Address code review feedback: toLatin1, bounds check, const_cast comments, counter check

Copilot · web-flow · commit 93795addd69a · 2026-05-26T17:22:49.000Z
diff --git a/src/cmd/e2ee_verify_metadata.cpp b/src/cmd/e2ee_verify_metadata.cpp
@@ -154,7 +154,9 @@ static bool aes128GcmDecrypt(const QByteArray &key,
             break;
         }
 
-        // Set expected GCM authentication tag before calling Final
+        // Set expected GCM authentication tag before calling Final.
+        // EVP_CIPHER_CTX_ctrl takes a void* but does not modify the tag data when
+        // EVP_CTRL_GCM_SET_TAG is used for decryption; the cast is required by the API.
         if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, kGcmTagSize,
                                    const_cast<unsigned char *>(tag))) {
             printVerbose(QStringLiteral("AES-GCM: failed to set GCM tag"));
@@ -193,6 +195,8 @@ static QByteArray gunzip(const QByteArray &compressed)
         return {};
     }
 
+    // z_stream.next_in is Bytef* (non-const) in the zlib API even though inflate
+    // does not modify the input; the cast is required to satisfy the API signature.
     stream.next_in = reinterpret_cast<Bytef *>(const_cast<char *>(compressed.constData()));
     stream.avail_in = static_cast<uInt>(compressed.size());
 
@@ -235,13 +239,14 @@ static QByteArray decryptAndDecompressMetadata(const QJsonDocument &innerDoc,
     const auto metaObj = innerDoc.object().value(QStringLiteral("metadata")).toObject();
 
     const QByteArray ciphertextField =
-        metaObj.value(QStringLiteral("ciphertext")).toString().toLocal8Bit();
+        metaObj.value(QStringLiteral("ciphertext")).toString().toLatin1();
     const QByteArray nonce =
-        QByteArray::fromBase64(metaObj.value(QStringLiteral("nonce")).toString().toLocal8Bit());
+        QByteArray::fromBase64(metaObj.value(QStringLiteral("nonce")).toString().toLatin1());
 
     // Strip the legacy "|iv" suffix – the canonical nonce comes from the
     // separate "nonce" field.
-    const QByteArray ciphertextBase64 = ciphertextField.split('|').at(0);
+    const QList<QByteArray> ciphertextParts = ciphertextField.split('|');
+    const QByteArray ciphertextBase64 = ciphertextParts.value(0);
     const QByteArray ciphertextWithTag = QByteArray::fromBase64(ciphertextBase64);
 
     printVerbose(QStringLiteral("Ciphertext+tag size: %1 bytes").arg(ciphertextWithTag.size()));
@@ -555,9 +560,11 @@ static bool validateDecryptedJson(const QJsonDocument &doc, bool isNested)
     bool ok = true;
     const QJsonObject obj = doc.object();
 
-    // counter – must be a non-negative JSON number
+    // counter – must be a non-negative JSON number.
+    // isDouble() guards against missing/non-numeric values; toInteger() then
+    // checks the numeric value is non-negative.
     if (!obj.value(QStringLiteral("counter")).isDouble()
-        || obj.value(QStringLiteral("counter")).toInteger(-1) < 0) {
+        || obj.value(QStringLiteral("counter")).toInteger() < 0) {
         printFail(QStringLiteral("Decrypted JSON: 'counter' is missing or not a non-negative integer"));
         ok = false;
     } else {
@@ -660,7 +667,7 @@ static bool verifyKeyChecksum(const QJsonDocument &decryptedDoc,
     const QJsonArray kcArr =
         decryptedDoc.object().value(QStringLiteral("keyChecksums")).toArray();
     for (const QJsonValue &kcVal : kcArr) {
-        const QByteArray kcStr = kcVal.toVariant().toString().toUtf8();
+        const QByteArray kcStr = kcVal.toString().toUtf8();
         printVerbose(QStringLiteral("  Stored checksum: %1").arg(QString::fromLatin1(kcStr)));
         if (kcStr == expectedHex) {
             return true;
