From 9728f19f59ce7bfda2601bd14f06ad1b284e2e77 Mon Sep 17 00:00:00 2001 From: Project Nayuki Date: Mon, 26 Feb 2018 20:29:25 +0000 Subject: [PATCH] Added integer overflow checks to toSvgString() in Java, C++, Rust code; added checks to toImage() in Java code. --- cpp/QrCode.cpp | 3 +++ java/io/nayuki/qrcodegen/QrCode.java | 6 ++++++ rust/src/lib.rs | 4 ++-- 3 files changed, 11 insertions(+), 2 deletions(-) diff --git a/cpp/QrCode.cpp b/cpp/QrCode.cpp index b62afe3..75a5473 100644 --- a/cpp/QrCode.cpp +++ b/cpp/QrCode.cpp @@ -157,6 +157,9 @@ bool QrCode::getModule(int x, int y) const { std::string QrCode::toSvgString(int border) const { if (border < 0) throw "Border must be non-negative"; + if (border > INT_MAX / 2 || border * 2 > INT_MAX - size) + throw "Border too large"; + std::ostringstream sb; sb << "\n"; sb << "\n"; diff --git a/java/io/nayuki/qrcodegen/QrCode.java b/java/io/nayuki/qrcodegen/QrCode.java index 68d35ca..5f64ca2 100644 --- a/java/io/nayuki/qrcodegen/QrCode.java +++ b/java/io/nayuki/qrcodegen/QrCode.java @@ -258,6 +258,9 @@ public final class QrCode { public BufferedImage toImage(int scale, int border) { if (scale <= 0 || border < 0) throw new IllegalArgumentException("Value out of range"); + if (border > Integer.MAX_VALUE / 2 || size + border * 2L > Integer.MAX_VALUE / scale) + throw new IllegalArgumentException("Scale or border too large"); + BufferedImage result = new BufferedImage((size + border * 2) * scale, (size + border * 2) * scale, BufferedImage.TYPE_INT_RGB); for (int y = 0; y < result.getHeight(); y++) { for (int x = 0; x < result.getWidth(); x++) { @@ -279,6 +282,9 @@ public final class QrCode { public String toSvgString(int border) { if (border < 0) throw new IllegalArgumentException("Border must be non-negative"); + if (size + border * 2L > Integer.MAX_VALUE) + throw new IllegalArgumentException("Border too large"); + StringBuilder sb = new StringBuilder(); sb.append("\n"); sb.append("\n"); diff --git a/rust/src/lib.rs b/rust/src/lib.rs index 8387f58..d4b41ae 100644 --- a/rust/src/lib.rs +++ b/rust/src/lib.rs @@ -240,9 +240,9 @@ impl QrCode { let mut result: String = String::new(); result.push_str("\n"); result.push_str("\n"); + let dimension = self.size.checked_add(border.checked_mul(2).unwrap()).unwrap(); result.push_str(&format!( - "\n", - self.size + border * 2)); + "\n", dimension)); result.push_str("\t\n"); result.push_str("\t