mirror of
https://github.com/qpdf/qpdf.git
synced 2024-11-12 07:46:28 +00:00
d71f05ca07
This makes all integer type conversions that have potential data loss explicit with calls that do range checks and raise an exception. After this commit, qpdf builds with no warnings when -Wsign-conversion -Wconversion is used with gcc or clang or when -W3 -Wd4800 is used with MSVC. This significantly reduces the likelihood of potential crashes from bogus integer values. There are some parts of the code that take int when they should take size_t or an offset. Such places would make qpdf not support files with more than 2^31 of something that usually wouldn't be so large. In the event that such a file shows up and is valid, at least qpdf would raise an error in the right spot so the issue could be legitimately addressed rather than failing in some weird way because of a silent overflow condition.
67 lines
1.5 KiB
C++
67 lines
1.5 KiB
C++
#include <qpdf/Pl_RC4.hh>
|
|
#include <qpdf/Pl_StdioFile.hh>
|
|
#include <qpdf/QUtil.hh>
|
|
#include <qpdf/QIntC.hh>
|
|
|
|
#include <stdio.h>
|
|
#include <string.h>
|
|
#include <iostream>
|
|
#include <stdlib.h>
|
|
|
|
int main(int argc, char* argv[])
|
|
{
|
|
if (argc != 4)
|
|
{
|
|
std::cerr << "Usage: rc4 hex-key infile outfile" << std::endl;
|
|
exit(2);
|
|
}
|
|
|
|
char* hexkey = argv[1];
|
|
char* infilename = argv[2];
|
|
char* outfilename = argv[3];
|
|
unsigned int hexkeylen = QIntC::to_uint(strlen(hexkey));
|
|
unsigned int keylen = hexkeylen / 2;
|
|
unsigned char* key = new unsigned char[keylen + 1];
|
|
key[keylen] = '\0';
|
|
|
|
FILE* infile = QUtil::safe_fopen(infilename, "rb");
|
|
for (unsigned int i = 0; i < strlen(hexkey); i += 2)
|
|
{
|
|
char t[3];
|
|
t[0] = hexkey[i];
|
|
t[1] = hexkey[i + 1];
|
|
t[2] = '\0';
|
|
|
|
long val = strtol(t, 0, 16);
|
|
key[i/2] = static_cast<unsigned char>(val);
|
|
}
|
|
|
|
FILE* outfile = QUtil::safe_fopen(outfilename, "wb");
|
|
Pl_StdioFile* out = new Pl_StdioFile("stdout", outfile);
|
|
// Use a small buffer size (64) for testing
|
|
Pl_RC4* rc4 = new Pl_RC4("rc4", out, key, QIntC::to_int(keylen), 64U);
|
|
delete [] key;
|
|
|
|
// 64 < buffer size < 512, buffer_size is not a power of 2 for testing
|
|
unsigned char buf[100];
|
|
bool done = false;
|
|
while (! done)
|
|
{
|
|
size_t len = fread(buf, 1, sizeof(buf), infile);
|
|
if (len <= 0)
|
|
{
|
|
done = true;
|
|
}
|
|
else
|
|
{
|
|
rc4->write(buf, len);
|
|
}
|
|
}
|
|
rc4->finish();
|
|
delete rc4;
|
|
delete out;
|
|
fclose(infile);
|
|
fclose(outfile);
|
|
return 0;
|
|
}
|