Commit d7cac2b3 authored by Norby, Tom's avatar Norby, Tom

[Fortify] Integer and buffer overflow protection.

parent d59edd77
Pipeline #100320 failed with stages
in 5 minutes and 31 seconds
......@@ -78,7 +78,7 @@ eafstream &eafstream::operator>>(int &value)
eafstream &eafstream::operator>>(std::vector<int> &value)
{
int *tData;
tData = readIntArray(value.size());
tData = readIntArray((int)value.size());
//
// We failed to read from disk.
//
......@@ -110,7 +110,7 @@ eafstream &eafstream::operator>>(float &value)
eafstream &eafstream::operator>>(std::vector<float> &value)
{
float *tData;
tData = readFloatArray(value.size());
tData = readFloatArray((int)value.size());
std::copy(tData, tData + value.size(), value.begin());
delete[] tData;
return *this;
......@@ -410,12 +410,16 @@ void eafstream::writeDouble(double var)
* endianness \param[in] size number of integers to read in \return integer
* array or NULL on error.
*/
int *eafstream::readIntArray(size_t size)
int *eafstream::readIntArray(int size)
{
int fortifySize = 0;
while (fortifySize < size &&
fortifySize < std::numeric_limits<int>::max() / int_size)
fortifySize++;
int *array = NULL;
try
{
array = new int[size];
array = new int[size_t(fortifySize)];
}
catch (std::bad_alloc &xa)
{
......@@ -424,7 +428,7 @@ int *eafstream::readIntArray(size_t size)
exit(1);
}
this->read((char *)(array), int(size) * int_size);
this->read((char *)(array), fortifySize * int_size);
if (this->bad() || this->eof())
{
std::stringstream ss;
......@@ -436,10 +440,10 @@ int *eafstream::readIntArray(size_t size)
}
if (mReverseBytes == true)
{
reverse_array_int_bytes(array, size);
reverse_array_int_bytes(array, size_t(fortifySize));
}
// increment bytes read
mBytesRead += (size * int_size);
mBytesRead += (fortifySize * int_size);
return array;
} // readIntArray
......@@ -467,12 +471,16 @@ void eafstream::writeIntArray(const std::vector<int> &var)
* \brief read floats from the file, accounting for endianness
* \return floats or -1 on error.
*/
float *eafstream::readFloatArray(size_t size)
float *eafstream::readFloatArray(int size)
{
float *array = NULL;
int fortifySize = 0;
while (fortifySize < size &&
fortifySize < std::numeric_limits<int>::max() / float_size)
fortifySize++;
float *array = nullptr;
try
{
array = new float[size];
array = new float[size_t(fortifySize)];
}
catch (std::bad_alloc &xa)
{
......@@ -480,7 +488,7 @@ float *eafstream::readFloatArray(size_t size)
<< __LINE__ << std::endl;
exit(1);
}
this->read((char *)(array), int(size) * float_size);
this->read((char *)(array), fortifySize * float_size);
if (this->bad() || this->eof())
{
std::stringstream ss;
......@@ -492,10 +500,10 @@ float *eafstream::readFloatArray(size_t size)
}
if (mReverseBytes == true)
{
reverse_array_float_bytes(array, size);
reverse_array_float_bytes(array, size_t(fortifySize));
}
// increment bytes read
mBytesRead += (size * float_size);
mBytesRead += (fortifySize * float_size);
return array;
}
......@@ -579,11 +587,15 @@ void eafstream::writeDoubleArray(const std::vector<double> &var)
* \brief read a string of size from the file, accounting for endianness
* \return string of size size
*/
std::string eafstream::readString(size_t size)
{
char *array = new char[size + 1];
this->read(static_cast<char *>(array), int(size));
array[size] = '\0';
std::string eafstream::readString(int size)
{
int fortifySize = 0;
while (fortifySize < size &&
fortifySize < std::numeric_limits<int>::max() - 1)
fortifySize++;
char *array = new char[size_t(fortifySize + 1)];
this->read(static_cast<char *>(array), fortifySize);
array[fortifySize] = '\0';
if (this->bad() || this->eof())
{
std::stringstream ss;
......@@ -595,12 +607,12 @@ std::string eafstream::readString(size_t size)
}
// increment bytes read
mBytesRead += size;
mBytesRead += fortifySize;
std::string s;
// we must assign string to avoid
// implicit copy constructor which stops at '\0'
// character in the content of data
s.assign(array, size);
s.assign(array, fortifySize);
delete[] array;
// no need to reverse ascii characters
return s;
......@@ -608,7 +620,7 @@ std::string eafstream::readString(size_t size)
void eafstream::writeString(const std::string &var)
{
this->write(var.c_str(), int(var.size()));
this->write(var.c_str(), var.size());
if (this->bad() || this->eof())
{
std::stringstream ss;
......
......@@ -80,13 +80,13 @@ class RADIX_PUBLIC eafstream : public std::fstream
* \param[in] size number of integers to read in
* \return integer array or NULL on error.
*/
int *readIntArray(size_t size);
int *readIntArray(int size);
void writeIntArray(const std::vector<int> &var);
/**
* \brief read an array of floats from the file, accounting for endianness
* \return array of floats or NULL on error
*/
float *readFloatArray(size_t size);
float *readFloatArray(int size);
void writeFloatArray(const std::vector<float> &var);
/**
* \brief read an array of doubles from the file, accounting for endianness
......@@ -98,7 +98,7 @@ class RADIX_PUBLIC eafstream : public std::fstream
* \brief read a string of size from the file, accounting for endianness
* \return string of size size
*/
std::string readString(size_t size);
std::string readString(int size);
void writeString(const std::string &var);
void writeString(const std::string &var, size_t length, char filler = ' ');
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment