26735862306

Committed 31 May 2026 11:43PM UTC coverage: 89.37%. Remained the same

Build # 26735862306

Build Type

push

github

Committed by

web-flow

Commit Message

Merge pull request #5631 from randombit/jack/overflow-checks

Systematically eliminate any possible integer overflows

Coverage Stats

110295 of 123414 relevant lines covered (89.37%)

11075877.11 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

90.54

/src/lib/codec/hex/hex.cpp

/*
* Hex Encoding and Decoding
* (C) 2010,2020 Jack Lloyd
*
* Botan is released under the Simplified BSD License (see license.txt)
*/

#include <botan/hex.h>

#include <botan/exceptn.h>
#include <botan/mem_ops.h>
#include <botan/internal/charset.h>
#include <botan/internal/fmt.h>
#include <botan/internal/int_utils.h>
#include <botan/internal/loadstor.h>

namespace Botan {

namespace {

uint16_t hex_encode_2nibble(uint8_t n8, bool uppercase) {
   // Offset for upper or lower case 'a' resp
   const uint16_t a_mask = uppercase ? 0x0707 : 0x2727;

   const uint16_t n = (static_cast<uint16_t>(n8 & 0xF0) << 4) | (n8 & 0x0F);
   // n >= 10? If so add offset
   const uint16_t diff = swar_lt<uint16_t>(0x0909, n) & a_mask;
   // Can't overflow between bytes, so don't need explicit SWAR addition:
   return n + 0x3030 + diff;
}

}  // namespace

void hex_encode(char output[], const uint8_t input[], size_t input_length, bool uppercase) {
   for(size_t i = 0; i != input_length; ++i) {
      const uint16_t h = hex_encode_2nibble(input[i], uppercase);
      output[2 * i] = get_byte<0>(h);
      output[2 * i + 1] = get_byte<1>(h);
   }
}

std::string hex_encode(const uint8_t input[], size_t input_length, bool uppercase) {
   const size_t output_length = mul_or_throw<size_t>(2, input_length, "Input too large to hex encode");
   std::string output(output_length, 0);

   if(input_length > 0) {
      hex_encode(&output.front(), input, input_length, uppercase);
   }

   return output;
}

namespace {

uint8_t hex_char_to_bin(char input) {
   // Starts of valid value ranges (v_lo) and their lengths (v_range)
   constexpr uint64_t v_lo = make_uint64(0, '0', 'a', 'A', ' ', '\n', '\t', '\r');
   constexpr uint64_t v_range = make_uint64(0, 10, 6, 6, 1, 1, 1, 1);

   const uint8_t x = static_cast<uint8_t>(input);
   const uint64_t x8 = x * 0x0101010101010101;

   const uint64_t v_mask = swar_in_range<uint64_t>(x8, v_lo, v_range) ^ 0x8000000000000000;

   // This is the offset added to x to get the value we need
   const uint64_t val_v = 0xd0a9c960767773 ^ static_cast<uint64_t>(0xFF - x) << 56;

   return x + static_cast<uint8_t>(val_v >> (8 * index_of_first_set_byte(v_mask)));
}

}  // namespace

size_t hex_decode(uint8_t output[], const char input[], size_t input_length, size_t& input_consumed, bool ignore_ws) {
   uint8_t* out_ptr = output;
   bool top_nibble = true;

   clear_mem(output, input_length / 2);

   for(size_t i = 0; i != input_length; ++i) {
      const uint8_t bin = hex_char_to_bin(input[i]);

      if(bin >= 0x10) {
         if(bin == 0x80 && ignore_ws) {
            continue;
         }

         throw Invalid_Argument(fmt("hex_decode: invalid character '{}'", format_char_for_display(input[i])));
      }

      if(top_nibble) {
         *out_ptr |= bin << 4;
      } else {
         *out_ptr |= bin;
      }

      top_nibble = !top_nibble;
      if(top_nibble) {
         ++out_ptr;
      }
   }

   input_consumed = input_length;
   const size_t written = (out_ptr - output);

   /*
   * We only got half of a uint8_t at the end; zap the half-written
   * output and mark it as unread
   */
   if(!top_nibble) {
      *out_ptr = 0;
      input_consumed -= 1;
   }

   return written;
}

size_t hex_decode(uint8_t output[], const char input[], size_t input_length, bool ignore_ws) {
   size_t consumed = 0;
   const size_t written = hex_decode(output, input, input_length, consumed, ignore_ws);

   if(consumed != input_length) {
      throw Invalid_Argument("hex_decode: input did not have full bytes");
   }

   return written;
}

size_t hex_decode(uint8_t output[], std::string_view input, bool ignore_ws) {
   return hex_decode(output, input.data(), input.length(), ignore_ws);
}

size_t hex_decode(std::span<uint8_t> output, std::string_view input, bool ignore_ws) {
   return hex_decode(output.data(), input.data(), input.length(), ignore_ws);
}

secure_vector<uint8_t> hex_decode_locked(const char input[], size_t input_length, bool ignore_ws) {
   secure_vector<uint8_t> bin(1 + input_length / 2);

   const size_t written = hex_decode(bin.data(), input, input_length, ignore_ws);

   bin.resize(written);
   return bin;
}

secure_vector<uint8_t> hex_decode_locked(std::string_view input, bool ignore_ws) {
   return hex_decode_locked(input.data(), input.size(), ignore_ws);
}

std::vector<uint8_t> hex_decode(const char input[], size_t input_length, bool ignore_ws) {
   std::vector<uint8_t> bin(1 + input_length / 2);

   const size_t written = hex_decode(bin.data(), input, input_length, ignore_ws);

   bin.resize(written);
   return bin;
}

std::vector<uint8_t> hex_decode(std::string_view input, bool ignore_ws) {
   return hex_decode(input.data(), input.size(), ignore_ws);
}

}  // namespace Botan

1	/*
2	* Hex Encoding and Decoding
3	* (C) 2010,2020 Jack Lloyd
4	*
5	* Botan is released under the Simplified BSD License (see license.txt)
6	*/
7
8	#include <botan/hex.h>
9
10	#include <botan/exceptn.h>
11	#include <botan/mem_ops.h>
12	#include <botan/internal/charset.h>
13	#include <botan/internal/fmt.h>
14	#include <botan/internal/int_utils.h>
15	#include <botan/internal/loadstor.h>
16
17	namespace Botan {
18
19	namespace {
20
21	uint16_t hex_encode_2nibble(uint8_t n8, bool uppercase) {	1,223,694✔
22	// Offset for upper or lower case 'a' resp
23	const uint16_t a_mask = uppercase ? 0x0707 : 0x2727;	2,447,388✔
24
25	const uint16_t n = (static_cast<uint16_t>(n8 & 0xF0) << 4) \| (n8 & 0x0F);	1,223,694✔
26	// n >= 10? If so add offset
27	const uint16_t diff = swar_lt<uint16_t>(0x0909, n) & a_mask;	1,223,694✔
28	// Can't overflow between bytes, so don't need explicit SWAR addition:
29	return n + 0x3030 + diff;	1,223,694✔
30	}
31
32	} // namespace
33
34	void hex_encode(char output[], const uint8_t input[], size_t input_length, bool uppercase) {	45,192✔
35	for(size_t i = 0; i != input_length; ++i) {	1,268,886✔
36	const uint16_t h = hex_encode_2nibble(input[i], uppercase);	1,223,694✔
37	output[2 * i] = get_byte<0>(h);	1,223,694✔
38	output[2 * i + 1] = get_byte<1>(h);	1,223,694✔
39	}
40	}	45,192✔
41
42	std::string hex_encode(const uint8_t input[], size_t input_length, bool uppercase) {	45,755✔
43	const size_t output_length = mul_or_throw<size_t>(2, input_length, "Input too large to hex encode");	45,755✔
44	std::string output(output_length, 0);	45,755✔
45
46	if(input_length > 0) {	45,755✔
47	hex_encode(&output.front(), input, input_length, uppercase);	45,152✔
48	}
49
50	return output;	45,755✔
51	}	×
52
53	namespace {
54
55	uint8_t hex_char_to_bin(char input) {	34,225,266✔
56	// Starts of valid value ranges (v_lo) and their lengths (v_range)
57	constexpr uint64_t v_lo = make_uint64(0, '0', 'a', 'A', ' ', '\n', '\t', '\r');	34,225,266✔
58	constexpr uint64_t v_range = make_uint64(0, 10, 6, 6, 1, 1, 1, 1);	34,225,266✔
59
60	const uint8_t x = static_cast<uint8_t>(input);	34,225,266✔
61	const uint64_t x8 = x * 0x0101010101010101;	34,225,266✔
62
63	const uint64_t v_mask = swar_in_range<uint64_t>(x8, v_lo, v_range) ^ 0x8000000000000000;	34,225,266✔
64
65	// This is the offset added to x to get the value we need
66	const uint64_t val_v = 0xd0a9c960767773 ^ static_cast<uint64_t>(0xFF - x) << 56;	34,225,266✔
67
68	return x + static_cast<uint8_t>(val_v >> (8 * index_of_first_set_byte(v_mask)));	34,225,266✔
69	}
70
71	} // namespace
72
73	size_t hex_decode(uint8_t output[], const char input[], size_t input_length, size_t& input_consumed, bool ignore_ws) {	233,205✔
74	uint8_t* out_ptr = output;	233,205✔
75	bool top_nibble = true;	233,205✔
76
77	clear_mem(output, input_length / 2);	233,205✔
78
79	for(size_t i = 0; i != input_length; ++i) {	34,458,470✔
80	const uint8_t bin = hex_char_to_bin(input[i]);	34,225,266✔
81
82	if(bin >= 0x10) {	34,225,266✔
83	if(bin == 0x80 && ignore_ws) {	9,537✔
84	continue;	9,536✔
85	}
86
87	throw Invalid_Argument(fmt("hex_decode: invalid character '{}'", format_char_for_display(input[i])));	2✔
88	}
89
90	if(top_nibble) {	34,215,729✔
91	*out_ptr \|= bin << 4;	17,107,865✔
92	} else {
93	*out_ptr \|= bin;	17,107,864✔
94	}
95
96	top_nibble = !top_nibble;	34,215,729✔
97	if(top_nibble) {	34,215,729✔
98	++out_ptr;	17,107,864✔
99	}
100	}
101
102	input_consumed = input_length;	233,204✔
103	const size_t written = (out_ptr - output);	233,204✔
104
105	/*
106	* We only got half of a uint8_t at the end; zap the half-written
107	* output and mark it as unread
108	*/
109	if(!top_nibble) {	233,204✔
110	*out_ptr = 0;	×
111	input_consumed -= 1;	×
112	}
113
114	return written;	233,204✔
115	}
116
117	size_t hex_decode(uint8_t output[], const char input[], size_t input_length, bool ignore_ws) {	233,159✔
118	size_t consumed = 0;	233,159✔
119	const size_t written = hex_decode(output, input, input_length, consumed, ignore_ws);	233,159✔
120
121	if(consumed != input_length) {	233,158✔
122	throw Invalid_Argument("hex_decode: input did not have full bytes");	×
123	}
124
125	return written;	233,158✔
126	}
127
128	size_t hex_decode(uint8_t output[], std::string_view input, bool ignore_ws) {	2,841✔
129	return hex_decode(output, input.data(), input.length(), ignore_ws);	2,841✔
130	}
131
132	size_t hex_decode(std::span<uint8_t> output, std::string_view input, bool ignore_ws) {	×
133	return hex_decode(output.data(), input.data(), input.length(), ignore_ws);	×
134	}
135
136	secure_vector<uint8_t> hex_decode_locked(const char input[], size_t input_length, bool ignore_ws) {	45,028✔
137	secure_vector<uint8_t> bin(1 + input_length / 2);	45,028✔
138
139	const size_t written = hex_decode(bin.data(), input, input_length, ignore_ws);	45,028✔
140
141	bin.resize(written);	45,027✔
142	return bin;	45,027✔
143	}	1✔
144
145	secure_vector<uint8_t> hex_decode_locked(std::string_view input, bool ignore_ws) {	39,920✔
146	return hex_decode_locked(input.data(), input.size(), ignore_ws);	39,920✔
147	}
148
149	std::vector<uint8_t> hex_decode(const char input[], size_t input_length, bool ignore_ws) {	185,290✔
150	std::vector<uint8_t> bin(1 + input_length / 2);	185,290✔
151
152	const size_t written = hex_decode(bin.data(), input, input_length, ignore_ws);	185,290✔
153
154	bin.resize(written);	185,290✔
155	return bin;	185,290✔
156	}	×
157
158	std::vector<uint8_t> hex_decode(std::string_view input, bool ignore_ws) {	185,282✔
159	return hex_decode(input.data(), input.size(), ignore_ws);	185,282✔
160	}
161
162	} // namespace Botan

randombit / botan / 26735862306

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous