Fix/tiff readtiffentry uint32 overflow

.clang-format

@@ -0,0 +1,24 @@
+---
+# Indentation for all files
+ColumnLimit: 120
+
+# C++ Options
+Language: Cpp
+BasedOnStyle: Google
+
+# Force pointers to the type for C++.
+DerivePointerAlignment: false
+PointerAlignment: Left
+
+# Useful for sorting the project inclusions and standard library inclusions separately 
+IncludeBlocks: Preserve
+
+# Constructor initializers better formatted in presence of preprocessor conditions (see image.cpp)
+BreakConstructorInitializers: AfterColon
+
+# Do not allow SingleLine statements (to improve coverage statistics)
+AllowShortFunctionsOnASingleLine: None
+AllowShortIfStatementsOnASingleLine: false
+AllowShortLoopsOnASingleLine: false
+
+...

.cmake-format

@@ -0,0 +1,17 @@
+with section("format"):
+
+  # How wide to allow formatted cmake files
+  line_width = 150
+
+  # How many spaces to tab for indent
+  tab_size = 2
+
+  # If true, separate flow control names from their parentheses with a space
+  separate_ctrl_name_with_space = False
+
+  # If true, separate function names from parentheses with a space
+  separate_fn_name_with_space = False
+
+  # If a statement is wrapped to more than one line, than dangle the closing
+  # parenthesis on its own line.
+  dangle_parens = True

.editorconfig

@@ -0,0 +1,6 @@
+[*]
+charset = utf-8
+insert_final_newline = true
+indent_style = space
+indent_size = 2
+trim_trailing_whitespace=true

.git-blame-ignore-revs

@@ -0,0 +1,4 @@
+# ignore global clang-format
+30bf563f4d71ff284b5f42d45f77226200a2e571
+# fic formatting followup from #2158
+a3cb054746beed514679592ffec9378acc9e5d41

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,29 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: ''
+labels: bug
+assignees: ''
+
+---
+
+#### **Describe the bug**
+A clear and concise description of the bug, including your use case for exiv2.
+
+#### **To Reproduce**
+Steps to reproduce the behavior:
+1. Provide the file with which you observed the issue (commonly named PoC). Explain the status of the file (e.g., direct from camera, edited with darktable), whether you own the copyright and if you allow the file to be added to exiv2 under the [project's license](https://github.com/Exiv2/exiv2/blob/main/COPYING)
+2. List the exact commands/functions to reproduce the issue and include any related output
+3. Mention the branch and commit in which you observed the issue (e.g., `main, commit 9f721b40`, `0.27-maintenance, latest`)
+
+#### **Expected behavior**
+A short description of what you expected to happen.
+
+#### **Desktop (please complete the following information):**
+- OS and version: (e.g., Linux (Fedora 36), macOS 12.5, Windows 11)
+- Exiv2 version and source: (e.g., 0.27.5 from exiv2.org)
+- Compiler and version: (e.g., Gcc 12.2, Clang 14.0.0, MSVC 2022)
+- Compilation mode and/or compiler flags: (e.g., debug, `-O3`)
+
+#### **Additional context**
+Add any other information about the problem here.

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,25 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+title: ''
+labels: request
+assignees: ''
+
+---
+
+#### **Is your feature request related to a problem?**
+A clear and concise description of the problem, including your use case for exiv2 and any impact on your workflow.
+
+#### **Describe the solution you would like**
+A short description of what you want to happen.
+
+#### **Describe alternatives you have considered**
+A simple explanation of any alternative solutions (e.g., using ExifTool) or features you have considered (e.g., convert the file to JPEG).
+
+#### **Desktop**
+- OS and version: (e.g., Linux (Fedora 36), macOS 12.5, Windows 11)
+- Exiv2 version and source: (e.g., 0.27.5 from exiv2.org)
+- Any software using exiv2 and source: (e.g., darktable 4.0 from darktable.org)
+
+#### **Additional context**
+Add any other information about the feature request here (e.g. screenshots, URLs, test files).

.github/codeql-queries/exiv2-code-scanning.qls

@@ -0,0 +1,3 @@
+# Reusing existing QL Pack
+- import: codeql-suites/cpp-code-scanning.qls
+  from: codeql-cpp

.github/codeql-queries/exiv2-cpp-queries/null_iterator_deref.qhelp

@@ -0,0 +1,23 @@
+<!DOCTYPE qhelp SYSTEM "qhelp.dtd">
+<qhelp>
+    <overview>
+        <p>
+        A C++ iterator is a lot like a C pointer: if you dereference it without
+        first checking that it's valid then it can cause a crash.
+        </p>
+    </overview>
+    <recommendation>
+        <p>
+        Always check that the iterator is valid before derefencing it.
+        </p>
+    </recommendation>
+    <example>
+        <p>
+        <a href="https://github.com/Exiv2/exiv2/issues/1763">Issue 1763</a> was caused by
+        <a href="https://github.com/Exiv2/exiv2/blob/9b3ed3f9564b4ea51b43c78671435bde6b862e08/src/canonmn_int.cpp#L2755">this
+        dereference</a> of the iterator <tt>pos</tt>.
+        The bug was <a href="https://github.com/Exiv2/exiv2/pull/1767">fixed</a> by not dereferencing
+        <tt>pos</tt> if <tt>pos == metadata->end()</tt>.
+        </p>
+    </example>
+</qhelp>

.github/codeql-queries/exiv2-cpp-queries/null_iterator_deref.ql

@@ -0,0 +1,47 @@
+/**
+ * @name NULL iterator deref
+ * @description Dereferencing an iterator without checking that it's valid could cause a crash.
+ * @kind problem
+ * @problem.severity warning
+ * @id cpp/null-iterator-deref
+ * @tags security
+ *       external/cwe/cwe-476
+ */
+
+import cpp
+import semmle.code.cpp.controlflow.Guards
+import semmle.code.cpp.dataflow.DataFlow
+
+// Holds if `cond` is a condition like `use == table.end()`.
+// `eq_is_true` is `true` for `==`, `false` for '!=`.
+// Note: the `==` is actually an overloaded `operator==`.
+predicate end_condition(GuardCondition cond, Expr use, FunctionCall endCall, boolean eq_is_true) {
+  exists(FunctionCall eq |
+    exists(string opName | eq.getTarget().getName() = opName |
+      opName = "operator==" and eq_is_true = true
+      or
+      opName = "operator!=" and eq_is_true = false
+    ) and
+    DataFlow::localExprFlow(use, eq.getAnArgument()) and
+    DataFlow::localExprFlow(endCall, eq.getAnArgument()) and
+    endCall.getTarget().getName() = "end" and
+    DataFlow::localExprFlow(eq, cond)
+  )
+}
+
+from FunctionCall call, Expr use
+where
+  call.getTarget().getName() = "findKey" and
+  DataFlow::localExprFlow(call, use) and
+  use != call and
+  not use.(AssignExpr).getRValue() = call and
+  not end_condition(_, use, _, _) and
+  not exists(
+    Expr cond_use, FunctionCall endCall, GuardCondition cond, BasicBlock block, boolean branch
+  |
+    end_condition(cond, cond_use, endCall, branch) and
+    DataFlow::localExprFlow(call, cond_use) and
+    cond.controls(block, branch.booleanNot()) and
+    block.contains(use)
+  )
+select call, "Iterator returned by findKey might cause a null deref $@.", use, "here"

.github/codeql-queries/exiv2-cpp-queries/null_metadata_in_print.ql

@@ -0,0 +1,65 @@
+/**
+ * @name Null metadata in print function
+ * @description Print functions need to check that the metadata isn't null before calling methods on it.
+ * @kind problem
+ * @problem.severity warning
+ * @id cpp/null-metadata-in-print
+ */
+
+import cpp
+import semmle.code.cpp.controlflow.Guards
+import semmle.code.cpp.controlflow.Nullness
+import semmle.code.cpp.rangeanalysis.RangeAnalysisUtils
+
+// Find all the print functions by looking for TagInfo initializers
+// like this one:
+// https://github.com/Exiv2/exiv2/blob/6b186a4cd276ac11b3ea69951c2112f4c4814b9a/src/canonmn_int.cpp#L660-L679
+class PrintFunction extends Function {
+  PrintFunction() {
+    exists(Initializer i, Field f |
+      i.getExpr().(ArrayAggregateLiteral).getAChild().(ClassAggregateLiteral).getAFieldExpr(f) =
+        this.getAnAccess() and
+      f.getName() = "printFct_"
+    )
+  }
+}
+
+predicate metadataDeref(Expr metadata) {
+  exists(Call call | call.getQualifier() = metadata)
+  or
+  exists(FunctionCall call, int argIndex, Function f |
+    call.getArgument(argIndex) = metadata and
+    f = call.getTarget() and
+    metadataDeref(f.getParameter(argIndex).getAnAccess())
+  )
+}
+
+predicate unsafePointerParam(Function f, int paramIndex, Expr use) {
+  exists(Parameter p |
+    p = f.getParameter(paramIndex) and
+    use = p.getAnAccess() and
+    unsafePointerExpr(use) and
+    not exists(GuardCondition nonNullCheck, BasicBlock block, boolean branch |
+      validCheckExpr(nonNullCheck, p) and
+      nonNullCheck.controls(block, branch) and
+      block.contains(use)
+    )
+  )
+}
+
+predicate unsafePointerExpr(Expr e) {
+  exists(Call call |
+    call.getQualifier() = e and
+    e.getType().getUnspecifiedType() instanceof PointerType
+  )
+  or
+  exists(FunctionCall call, int argIndex, Function f |
+    call.getArgument(argIndex) = e and
+    f = call.getTarget() and
+    unsafePointerParam(f, argIndex, _)
+  )
+}
+
+from PrintFunction printfcn, Parameter p, Expr metadata
+where unsafePointerParam(printfcn, 2, metadata)
+select metadata, "Print functions need to check that the metadata isn't null."

.github/codeql-queries/exiv2-cpp-queries/qlpack.yml

@@ -0,0 +1,4 @@
+name: exiv2-cpp-queries
+version: 0.0.0
+libraryPathDependencies: codeql-cpp
+suites: exiv2-cpp-suite

.github/codeql-queries/exiv2-cpp-queries/signed_shift.ql

@@ -0,0 +1,24 @@
+/**
+ * @name Signed shift
+ * @description Shifting a negative number is undefined behavior,
+ *              so it is risky to shift a signed number.
+ * @kind problem
+ * @problem.severity warning
+ * @id cpp/signed-shift
+ * @tags security
+ *       external/cwe/cwe-758
+ */
+
+// See the "Bitwise shift operators" section here:
+// https://en.cppreference.com/w/cpp/language/operator_arithmetic
+import cpp
+import semmle.code.cpp.rangeanalysis.SimpleRangeAnalysis
+
+from BinaryBitwiseOperation shift, Expr lhs
+where
+  (shift instanceof LShiftExpr or shift instanceof RShiftExpr) and
+  lhs = shift.getLeftOperand().getFullyConverted() and
+  lowerBound(lhs) < 0
+select shift,
+  "This signed shift could cause undefined behavior if the value is negative. Type of lhs: " +
+    lhs.getType().toString()

.github/codeql-queries/exiv2-cpp-queries/unsafe_vector_access.qhelp

@@ -0,0 +1,30 @@
+<!DOCTYPE qhelp SYSTEM "qhelp.dtd">
+<qhelp>
+    <overview>
+        <p>
+        The <a href="https://en.cppreference.com/w/cpp/container/vector/operator_at"><tt>operator[]</tt></a> method of <a href="https://en.cppreference.com/w/cpp/container/vector"><tt>std::vector</tt></a> does not do any bounds checking on the index. It is safer to use the <a href="https://en.cppreference.com/w/cpp/container/vector/at"><tt>at()</tt></a> method, which does do bounds checking.
+        </p>
+    </overview>
+    <recommendation>
+        <p>
+        Use the <a href="https://en.cppreference.com/w/cpp/container/vector/at"><tt>at()</tt></a> method, rather than <a href="https://en.cppreference.com/w/cpp/container/vector/operator_at"><tt>operator[]</tt></a>.
+        </p>
+        <p>
+          Some uses of <a href="https://en.cppreference.com/w/cpp/container/vector/operator_at"><tt>operator[]</tt></a> are safe because they are protected by a bounds check. The query recognises the following safe coding patterns:
+        </p>
+        <ul>
+          <li><tt>if (!x.empty()) { ...x[0]... }</tt></li>
+          <li><tt>if (x.length()) { ...x[0]... }</tt></li>
+          <li><tt>if (x.size() > 2) { ...x[2]... }</tt></li>
+          <li><tt>if (x.size() == 2) { ...x[1]... }</tt></li>
+          <li><tt>if (x.size() != 0) { ...x[0]... }</tt></li>
+          <li><tt>if (i < x.size()) { ... x[i] ... }</tt></li>
+          <li><tt>if (!x.empty()) { ... x[x.size() - 1] ... }</tt></li>
+        </ul>
+    </recommendation>
+    <example>
+        <p>
+          <a href="https://github.com/Exiv2/exiv2/issues/1706">#1706</a> was caused by a lack of bounds-checking on <a href="https://github.com/Exiv2/exiv2/blob/15098f4ef50cc721ad0018218acab2ff06e60beb/include/exiv2/value.hpp#L1639">this array access</a>. The bug was <a href="https://github.com/Exiv2/exiv2/pull/1735">fixed</a> calling the <a href="https://en.cppreference.com/w/cpp/container/vector/at"><tt>at()</tt></a> method instead.
+        </p>
+    </example>
+</qhelp>