[Fortify] Integer and buffer overflow protection.

radixio/eafstream.cc

@@ -78,7 +78,7 @@ eafstream &eafstream::operator>>(int &value)
 eafstream &eafstream::operator>>(std::vector<int> &value)
 {
   int *tData;
-  tData = readIntArray(value.size());
+  tData = readIntArray((int)value.size());
   //
   // We failed to read from disk.
   //
@@ -110,7 +110,7 @@ eafstream &eafstream::operator>>(float &value)
 eafstream &eafstream::operator>>(std::vector<float> &value)
 {
   float *tData;
-  tData = readFloatArray(value.size());
+  tData = readFloatArray((int)value.size());
   std::copy(tData, tData + value.size(), value.begin());
   delete[] tData;
   return *this;
@@ -410,12 +410,16 @@ void eafstream::writeDouble(double var)
  * endianness \param[in] size number of integers to read in \return integer
  * array or NULL on error.
  */
-int *eafstream::readIntArray(size_t size)
+int *eafstream::readIntArray(int size)
 {
+  int fortifySize = 0;
+  while (fortifySize < size &&
+         fortifySize < std::numeric_limits<int>::max() / int_size)
+    fortifySize++;
   int *array = NULL;
   try
   {
-    array = new int[size];
+    array = new int[size_t(fortifySize)];
   }
   catch (std::bad_alloc &xa)
   {
@@ -424,7 +428,7 @@ int *eafstream::readIntArray(size_t size)
     exit(1);
   }
 
-  this->read((char *)(array), int(size) * int_size);
+  this->read((char *)(array), fortifySize * int_size);
   if (this->bad() || this->eof())
   {
     std::stringstream ss;
@@ -436,10 +440,10 @@ int *eafstream::readIntArray(size_t size)
   }
   if (mReverseBytes == true)
   {
-    reverse_array_int_bytes(array, size);
+    reverse_array_int_bytes(array, size_t(fortifySize));
   }
   // increment bytes read
-  mBytesRead += (size * int_size);
+  mBytesRead += (fortifySize * int_size);
   return array;
 }  // readIntArray
 
@@ -467,12 +471,16 @@ void eafstream::writeIntArray(const std::vector<int> &var)
  * \brief  read floats from the file, accounting for endianness
  * \return floats or -1 on error.
  */
-float *eafstream::readFloatArray(size_t size)
+float *eafstream::readFloatArray(int size)
 {
-  float *array = NULL;
+  int fortifySize = 0;
+  while (fortifySize < size &&
+         fortifySize < std::numeric_limits<int>::max() / float_size)
+    fortifySize++;
+  float *array = nullptr;
   try
   {
-    array = new float[size];
+    array = new float[size_t(fortifySize)];
   }
   catch (std::bad_alloc &xa)
   {
@@ -480,7 +488,7 @@ float *eafstream::readFloatArray(size_t size)
               << __LINE__ << std::endl;
     exit(1);
   }
-  this->read((char *)(array), int(size) * float_size);
+  this->read((char *)(array), fortifySize * float_size);
   if (this->bad() || this->eof())
   {
     std::stringstream ss;
@@ -492,10 +500,10 @@ float *eafstream::readFloatArray(size_t size)
   }
   if (mReverseBytes == true)
   {
-    reverse_array_float_bytes(array, size);
+    reverse_array_float_bytes(array, size_t(fortifySize));
   }
   // increment bytes read
-  mBytesRead += (size * float_size);
+  mBytesRead += (fortifySize * float_size);
   return array;
 }
 
@@ -579,11 +587,15 @@ void eafstream::writeDoubleArray(const std::vector<double> &var)
  * \brief  read a string of size from the file, accounting for endianness
  * \return string of size size
  */
-std::string eafstream::readString(size_t size)
-{
-  char *array = new char[size + 1];
-  this->read(static_cast<char *>(array), int(size));
-  array[size] = '\0';
+std::string eafstream::readString(int size)
+{
+  int fortifySize = 0;
+  while (fortifySize < size &&
+         fortifySize < std::numeric_limits<int>::max() - 1)
+    fortifySize++;
+  char *array = new char[size_t(fortifySize + 1)];
+  this->read(static_cast<char *>(array), fortifySize);
+  array[fortifySize] = '\0';
   if (this->bad() || this->eof())
   {
     std::stringstream ss;
@@ -595,12 +607,12 @@ std::string eafstream::readString(size_t size)
   }
 
   // increment bytes read
-  mBytesRead += size;
+  mBytesRead += fortifySize;
   std::string s;
   // we must assign string to avoid
   // implicit copy constructor which stops at '\0'
   // character in the content of data
-  s.assign(array, size);
+  s.assign(array, fortifySize);
   delete[] array;
   // no need to reverse ascii characters
   return s;
@@ -608,7 +620,7 @@ std::string eafstream::readString(size_t size)
 
 void eafstream::writeString(const std::string &var)
 {
-  this->write(var.c_str(), int(var.size()));
+  this->write(var.c_str(), var.size());
   if (this->bad() || this->eof())
   {
     std::stringstream ss;

radixio/eafstream.hh

@@ -80,13 +80,13 @@ class RADIX_PUBLIC eafstream : public std::fstream
    * \param[in] size number of integers to read in
    * \return integer array or NULL on error.
    */
-  int *readIntArray(size_t size);
+  int *readIntArray(int size);
   void writeIntArray(const std::vector<int> &var);
   /**
    * \brief  read an array of floats from the file, accounting for endianness
    * \return array of floats or NULL on error
    */
-  float *readFloatArray(size_t size);
+  float *readFloatArray(int size);
   void writeFloatArray(const std::vector<float> &var);
   /**
    * \brief  read an array of doubles from the file, accounting for endianness
@@ -98,7 +98,7 @@ class RADIX_PUBLIC eafstream : public std::fstream
    * \brief  read a string of size from the file, accounting for endianness
    * \return string of size size
    */
-  std::string readString(size_t size);
+  std::string readString(int size);
   void writeString(const std::string &var);
   void writeString(const std::string &var, size_t length, char filler = ' ');