[Libreoffice-commits] core.git: 9 commits - filter/source linguistic/source lotuswordpro/source sd/source sw/source
Caolán McNamara
caolanm at redhat.com
Sat Feb 16 15:31:54 PST 2013
filter/source/graphicfilter/eras/eras.cxx | 8 ++--
filter/source/graphicfilter/expm/expm.cxx | 9 ++---
filter/source/t602/t602filter.cxx | 2 -
linguistic/source/dicimp.cxx | 2 +
lotuswordpro/source/filter/lwppagelayout.cxx | 9 +++--
sd/source/ui/remotecontrol/DiscoveryService.cxx | 5 +-
sw/source/filter/ww8/writerhelper.cxx | 17 ++++++++-
sw/source/filter/ww8/writerhelper.hxx | 18 +++++++++-
sw/source/filter/ww8/ww8par.cxx | 4 +-
sw/source/filter/ww8/ww8par2.cxx | 43 ++++++++++++++++++------
10 files changed, 88 insertions(+), 29 deletions(-)
New commits:
commit 8f9da3e7d0ac3b842bbe31463e18e759bcdd9b31
Author: Caolán McNamara <caolanm at redhat.com>
Date: Sat Feb 16 22:53:04 2013 +0000
coverity#738975 Use after free
also...
coverity#738973 Use after free
coverity#738974 Use after free
Change-Id: Iecf2075372d76cded86b92e49225337b95f5ffd1
diff --git a/lotuswordpro/source/filter/lwppagelayout.cxx b/lotuswordpro/source/filter/lwppagelayout.cxx
index 5e860c7..251c8be 100644
--- a/lotuswordpro/source/filter/lwppagelayout.cxx
+++ b/lotuswordpro/source/filter/lwppagelayout.cxx
@@ -335,13 +335,15 @@ void LwpPageLayout::RegisterStyle()
//Add the page master to stylemanager
XFStyleManager* pXFStyleManager = LwpGlobalMgr::GetInstance()->GetXFStyleManager();
- OUString pmname = pXFStyleManager->AddStyle(pm1)->GetStyleName();
+ m_pXFPageMaster = pm1 = (XFPageMaster*)pXFStyleManager->AddStyle(pm1);
+ OUString pmname = pm1->GetStyleName();
//Add master page
XFMasterPage* mp1 = new XFMasterPage();
mp1->SetStyleName(GetName()->str());
mp1->SetPageMaster(pmname);
- m_StyleName = pXFStyleManager->AddStyle(mp1)->GetStyleName();
+ mp1 = (XFMasterPage*)pXFStyleManager->AddStyle(mp1);
+ m_StyleName = mp1->GetStyleName();
//Set footer style
LwpFooterLayout* pLayoutFooter = GetFooterLayout();
@@ -392,7 +394,8 @@ OUString LwpPageLayout::RegisterEndnoteStyle()
//Add the page master to stylemanager
XFStyleManager* pXFStyleManager = LwpGlobalMgr::GetInstance()->GetXFStyleManager();
- OUString pmname = pXFStyleManager->AddStyle(pm1)->GetStyleName();
+ m_pXFPageMaster = pm1 = (XFPageMaster*)pXFStyleManager->AddStyle(pm1);
+ OUString pmname = pm1->GetStyleName();
//Add master page
XFMasterPage* mp1 = new XFMasterPage();
commit 297b1bc47699340fa0c1fc4ada4d01da9f013d1d
Author: Caolán McNamara <caolanm at redhat.com>
Date: Sat Feb 16 14:50:42 2013 +0000
coverity#738551 Uninitialized scalar variable
Change-Id: I159b57dcb6f2fd3c34d23c5bb38cf87e8d3e00f5
diff --git a/sd/source/ui/remotecontrol/DiscoveryService.cxx b/sd/source/ui/remotecontrol/DiscoveryService.cxx
index 89127f9..3f53681 100644
--- a/sd/source/ui/remotecontrol/DiscoveryService.cxx
+++ b/sd/source/ui/remotecontrol/DiscoveryService.cxx
@@ -40,16 +40,15 @@ using namespace sd;
DiscoveryService::DiscoveryService() :
mSocket(0)
{
- int rc;
-
mSocket = socket( AF_INET, SOCK_DGRAM, IPPROTO_UDP );
sockaddr_in aAddr;
+ memset(&aAddr, 0, sizeof(aAddr));
aAddr.sin_family = AF_INET;
aAddr.sin_addr.s_addr = htonl(INADDR_ANY);
aAddr.sin_port = htons( PORT_DISCOVERY );
- rc = bind( mSocket, (sockaddr*) &aAddr, sizeof(sockaddr_in) );
+ int rc = bind( mSocket, (sockaddr*) &aAddr, sizeof(sockaddr_in) );
if (rc)
{
commit fc0b3b469d5afdd6fc1f5b7db8e1660185da3c36
Author: Caolán McNamara <caolanm at redhat.com>
Date: Fri Feb 15 23:45:35 2013 +0000
coverity#703910 Destination buffer too small
also fixes...
coverity#736210 Out-of-bounds access
coverity#736211 Out-of-bounds access
Change-Id: Ie93150ec764abfc53881f4bad839e32e85fac65c
diff --git a/sw/source/filter/ww8/ww8par2.cxx b/sw/source/filter/ww8/ww8par2.cxx
index 705f517..bc8dd2e 100644
--- a/sw/source/filter/ww8/ww8par2.cxx
+++ b/sw/source/filter/ww8/ww8par2.cxx
@@ -1288,52 +1288,77 @@ void WW8TabBandDesc::ProcessSprmTSetBRC(bool bVer67, const sal_uInt8* pParamsTSe
{
WW8_BRCVer6* pBRC = (WW8_BRCVer6*)(pParamsTSetBRC+3);
- for( int i = nitcFirst; i < nitcLim; i++, ++pAktTC )
+ for( int i = nitcFirst; i < nitcLim; ++i, ++pAktTC )
{
if( bChangeTop )
+ {
memcpy( pAktTC->rgbrc[ WW8_TOP ].aBits1,
pBRC->aBits1,
sizeof( SVBT16 ) );
+ }
if( bChangeLeft )
+ {
memcpy( pAktTC->rgbrc[ WW8_LEFT ].aBits1,
pBRC->aBits1,
sizeof( SVBT16 ) );
+ }
if( bChangeBottom )
+ {
memcpy( pAktTC->rgbrc[ WW8_BOT ].aBits1,
pBRC->aBits1,
sizeof( SVBT16 ) );
+ }
if( bChangeRight )
+ {
memcpy( pAktTC->rgbrc[ WW8_RIGHT].aBits1,
pBRC->aBits1,
sizeof( SVBT16 ) );
+ }
}
}
else
{
WW8_BRC* pBRC = (WW8_BRC*)(pParamsTSetBRC+3);
- for( int i = nitcFirst; i < nitcLim; i++, ++pAktTC )
+ for( int i = nitcFirst; i < nitcLim; ++i, ++pAktTC )
{
if( bChangeTop )
+ {
memcpy( pAktTC->rgbrc[ WW8_TOP ].aBits1,
pBRC->aBits1,
- sizeof( WW8_BRC ) );
+ sizeof( SVBT16 ) );
+ memcpy( pAktTC->rgbrc[ WW8_TOP ].aBits2,
+ pBRC->aBits2,
+ sizeof( SVBT16 ) );
+ }
if( bChangeLeft )
+ {
memcpy( pAktTC->rgbrc[ WW8_LEFT ].aBits1,
pBRC->aBits1,
- sizeof( WW8_BRC ) );
+ sizeof( SVBT16 ) );
+ memcpy( pAktTC->rgbrc[ WW8_LEFT ].aBits2,
+ pBRC->aBits2,
+ sizeof( SVBT16 ) );
+ }
if( bChangeBottom )
+ {
memcpy( pAktTC->rgbrc[ WW8_BOT ].aBits1,
pBRC->aBits1,
- sizeof( WW8_BRC ) );
+ sizeof( SVBT16 ) );
+ memcpy( pAktTC->rgbrc[ WW8_BOT ].aBits2,
+ pBRC->aBits2,
+ sizeof( SVBT16 ) );
+ }
if( bChangeRight )
+ {
memcpy( pAktTC->rgbrc[ WW8_RIGHT].aBits1,
pBRC->aBits1,
- sizeof( WW8_BRC ) );
+ sizeof( SVBT16 ) );
+ memcpy( pAktTC->rgbrc[ WW8_RIGHT].aBits2,
+ pBRC->aBits2,
+ sizeof( SVBT16 ) );
+ }
}
-
-
-
}
}
}
commit daa605e5f9ee9fc8285b2d9f7a348599174fefd5
Author: Caolán McNamara <caolanm at redhat.com>
Date: Sat Feb 16 14:35:48 2013 +0000
coverity#736209: Out-of-bounds access
Change-Id: Idd0b5bb68bd0038473f981bb03aab63a5defd3b7
diff --git a/sw/source/filter/ww8/writerhelper.hxx b/sw/source/filter/ww8/writerhelper.hxx
index ef37386..d15f2b8 100644
--- a/sw/source/filter/ww8/writerhelper.hxx
+++ b/sw/source/filter/ww8/writerhelper.hxx
@@ -665,10 +665,26 @@ namespace sw
*/
const SwNumFmt* GetNumFmtFromTxtNode(const SwTxtNode &rTxtNode);
+ /** Get the Numbering Format for a given level from a numbering rule
+
+ @param rRule
+ The numbering rule
+
+ @param nLevel
+ The numbering level
+
+ @return A SwNumFmt pointer that describes the numbering level
+ or 0 if the nLevel is out of range
+
+ @author
+ <a href="mailto:cmc at openoffice.org">Caolán McNamara</a>
+ */
+ const SwNumFmt* GetNumFmtFromSwNumRuleLevel(const SwNumRule &rRule,
+ int nLevel);
+
const SwNumRule* GetNumRuleFromTxtNode(const SwTxtNode &rTxtNd);
const SwNumRule* GetNormalNumRuleFromTxtNode(const SwTxtNode &rTxtNd);
-
/** Get the SwNoTxtNode associated with a SwFrmFmt if here is one
There are two differing types of numbering formats that may be on a
diff --git a/sw/source/filter/ww8/ww8par.cxx b/sw/source/filter/ww8/ww8par.cxx
index b246816..d19e260 100644
--- a/sw/source/filter/ww8/ww8par.cxx
+++ b/sw/source/filter/ww8/ww8par.cxx
@@ -1008,8 +1008,8 @@ const SwNumFmt* SwWW8FltControlStack::GetNumFmtFromStack(const SwPosition &rPos,
if (rTxtNode.IsCountedInList())
{
const SwNumRule *pRule = pDoc->FindNumRulePtr(sName);
- sal_uInt8 nLvl = static_cast< sal_uInt8 >(rTxtNode.GetActualListLevel());
- pRet = &(pRule->Get(nLvl));
+
+ pRet = GetNumFmtFromSwNumRuleLevel(*pRule, rTxtNode.GetActualListLevel());
}
}
return pRet;
commit 1c349320adccb9d7fd525f48c0e5b01af13384f1
Author: Caolán McNamara <caolanm at redhat.com>
Date: Sat Feb 16 00:00:52 2013 +0000
coverity#736207: Out-of-bounds access
Change-Id: I0867ff9dd279f06c4af0acc4e28f95b1f47dbe6b
diff --git a/sw/source/filter/ww8/writerhelper.cxx b/sw/source/filter/ww8/writerhelper.cxx
index f257020..8e70845 100644
--- a/sw/source/filter/ww8/writerhelper.cxx
+++ b/sw/source/filter/ww8/writerhelper.cxx
@@ -500,6 +500,17 @@ namespace sw
return aRet;
}
+ const SwNumFmt* GetNumFmtFromSwNumRuleLevel(const SwNumRule &rRule,
+ int nLevel)
+ {
+ if (nLevel < 0 || nLevel >= MAXLEVEL)
+ {
+ OSL_FAIL("Invalid level");
+ return NULL;
+ }
+ return &(rRule.Get( static_cast< sal_uInt16 >(nLevel) ));
+ }
+
const SwNumFmt* GetNumFmtFromTxtNode(const SwTxtNode &rTxtNode)
{
const SwNumRule *pRule = 0;
@@ -508,7 +519,8 @@ namespace sw
0 != (pRule = rTxtNode.GetNumRule())
)
{
- return &(pRule->Get( static_cast< sal_uInt16 >(rTxtNode.GetActualListLevel()) ));
+ return GetNumFmtFromSwNumRuleLevel(*pRule,
+ rTxtNode.GetActualListLevel());
}
OSL_ENSURE(rTxtNode.GetDoc(), "No document for node?, suspicious");
@@ -520,7 +532,8 @@ namespace sw
0 != (pRule = rTxtNode.GetDoc()->GetOutlineNumRule())
)
{
- return &(pRule->Get( static_cast< sal_uInt16 >(rTxtNode.GetActualListLevel()) ));
+ return GetNumFmtFromSwNumRuleLevel(*pRule,
+ rTxtNode.GetActualListLevel());
}
return 0;
commit 8ca9e356c10dfa74339d23d5c2b89cea4f8f4f3c
Author: Caolán McNamara <caolanm at redhat.com>
Date: Fri Feb 15 20:55:50 2013 +0000
coverity#707519: Uninitialized scalar variable
Change-Id: I4edde44a14893f699017ad7f118c7718083dcdf4
diff --git a/linguistic/source/dicimp.cxx b/linguistic/source/dicimp.cxx
index 1adb901b..2216a8c 100644
--- a/linguistic/source/dicimp.cxx
+++ b/linguistic/source/dicimp.cxx
@@ -313,6 +313,8 @@ sal_uLong DictionaryNeo::loadEntries(const OUString &rMainURL)
return nErr;
*(aWordBuf + nLen) = 0;
}
+ else
+ return SVSTREAM_READ_ERROR;
}
while(!pStream->IsEof())
commit 0f5efe880ad96accf33f2fd8131d7e35e077f0c1
Author: Caolán McNamara <caolanm at redhat.com>
Date: Fri Feb 15 20:50:49 2013 +0000
coverity#707515: Uninitialized scalar variable
Change-Id: Iacac2777a6c3d2d8dc91ade029d3a1913f7da2e7
diff --git a/filter/source/graphicfilter/eras/eras.cxx b/filter/source/graphicfilter/eras/eras.cxx
index 17f7f51..eb18c68 100644
--- a/filter/source/graphicfilter/eras/eras.cxx
+++ b/filter/source/graphicfilter/eras/eras.cxx
@@ -30,7 +30,6 @@ class RASWriter {
private:
SvStream & m_rOStm;
- sal_uInt16 mpOStmOldModus;
sal_Bool mbStatus;
BitmapReadAccess* mpAcc;
@@ -110,7 +109,7 @@ sal_Bool RASWriter::WriteRAS( const Graphic& rGraphic, FilterConfigItem* pFilter
mpAcc = aBmp.AcquireReadAccess();
if ( mpAcc )
{
- mpOStmOldModus = m_rOStm.GetNumberFormatInt();
+ sal_uInt16 nOStmOldModus = m_rOStm.GetNumberFormatInt();
m_rOStm.SetNumberFormatInt( NUMBERFORMAT_INT_BIGENDIAN );
if ( ImplWriteHeader() )
@@ -119,13 +118,14 @@ sal_Bool RASWriter::WriteRAS( const Graphic& rGraphic, FilterConfigItem* pFilter
ImplWritePalette();
ImplWriteBody();
}
+
+ m_rOStm.SetNumberFormatInt( nOStmOldModus );
+
aBmp.ReleaseAccess( mpAcc );
}
else
mbStatus = sal_False;
- m_rOStm.SetNumberFormatInt( mpOStmOldModus );
-
if ( xStatusIndicator.is() )
xStatusIndicator->end();
commit aa323d811065b07fab65801474411119fddc77cd
Author: Caolán McNamara <caolanm at redhat.com>
Date: Fri Feb 15 20:47:57 2013 +0000
coverity#707516: Uninitialized scalar variable
Change-Id: I4be71f8dca0f2b2a7dfd59c5bcc3ef068f389846
diff --git a/filter/source/graphicfilter/expm/expm.cxx b/filter/source/graphicfilter/expm/expm.cxx
index 8cce4e7..4d2d69a 100644
--- a/filter/source/graphicfilter/expm/expm.cxx
+++ b/filter/source/graphicfilter/expm/expm.cxx
@@ -29,7 +29,6 @@ class XPMWriter {
private:
SvStream& m_rOStm; // Die auszugebende XPM-Datei
- sal_uInt16 mpOStmOldModus;
sal_Bool mbStatus;
sal_Bool mbTrans;
@@ -117,22 +116,24 @@ sal_Bool XPMWriter::WriteXPM( const Graphic& rGraphic, FilterConfigItem* pFilter
mpAcc = aBmp.AcquireReadAccess();
if ( mpAcc )
{
- mnColors = mpAcc->GetPaletteEntryCount();
- mpOStmOldModus = m_rOStm.GetNumberFormatInt();
+ sal_uInt16 nOStmOldModus = m_rOStm.GetNumberFormatInt();
m_rOStm.SetNumberFormatInt( NUMBERFORMAT_INT_BIGENDIAN );
+ mnColors = mpAcc->GetPaletteEntryCount();
if ( ImplWriteHeader() )
{
ImplWritePalette();
ImplWriteBody();
m_rOStm << "\x22XPMENDEXT\x22\x0a};";
}
+
+ m_rOStm.SetNumberFormatInt(nOStmOldModus);
+
aBmp.ReleaseAccess( mpAcc );
}
else
mbStatus = sal_False;
- m_rOStm.SetNumberFormatInt( mpOStmOldModus );
if ( xStatusIndicator.is() )
xStatusIndicator->end();
commit ff2206caaafa25a62aaa5198d1b0b09158a1227e
Author: Caolán McNamara <caolanm at redhat.com>
Date: Fri Feb 15 20:42:59 2013 +0000
coverity#707517: Uninitialized scalar variable
Change-Id: I17277bb67430d47283395dfb08ec402361c4865e
diff --git a/filter/source/t602/t602filter.cxx b/filter/source/t602/t602filter.cxx
index f60a778..164fd8f 100644
--- a/filter/source/t602/t602filter.cxx
+++ b/filter/source/t602/t602filter.cxx
@@ -693,7 +693,7 @@ tnode T602ImportFilter::PointCmd602(unsigned char *ch)
void T602ImportFilter::Read602()
{
unsigned char ch=0;
- char cmd602[3];
+ char cmd602[3] = {0};
Reference < XAttributeList > mAttrList ( mpAttrList );
More information about the Libreoffice-commits
mailing list