diff options
author | Yujie Qin <yujieqin@google.com> | 2016-03-11 11:04:46 +0000 |
---|---|---|
committer | Android (Google) Code Review <android-gerrit@google.com> | 2016-03-11 11:04:46 +0000 |
commit | 67bc1e775074b78ad6b55489ee613ef9666a04fd (patch) | |
tree | ffd732b81b4d0626c9983e54e503ec08327b529f | |
parent | 48416beb7a23402c60da61af74e6ab5e537be723 (diff) | |
parent | d3ed1cc8d5900ad26c603e42171308dfc8074144 (diff) | |
download | dng_sdk-67bc1e775074b78ad6b55489ee613ef9666a04fd.tar.gz |
Merge "Integrate integer overflow changes from security branch" into nyc-dev
-rw-r--r-- | source/dng_ifd.cpp | 4 | ||||
-rw-r--r-- | source/dng_safe_arithmetic.cpp | 30 | ||||
-rw-r--r-- | source/dng_shared.cpp | 5 | ||||
-rw-r--r-- | source/dng_utils.h | 7 |
4 files changed, 32 insertions, 14 deletions
diff --git a/source/dng_ifd.cpp b/source/dng_ifd.cpp index 570477d..317ebf9 100644 --- a/source/dng_ifd.cpp +++ b/source/dng_ifd.cpp @@ -1326,8 +1326,8 @@ bool dng_ifd::ParseTag (dng_stream &stream, return false; } - if (!CheckTagCount (parentCode, tagCode, tagCount, fCFARepeatPatternRows * - fCFARepeatPatternCols)) + if (!CheckTagCount (parentCode, tagCode, tagCount, + SafeUint32Mult(fCFARepeatPatternRows, fCFARepeatPatternCols))) { return false; } diff --git a/source/dng_safe_arithmetic.cpp b/source/dng_safe_arithmetic.cpp index fc450f1..96eaec8 100644 --- a/source/dng_safe_arithmetic.cpp +++ b/source/dng_safe_arithmetic.cpp @@ -163,7 +163,8 @@ std::uint32_t SafeUint32Mult(std::uint32_t arg1, std::uint32_t arg2, std::int32_t SafeInt32Mult(std::int32_t arg1, std::int32_t arg2) { const std::int64_t tmp = static_cast<std::int64_t>(arg1) * static_cast<std::int64_t>(arg2); - if (tmp >= INT32_MIN && tmp <= INT32_MAX) { + if (tmp >= std::numeric_limits<std::int32_t>::min() && + tmp <= std::numeric_limits<std::int32_t>::max()) { return static_cast<std::int32_t>(tmp); } else { ThrowProgramError("Arithmetic overflow"); @@ -182,15 +183,16 @@ std::int64_t SafeInt64MultSlow(std::int64_t arg1, std::int64_t arg2) { if (arg1 > 0) { if (arg2 > 0) { - overflow = (arg1 > INT64_MAX / arg2); + overflow = (arg1 > std::numeric_limits<std::int64_t>::max() / arg2); } else { - overflow = (arg2 < INT64_MIN / arg1); + overflow = (arg2 < std::numeric_limits<std::int64_t>::min() / arg1); } } else { if (arg2 > 0) { - overflow = (arg1 < INT64_MIN / arg2); + overflow = (arg1 < std::numeric_limits<std::int64_t>::min() / arg2); } else { - overflow = (arg1 != 0 && arg2 < INT64_MAX / arg1); + overflow = (arg1 != 0 && + arg2 < std::numeric_limits<std::int64_t>::max() / arg1); } } @@ -269,8 +271,10 @@ std::int32_t ConvertUint32ToInt32(std::uint32_t val) { } std::int32_t ConvertDoubleToInt32(double val) { - const double kMin = static_cast<double>(INT32_MIN); - const double kMax = static_cast<double>(INT32_MAX); + const double kMin = + static_cast<double>(std::numeric_limits<std::int32_t>::min()); + const double kMax = + static_cast<double>(std::numeric_limits<std::int32_t>::max()); // NaNs will fail this test; they always compare false. if (val > kMin - 1.0 && val < kMax + 1.0) { return static_cast<std::int32_t>(val); @@ -279,3 +283,15 @@ std::int32_t ConvertDoubleToInt32(double val) { abort(); // Never reached. } } + +std::uint32_t ConvertDoubleToUint32(double val) { + const double kMax = + static_cast<double>(std::numeric_limits<std::uint32_t>::max()); + // NaNs will fail this test; they always compare false. + if (val >= 0.0 && val < kMax + 1.0) { + return static_cast<std::uint32_t>(val); + } else { + ThrowProgramError("Argument not in range in ConvertDoubleToUint32"); + abort(); // Never reached. + } +} diff --git a/source/dng_shared.cpp b/source/dng_shared.cpp index 961ac1f..3ff40a4 100644 --- a/source/dng_shared.cpp +++ b/source/dng_shared.cpp @@ -593,9 +593,8 @@ bool dng_camera_profile_info::ParseTag (dng_stream &stream, if (!skipSat0) { - if (!CheckTagCount (parentCode, tagCode, tagCount, fProfileHues * - fProfileSats * - fProfileVals * 3)) + if (!CheckTagCount (parentCode, tagCode, tagCount, + SafeUint32Mult(fProfileHues, fProfileSats, fProfileVals, 3))) return false; } diff --git a/source/dng_utils.h b/source/dng_utils.h index d945a6e..d87de51 100644 --- a/source/dng_utils.h +++ b/source/dng_utils.h @@ -18,6 +18,8 @@ /*****************************************************************************/ +#include <limits> + #include "dng_classes.h" #include "dng_flags.h" #include "dng_memory.h" @@ -481,7 +483,8 @@ inline int32 Round_int32 (real64 x) // NaNs will fail this test (because NaNs compare false against // everything) and will therefore also take the else branch. - if (temp > real64(INT32_MIN) - 1.0 && temp < real64(INT32_MAX) + 1.0) + if (temp > real64(std::numeric_limits<int32>::min()) - 1.0 && + temp < real64(std::numeric_limits<int32>::max()) + 1.0) { return (int32) temp; } @@ -509,7 +512,7 @@ inline uint32 Floor_uint32 (real64 x) // NaNs will fail this test (because NaNs compare false against // everything) and will therefore also take the else branch. - if (temp < real64(UINT32_MAX) + 1.0) + if (temp < real64(std::numeric_limits<uint32>::max()) + 1.0) { return (uint32) temp; } |