From d71f05ca07eb5c7cfa4d6d23e5c1f2a800f52e8e Mon Sep 17 00:00:00 2001 From: Jay Berkenbilt Date: Thu, 20 Jun 2019 23:35:23 -0400 Subject: Fix sign and conversion warnings (major) This makes all integer type conversions that have potential data loss explicit with calls that do range checks and raise an exception. After this commit, qpdf builds with no warnings when -Wsign-conversion -Wconversion is used with gcc or clang or when -W3 -Wd4800 is used with MSVC. This significantly reduces the likelihood of potential crashes from bogus integer values. There are some parts of the code that take int when they should take size_t or an offset. Such places would make qpdf not support files with more than 2^31 of something that usually wouldn't be so large. In the event that such a file shows up and is valid, at least qpdf would raise an error in the right spot so the issue could be legitimately addressed rather than failing in some weird way because of a silent overflow condition. --- fuzz/standalone_fuzz_target_runner.cc | 58 +++++++++++++++++++++-------------- 1 file changed, 35 insertions(+), 23 deletions(-) (limited to 'fuzz/standalone_fuzz_target_runner.cc') diff --git a/fuzz/standalone_fuzz_target_runner.cc b/fuzz/standalone_fuzz_target_runner.cc index 9881d0fb..59fb0438 100644 --- a/fuzz/standalone_fuzz_target_runner.cc +++ b/fuzz/standalone_fuzz_target_runner.cc @@ -1,34 +1,46 @@ -// Copyright 2017 Google Inc. All Rights Reserved. -// Licensed under the Apache License, Version 2.0 (the "License"); - -// Except for formatting, comments, and portability, this was copied -// from projects/example/my-api-repo/standalone_fuzz_target_runner.cpp -// in https://github.com/oss-fuzz - -#include +#include +#include +#include #include -#include -#include +#include extern "C" int LLVMFuzzerTestOneInput(unsigned char const* data, size_t size); +static void read_file_into_memory( + char const* filename, + PointerHolder& file_buf, size_t& size) +{ + FILE* f = QUtil::safe_fopen(filename, "rb"); + fseek(f, 0, SEEK_END); + size = QIntC::to_size(QUtil::tell(f)); + fseek(f, 0, SEEK_SET); + file_buf = PointerHolder(true, new unsigned char[size]); + unsigned char* buf_p = file_buf.getPointer(); + size_t bytes_read = 0; + size_t len = 0; + while ((len = fread(buf_p + bytes_read, 1, size - bytes_read, f)) > 0) + { + bytes_read += len; + } + if (bytes_read != size) + { + throw std::runtime_error( + std::string("failure reading file ") + filename + + " into memory: read " + + QUtil::uint_to_string(bytes_read) + "; wanted " + + QUtil::uint_to_string(size)); + } + fclose(f); +} + int main(int argc, char **argv) { for (int i = 1; i < argc; i++) { - std::ifstream in(argv[i]); - in.seekg(0, in.end); - size_t length = in.tellg(); - in.seekg (0, in.beg); - std::cout << "checking " << argv[i] << std::endl; - // Allocate exactly length bytes so that we reliably catch - // buffer overflows. - std::vector bytes(length); - in.read(bytes.data(), bytes.size()); - assert(in); - LLVMFuzzerTestOneInput( - reinterpret_cast(bytes.data()), - bytes.size()); + PointerHolder file_buf; + size_t size = 0; + read_file_into_memory(argv[i], file_buf, size); + LLVMFuzzerTestOneInput(file_buf.getPointer(), size); std::cout << argv[i] << " successful" << std::endl; } return 0; -- cgit v1.2.3-54-g00ecf