diff options
| author | Jay Berkenbilt <ejb@ql.org> | 2019-06-21 05:35:23 +0200 |
|---|---|---|
| committer | Jay Berkenbilt <ejb@ql.org> | 2019-06-21 19:17:21 +0200 |
| commit | d71f05ca07eb5c7cfa4d6d23e5c1f2a800f52e8e (patch) | |
| tree | 60f4a13cbadee1a02a49f35f325460f2ad507c95 /libqpdf/Pl_AES_PDF.cc | |
| parent | f40ffc9d6392edf9b6fe74d288d6d578e6d1a240 (diff) | |
| download | qpdf-d71f05ca07eb5c7cfa4d6d23e5c1f2a800f52e8e.tar.zst | |
Fix sign and conversion warnings (major)
This makes all integer type conversions that have potential data loss
explicit with calls that do range checks and raise an exception. After
this commit, qpdf builds with no warnings when -Wsign-conversion
-Wconversion is used with gcc or clang or when -W3 -Wd4800 is used
with MSVC. This significantly reduces the likelihood of potential
crashes from bogus integer values.
There are some parts of the code that take int when they should take
size_t or an offset. Such places would make qpdf not support files
with more than 2^31 of something that usually wouldn't be so large. In
the event that such a file shows up and is valid, at least qpdf would
raise an error in the right spot so the issue could be legitimately
addressed rather than failing in some weird way because of a silent
overflow condition.
Diffstat (limited to 'libqpdf/Pl_AES_PDF.cc')
| -rw-r--r-- | libqpdf/Pl_AES_PDF.cc | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/libqpdf/Pl_AES_PDF.cc b/libqpdf/Pl_AES_PDF.cc index 5c493cb4..c2c921e6 100644 --- a/libqpdf/Pl_AES_PDF.cc +++ b/libqpdf/Pl_AES_PDF.cc @@ -4,6 +4,7 @@ #include <assert.h> #include <stdexcept> #include <qpdf/rijndael.h> +#include <qpdf/QIntC.hh> #include <string> #include <stdlib.h> @@ -11,7 +12,7 @@ bool Pl_AES_PDF::use_static_iv = false; Pl_AES_PDF::Pl_AES_PDF(char const* identifier, Pipeline* next, bool encrypt, unsigned char const* key, - unsigned int key_bytes) : + size_t key_bytes) : Pipeline(identifier, next), encrypt(encrypt), cbc_mode(true), @@ -22,11 +23,11 @@ Pl_AES_PDF::Pl_AES_PDF(char const* identifier, Pipeline* next, use_specified_iv(false), disable_padding(false) { - unsigned int keybits = 8 * key_bytes; + size_t keybits = 8 * key_bytes; assert(key_bytes == KEYLENGTH(keybits)); this->key = new unsigned char[key_bytes]; this->rk = new uint32_t[RKLENGTH(keybits)]; - unsigned int rk_bytes = RKLENGTH(keybits) * sizeof(uint32_t); + size_t rk_bytes = RKLENGTH(keybits) * sizeof(uint32_t); std::memcpy(this->key, key, key_bytes); std::memset(this->rk, 0, rk_bytes); std::memset(this->inbuf, 0, this->buf_size); @@ -68,7 +69,7 @@ Pl_AES_PDF::setIV(unsigned char const* iv, size_t bytes) { throw std::logic_error( "Pl_AES_PDF: specified initialization vector" - " size in bytes must be " + QUtil::int_to_string(bytes)); + " size in bytes must be " + QUtil::uint_to_string(bytes)); } this->use_specified_iv = true; memcpy(this->specified_iv, iv, bytes); @@ -123,7 +124,7 @@ Pl_AES_PDF::finish() // specification, including providing an entire block of padding // if the input was a multiple of 16 bytes. unsigned char pad = - static_cast<unsigned char>(this->buf_size - this->offset); + QIntC::to_uchar(this->buf_size - this->offset); memset(this->inbuf + this->offset, pad, pad); this->offset = this->buf_size; flush(false); @@ -166,7 +167,7 @@ Pl_AES_PDF::initializeVector() { for (unsigned int i = 0; i < this->buf_size; ++i) { - this->cbc_block[i] = 14 * (1 + i); + this->cbc_block[i] = static_cast<unsigned char>(14U * (1U + i)); } } else |