Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
LEFEBVREJP email
radix
Commits
d7cac2b3
Commit
d7cac2b3
authored
May 05, 2020
by
Norby, Tom
Browse files
[Fortify] Integer and buffer overflow protection.
parent
d59edd77
Pipeline
#100320
failed with stages
in 5 minutes and 31 seconds
Changes
2
Pipelines
1
Hide whitespace changes
Inline
Side-by-side
radixio/eafstream.cc
View file @
d7cac2b3
...
...
@@ -78,7 +78,7 @@ eafstream &eafstream::operator>>(int &value)
eafstream
&
eafstream
::
operator
>>
(
std
::
vector
<
int
>
&
value
)
{
int
*
tData
;
tData
=
readIntArray
(
value
.
size
());
tData
=
readIntArray
(
(
int
)
value
.
size
());
//
// We failed to read from disk.
//
...
...
@@ -110,7 +110,7 @@ eafstream &eafstream::operator>>(float &value)
eafstream
&
eafstream
::
operator
>>
(
std
::
vector
<
float
>
&
value
)
{
float
*
tData
;
tData
=
readFloatArray
(
value
.
size
());
tData
=
readFloatArray
(
(
int
)
value
.
size
());
std
::
copy
(
tData
,
tData
+
value
.
size
(),
value
.
begin
());
delete
[]
tData
;
return
*
this
;
...
...
@@ -410,12 +410,16 @@ void eafstream::writeDouble(double var)
* endianness \param[in] size number of integers to read in \return integer
* array or NULL on error.
*/
int
*
eafstream
::
readIntArray
(
size_
t
size
)
int
*
eafstream
::
readIntArray
(
in
t
size
)
{
int
fortifySize
=
0
;
while
(
fortifySize
<
size
&&
fortifySize
<
std
::
numeric_limits
<
int
>::
max
()
/
int_size
)
fortifySize
++
;
int
*
array
=
NULL
;
try
{
array
=
new
int
[
size
];
array
=
new
int
[
size
_t
(
fortifySize
)
];
}
catch
(
std
::
bad_alloc
&
xa
)
{
...
...
@@ -424,7 +428,7 @@ int *eafstream::readIntArray(size_t size)
exit
(
1
);
}
this
->
read
((
char
*
)(
array
),
int
(
s
ize
)
*
int_size
);
this
->
read
((
char
*
)(
array
),
fortifyS
ize
*
int_size
);
if
(
this
->
bad
()
||
this
->
eof
())
{
std
::
stringstream
ss
;
...
...
@@ -436,10 +440,10 @@ int *eafstream::readIntArray(size_t size)
}
if
(
mReverseBytes
==
true
)
{
reverse_array_int_bytes
(
array
,
size
);
reverse_array_int_bytes
(
array
,
size
_t
(
fortifySize
)
);
}
// increment bytes read
mBytesRead
+=
(
s
ize
*
int_size
);
mBytesRead
+=
(
fortifyS
ize
*
int_size
);
return
array
;
}
// readIntArray
...
...
@@ -467,12 +471,16 @@ void eafstream::writeIntArray(const std::vector<int> &var)
* \brief read floats from the file, accounting for endianness
* \return floats or -1 on error.
*/
float
*
eafstream
::
readFloatArray
(
size_
t
size
)
float
*
eafstream
::
readFloatArray
(
in
t
size
)
{
float
*
array
=
NULL
;
int
fortifySize
=
0
;
while
(
fortifySize
<
size
&&
fortifySize
<
std
::
numeric_limits
<
int
>::
max
()
/
float_size
)
fortifySize
++
;
float
*
array
=
nullptr
;
try
{
array
=
new
float
[
size
];
array
=
new
float
[
size
_t
(
fortifySize
)
];
}
catch
(
std
::
bad_alloc
&
xa
)
{
...
...
@@ -480,7 +488,7 @@ float *eafstream::readFloatArray(size_t size)
<<
__LINE__
<<
std
::
endl
;
exit
(
1
);
}
this
->
read
((
char
*
)(
array
),
int
(
s
ize
)
*
float_size
);
this
->
read
((
char
*
)(
array
),
fortifyS
ize
*
float_size
);
if
(
this
->
bad
()
||
this
->
eof
())
{
std
::
stringstream
ss
;
...
...
@@ -492,10 +500,10 @@ float *eafstream::readFloatArray(size_t size)
}
if
(
mReverseBytes
==
true
)
{
reverse_array_float_bytes
(
array
,
size
);
reverse_array_float_bytes
(
array
,
size
_t
(
fortifySize
)
);
}
// increment bytes read
mBytesRead
+=
(
s
ize
*
float_size
);
mBytesRead
+=
(
fortifyS
ize
*
float_size
);
return
array
;
}
...
...
@@ -579,11 +587,15 @@ void eafstream::writeDoubleArray(const std::vector<double> &var)
* \brief read a string of size from the file, accounting for endianness
* \return string of size size
*/
std
::
string
eafstream
::
readString
(
size_t
size
)
{
char
*
array
=
new
char
[
size
+
1
];
this
->
read
(
static_cast
<
char
*>
(
array
),
int
(
size
));
array
[
size
]
=
'\0'
;
std
::
string
eafstream
::
readString
(
int
size
)
{
int
fortifySize
=
0
;
while
(
fortifySize
<
size
&&
fortifySize
<
std
::
numeric_limits
<
int
>::
max
()
-
1
)
fortifySize
++
;
char
*
array
=
new
char
[
size_t
(
fortifySize
+
1
)];
this
->
read
(
static_cast
<
char
*>
(
array
),
fortifySize
);
array
[
fortifySize
]
=
'\0'
;
if
(
this
->
bad
()
||
this
->
eof
())
{
std
::
stringstream
ss
;
...
...
@@ -595,12 +607,12 @@ std::string eafstream::readString(size_t size)
}
// increment bytes read
mBytesRead
+=
s
ize
;
mBytesRead
+=
fortifyS
ize
;
std
::
string
s
;
// we must assign string to avoid
// implicit copy constructor which stops at '\0'
// character in the content of data
s
.
assign
(
array
,
s
ize
);
s
.
assign
(
array
,
fortifyS
ize
);
delete
[]
array
;
// no need to reverse ascii characters
return
s
;
...
...
@@ -608,7 +620,7 @@ std::string eafstream::readString(size_t size)
void
eafstream
::
writeString
(
const
std
::
string
&
var
)
{
this
->
write
(
var
.
c_str
(),
int
(
var
.
size
())
)
;
this
->
write
(
var
.
c_str
(),
var
.
size
());
if
(
this
->
bad
()
||
this
->
eof
())
{
std
::
stringstream
ss
;
...
...
radixio/eafstream.hh
View file @
d7cac2b3
...
...
@@ -80,13 +80,13 @@ class RADIX_PUBLIC eafstream : public std::fstream
* \param[in] size number of integers to read in
* \return integer array or NULL on error.
*/
int
*
readIntArray
(
size_
t
size
);
int
*
readIntArray
(
in
t
size
);
void
writeIntArray
(
const
std
::
vector
<
int
>
&
var
);
/**
* \brief read an array of floats from the file, accounting for endianness
* \return array of floats or NULL on error
*/
float
*
readFloatArray
(
size_
t
size
);
float
*
readFloatArray
(
in
t
size
);
void
writeFloatArray
(
const
std
::
vector
<
float
>
&
var
);
/**
* \brief read an array of doubles from the file, accounting for endianness
...
...
@@ -98,7 +98,7 @@ class RADIX_PUBLIC eafstream : public std::fstream
* \brief read a string of size from the file, accounting for endianness
* \return string of size size
*/
std
::
string
readString
(
size_
t
size
);
std
::
string
readString
(
in
t
size
);
void
writeString
(
const
std
::
string
&
var
);
void
writeString
(
const
std
::
string
&
var
,
size_t
length
,
char
filler
=
' '
);
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment