template <typename From, typename To>
|
|
static void try_convert_real(
|
|
char const* description, bool exp_pass,
|
|
To (*fn)(From const&), From const& i)
|
|
{
|
|
bool passed = false;
|
|
try
|
|
{
|
|
To result = fn(i);
|
|
passed = true;
|
|
std::cout << description << ": " << i << " " << result;
|
|
}
|
|
catch (std::range_error& e)
|
|
{
|
|
std::cout << description << ": " << e.what();
|
|
passed = false;
|
|
}
|
|
std::cout << ((passed == exp_pass) ? " PASSED" : " FAILED") << std::endl;
|
|
}
|
|
|
|
int main()
|
|
{
|
|
uint32_t u1 = 3141592653U; // Too big for signed type
|
|
int32_t i1 = -1153374643; // Same bit pattern as u1
|
|
uint64_t ul1 = 1099511627776LL; // Too big for 32-bit
|
|
uint64_t ul2 = 12345; // Fits into 32-bit
|
|
int32_t i2 = 81; // Fits in char and uchar
|
|
char c1 = '\xf7'; // Signed vaule when char
|
|
|
|
// Verify i1 and u1 have same bit pattern
|
|
assert(static_cast<uint32_t>(i1) == u1);
|
|
// Verify that we can unsafely convert between char and unsigned char
|
|
assert(c1 == static_cast<char>(static_cast<unsigned char>(c1)));
|
|
|
|
try_convert(true, QIntC::to_int<int32_t>, i1);
|
|
try_convert(true, QIntC::to_uint<uint32_t>, u1);
|
|
try_convert(false, QIntC::to_int<uint32_t>, u1);
|
|
try_convert(false, QIntC::to_uint<int32_t>, i1);
|
|
try_convert(false, QIntC::to_int<uint64_t>, ul1);
|
|
try_convert(true, QIntC::to_int<uint64_t>, ul2);
|
|
try_convert(true, QIntC::to_uint<uint64_t>, ul2);
|
|
try_convert(true, QIntC::to_offset<uint32_t>, u1);
|
|
try_convert(true, QIntC::to_offset<int32_t>, i1);
|
|
try_convert(false, QIntC::to_ulonglong<int32_t>, i1);
|
|
try_convert(true, QIntC::to_char<int32_t>, i2);
|
|
try_convert(true, QIntC::to_uchar<int32_t>, i2);
|
|
try_convert(false, QIntC::to_uchar<char>, c1);
|
|
|
|
return 0;
|
|
}
|