26735862306

Committed 31 May 2026 11:43PM UTC coverage: 89.37%. Remained the same

Build # 26735862306

Build Type

push

github

Committed by

web-flow

Commit Message

Merge pull request #5631 from randombit/jack/overflow-checks

Systematically eliminate any possible integer overflows

Coverage Stats

110295 of 123414 relevant lines covered (89.37%)

11075877.11 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

89.62

/src/lib/compression/compress_utils.cpp

/*
* Compression Utils
* (C) 2014,2016 Jack Lloyd
*
* Botan is released under the Simplified BSD License (see license.txt)
*/

#include <botan/internal/compress_utils.h>

#include <botan/exceptn.h>
#include <botan/mem_ops.h>
#include <botan/internal/fmt.h>
#include <botan/internal/int_utils.h>
#include <cstdlib>

namespace Botan {

Compression_Error::Compression_Error(const char* func_name, ErrorType type, int rc) :
      Exception(fmt("Compression API {} failed with return code {}", func_name, rc)), m_type(type), m_rc(rc) {}

void* Compression_Alloc_Info::do_malloc(size_t n, size_t size) {
   // Precheck for integer overflow in the multiplication
   // before passing to calloc, which may or may not check.
   if(!checked_mul(n, size)) {
      return nullptr;
   }

   void* ptr = std::calloc(n, size);  // NOLINT(*-no-malloc,*-owning-memory,*-const-correctness)

   /*
   * Return null rather than throwing here as we are being called by a
   * C library and it may not be possible for an exception to unwind
   * the call stack from here. The compression library is expecting a
   * function written in C and a null return on error, which it will
   * send upwards to the compression wrappers.
   */

   if(ptr != nullptr) {
      m_current_allocs[ptr] = n * size;
   }

   return ptr;
}

void Compression_Alloc_Info::do_free(void* ptr) {
   if(ptr != nullptr) {
      auto i = m_current_allocs.find(ptr);

      if(i == m_current_allocs.end()) {
         throw Internal_Error("Compression_Alloc_Info::free got pointer not allocated by us");
      }

      secure_scrub_memory(ptr, i->second);
      std::free(ptr);  // NOLINT(*-no-malloc,*-owning-memory)
      m_current_allocs.erase(i);
   }
}

void Stream_Compression::clear() {
   m_stream.reset();
}

void Stream_Compression::start(size_t level) {
   m_stream = make_stream(level);
}

void Stream_Compression::process(secure_vector<uint8_t>& buf, size_t offset, uint32_t flags) {
   BOTAN_ASSERT(m_stream, "Initialized");
   BOTAN_ASSERT(buf.size() >= offset, "Offset is sane");

   // bzip doesn't like being called with no input and BZ_RUN
   if(buf.size() == offset && flags == m_stream->run_flag()) {
      return;
   }

   const size_t buffer_needed = add_or_throw(buf.size(), offset, "Compression input too large");
   if(m_buffer.size() < buffer_needed) {
      m_buffer.resize(buffer_needed);
   }

   // If the output buffer has zero length, .data() might return nullptr. This would
   // make some compression algorithms (notably those provided by zlib) fail.
   // Any small positive value works fine, but we choose 32 as it is the smallest power
   // of two that is large enough to hold all the headers and trailers of the common
   // formats, preventing further resizings to make room for output data.
   if(m_buffer.empty()) {
      m_buffer.resize(32);
   }

   m_stream->next_in(buf.data() + offset, buf.size() - offset);
   m_stream->next_out(m_buffer.data() + offset, m_buffer.size() - offset);

   while(true) {
      const bool stream_end = m_stream->run(flags);

      if(stream_end) {
         BOTAN_ASSERT(m_stream->avail_in() == 0, "After stream is done, no input remains to be processed");
         m_buffer.resize(m_buffer.size() - m_stream->avail_out());
         break;
      } else if(m_stream->avail_out() == 0) {
         const size_t added = add_or_throw<size_t>(m_buffer.size(), 8, "Compression output too large");
         const size_t new_size = add_or_throw(m_buffer.size(), added, "Compression output too large");
         m_buffer.resize(new_size);
         m_stream->next_out(m_buffer.data() + m_buffer.size() - added, added);
      } else if(m_stream->avail_in() == 0) {
         m_buffer.resize(m_buffer.size() - m_stream->avail_out());
         break;
      }
   }

   copy_mem(m_buffer.data(), buf.data(), offset);
   buf.swap(m_buffer);
}

void Stream_Compression::update(secure_vector<uint8_t>& buf, size_t offset, bool flush) {
   BOTAN_ASSERT(m_stream, "Initialized");
   process(buf, offset, flush ? m_stream->flush_flag() : m_stream->run_flag());
}

void Stream_Compression::finish(secure_vector<uint8_t>& buf, size_t offset) {
   BOTAN_ASSERT(m_stream, "Initialized");
   process(buf, offset, m_stream->finish_flag());
   clear();
}

void Stream_Decompression::clear() {
   m_stream.reset();
}

void Stream_Decompression::start() {
   m_stream = make_stream();
}

void Stream_Decompression::process(secure_vector<uint8_t>& buf, size_t offset, uint32_t flags) {
   BOTAN_ASSERT(m_stream, "Initialized");
   BOTAN_ASSERT(buf.size() >= offset, "Offset is sane");

   const size_t buffer_needed = add_or_throw(buf.size(), offset, "Compression input too large");
   if(m_buffer.size() < buffer_needed) {
      m_buffer.resize(buffer_needed);
   }

   m_stream->next_in(buf.data() + offset, buf.size() - offset);
   m_stream->next_out(m_buffer.data() + offset, m_buffer.size() - offset);

   while(true) {
      const bool stream_end = m_stream->run(flags);

      if(stream_end) {
         if(m_stream->avail_in() == 0) {
            // all data consumed
            m_buffer.resize(m_buffer.size() - m_stream->avail_out());
            clear();
            break;
         }

         // More data follows: try to process as a following stream
         // Remove stream1's unused output space so stream2's output
         // is placed immediately after stream1's data with no gap.
         m_buffer.resize(m_buffer.size() - m_stream->avail_out());
         const size_t read = (buf.size() - offset) - m_stream->avail_in();
         start();
         m_stream->next_in(buf.data() + offset + read, buf.size() - offset - read);
      }

      if(m_stream->avail_out() == 0) {
         const size_t added = add_or_throw<size_t>(m_buffer.size(), 8, "Compression output too large");
         const size_t new_size = add_or_throw(m_buffer.size(), added, "Compression output too large");
         m_buffer.resize(new_size);
         m_stream->next_out(m_buffer.data() + m_buffer.size() - added, added);
      } else if(m_stream->avail_in() == 0) {
         m_buffer.resize(m_buffer.size() - m_stream->avail_out());
         break;
      }
   }

   copy_mem(m_buffer.data(), buf.data(), offset);
   buf.swap(m_buffer);
}

void Stream_Decompression::update(secure_vector<uint8_t>& buf, size_t offset) {
   if(!m_stream) {
      if(buf.size() == offset) {
         return;
      }
      // Previous stream ended cleanly; re-initialize for a concatenated stream
      start();
   }
   process(buf, offset, m_stream->run_flag());
}

void Stream_Decompression::finish(secure_vector<uint8_t>& buf, size_t offset) {
   if(!m_stream) {
      if(buf.size() == offset) {
         return;
      }
      // Previous stream ended cleanly; re-initialize for a concatenated stream
      start();
   }

   process(buf, offset, m_stream->finish_flag());

   if(m_stream) {
      throw Invalid_State(fmt("{} finished but not at stream end", name()));
   }
}

}  // namespace Botan

1	/*
2	* Compression Utils
3	* (C) 2014,2016 Jack Lloyd
4	*
5	* Botan is released under the Simplified BSD License (see license.txt)
6	*/
7
8	#include <botan/internal/compress_utils.h>
9
10	#include <botan/exceptn.h>
11	#include <botan/mem_ops.h>
12	#include <botan/internal/fmt.h>
13	#include <botan/internal/int_utils.h>
14	#include <cstdlib>
15
16	namespace Botan {
17
18	Compression_Error::Compression_Error(const char* func_name, ErrorType type, int rc) :	×
19	Exception(fmt("Compression API {} failed with return code {}", func_name, rc)), m_type(type), m_rc(rc) {}	×
20
21	void* Compression_Alloc_Info::do_malloc(size_t n, size_t size) {	1,263✔
22	// Precheck for integer overflow in the multiplication
23	// before passing to calloc, which may or may not check.
24	if(!checked_mul(n, size)) {	2,526✔
25	return nullptr;
26	}
27
28	void* ptr = std::calloc(n, size); // NOLINT(-no-malloc,-owning-memory,*-const-correctness)	1,263✔
29
30	/*
31	* Return null rather than throwing here as we are being called by a
32	* C library and it may not be possible for an exception to unwind
33	* the call stack from here. The compression library is expecting a
34	* function written in C and a null return on error, which it will
35	* send upwards to the compression wrappers.
36	*/
37
38	if(ptr != nullptr) {	1,263✔
39	m_current_allocs[ptr] = n * size;	1,263✔
40	}
41
42	return ptr;	1,263✔
43	}
44
45	void Compression_Alloc_Info::do_free(void* ptr) {	1,343✔
46	if(ptr != nullptr) {	1,343✔
47	auto i = m_current_allocs.find(ptr);	1,263✔
48
49	if(i == m_current_allocs.end()) {	1,263✔
50	throw Internal_Error("Compression_Alloc_Info::free got pointer not allocated by us");	×
51	}
52
53	secure_scrub_memory(ptr, i->second);	1,263✔
54	std::free(ptr); // NOLINT(-no-malloc,-owning-memory)	1,263✔
55	m_current_allocs.erase(i);	1,263✔
56	}
57	}	1,343✔
58
59	void Stream_Compression::clear() {	133✔
60	m_stream.reset();	×
61	}	×
62
63	void Stream_Compression::start(size_t level) {	133✔
64	m_stream = make_stream(level);	133✔
65	}	133✔
66
67	void Stream_Compression::process(secure_vector<uint8_t>& buf, size_t offset, uint32_t flags) {	296✔
68	BOTAN_ASSERT(m_stream, "Initialized");	296✔
69	BOTAN_ASSERT(buf.size() >= offset, "Offset is sane");	296✔
70
71	// bzip doesn't like being called with no input and BZ_RUN
72	if(buf.size() == offset && flags == m_stream->run_flag()) {	296✔
73	return;
74	}
75
76	const size_t buffer_needed = add_or_throw(buf.size(), offset, "Compression input too large");	276✔
77	if(m_buffer.size() < buffer_needed) {	276✔
78	m_buffer.resize(buffer_needed);	113✔
79	}
80
81	// If the output buffer has zero length, .data() might return nullptr. This would
82	// make some compression algorithms (notably those provided by zlib) fail.
83	// Any small positive value works fine, but we choose 32 as it is the smallest power
84	// of two that is large enough to hold all the headers and trailers of the common
85	// formats, preventing further resizings to make room for output data.
86	if(m_buffer.empty()) {	276✔
87	m_buffer.resize(32);	70✔
88	}
89
90	m_stream->next_in(buf.data() + offset, buf.size() - offset);	276✔
91	m_stream->next_out(m_buffer.data() + offset, m_buffer.size() - offset);	276✔
92
93	while(true) {	381✔
94	const bool stream_end = m_stream->run(flags);	381✔
95
96	if(stream_end) {	381✔
97	BOTAN_ASSERT(m_stream->avail_in() == 0, "After stream is done, no input remains to be processed");	143✔
98	m_buffer.resize(m_buffer.size() - m_stream->avail_out());	143✔
99	break;	143✔
100	} else if(m_stream->avail_out() == 0) {	238✔
101	const size_t added = add_or_throw<size_t>(m_buffer.size(), 8, "Compression output too large");	105✔
102	const size_t new_size = add_or_throw(m_buffer.size(), added, "Compression output too large");	105✔
103	m_buffer.resize(new_size);	105✔
104	m_stream->next_out(m_buffer.data() + m_buffer.size() - added, added);	105✔
105	} else if(m_stream->avail_in() == 0) {	133✔
106	m_buffer.resize(m_buffer.size() - m_stream->avail_out());	133✔
107	break;	133✔
108	}
109	}
110
111	copy_mem(m_buffer.data(), buf.data(), offset);	276✔
112	buf.swap(m_buffer);	276✔
113	}
114
115	void Stream_Compression::update(secure_vector<uint8_t>& buf, size_t offset, bool flush) {	163✔
116	BOTAN_ASSERT(m_stream, "Initialized");	163✔
117	process(buf, offset, flush ? m_stream->flush_flag() : m_stream->run_flag());	163✔
118	}	163✔
119
120	void Stream_Compression::finish(secure_vector<uint8_t>& buf, size_t offset) {	133✔
121	BOTAN_ASSERT(m_stream, "Initialized");	133✔
122	process(buf, offset, m_stream->finish_flag());	133✔
123	clear();	133✔
124	}	133✔
125
126	void Stream_Decompression::clear() {	118✔
127	m_stream.reset();	×
128	}	×
129
130	void Stream_Decompression::start() {	123✔
131	m_stream = make_stream();	128✔
132	}	123✔
133
134	void Stream_Decompression::process(secure_vector<uint8_t>& buf, size_t offset, uint32_t flags) {	413✔
135	BOTAN_ASSERT(m_stream, "Initialized");	413✔
136	BOTAN_ASSERT(buf.size() >= offset, "Offset is sane");	413✔
137
138	const size_t buffer_needed = add_or_throw(buf.size(), offset, "Compression input too large");	413✔
139	if(m_buffer.size() < buffer_needed) {	413✔
140	m_buffer.resize(buffer_needed);	38✔
141	}
142
143	m_stream->next_in(buf.data() + offset, buf.size() - offset);	413✔
144	m_stream->next_out(m_buffer.data() + offset, m_buffer.size() - offset);	413✔
145
146	while(true) {	576✔
147	const bool stream_end = m_stream->run(flags);	576✔
148
149	if(stream_end) {	576✔
150	if(m_stream->avail_in() == 0) {	123✔
151	// all data consumed
152	m_buffer.resize(m_buffer.size() - m_stream->avail_out());	118✔
153	clear();	118✔
154	break;
155	}
156
157	// More data follows: try to process as a following stream
158	// Remove stream1's unused output space so stream2's output
159	// is placed immediately after stream1's data with no gap.
160	m_buffer.resize(m_buffer.size() - m_stream->avail_out());	5✔
161	const size_t read = (buf.size() - offset) - m_stream->avail_in();	5✔
162	start();	5✔
163	m_stream->next_in(buf.data() + offset + read, buf.size() - offset - read);	5✔
164	}
165
166	if(m_stream->avail_out() == 0) {	458✔
167	const size_t added = add_or_throw<size_t>(m_buffer.size(), 8, "Compression output too large");	163✔
168	const size_t new_size = add_or_throw(m_buffer.size(), added, "Compression output too large");	163✔
169	m_buffer.resize(new_size);	163✔
170	m_stream->next_out(m_buffer.data() + m_buffer.size() - added, added);	163✔
171	} else if(m_stream->avail_in() == 0) {	295✔
172	m_buffer.resize(m_buffer.size() - m_stream->avail_out());	295✔
173	break;	295✔
174	}
175	}
176
177	copy_mem(m_buffer.data(), buf.data(), offset);	413✔
178	buf.swap(m_buffer);	413✔
179	}	413✔
180
181	void Stream_Decompression::update(secure_vector<uint8_t>& buf, size_t offset) {	413✔
182	if(!m_stream) {	413✔
183	if(buf.size() == offset) {	5✔
184	return;
185	}
186	// Previous stream ended cleanly; re-initialize for a concatenated stream
187	start();	5✔
188	}
189	process(buf, offset, m_stream->run_flag());	413✔
190	}
191
192	void Stream_Decompression::finish(secure_vector<uint8_t>& buf, size_t offset) {	113✔
193	if(!m_stream) {	113✔
194	if(buf.size() == offset) {	113✔
195	return;
196	}
197	// Previous stream ended cleanly; re-initialize for a concatenated stream
198	start();	×
199	}
200
201	process(buf, offset, m_stream->finish_flag());	×
202
203	if(m_stream) {	×
204	throw Invalid_State(fmt("{} finished but not at stream end", name()));	×
205	}
206	}
207
208	} // namespace Botan

randombit / botan / 26735862306

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous