QCBOR: Quiet static analyzers; add bigfloat support; documentation improvements
Refined use of types, particular integer types and their signedness so there
are fewer warnings from static analyzers. Added casts to make implicit
type conversions explicit and more clear for code reader. No actual bugs
or vulnerabilities where found by the static analyzer but a lot of lines
were changed.
Cleaner handling of too-long bstr and tstr error condition when decoding.
Add support for bigfloats and decimal fractions -- all of RFC 7049 is now
supported except duplicate detection when decoding maps and some of
strict mode. Dead-stripping and/or linking through a .a file will
automatically leave out the added code on the encoder side.
bytes or so of code on the decode side
Documentation corrections and improved code formatting, fewer
long lines, spelling... A lot of lines where change for this.
Repair a few tests that weren't testing what they were supposed
to be testing.
Change-Id: I4c9c56c1ee16812eac7a5c2f2ba0d896f3f1b5ae
Signed-off-by: Laurence Lundblade <lgl@securitytheory.com>
diff --git a/lib/ext/qcbor/src/UsefulBuf.c b/lib/ext/qcbor/src/UsefulBuf.c
index 0c336b8..a96f74e 100644
--- a/lib/ext/qcbor/src/UsefulBuf.c
+++ b/lib/ext/qcbor/src/UsefulBuf.c
@@ -1,6 +1,6 @@
/*==============================================================================
Copyright (c) 2016-2018, The Linux Foundation.
- Copyright (c) 2018-2019, Laurence Lundblade.
+ Copyright (c) 2018-2020, Laurence Lundblade.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are
@@ -27,9 +27,9 @@
WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- ==============================================================================*/
+ =============================================================================*/
-/*===================================================================================
+/*=============================================================================
FILE: UsefulBuf.c
DESCRIPTION: General purpose input and output buffers
@@ -39,24 +39,27 @@
This section contains comments describing changes made to the module.
Notice that changes are listed in reverse chronological order.
- when who what, where, why
- -------- ---- ---------------------------------------------------
- 11/08/2019 llundblade Re check pointer math and update comments
- 3/6/2019 llundblade Add UsefulBuf_IsValue()
- 09/07/17 llundbla Fix critical bug in UsefulBuf_Find() -- a read off
- the end of memory when the bytes to find is longer
- than the bytes to search.
- 06/27/17 llundbla Fix UsefulBuf_Compare() bug. Only affected comparison
- for < or > for unequal length buffers. Added
- UsefulBuf_Set() function.
- 05/30/17 llundbla Functions for NULL UsefulBufs and const / unconst
- 11/13/16 llundbla Initial Version.
+ when who what, where, why
+ -------- ---- ---------------------------------------------------
+ 01/28/2020 llundblade Refine integer signedness to quiet static analysis.
+ 01/08/2020 llundblade Documentation corrections & improved code formatting.
+ 11/08/2019 llundblade Re check pointer math and update comments
+ 3/6/2019 llundblade Add UsefulBuf_IsValue()
+ 09/07/17 llundbla Fix critical bug in UsefulBuf_Find() -- a read off
+ the end of memory when the bytes to find is longer
+ than the bytes to search.
+ 06/27/17 llundbla Fix UsefulBuf_Compare() bug. Only affected comparison
+ for < or > for unequal length buffers. Added
+ UsefulBuf_Set() function.
+ 05/30/17 llundbla Functions for NULL UsefulBufs and const / unconst
+ 11/13/16 llundbla Initial Version.
- =====================================================================================*/
+ ============================================================================*/
#include "UsefulBuf.h"
-#define USEFUL_OUT_BUF_MAGIC (0x0B0F) // used to catch use of uninitialized or corrupted UOBs
+// used to catch use of uninitialized or corrupted UsefulOutBuf
+#define USEFUL_OUT_BUF_MAGIC (0x0B0F)
/*
@@ -64,7 +67,8 @@
*/
UsefulBufC UsefulBuf_CopyOffset(UsefulBuf Dest, size_t uOffset, const UsefulBufC Src)
{
- // Do this with subtraction so it doesn't give erroneous result if uOffset + Src.len overflows
+ // Do this with subtraction so it doesn't give erroneous
+ // result if uOffset + Src.len overflows
if(uOffset > Dest.len || Src.len > Dest.len - uOffset) { // uOffset + Src.len > Dest.len
return NULLUsefulBufC;
}
@@ -106,7 +110,8 @@
for(const uint8_t *p = UB.ptr; p < pEnd; p++) {
if(*p != uValue) {
/* Byte didn't match */
- return p - (uint8_t *)UB.ptr;
+ /* Cast from signed to unsigned . Safe because the loop increments.*/
+ return (size_t)(p - (uint8_t *)UB.ptr);
}
}
@@ -166,11 +171,13 @@
/*
Public function -- see UsefulBuf.h
- The core of UsefulOutBuf -- put some bytes in the buffer without writing off the end of it.
+ The core of UsefulOutBuf -- put some bytes in the buffer without writing off
+ the end of it.
Code Reviewers: THIS FUNCTION DOES POINTER MATH
- This function inserts the source buffer, NewData, into the destination buffer, me->UB.ptr.
+ This function inserts the source buffer, NewData, into the destination
+ buffer, me->UB.ptr.
Destination is represented as:
me->UB.ptr -- start of the buffer
@@ -192,7 +199,8 @@
2. Is insertion position in the range of valid data?
- 3. If insertion point is not at the end, slide data to the right of the insertion point to the right
+ 3. If insertion point is not at the end, slide data to the right of the
+ insertion point to the right
4. Put the new data in at the insertion position.
@@ -219,7 +227,9 @@
// be sure there is no pointer arithmatic under/overflow.
if(pMe->data_len > pMe->UB.len) { // Check #1
pMe->err = 1;
- return; // Offset of valid data is off the end of the UsefulOutBuf due to uninitialization or corruption
+ // Offset of valid data is off the end of the UsefulOutBuf due to
+ // uninitialization or corruption
+ return;
}
/* 1. Will it fit? */
@@ -330,7 +340,7 @@
/*
Public function -- see UsefulBuf.h
- The core of UsefulInputBuf -- consume some bytes without going off the end of the buffer.
+ The core of UsefulInputBuf -- consume bytes without going off end of buffer.
Code Reviewers: THIS FUNCTION DOES POINTER MATH
*/
@@ -342,14 +352,15 @@
}
if(!UsefulInputBuf_BytesAvailable(pMe, uAmount)) {
- // The number of bytes asked for at current position are more than available
+ // Number of bytes asked for at current position are more than available
pMe->err = 1;
return NULL;
}
// This is going to succeed
const void * const result = ((uint8_t *)pMe->UB.ptr) + pMe->cursor;
- pMe->cursor += uAmount; // this will not overflow because of check using UsefulInputBuf_BytesAvailable()
+ // Will not overflow because of check using UsefulInputBuf_BytesAvailable()
+ pMe->cursor += uAmount;
return result;
}