Age | Commit message (Collapse) | Author |
|
Use PointerHolder in several places where manually memory allocation
and deallocation were being used. This helps to protect against memory
leaks when exceptions are thrown in surprising places.
|
|
This code was essentially duplicated between test_driver and
standalone_fuzz_target_runner.
|
|
|
|
|
|
This makes all integer type conversions that have potential data loss
explicit with calls that do range checks and raise an exception. After
this commit, qpdf builds with no warnings when -Wsign-conversion
-Wconversion is used with gcc or clang or when -W3 -Wd4800 is used
with MSVC. This significantly reduces the likelihood of potential
crashes from bogus integer values.
There are some parts of the code that take int when they should take
size_t or an offset. Such places would make qpdf not support files
with more than 2^31 of something that usually wouldn't be so large. In
the event that such a file shows up and is valid, at least qpdf would
raise an error in the right spot so the issue could be legitimately
addressed rather than failing in some weird way because of a silent
overflow condition.
|
|
|
|
|
|
|
|
the classic one nor newer ones based on CLANG.
|
|
|
|
|
|
|
|
|
|
|
|
If set, we avoid using Windows I/O HANDLE, which is disallowed in some
versions of the Windows SDK, such as for Windows phones.
QUtil::same_file will always return false in this case. Only applies
to Windows builds.
|
|
|
|
|
|
|
|
|
|
Also move tests to libtests.
|
|
|
|
|
|
Use 0 instead of NULL in a cast.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
For cross compiling.
|
|
The 64 Bit file functions are supported by C++-Builder as well and
need to be used, else fseek will error out on larger files than 4 GB
like used in the large file test.
|
|
|
|
Add a method to get the current random data provider, and document and
test the method for resetting it.
|
|
Add new RandomDataProvider object and implement existing random number
generation in terms of that. This enables end users to supply their
own random data providers.
|
|
If NO_GET_ENVIRONMENT is #defined at compile time on Windows, do not
call GetEnvironmentVariable. QUtil::get_env will always return
false. This option is not available through configure. This was
added to support a specific user's requirements to avoid calling
GetEnvironmentVariable from the Windows API. Nothing in qpdf outside
the test coverage system in qtest relies on QUtil::get_env.
|
|
For std::string and std::vector, replace operator[] with at. This was
done using an automated process. See README.hardening for details.
|
|
If not available, give an error. The user may also configure qpdf to
use an insecure random number generator.
|
|
|
|
|
|
Make remaining calls to fopen and strerror use strerror_s and fopen_s
on MSVC.
|
|
fopen was previuosly called wrapped by QUtil::fopen_wrapper, but
QUtil::safe_fopen does this itself, which is less cumbersome.
|
|
|
|
Put a specific comment marker next to every piece of code that MSVC
gives warning 4996 for. This warning is generated for calls to
functions that Microsoft considers insecure or deprecated. This
change is in preparation for fixing all these cases even though none
of them are actually incorrect or insecure as used in qpdf. The
comment marker makes them easier to find so they can be fixed in
subsequent commits.
|
|
Make them safer by avoiding any internal limits and replacing sprintf
with std::ostringstream.
|
|
|
|
Add QUtil::hex_encode to encode binary data has a hexadecimal string,
and use it in place of sprintf where possible.
|
|
|