From 56384396e5501ebcf7276caa2cb561023d3c3d12 Mon Sep 17 00:00:00 2001
From: Edwin Mons <edwin.mons@isode.com>
Date: Fri, 9 Nov 2018 10:15:38 +0100
Subject: Remove numeric_casts from XML parsers

The code has been updated to use asserts where a sensible recovery path
was deemed impossible, and a conditional return for parse.  In general,
our XML parsing will fail for any single parse of a document over
roughly 2 2GiB, which is probably not going to be a practical issue soon.

Test-Information:

Unit tests pass on macOS 10.13 using Expat and Debian 9 using LibXML

Change-Id: I3a8da802860028ea278b322af081c2b22b55a442

diff --git a/Swiften/Parser/ExpatParser.cpp b/Swiften/Parser/ExpatParser.cpp
index 77d959c..8415c42 100644
--- a/Swiften/Parser/ExpatParser.cpp
+++ b/Swiften/Parser/ExpatParser.cpp
@@ -7,13 +7,12 @@
 #include <Swiften/Parser/ExpatParser.h>
 
 #include <cassert>
+#include <limits>
 #include <memory>
 #include <string>
 
 #include <expat.h>
 
-#include <boost/numeric/conversion/cast.hpp>
-
 #include <Swiften/Base/String.h>
 #include <Swiften/Parser/XMLParserClient.h>
 
@@ -84,7 +83,10 @@ ExpatParser::~ExpatParser() {
 }
 
 bool ExpatParser::parse(const std::string& data) {
-    bool success = XML_Parse(p->parser_, data.c_str(), boost::numeric_cast<int>(data.size()), false) == XML_STATUS_OK;
+    if (data.size() > std::numeric_limits<int>::max()) {
+        return false;
+    }
+    bool success = XML_Parse(p->parser_, data.c_str(), static_cast<int>(data.size()), false) == XML_STATUS_OK;
     /*if (!success) {
         std::cout << "ERROR: " << XML_ErrorString(XML_GetErrorCode(p->parser_)) << " while parsing " << data << std::endl;
     }*/
diff --git a/Swiften/Parser/LibXMLParser.cpp b/Swiften/Parser/LibXMLParser.cpp
index be0a92d..5bd3737 100644
--- a/Swiften/Parser/LibXMLParser.cpp
+++ b/Swiften/Parser/LibXMLParser.cpp
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2010-2016 Isode Limited.
+ * Copyright (c) 2010-2018 Isode Limited.
  * All rights reserved.
  * See the COPYING file for more information.
  */
@@ -8,11 +8,10 @@
 
 #include <cassert>
 #include <cstring>
+#include <limits>
 #include <memory>
 #include <string>
 
-#include <boost/numeric/conversion/cast.hpp>
-
 #include <libxml/parser.h>
 
 #include <Swiften/Base/Log.h>
@@ -36,11 +35,12 @@ static void handleStartElement(void* parser, const xmlChar* name, const xmlChar*
         if (attributes[i+2]) {
             attributeNS = std::string(reinterpret_cast<const char*>(attributes[i+2]));
         }
+        assert(attributes[i+4] >= attributes[i+3]);
         attributeValues.addAttribute(
                 std::string(reinterpret_cast<const char*>(attributes[i])),
                 attributeNS,
                 std::string(reinterpret_cast<const char*>(attributes[i+3]),
-                    boost::numeric_cast<size_t>(attributes[i+4]-attributes[i+3])));
+                    static_cast<size_t>(attributes[i+4]-attributes[i+3])));
     }
     static_cast<XMLParser*>(parser)->getClient()->handleStartElement(reinterpret_cast<const char*>(name), (xmlns ? reinterpret_cast<const char*>(xmlns) : std::string()), attributeValues);
 }
@@ -50,7 +50,8 @@ static void handleEndElement(void *parser, const xmlChar* name, const xmlChar*,
 }
 
 static void handleCharacterData(void* parser, const xmlChar* data, int len) {
-    static_cast<XMLParser*>(parser)->getClient()->handleCharacterData(std::string(reinterpret_cast<const char*>(data), boost::numeric_cast<size_t>(len)));
+    assert(len >= 0);
+    static_cast<XMLParser*>(parser)->getClient()->handleCharacterData(std::string(reinterpret_cast<const char*>(data), static_cast<size_t>(len)));
 }
 
 static void handleError(void*, const char* /*m*/, ... ) {
@@ -94,7 +95,10 @@ LibXMLParser::~LibXMLParser() {
 }
 
 bool LibXMLParser::parse(const std::string& data) {
-    if (xmlParseChunk(p->context_, data.c_str(), boost::numeric_cast<int>(data.size()), false) == XML_ERR_OK) {
+    if (data.size() > std::numeric_limits<int>::max()) {
+        return false;
+    }
+    if (xmlParseChunk(p->context_, data.c_str(), static_cast<int>(data.size()), false) == XML_ERR_OK) {
         return true;
     }
     xmlError* error = xmlCtxtGetLastError(p->context_);
-- 
cgit v0.10.2-6-g49f6