-
This comment expands all tabs using an 8-character tab-width. You should ignore this commit when using git blame or use git blame -w. In the early days, I used to use tabs where possible for indentation, since emacs did this automatically. In recent years, I have switched to only using spaces, which means qpdf source code has been a mixture of spaces and tabs. I have avoided cleaning this up because of not wanting gratuitous whitespaces change to cloud the output of git blame, but I changed my mind after discussing with users who view qpdf source code in editors/IDEs that have other tab widths by default and in light of the fact that I am planning to start applying automatic code formatting soon.
-
Turns out unreadCh is much more efficient than seek(-1, SEEK_CUR). Update comments and code to reflect this.
-
Have classes contain only a single private member of type PointerHolder<Members>. This makes it safe to change the structure of the Members class without breaking binary compatibility. Many of the classes already follow this pattern quite successfully. This brings in the rest of the class that are part of the public API.
-
This makes all integer type conversions that have potential data loss explicit with calls that do range checks and raise an exception. After this commit, qpdf builds with no warnings when -Wsign-conversion -Wconversion is used with gcc or clang or when -W3 -Wd4800 is used with MSVC. This significantly reduces the likelihood of potential crashes from bogus integer values. There are some parts of the code that take int when they should take size_t or an offset. Such places would make qpdf not support files with more than 2^31 of something that usually wouldn't be so large. In the event that such a file shows up and is valid, at least qpdf would raise an error in the right spot so the issue could be legitimately addressed rather than failing in some weird way because of a silent overflow condition.
-
Significant enhancements to the lexer to improve EOF handling and to support comments and spaces as tokens. Various other minor issues were fixed as well.
-
fopen was previuosly called wrapped by QUtil::fopen_wrapper, but QUtil::safe_fopen does this itself, which is less cumbersome.
-
Put a specific comment marker next to every piece of code that MSVC gives warning 4996 for. This warning is generated for calls to functions that Microsoft considers insecure or deprecated. This change is in preparation for fixing all these cases even though none of them are actually incorrect or insecure as used in qpdf. The comment marker makes them easier to find so they can be fixed in subsequent commits.
-
InputSource, FileInputSource, and BufferInputSource are now top-level classes instead of privately nested inside QPDF.