From 9522a0b7c16414fce2103cf58bfdd63aaf0cb01b Mon Sep 17 00:00:00 2001 From: Nat Goodspeed Date: Thu, 3 Nov 2022 14:58:32 -0400 Subject: DRTVWR-575: Fix llcommon assumptions that size_t fits in 4 bytes. It's a little distressing how often we have historically coded S32 or U32 to pass a length or index. There are more such assumptions in other viewer subdirectories, but this is a start. --- indra/llcommon/llsdserialize.cpp | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) (limited to 'indra/llcommon/llsdserialize.cpp') diff --git a/indra/llcommon/llsdserialize.cpp b/indra/llcommon/llsdserialize.cpp index 8b4a0ee6d8..666da717b2 100644 --- a/indra/llcommon/llsdserialize.cpp +++ b/indra/llcommon/llsdserialize.cpp @@ -99,7 +99,7 @@ void LLSDSerialize::serialize(const LLSD& sd, std::ostream& str, ELLSD_Serialize } // static -bool LLSDSerialize::deserialize(LLSD& sd, std::istream& str, S32 max_bytes) +bool LLSDSerialize::deserialize(LLSD& sd, std::istream& str, size_t max_bytes) { LLPointer p = NULL; char hdr_buf[MAX_HDR_LEN + 1] = ""; /* Flawfinder: ignore */ @@ -252,7 +252,7 @@ F64 ll_ntohd(F64 netdouble) * @return Returns number of bytes read off of the stream. Returns * PARSE_FAILURE (-1) on failure. */ -int deserialize_string(std::istream& istr, std::string& value, S32 max_bytes); +int deserialize_string(std::istream& istr, std::string& value, size_t max_bytes); /** * @brief Parse a delimited string. @@ -280,7 +280,7 @@ int deserialize_string_delim(std::istream& istr, std::string& value, char d); int deserialize_string_raw( std::istream& istr, std::string& value, - S32 max_bytes); + size_t max_bytes); /** * @brief helper method for dealing with the different notation boolean format. @@ -329,7 +329,7 @@ LLSDParser::LLSDParser() LLSDParser::~LLSDParser() { } -S32 LLSDParser::parse(std::istream& istr, LLSD& data, S32 max_bytes, S32 max_depth) +S32 LLSDParser::parse(std::istream& istr, LLSD& data, size_t max_bytes, S32 max_depth) { mCheckLimits = (LLSDSerialize::SIZE_UNLIMITED == max_bytes) ? false : true; mMaxBytesLeft = max_bytes; @@ -803,7 +803,7 @@ bool LLSDNotationParser::parseBinary(std::istream& istr, LLSD& data) const { // We probably have a valid raw binary stream. determine // the size, and read it. - S32 len = strtol(buf + 2, NULL, 0); + auto len = strtol(buf + 2, NULL, 0); if(mCheckLimits && (len > mMaxBytesLeft)) return false; std::vector value; if(len) @@ -1592,7 +1592,7 @@ void LLSDBinaryFormatter::formatString( /** * local functions */ -int deserialize_string(std::istream& istr, std::string& value, S32 max_bytes) +int deserialize_string(std::istream& istr, std::string& value, size_t max_bytes) { int c = istr.get(); if(istr.fail()) @@ -1728,7 +1728,7 @@ int deserialize_string_delim( int deserialize_string_raw( std::istream& istr, std::string& value, - S32 max_bytes) + size_t max_bytes) { int count = 0; const S32 BUF_LEN = 20; @@ -1743,7 +1743,7 @@ int deserialize_string_raw( // We probably have a valid raw string. determine // the size, and read it. // *FIX: This is memory inefficient. - S32 len = strtol(buf + 1, NULL, 0); + auto len = strtol(buf + 1, NULL, 0); if((max_bytes>0)&&(len>max_bytes)) return LLSDParser::PARSE_FAILURE; std::vector buf; if(len) @@ -2110,7 +2110,7 @@ std::string zip_llsd(LLSD& data) U8 out[CHUNK]; - strm.avail_in = source.size(); + strm.avail_in = uint32_t(source.size()); strm.next_in = (U8*) source.data(); U8* output = NULL; @@ -2173,7 +2173,7 @@ std::string zip_llsd(LLSD& data) LLUZipHelper::EZipRresult LLUZipHelper::unzip_llsd(LLSD& data, std::istream& is, S32 size) { U8* result = NULL; - U32 cur_size = 0; + size_t cur_size = 0; z_stream strm; const U32 CHUNK = 65536; -- cgit v1.2.3 From 4349cb6165e983ff6bdd45ad1b82bb98bfc0436f Mon Sep 17 00:00:00 2001 From: Nat Goodspeed Date: Sat, 12 Nov 2022 18:59:21 -1000 Subject: DRTVWR-575: Address review comments on Xcode 14.1 type tweaks. Introduce LLSD template constructors and assignment operators to disambiguate construction or assignment from any integer type to Integer, likewise any floating point type to Real. Use new narrow() function to validate conversions. For LLSD method parameters converted from LLSD::Integer to size_t, where the method previously checked for a negative argument, make it now check for size_t converted from negative: in other words, more than S32_MAX. The risk of having a parameter forced from negative to unsigned exceeds the risk of a valid length or index over that max. In lltracerecording.cpp's PeriodicRecording, now that mCurPeriod and mNumRecordedPeriods are size_t instead of S32, defend against subtracting 1 from 0. Use narrow() to validate newly-introduced narrowing conversions. Make llclamp() return the type of the raw input value, even if the types of the boundary values differ. std::ostream::tellp() no longer returns a value we can directly report as a number. Cast to U64. --- indra/llcommon/llsdserialize.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'indra/llcommon/llsdserialize.cpp') diff --git a/indra/llcommon/llsdserialize.cpp b/indra/llcommon/llsdserialize.cpp index 666da717b2..b720e6adb6 100644 --- a/indra/llcommon/llsdserialize.cpp +++ b/indra/llcommon/llsdserialize.cpp @@ -2110,7 +2110,7 @@ std::string zip_llsd(LLSD& data) U8 out[CHUNK]; - strm.avail_in = uint32_t(source.size()); + strm.avail_in = narrow(source.size()); strm.next_in = (U8*) source.data(); U8* output = NULL; -- cgit v1.2.3 From 73aced620fce59d98373cec6e830315bb6781546 Mon Sep 17 00:00:00 2001 From: Nat Goodspeed Date: Tue, 6 Dec 2022 13:59:06 -0500 Subject: DRTVWR-575: Use llssize (signed size_t) for max_bytes parameters. Since LLSDSerialize::SIZE_UNLIMITED is negative, passing that through unsigned size_t parameters could result in peculiar behavior. --- indra/llcommon/llsdserialize.cpp | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'indra/llcommon/llsdserialize.cpp') diff --git a/indra/llcommon/llsdserialize.cpp b/indra/llcommon/llsdserialize.cpp index b720e6adb6..08b3e52597 100644 --- a/indra/llcommon/llsdserialize.cpp +++ b/indra/llcommon/llsdserialize.cpp @@ -99,7 +99,7 @@ void LLSDSerialize::serialize(const LLSD& sd, std::ostream& str, ELLSD_Serialize } // static -bool LLSDSerialize::deserialize(LLSD& sd, std::istream& str, size_t max_bytes) +bool LLSDSerialize::deserialize(LLSD& sd, std::istream& str, llssize max_bytes) { LLPointer p = NULL; char hdr_buf[MAX_HDR_LEN + 1] = ""; /* Flawfinder: ignore */ @@ -252,7 +252,7 @@ F64 ll_ntohd(F64 netdouble) * @return Returns number of bytes read off of the stream. Returns * PARSE_FAILURE (-1) on failure. */ -int deserialize_string(std::istream& istr, std::string& value, size_t max_bytes); +int deserialize_string(std::istream& istr, std::string& value, llssize max_bytes); /** * @brief Parse a delimited string. @@ -280,7 +280,7 @@ int deserialize_string_delim(std::istream& istr, std::string& value, char d); int deserialize_string_raw( std::istream& istr, std::string& value, - size_t max_bytes); + llssize max_bytes); /** * @brief helper method for dealing with the different notation boolean format. @@ -329,7 +329,7 @@ LLSDParser::LLSDParser() LLSDParser::~LLSDParser() { } -S32 LLSDParser::parse(std::istream& istr, LLSD& data, size_t max_bytes, S32 max_depth) +S32 LLSDParser::parse(std::istream& istr, LLSD& data, llssize max_bytes, S32 max_depth) { mCheckLimits = (LLSDSerialize::SIZE_UNLIMITED == max_bytes) ? false : true; mMaxBytesLeft = max_bytes; @@ -1592,7 +1592,7 @@ void LLSDBinaryFormatter::formatString( /** * local functions */ -int deserialize_string(std::istream& istr, std::string& value, size_t max_bytes) +int deserialize_string(std::istream& istr, std::string& value, llssize max_bytes) { int c = istr.get(); if(istr.fail()) @@ -1728,7 +1728,7 @@ int deserialize_string_delim( int deserialize_string_raw( std::istream& istr, std::string& value, - size_t max_bytes) + llssize max_bytes) { int count = 0; const S32 BUF_LEN = 20; @@ -2173,7 +2173,7 @@ std::string zip_llsd(LLSD& data) LLUZipHelper::EZipRresult LLUZipHelper::unzip_llsd(LLSD& data, std::istream& is, S32 size) { U8* result = NULL; - size_t cur_size = 0; + llssize cur_size = 0; z_stream strm; const U32 CHUNK = 65536; -- cgit v1.2.3 From db1d757aebc3dd23e542f7cd4f468dbcd97edcb7 Mon Sep 17 00:00:00 2001 From: Nat Goodspeed Date: Tue, 6 Dec 2022 14:40:11 -0500 Subject: DRTVWR-575: Update a few more int lengths in llsdserialize.{h,cpp}. --- indra/llcommon/llsdserialize.cpp | 70 ++++++++++++++++++++-------------------- 1 file changed, 35 insertions(+), 35 deletions(-) (limited to 'indra/llcommon/llsdserialize.cpp') diff --git a/indra/llcommon/llsdserialize.cpp b/indra/llcommon/llsdserialize.cpp index 08b3e52597..af57f4ac5e 100644 --- a/indra/llcommon/llsdserialize.cpp +++ b/indra/llcommon/llsdserialize.cpp @@ -50,7 +50,7 @@ #include "lluri.h" // File constants -static const int MAX_HDR_LEN = 20; +static const size_t MAX_HDR_LEN = 20; static const S32 UNZIP_LLSD_MAX_DEPTH = 96; static const char LEGACY_NON_HEADER[] = ""; const std::string LLSD_BINARY_HEADER("LLSD/Binary"); @@ -252,7 +252,7 @@ F64 ll_ntohd(F64 netdouble) * @return Returns number of bytes read off of the stream. Returns * PARSE_FAILURE (-1) on failure. */ -int deserialize_string(std::istream& istr, std::string& value, llssize max_bytes); +llssize deserialize_string(std::istream& istr, std::string& value, llssize max_bytes); /** * @brief Parse a delimited string. @@ -263,7 +263,7 @@ int deserialize_string(std::istream& istr, std::string& value, llssize max_bytes * @return Returns number of bytes read off of the stream. Returns * PARSE_FAILURE (-1) on failure. */ -int deserialize_string_delim(std::istream& istr, std::string& value, char d); +llssize deserialize_string_delim(std::istream& istr, std::string& value, char d); /** * @brief Read a raw string off the stream. @@ -277,7 +277,7 @@ int deserialize_string_delim(std::istream& istr, std::string& value, char d); * @return Returns number of bytes read off of the stream. Returns * PARSE_FAILURE (-1) on failure. */ -int deserialize_string_raw( +llssize deserialize_string_raw( std::istream& istr, std::string& value, llssize max_bytes); @@ -292,7 +292,7 @@ int deserialize_string_raw( * @return Returns number of bytes read off of the stream. Returns * PARSE_FAILURE (-1) on failure. */ -int deserialize_boolean( +llssize deserialize_boolean( std::istream& istr, LLSD& data, const std::string& compare, @@ -359,7 +359,7 @@ std::istream& LLSDParser::get( char delim) const { istr.get(s, n, delim); - if(mCheckLimits) mMaxBytesLeft -= (int)istr.gcount(); + if(mCheckLimits) mMaxBytesLeft -= istr.gcount(); return istr; } @@ -369,7 +369,7 @@ std::istream& LLSDParser::get( char delim) const { istr.get(sb, delim); - if(mCheckLimits) mMaxBytesLeft -= (int)istr.gcount(); + if(mCheckLimits) mMaxBytesLeft -= istr.gcount(); return istr; } @@ -393,11 +393,11 @@ std::istream& LLSDParser::read( std::streamsize n) const { istr.read(s, n); - if(mCheckLimits) mMaxBytesLeft -= (int)istr.gcount(); + if(mCheckLimits) mMaxBytesLeft -= istr.gcount(); return istr; } -void LLSDParser::account(S32 bytes) const +void LLSDParser::account(llssize bytes) const { if(mCheckLimits) mMaxBytesLeft -= bytes; } @@ -502,7 +502,7 @@ S32 LLSDNotationParser::doParse(std::istream& istr, LLSD& data, S32 max_depth) c c = istr.peek(); if(isalpha(c)) { - int cnt = deserialize_boolean( + auto cnt = deserialize_boolean( istr, data, NOTATION_FALSE_SERIAL, @@ -532,7 +532,7 @@ S32 LLSDNotationParser::doParse(std::istream& istr, LLSD& data, S32 max_depth) c c = istr.peek(); if(isalpha(c)) { - int cnt = deserialize_boolean(istr,data,NOTATION_TRUE_SERIAL,true); + auto cnt = deserialize_boolean(istr,data,NOTATION_TRUE_SERIAL,true); if(PARSE_FAILURE == cnt) parse_count = cnt; else account(cnt); } @@ -608,7 +608,7 @@ S32 LLSDNotationParser::doParse(std::istream& istr, LLSD& data, S32 max_depth) c c = get(istr); // pop the 'l' c = get(istr); // pop the delimiter std::string str; - int cnt = deserialize_string_delim(istr, str, c); + auto cnt = deserialize_string_delim(istr, str, c); if(PARSE_FAILURE == cnt) { parse_count = PARSE_FAILURE; @@ -631,7 +631,7 @@ S32 LLSDNotationParser::doParse(std::istream& istr, LLSD& data, S32 max_depth) c c = get(istr); // pop the 'd' c = get(istr); // pop the delimiter std::string str; - int cnt = deserialize_string_delim(istr, str, c); + auto cnt = deserialize_string_delim(istr, str, c); if(PARSE_FAILURE == cnt) { parse_count = PARSE_FAILURE; @@ -663,7 +663,7 @@ S32 LLSDNotationParser::doParse(std::istream& istr, LLSD& data, S32 max_depth) c default: parse_count = PARSE_FAILURE; - LL_INFOS() << "Unrecognized character while parsing: int(" << (int)c + LL_INFOS() << "Unrecognized character while parsing: int(" << int(c) << ")" << LL_ENDL; break; } @@ -694,7 +694,7 @@ S32 LLSDNotationParser::parseMap(std::istream& istr, LLSD& map, S32 max_depth) c { putback(istr, c); found_name = true; - int count = deserialize_string(istr, name, mMaxBytesLeft); + auto count = deserialize_string(istr, name, mMaxBytesLeft); if(PARSE_FAILURE == count) return PARSE_FAILURE; account(count); } @@ -776,7 +776,7 @@ S32 LLSDNotationParser::parseArray(std::istream& istr, LLSD& array, S32 max_dept bool LLSDNotationParser::parseString(std::istream& istr, LLSD& data) const { std::string value; - int count = deserialize_string(istr, value, mMaxBytesLeft); + auto count = deserialize_string(istr, value, mMaxBytesLeft); if(PARSE_FAILURE == count) return false; account(count); data = value; @@ -809,7 +809,7 @@ bool LLSDNotationParser::parseBinary(std::istream& istr, LLSD& data) const if(len) { value.resize(len); - account((int)fullread(istr, (char *)&value[0], len)); + account(fullread(istr, (char *)&value[0], len)); } c = get(istr); // strip off the trailing double-quote data = value; @@ -1006,7 +1006,7 @@ S32 LLSDBinaryParser::doParse(std::istream& istr, LLSD& data, S32 max_depth) con case '"': { std::string value; - int cnt = deserialize_string_delim(istr, value, c); + auto cnt = deserialize_string_delim(istr, value, c); if(PARSE_FAILURE == cnt) { parse_count = PARSE_FAILURE; @@ -1093,7 +1093,7 @@ S32 LLSDBinaryParser::doParse(std::istream& istr, LLSD& data, S32 max_depth) con if(size > 0) { value.resize(size); - account((int)fullread(istr, (char*)&value[0], size)); + account(fullread(istr, (char*)&value[0], size)); } data = value; } @@ -1107,7 +1107,7 @@ S32 LLSDBinaryParser::doParse(std::istream& istr, LLSD& data, S32 max_depth) con default: parse_count = PARSE_FAILURE; - LL_INFOS() << "Unrecognized character while parsing: int(" << (int)c + LL_INFOS() << "Unrecognized character while parsing: int(" << int(c) << ")" << LL_ENDL; break; } @@ -1141,7 +1141,7 @@ S32 LLSDBinaryParser::parseMap(std::istream& istr, LLSD& map, S32 max_depth) con case '\'': case '"': { - int cnt = deserialize_string_delim(istr, name, c); + auto cnt = deserialize_string_delim(istr, name, c); if(PARSE_FAILURE == cnt) return PARSE_FAILURE; account(cnt); break; @@ -1225,7 +1225,7 @@ bool LLSDBinaryParser::parseString( if(size) { buf.resize(size); - account((int)fullread(istr, &buf[0], size)); + account(fullread(istr, &buf[0], size)); value.assign(buf.begin(), buf.end()); } return true; @@ -1429,7 +1429,7 @@ S32 LLSDNotationFormatter::format_impl(const LLSD& data, std::ostream& ostr, ostr << std::uppercase; auto oldfill(ostr.fill('0')); auto oldwidth(ostr.width()); - for (int i = 0; i < buffer.size(); i++) + for (size_t i = 0; i < buffer.size(); i++) { // have to restate setw() before every conversion ostr << std::setw(2) << (int) buffer[i]; @@ -1592,7 +1592,7 @@ void LLSDBinaryFormatter::formatString( /** * local functions */ -int deserialize_string(std::istream& istr, std::string& value, llssize max_bytes) +llssize deserialize_string(std::istream& istr, std::string& value, llssize max_bytes) { int c = istr.get(); if(istr.fail()) @@ -1602,7 +1602,7 @@ int deserialize_string(std::istream& istr, std::string& value, llssize max_bytes return LLSDParser::PARSE_FAILURE; } - int rv = LLSDParser::PARSE_FAILURE; + llssize rv = LLSDParser::PARSE_FAILURE; switch(c) { case '\'': @@ -1622,7 +1622,7 @@ int deserialize_string(std::istream& istr, std::string& value, llssize max_bytes return rv + 1; // account for the character grabbed at the top. } -int deserialize_string_delim( +llssize deserialize_string_delim( std::istream& istr, std::string& value, char delim) @@ -1632,7 +1632,7 @@ int deserialize_string_delim( bool found_hex = false; bool found_digit = false; U8 byte = 0; - int count = 0; + llssize count = 0; while (true) { @@ -1647,7 +1647,7 @@ int deserialize_string_delim( } char next_char = (char)next_byte; // Now that we know it's not EOF - + if(found_escape) { // next character(s) is a special sequence. @@ -1725,16 +1725,16 @@ int deserialize_string_delim( return count; } -int deserialize_string_raw( +llssize deserialize_string_raw( std::istream& istr, std::string& value, llssize max_bytes) { - int count = 0; + llssize count = 0; const S32 BUF_LEN = 20; char buf[BUF_LEN]; /* Flawfinder: ignore */ istr.get(buf, BUF_LEN - 1, ')'); - count += (int)istr.gcount(); + count += istr.gcount(); int c = istr.get(); c = istr.get(); count += 2; @@ -1749,7 +1749,7 @@ int deserialize_string_raw( if(len) { buf.resize(len); - count += (int)fullread(istr, (char *)&buf[0], len); + count += fullread(istr, (char *)&buf[0], len); value.assign(buf.begin(), buf.end()); } c = istr.get(); @@ -2038,7 +2038,7 @@ void serialize_string(const std::string& value, std::ostream& str) } } -int deserialize_boolean( +llssize deserialize_boolean( std::istream& istr, LLSD& data, const std::string& compare, @@ -2055,7 +2055,7 @@ int deserialize_boolean( // * set data to LLSD::null // * return LLSDParser::PARSE_FAILURE (-1) // - int bytes_read = 0; + llssize bytes_read = 0; std::string::size_type ii = 0; char c = istr.peek(); while((++ii < compare.size()) @@ -2294,7 +2294,7 @@ LLUZipHelper::EZipRresult LLUZipHelper::unzip_llsd(LLSD& data, std::istream& is, //This unzip function will only work with a gzip header and trailer - while the contents //of the actual compressed data is the same for either format (gzip vs zlib ), the headers //and trailers are different for the formats. -U8* unzip_llsdNavMesh( bool& valid, unsigned int& outsize, std::istream& is, S32 size ) +U8* unzip_llsdNavMesh( bool& valid, size_t& outsize, std::istream& is, S32 size ) { if (size == 0) { -- cgit v1.2.3