Commit 6b9297882e0106b5c0af53320673d6341b9bea91
1 parent
8be82776
Mark secure CRT warnings with comment
Put a specific comment marker next to every piece of code that MSVC gives warning 4996 for. This warning is generated for calls to functions that Microsoft considers insecure or deprecated. This change is in preparation for fixing all these cases even though none of them are actually incorrect or insecure as used in qpdf. The comment marker makes them easier to find so they can be fixed in subsequent commits.
Showing
17 changed files
with
33 additions
and
33 deletions
libqpdf/FileInputSource.cc
| @@ -16,7 +16,7 @@ FileInputSource::setFilename(char const* filename) | @@ -16,7 +16,7 @@ FileInputSource::setFilename(char const* filename) | ||
| 16 | this->filename = filename; | 16 | this->filename = filename; |
| 17 | this->close_file = true; | 17 | this->close_file = true; |
| 18 | this->file = QUtil::fopen_wrapper(std::string("open ") + this->filename, | 18 | this->file = QUtil::fopen_wrapper(std::string("open ") + this->filename, |
| 19 | - fopen(this->filename.c_str(), "rb")); | 19 | + fopen(this->filename.c_str(), "rb")); // XXXX |
| 20 | } | 20 | } |
| 21 | 21 | ||
| 22 | void | 22 | void |
libqpdf/MD5.cc
| @@ -330,7 +330,7 @@ void MD5::encodeFile(char const *filename, int up_to_size) | @@ -330,7 +330,7 @@ void MD5::encodeFile(char const *filename, int up_to_size) | ||
| 330 | 330 | ||
| 331 | FILE *file = QUtil::fopen_wrapper( | 331 | FILE *file = QUtil::fopen_wrapper( |
| 332 | std::string("MD5: open ") + filename, | 332 | std::string("MD5: open ") + filename, |
| 333 | - fopen(filename, "rb")); | 333 | + fopen(filename, "rb")); // XXXX |
| 334 | 334 | ||
| 335 | size_t len; | 335 | size_t len; |
| 336 | int so_far = 0; | 336 | int so_far = 0; |
libqpdf/Pl_ASCIIHexDecoder.cc
| @@ -9,7 +9,7 @@ Pl_ASCIIHexDecoder::Pl_ASCIIHexDecoder(char const* identifier, Pipeline* next) : | @@ -9,7 +9,7 @@ Pl_ASCIIHexDecoder::Pl_ASCIIHexDecoder(char const* identifier, Pipeline* next) : | ||
| 9 | pos(0), | 9 | pos(0), |
| 10 | eod(false) | 10 | eod(false) |
| 11 | { | 11 | { |
| 12 | - strcpy(this->inbuf, "00"); | 12 | + strcpy(this->inbuf, "00"); // XXXX |
| 13 | } | 13 | } |
| 14 | 14 | ||
| 15 | Pl_ASCIIHexDecoder::~Pl_ASCIIHexDecoder() | 15 | Pl_ASCIIHexDecoder::~Pl_ASCIIHexDecoder() |
| @@ -98,7 +98,7 @@ Pl_ASCIIHexDecoder::flush() | @@ -98,7 +98,7 @@ Pl_ASCIIHexDecoder::flush() | ||
| 98 | getNext()->write(&ch, 1); | 98 | getNext()->write(&ch, 1); |
| 99 | 99 | ||
| 100 | this->pos = 0; | 100 | this->pos = 0; |
| 101 | - strcpy(this->inbuf, "00"); | 101 | + strcpy(this->inbuf, "00"); // XXXX |
| 102 | } | 102 | } |
| 103 | 103 | ||
| 104 | void | 104 | void |
libqpdf/Pl_StdioFile.cc
| @@ -37,7 +37,7 @@ Pl_StdioFile::write(unsigned char* buf, size_t len) | @@ -37,7 +37,7 @@ Pl_StdioFile::write(unsigned char* buf, size_t len) | ||
| 37 | void | 37 | void |
| 38 | Pl_StdioFile::finish() | 38 | Pl_StdioFile::finish() |
| 39 | { | 39 | { |
| 40 | - if (fileno(this->file) != -1) | 40 | + if (fileno(this->file) != -1) // XXXX |
| 41 | { | 41 | { |
| 42 | fflush(this->file); | 42 | fflush(this->file); |
| 43 | } | 43 | } |
libqpdf/QPDFWriter.cc
| @@ -105,7 +105,7 @@ QPDFWriter::setOutputFilename(char const* filename) | @@ -105,7 +105,7 @@ QPDFWriter::setOutputFilename(char const* filename) | ||
| 105 | { | 105 | { |
| 106 | QTC::TC("qpdf", "QPDFWriter write to file"); | 106 | QTC::TC("qpdf", "QPDFWriter write to file"); |
| 107 | f = QUtil::fopen_wrapper(std::string("open ") + filename, | 107 | f = QUtil::fopen_wrapper(std::string("open ") + filename, |
| 108 | - fopen(filename, "wb+")); | 108 | + fopen(filename, "wb+")); // XXXX |
| 109 | close_file = true; | 109 | close_file = true; |
| 110 | } | 110 | } |
| 111 | setOutputFile(description, f, close_file); | 111 | setOutputFile(description, f, close_file); |
libqpdf/QPDF_String.cc
| @@ -140,7 +140,7 @@ QPDF_String::unparse(bool force_binary) | @@ -140,7 +140,7 @@ QPDF_String::unparse(bool force_binary) | ||
| 140 | } | 140 | } |
| 141 | else | 141 | else |
| 142 | { | 142 | { |
| 143 | - sprintf(num, "\\%03o", static_cast<unsigned char>(ch)); | 143 | + sprintf(num, "\\%03o", static_cast<unsigned char>(ch)); // XXXX |
| 144 | result += num; | 144 | result += num; |
| 145 | } | 145 | } |
| 146 | break; | 146 | break; |
libqpdf/QTC.cc
| @@ -39,7 +39,7 @@ void QTC::TC(char const* const scope, char const* const ccase, int n) | @@ -39,7 +39,7 @@ void QTC::TC(char const* const scope, char const* const ccase, int n) | ||
| 39 | 39 | ||
| 40 | FILE* tc = | 40 | FILE* tc = |
| 41 | QUtil::fopen_wrapper("open test coverage file (" + filename + ")", | 41 | QUtil::fopen_wrapper("open test coverage file (" + filename + ")", |
| 42 | - fopen(filename.c_str(), "ab")); | 42 | + fopen(filename.c_str(), "ab")); // XXXX |
| 43 | fprintf(tc, "%s %d\n", ccase, n); | 43 | fprintf(tc, "%s %d\n", ccase, n); |
| 44 | fclose(tc); | 44 | fclose(tc); |
| 45 | } | 45 | } |
libqpdf/QUtil.cc
| @@ -84,7 +84,7 @@ QUtil::unsigned_char_pointer(char const* str) | @@ -84,7 +84,7 @@ QUtil::unsigned_char_pointer(char const* str) | ||
| 84 | void | 84 | void |
| 85 | QUtil::throw_system_error(std::string const& description) | 85 | QUtil::throw_system_error(std::string const& description) |
| 86 | { | 86 | { |
| 87 | - throw std::runtime_error(description + ": " + strerror(errno)); | 87 | + throw std::runtime_error(description + ": " + strerror(errno)); // XXXX |
| 88 | } | 88 | } |
| 89 | 89 | ||
| 90 | int | 90 | int |
| @@ -159,7 +159,7 @@ QUtil::hex_encode(std::string const& input) | @@ -159,7 +159,7 @@ QUtil::hex_encode(std::string const& input) | ||
| 159 | buf[hex_size - 1] = '\0'; | 159 | buf[hex_size - 1] = '\0'; |
| 160 | for (unsigned int i = 0; i < input_size; ++i) | 160 | for (unsigned int i = 0; i < input_size; ++i) |
| 161 | { | 161 | { |
| 162 | - sprintf(buf + i * 2, "%02x", static_cast<unsigned char>(input[i])); | 162 | + sprintf(buf + i * 2, "%02x", static_cast<unsigned char>(input[i])); // XXXX |
| 163 | } | 163 | } |
| 164 | return buf; | 164 | return buf; |
| 165 | } | 165 | } |
libtests/aes.cc
| @@ -89,14 +89,14 @@ int main(int argc, char* argv[]) | @@ -89,14 +89,14 @@ int main(int argc, char* argv[]) | ||
| 89 | unsigned int hexkeylen = strlen(hexkey); | 89 | unsigned int hexkeylen = strlen(hexkey); |
| 90 | unsigned int keylen = hexkeylen / 2; | 90 | unsigned int keylen = hexkeylen / 2; |
| 91 | 91 | ||
| 92 | - FILE* infile = fopen(infilename, "rb"); | 92 | + FILE* infile = fopen(infilename, "rb"); // XXXX |
| 93 | if (infile == 0) | 93 | if (infile == 0) |
| 94 | { | 94 | { |
| 95 | std::cerr << "can't open " << infilename << std::endl; | 95 | std::cerr << "can't open " << infilename << std::endl; |
| 96 | exit(2); | 96 | exit(2); |
| 97 | } | 97 | } |
| 98 | 98 | ||
| 99 | - FILE* outfile = fopen(outfilename, "wb"); | 99 | + FILE* outfile = fopen(outfilename, "wb"); // XXXX |
| 100 | if (outfile == 0) | 100 | if (outfile == 0) |
| 101 | { | 101 | { |
| 102 | std::cerr << "can't open " << outfilename << std::endl; | 102 | std::cerr << "can't open " << outfilename << std::endl; |
libtests/flate.cc
| @@ -10,10 +10,10 @@ | @@ -10,10 +10,10 @@ | ||
| 10 | 10 | ||
| 11 | FILE* safe_fopen(char const* filename, char const* mode) | 11 | FILE* safe_fopen(char const* filename, char const* mode) |
| 12 | { | 12 | { |
| 13 | - FILE* result = fopen(filename, mode); | 13 | + FILE* result = fopen(filename, mode); // XXXX |
| 14 | if (result == 0) | 14 | if (result == 0) |
| 15 | { | 15 | { |
| 16 | - std::cerr << "fopen " << filename << " failed: " << strerror(errno) | 16 | + std::cerr << "fopen " << filename << " failed: " << strerror(errno) // XXXX |
| 17 | << std::endl; | 17 | << std::endl; |
| 18 | exit(2); | 18 | exit(2); |
| 19 | } | 19 | } |
libtests/lzw.cc
| @@ -27,9 +27,9 @@ int main(int argc, char* argv[]) | @@ -27,9 +27,9 @@ int main(int argc, char* argv[]) | ||
| 27 | char* outfilename = argv[2]; | 27 | char* outfilename = argv[2]; |
| 28 | 28 | ||
| 29 | FILE* infile = QUtil::fopen_wrapper("open input file", | 29 | FILE* infile = QUtil::fopen_wrapper("open input file", |
| 30 | - fopen(infilename, "rb")); | 30 | + fopen(infilename, "rb")); // XXXX |
| 31 | FILE* outfile = QUtil::fopen_wrapper("open output file", | 31 | FILE* outfile = QUtil::fopen_wrapper("open output file", |
| 32 | - fopen(outfilename, "wb")); | 32 | + fopen(outfilename, "wb")); // XXXX |
| 33 | 33 | ||
| 34 | Pl_StdioFile out("output", outfile); | 34 | Pl_StdioFile out("output", outfile); |
| 35 | Pl_LZWDecoder decode("decode", &out, early_code_change); | 35 | Pl_LZWDecoder decode("decode", &out, early_code_change); |
libtests/md5.cc
| @@ -46,7 +46,7 @@ int main(int, char*[]) | @@ -46,7 +46,7 @@ int main(int, char*[]) | ||
| 46 | Pl_MD5 p("MD5", &d); | 46 | Pl_MD5 p("MD5", &d); |
| 47 | for (int i = 0; i < 2; ++i) | 47 | for (int i = 0; i < 2; ++i) |
| 48 | { | 48 | { |
| 49 | - FILE* f = fopen("md5.in", "rb"); | 49 | + FILE* f = fopen("md5.in", "rb"); // XXXX |
| 50 | if (f) | 50 | if (f) |
| 51 | { | 51 | { |
| 52 | // buffer size < size of md5.in | 52 | // buffer size < size of md5.in |
libtests/png_filter.cc
| @@ -9,10 +9,10 @@ | @@ -9,10 +9,10 @@ | ||
| 9 | 9 | ||
| 10 | FILE* safe_fopen(char const* filename, char const* mode) | 10 | FILE* safe_fopen(char const* filename, char const* mode) |
| 11 | { | 11 | { |
| 12 | - FILE* result = fopen(filename, mode); | 12 | + FILE* result = fopen(filename, mode); // XXXX |
| 13 | if (result == 0) | 13 | if (result == 0) |
| 14 | { | 14 | { |
| 15 | - std::cerr << "fopen " << filename << " failed: " << strerror(errno) | 15 | + std::cerr << "fopen " << filename << " failed: " << strerror(errno) // XXXX |
| 16 | << std::endl; | 16 | << std::endl; |
| 17 | exit(2); | 17 | exit(2); |
| 18 | } | 18 | } |
libtests/qutil.cc
| @@ -66,7 +66,7 @@ void fopen_wrapper_test() | @@ -66,7 +66,7 @@ void fopen_wrapper_test() | ||
| 66 | { | 66 | { |
| 67 | std::cout << "before fopen" << std::endl; | 67 | std::cout << "before fopen" << std::endl; |
| 68 | f = QUtil::fopen_wrapper("fopen file", | 68 | f = QUtil::fopen_wrapper("fopen file", |
| 69 | - fopen("/this/file/does/not/exist", "r")); | 69 | + fopen("/this/file/does/not/exist", "r")); // XXXX |
| 70 | std::cout << "after fopen" << std::endl; | 70 | std::cout << "after fopen" << std::endl; |
| 71 | (void) fclose(f); | 71 | (void) fclose(f); |
| 72 | } | 72 | } |
| @@ -89,7 +89,7 @@ void getenv_test() | @@ -89,7 +89,7 @@ void getenv_test() | ||
| 89 | static void print_utf8(unsigned long val) | 89 | static void print_utf8(unsigned long val) |
| 90 | { | 90 | { |
| 91 | char t[20]; | 91 | char t[20]; |
| 92 | - sprintf(t, "%lx", val); | 92 | + sprintf(t, "%lx", val); // XXXX |
| 93 | std::string result = QUtil::toUTF8(val); | 93 | std::string result = QUtil::toUTF8(val); |
| 94 | std::cout << "0x" << t << " ->"; | 94 | std::cout << "0x" << t << " ->"; |
| 95 | if (val < 0xfffe) | 95 | if (val < 0xfffe) |
| @@ -105,7 +105,7 @@ static void print_utf8(unsigned long val) | @@ -105,7 +105,7 @@ static void print_utf8(unsigned long val) | ||
| 105 | iter != result.end(); ++iter) | 105 | iter != result.end(); ++iter) |
| 106 | { | 106 | { |
| 107 | char t[3]; | 107 | char t[3]; |
| 108 | - sprintf(t, "%02x", static_cast<unsigned char>(*iter)); | 108 | + sprintf(t, "%02x", static_cast<unsigned char>(*iter)); // XXXX |
| 109 | std::cout << " " << t; | 109 | std::cout << " " << t; |
| 110 | } | 110 | } |
| 111 | } | 111 | } |
libtests/rc4.cc
| @@ -22,7 +22,7 @@ int main(int argc, char* argv[]) | @@ -22,7 +22,7 @@ int main(int argc, char* argv[]) | ||
| 22 | unsigned char* key = new unsigned char[keylen + 1]; | 22 | unsigned char* key = new unsigned char[keylen + 1]; |
| 23 | key[keylen] = '\0'; | 23 | key[keylen] = '\0'; |
| 24 | 24 | ||
| 25 | - FILE* infile = fopen(infilename, "rb"); | 25 | + FILE* infile = fopen(infilename, "rb"); // XXXX |
| 26 | if (infile == 0) | 26 | if (infile == 0) |
| 27 | { | 27 | { |
| 28 | std::cerr << "can't open " << infilename << std::endl; | 28 | std::cerr << "can't open " << infilename << std::endl; |
| @@ -40,7 +40,7 @@ int main(int argc, char* argv[]) | @@ -40,7 +40,7 @@ int main(int argc, char* argv[]) | ||
| 40 | key[i/2] = static_cast<unsigned char>(val); | 40 | key[i/2] = static_cast<unsigned char>(val); |
| 41 | } | 41 | } |
| 42 | 42 | ||
| 43 | - FILE* outfile = fopen(outfilename, "wb"); | 43 | + FILE* outfile = fopen(outfilename, "wb"); // XXXX |
| 44 | if (outfile == 0) | 44 | if (outfile == 0) |
| 45 | { | 45 | { |
| 46 | std::cerr << "can't open " << outfilename << std::endl; | 46 | std::cerr << "can't open " << outfilename << std::endl; |
qpdf/qpdf-ctest.c
| @@ -56,11 +56,11 @@ static void read_file_into_memory(char const* filename, | @@ -56,11 +56,11 @@ static void read_file_into_memory(char const* filename, | ||
| 56 | size_t bytes_read = 0; | 56 | size_t bytes_read = 0; |
| 57 | size_t len = 0; | 57 | size_t len = 0; |
| 58 | 58 | ||
| 59 | - f = fopen(filename, "rb"); | 59 | + f = fopen(filename, "rb"); /* XXXX */ |
| 60 | if (f == NULL) | 60 | if (f == NULL) |
| 61 | { | 61 | { |
| 62 | fprintf(stderr, "%s: unable to open %s: %s\n", | 62 | fprintf(stderr, "%s: unable to open %s: %s\n", |
| 63 | - whoami, filename, strerror(errno)); | 63 | + whoami, filename, strerror(errno)); /* XXXX */ |
| 64 | exit(2); | 64 | exit(2); |
| 65 | } | 65 | } |
| 66 | fseek(f, 0, SEEK_END); | 66 | fseek(f, 0, SEEK_END); |
| @@ -364,11 +364,11 @@ static void test16(char const* infile, | @@ -364,11 +364,11 @@ static void test16(char const* infile, | ||
| 364 | qpdf_set_static_aes_IV(qpdf, QPDF_TRUE); | 364 | qpdf_set_static_aes_IV(qpdf, QPDF_TRUE); |
| 365 | qpdf_set_stream_data_mode(qpdf, qpdf_s_uncompress); | 365 | qpdf_set_stream_data_mode(qpdf, qpdf_s_uncompress); |
| 366 | qpdf_write(qpdf); | 366 | qpdf_write(qpdf); |
| 367 | - f = fopen(outfile, "wb"); | 367 | + f = fopen(outfile, "wb"); /* XXXX */ |
| 368 | if (f == NULL) | 368 | if (f == NULL) |
| 369 | { | 369 | { |
| 370 | fprintf(stderr, "%s: unable to open %s: %s\n", | 370 | fprintf(stderr, "%s: unable to open %s: %s\n", |
| 371 | - whoami, outfile, strerror(errno)); | 371 | + whoami, outfile, strerror(errno)); /* XXXX */ |
| 372 | exit(2); | 372 | exit(2); |
| 373 | } | 373 | } |
| 374 | buflen = qpdf_get_buffer_length(qpdf); | 374 | buflen = qpdf_get_buffer_length(qpdf); |
qpdf/test_driver.cc
| @@ -166,7 +166,7 @@ void runtest(int n, char const* filename1, char const* arg2) | @@ -166,7 +166,7 @@ void runtest(int n, char const* filename1, char const* arg2) | ||
| 166 | { | 166 | { |
| 167 | QTC::TC("qpdf", "exercise processFile(FILE*)"); | 167 | QTC::TC("qpdf", "exercise processFile(FILE*)"); |
| 168 | filep = QUtil::fopen_wrapper(std::string("open ") + filename1, | 168 | filep = QUtil::fopen_wrapper(std::string("open ") + filename1, |
| 169 | - fopen(filename1, "rb")); | 169 | + fopen(filename1, "rb")); // XXXX |
| 170 | pdf.processFile(filename1, filep, false); | 170 | pdf.processFile(filename1, filep, false); |
| 171 | } | 171 | } |
| 172 | } | 172 | } |
| @@ -174,7 +174,7 @@ void runtest(int n, char const* filename1, char const* arg2) | @@ -174,7 +174,7 @@ void runtest(int n, char const* filename1, char const* arg2) | ||
| 174 | { | 174 | { |
| 175 | QTC::TC("qpdf", "exercise processMemoryFile"); | 175 | QTC::TC("qpdf", "exercise processMemoryFile"); |
| 176 | FILE* f = QUtil::fopen_wrapper(std::string("open ") + filename1, | 176 | FILE* f = QUtil::fopen_wrapper(std::string("open ") + filename1, |
| 177 | - fopen(filename1, "rb")); | 177 | + fopen(filename1, "rb")); // XXXX |
| 178 | fseek(f, 0, SEEK_END); | 178 | fseek(f, 0, SEEK_END); |
| 179 | size_t size = QUtil::tell(f); | 179 | size_t size = QUtil::tell(f); |
| 180 | fseek(f, 0, SEEK_SET); | 180 | fseek(f, 0, SEEK_SET); |
| @@ -719,7 +719,7 @@ void runtest(int n, char const* filename1, char const* arg2) | @@ -719,7 +719,7 @@ void runtest(int n, char const* filename1, char const* arg2) | ||
| 719 | Buffer* b = w.getBuffer(); | 719 | Buffer* b = w.getBuffer(); |
| 720 | std::string const filename = (i == 0 ? "a.pdf" : "b.pdf"); | 720 | std::string const filename = (i == 0 ? "a.pdf" : "b.pdf"); |
| 721 | FILE* f = QUtil::fopen_wrapper("open " + filename, | 721 | FILE* f = QUtil::fopen_wrapper("open " + filename, |
| 722 | - fopen(filename.c_str(), "wb")); | 722 | + fopen(filename.c_str(), "wb")); // XXXX |
| 723 | fwrite(b->getBuffer(), b->getSize(), 1, f); | 723 | fwrite(b->getBuffer(), b->getSize(), 1, f); |
| 724 | fclose(f); | 724 | fclose(f); |
| 725 | delete b; | 725 | delete b; |
| @@ -803,7 +803,7 @@ void runtest(int n, char const* filename1, char const* arg2) | @@ -803,7 +803,7 @@ void runtest(int n, char const* filename1, char const* arg2) | ||
| 803 | 803 | ||
| 804 | // Exercise writing to FILE* | 804 | // Exercise writing to FILE* |
| 805 | FILE* out = QUtil::fopen_wrapper(std::string("open a.pdf"), | 805 | FILE* out = QUtil::fopen_wrapper(std::string("open a.pdf"), |
| 806 | - fopen("a.pdf", "wb")); | 806 | + fopen("a.pdf", "wb")); // XXXX |
| 807 | QPDFWriter w(pdf, "FILE* a.pdf", out, true); | 807 | QPDFWriter w(pdf, "FILE* a.pdf", out, true); |
| 808 | w.setStaticID(true); | 808 | w.setStaticID(true); |
| 809 | w.setStreamDataMode(qpdf_s_preserve); | 809 | w.setStreamDataMode(qpdf_s_preserve); |
| @@ -1184,7 +1184,7 @@ void runtest(int n, char const* filename1, char const* arg2) | @@ -1184,7 +1184,7 @@ void runtest(int n, char const* filename1, char const* arg2) | ||
| 1184 | w.write(); | 1184 | w.write(); |
| 1185 | PointerHolder<Buffer> b = p.getBuffer(); | 1185 | PointerHolder<Buffer> b = p.getBuffer(); |
| 1186 | FILE* f = QUtil::fopen_wrapper("open a.pdf", | 1186 | FILE* f = QUtil::fopen_wrapper("open a.pdf", |
| 1187 | - fopen("a.pdf", "wb")); | 1187 | + fopen("a.pdf", "wb")); // XXXX |
| 1188 | fwrite(b->getBuffer(), b->getSize(), 1, f); | 1188 | fwrite(b->getBuffer(), b->getSize(), 1, f); |
| 1189 | fclose(f); | 1189 | fclose(f); |
| 1190 | } | 1190 | } |