fix: fixing CWE-120, CWE-20

[Documentation] information CWE-120: The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow. fix: typo on input_output.h fix: delete windows test chore: adding ``input_output_testing`` [Documentation] adding unitesting using google test framwork to test the functionallity of the `save` and `load` function from `clara` library `input_output` Signed-off-by: slowy07 <[email protected]>
slowy07 · Aug 7, 2023 · 0e5a02b · 0e5a02b
1 parent 705b872
commit 0e5a02b
Show file tree

Hide file tree

Showing 3 changed files with 44 additions and 37 deletions.
diff --git a/.github/workflows/cpp-testing-windows-base.yml b/.github/workflows/cpp-testing-windows-base.yml
diff --git a/clara_test/tests/input_output_testing.cpp b/clara_test/tests/input_output_testing.cpp
@@ -0,0 +1,32 @@
+#include <fstream>
+
+#include "../../include/clara.h"
+#include "../../include/input_output.h"
+#include "gtest/gtest.h"
+
+using namespace clara;
+
+class InputOutputTest : public ::testing::Test {
+ protected:
+  void SetUp() override {}
+  void TearDown() override {}
+};
+
+TEST_F(InputOutputTest, SaveAndLoadEigenMatrix) {
+  Eigen::MatrixXd mat(3, 3);
+  mat << 1, 2, 3, 4, 5, 6, 7, 8, 9;
+
+  const std::string filename = "test_matrix.bin";
+  clara::save(mat, filename);
+
+  auto loadedMatrix = clara::load<Eigen::MatrixXd>(filename);
+
+  ASSERT_EQ(mat.rows(), loadedMatrix.rows());
+  ASSERT_EQ(mat.cols(), loadedMatrix.cols());
+
+  for (int i = 0; i < mat.rows(); ++i) {
+    for (int j = 0; j < mat.cols(); ++j) {
+      ASSERT_DOUBLE_EQ(mat(i, j), loadedMatrix(i, j));
+    }
+  }
+}
diff --git a/include/input_output.h b/include/input_output.h
@@ -203,16 +203,25 @@ dyn_mat<typename Derived::Scalar> load(const std::string& fname) {
 
   // read the header from file
   fin.read(fheader_.get(), header_.length());
+  // null-terminate the string
+  fheader_[header_.length()] = '\0';
   if (std::string(fheader_.get(), header_.length()) != header_) {
+    // compare with the entire string
     throw std::runtime_error("clara::load() corrupted file \"" + std::string(fname) + "\"!");
   }
 
-  idx rows, cols;
+  typename Derived::Index rows, cols;
   fin.read(reinterpret_cast<char*>(&rows), sizeof(rows));
-  fin.read(reinterpret_cast<char*>(&rows), sizeof(cols));
+  fin.read(reinterpret_cast<char*>(&cols), sizeof(cols));
+
+  if (rows < 0 || cols < 0) {
+    throw exception::CustomException(
+        "clara::load()", "invalid matrix dimension in file \"" + std::string(fname) + "\"");
+  }
+
   dyn_mat<typename Derived::Scalar> A(rows, cols);
 
-  fin.read(reinterpret_cast<char*>(A.rows()), sizeof(typename Derived::Scalar) * rows * cols);
+  fin.read(reinterpret_cast<char*>(A.data()), sizeof(typename Derived::Scalar) * rows * cols);
   fin.close();
   return A;
 }