Increase use of ptrdiff_t when performing pointer math

filters.cpp

@@ -264,7 +264,7 @@ byte *FilterWithBufferedInput::BlockQueue::GetBlock()
 	if (m_size >= m_blockSize)
 	{
 		byte *ptr = m_begin;
-		if ((m_begin+=m_blockSize) == m_buffer.end())
+		if ((m_begin = PtrAdd(m_begin, m_blockSize)) == m_buffer.end())
 			m_begin = m_buffer;
 		m_size -= m_blockSize;
 		return ptr;
@@ -304,7 +304,8 @@ void FilterWithBufferedInput::BlockQueue::Put(const byte *inString, size_t lengt
 	if (!inString || !length) return;
 
 	CRYPTOPP_ASSERT(m_size + length <= m_buffer.size());
-	byte *end = (m_size < size_t(m_buffer.end()-m_begin)) ? m_begin + m_size : m_begin + m_size - m_buffer.size();
+	byte *end = (m_size < static_cast<size_t>(PtrDiff(m_buffer.end(), m_begin)) ?
+		PtrAdd(m_begin, m_size) : PtrAdd(m_begin, m_size - m_buffer.size()));
 	size_t len = STDMIN(length, size_t(m_buffer.end()-end));
 	memcpy(end, inString, len);
 	if (len < length)
@@ -541,7 +542,7 @@ size_t ArraySink::Put2(const byte *begin, size_t length, int messageEnd, bool bl
 	if (m_buf && begin)
 	{
 		copied = STDMIN(length, SaturatingSubtract(m_size, m_total));
-		memmove(m_buf+m_total, begin, copied);
+		memmove(PtrAdd(m_buf, m_total), begin, copied);
 	}
 	m_total += copied;
 	return length - copied;
@@ -550,7 +551,7 @@ size_t ArraySink::Put2(const byte *begin, size_t length, int messageEnd, bool bl
 byte * ArraySink::CreatePutSpace(size_t &size)
 {
 	size = SaturatingSubtract(m_size, m_total);
-	return m_buf + m_total;
+	return PtrAdd(m_buf, m_total);
 }
 
 void ArraySink::IsolatedInitialize(const NameValuePairs &parameters)
@@ -571,7 +572,7 @@ size_t ArrayXorSink::Put2(const byte *begin, size_t length, int messageEnd, bool
 	if (m_buf && begin)
 	{
 		copied = STDMIN(length, SaturatingSubtract(m_size, m_total));
-		xorbuf(m_buf+m_total, begin, copied);
+		xorbuf(PtrAdd(m_buf, m_total), begin, copied);
 	}
 	m_total += copied;
 	return length - copied;
@@ -726,7 +727,7 @@ void StreamTransformationFilter::LastPut(const byte *inString, size_t length)
 			// Process full blocks
 			m_cipher.ProcessData(space, inString, length);
 			AttachedTransformation()->Put(space, length);
-			inString += length;
+			inString = PtrAdd(inString, length);
 		}
 
 		if (leftOver)
@@ -761,7 +762,7 @@ void StreamTransformationFilter::LastPut(const byte *inString, size_t length)
 				size_t blockSize = STDMAX(minLastBlockSize, (size_t)m_mandatoryBlockSize);
 				space = HelpCreatePutSpace(*AttachedTransformation(), DEFAULT_CHANNEL, blockSize);
 				if (inString) {memcpy(space, inString, length);}
-				memset(space + length, 0, blockSize - length);
+				memset(PtrAdd(space, length), 0, blockSize - length);
 				size_t used = m_cipher.ProcessLastBlock(space, blockSize, space, blockSize);
 				AttachedTransformation()->Put(space, used);
 			}

misc.h

@@ -386,6 +386,36 @@ inline PTR PtrSub(PTR pointer, OFF offset)
 	return pointer-static_cast<ptrdiff_t>(offset);
 }
 
+/// \brief Determine pointer difference
+/// \tparam PTR a pointer type
+/// \param pointer1 the first pointer
+/// \param pointer2 the second pointer
+/// \details PtrByteDiff can be used to squash Clang and GCC
+///   UBsan findings for pointer addition and subtraction.
+///   pointer1 and pointer2 must point to the same object or
+///   array (or one past the end), and yields the number of
+///   bytes (not elements) difference.
+template <typename PTR>
+inline uintptr_t PtrByteDiff(const PTR pointer1, const PTR pointer2)
+{
+	return static_cast<uintptr_t>(pointer1) - static_cast<uintptr_t>(pointer2);
+}
+
+/// \brief Determine pointer difference
+/// \tparam PTR a pointer type
+/// \param pointer1 the first pointer
+/// \param pointer2 the second pointer
+/// \details PtrDiff can be used to squash Clang and GCC
+///   UBsan findings for pointer addition and subtraction.
+///   pointer1 and pointer2 must point to the same object or
+///   array (or one past the end), and yields the number of
+///   elements (not bytes) difference.
+template <typename PTR>
+inline ptrdiff_t PtrDiff(const PTR pointer1, const PTR pointer2)
+{
+	return static_cast<ptrdiff_t>(pointer1 - pointer2);
+}
+
 #if (!__STDC_WANT_SECURE_LIB__ && !defined(_MEMORY_S_DEFINED)) || defined(CRYPTOPP_WANT_SECURE_LIB)
 
 /// \brief Bounds checking replacement for memcpy()

test.cpp

@@ -119,8 +119,14 @@ void FIPS140_GenerateRandomFiles();
 bool Validate(int, bool, const char *);
 void PrintSeedAndThreads(const std::string& seed);
 
+#define CRYPTOPP_USE_AES_GENERATOR 1
+
 ANONYMOUS_NAMESPACE_BEGIN
+#if (CRYPTOPP_USE_AES_GENERATOR)
 OFB_Mode<AES>::Encryption s_globalRNG;
+#else
+AutoSeededRandomPool s_globalRNG;
+#endif
 NAMESPACE_END
 
 RandomNumberGenerator & GlobalRNG()
@@ -151,9 +157,13 @@ int scoped_main(int argc, char *argv[])
 		std::string seed = IntToString(time(NULLPTR));
 		seed.resize(16, ' ');
 
-		// Fetch the SymmetricCipher interface, not the RandomNumberGenerator interface, to key the underlying cipher
+		// Fetch the SymmetricCipher interface, not the RandomNumberGenerator
+		//  interface, to key the underlying cipher. If CRYPTOPP_USE_AES_GENERATOR
+		//  is 1 then perform the cast. Otherwise avoid the cast.
+#if (CRYPTOPP_USE_AES_GENERATOR)
 		OFB_Mode<AES>::Encryption& aesg = dynamic_cast<OFB_Mode<AES>::Encryption&>(GlobalRNG());
 		aesg.SetKeyWithIV((byte *)seed.data(), 16, (byte *)seed.data());
+#endif
 
 		std::string command, executableName, macFilename;