XMPMeta.cpp: match types to format strings in OutProc* macros

mandree · mandree · commit d9bc087ea995 · 2023-07-01T23:58:56.000+02:00
The numerical OutProc*(num) macros fill in their arguments via
snprintf's "..." varargs part, and the type at the use site depends on
the passed-in types.  This might cause wrong types on the stack that
cause undefined behavior in the snprintf() function, and reading past
memory, outputting garbage.

static_cast&lt;&gt; the macro arguments to the types matching the format
string, to get the expected type width on the stack.
diff --git a/xmpsdk/src/XMPMeta.cpp b/xmpsdk/src/XMPMeta.cpp
@@ -81,17 +81,17 @@ static const char * kTenSpaces = "          ";
 
 #define OutProcString(str)	{ status = (*outProc) ( refCon, (str).c_str(), (str).size() );  if ( status != 0 ) goto EXIT; }
 
-#define OutProcULong(num)	{ snprintf ( buffer, sizeof(buffer), "%lu", (num) ); /* AUDIT: Using sizeof for snprintf length is safe */ \
+#define OutProcULong(num)	{ snprintf ( buffer, sizeof(buffer), "%lu", static_cast<unsigned long>(num) ); /* AUDIT: Using sizeof for snprintf length is safe */ \
 							  status = (*outProc) ( refCon, buffer, strlen(buffer) );  if ( status != 0 ) goto EXIT; }
 #ifdef __APPLE__
-#define OutProcHexInt(num)	{ snprintf ( buffer, sizeof(buffer), "%X", (num) ); /* AUDIT: Using sizeof for snprintf length is safe */	\
+#define OutProcHexInt(num)	{ snprintf ( buffer, sizeof(buffer), "%X", static_cast<unsigned int>(num) ); /* AUDIT: Using sizeof for snprintf length is safe */	\
 							  status = (*outProc) ( refCon, buffer, strlen(buffer) );  if ( status != 0 ) goto EXIT; }
 #else
-#define OutProcHexInt(num)	{ snprintf ( buffer, sizeof(buffer), "%lX", (num) ); /* AUDIT: Using sizeof for snprintf length is safe */	\
+#define OutProcHexInt(num)	{ snprintf ( buffer, sizeof(buffer), "%lX", static_cast<unsigned long>(num) ); /* AUDIT: Using sizeof for snprintf length is safe */	\
 							  status = (*outProc) ( refCon, buffer, strlen(buffer) );  if ( status != 0 ) goto EXIT; }
 #endif
 
-#define OutProcHexByte(num)	{ snprintf ( buffer, sizeof(buffer), "%.2X", (num) ); /* AUDIT: Using sizeof for snprintf length is safe */	\
+#define OutProcHexByte(num)	{ snprintf ( buffer, sizeof(buffer), "%.2X", static_cast<unsigned int>(num) ); /* AUDIT: Using sizeof for snprintf length is safe */	\
 							  status = (*outProc) ( refCon, buffer, strlen(buffer) );  if ( status != 0 ) goto EXIT; }
 
 static const char * kIndent = "   ";
