[Libreoffice-commits] core.git: 5 commits - sc/source svl/source
Caolán McNamara
caolanm at redhat.com
Fri Dec 12 05:44:17 PST 2014
sc/source/filter/lotus/op.cxx | 2 ++
sc/source/filter/lotus/tool.cxx | 2 +-
sc/source/filter/starcalc/scflt.cxx | 7 +++++++
svl/source/items/poolio.cxx | 7 ++++++-
4 files changed, 16 insertions(+), 2 deletions(-)
New commits:
commit 1a858eabef5dda2368c51a155209e5303c2f0547
Author: Caolán McNamara <caolanm at redhat.com>
Date: Fri Dec 12 13:43:10 2014 +0000
fix typo, thanks to Matteo
Change-Id: I6fd3f69cc56672fe2639ee575f9ed0cdf45490bd
diff --git a/sc/source/filter/lotus/tool.cxx b/sc/source/filter/lotus/tool.cxx
index 03751d2..f09182c 100644
--- a/sc/source/filter/lotus/tool.cxx
+++ b/sc/source/filter/lotus/tool.cxx
@@ -87,7 +87,7 @@ void SetFormat(LotusContext& rContext, SCCOL nCol, SCROW nRow, SCTAB nTab, sal_u
{
nCol = SanitizeCol(nCol);
nRow = SanitizeRow(nRow);
- nRow = SanitizeTab(nTab);
+ nTab = SanitizeTab(nTab);
// PREC: nSt = default number of decimal places
rContext.pDoc->ApplyAttr(nCol, nRow, nTab, *(rContext.pValueFormCache->GetAttr(nFormat, nSt)));
commit 6daf1083c2e4c0273449430db05ef8aba9648248
Author: Caolán McNamara <caolanm at redhat.com>
Date: Fri Dec 12 12:46:50 2014 +0000
coverity#1242875 Untrusted pointer write
Change-Id: I197a67320bd6cd8f0e6735b8cd24deebcdf190f1
diff --git a/svl/source/items/poolio.cxx b/svl/source/items/poolio.cxx
index 66f5ed7..1ccba90 100644
--- a/svl/source/items/poolio.cxx
+++ b/svl/source/items/poolio.cxx
@@ -696,7 +696,11 @@ SvStream &SfxItemPool::Load(SvStream &rStream)
sal_uInt16 SfxItemPool::GetIndex_Impl(sal_uInt16 nWhich) const
{
- assert(nWhich >= pImp->mnStart && nWhich <= pImp->mnEnd);
+ if (nWhich < pImp->mnStart || nWhich > pImp->mnEnd)
+ {
+ assert(false && "missing bounds check before use");
+ return 0;
+ }
return nWhich - pImp->mnStart;
}
commit 9785fd625f4799019ee0fb52868321b177526497
Author: Caolán McNamara <caolanm at redhat.com>
Date: Fri Dec 12 12:35:24 2014 +0000
silence coverity#1242911 Untrusted loop bound
Change-Id: Ifab75371cbedd26d510f162efe2c9247e37893ed
diff --git a/svl/source/items/poolio.cxx b/svl/source/items/poolio.cxx
index 4a026cf..66f5ed7 100644
--- a/svl/source/items/poolio.cxx
+++ b/svl/source/items/poolio.cxx
@@ -377,6 +377,7 @@ void SfxItemPool_Impl::readTheItems (
"not an item content" );
// Fill up missing ones
+ // coverity[tainted_data] - ignore this, though we should finally kill off this format
for ( pItem = 0, n = nLastSurrogate+1; n < nSurrogate; ++n )
pNewArr->push_back( (SfxPoolItem*) pItem );
nLastSurrogate = nSurrogate;
commit bab07202fcf5ea23d771ddb73180316524c63574
Author: Caolán McNamara <caolanm at redhat.com>
Date: Fri Dec 12 12:32:03 2014 +0000
coverity#1242775 Use of untrusted scalar value
Change-Id: Iaaf92c4be9b41c5824a1b1474fbce19a1afa49ae
diff --git a/sc/source/filter/lotus/op.cxx b/sc/source/filter/lotus/op.cxx
index 69fa71b..69a9214 100644
--- a/sc/source/filter/lotus/op.cxx
+++ b/sc/source/filter/lotus/op.cxx
@@ -175,6 +175,8 @@ void OP_ColumnWidth(LotusContext& rContext, SvStream& r, sal_uInt16 /*n*/)
if (ValidCol(nCol))
{
+ nCol = SanitizeCol(nCol);
+
sal_uInt16 nBreite;
if( nWidthSpaces )
// assuming 10cpi character set
commit 24d2831e69b86023ee4786a970cb988cbf610f9d
Author: Caolán McNamara <caolanm at redhat.com>
Date: Fri Dec 12 12:27:07 2014 +0000
coverity#1242895 Untrusted loop bound
Change-Id: If01f0edecca8988087386507717ea8222058bab8
diff --git a/sc/source/filter/starcalc/scflt.cxx b/sc/source/filter/starcalc/scflt.cxx
index 25b350d..0355701 100644
--- a/sc/source/filter/starcalc/scflt.cxx
+++ b/sc/source/filter/starcalc/scflt.cxx
@@ -1456,6 +1456,13 @@ void Sc10Import::LoadTables()
return;
}
rStream.ReadUInt16( DataCount );
+ const sal_Size nMaxPossibleRecords = rStream.remainingSize() / (sizeof(sal_uInt16)*2);
+ if (DataCount > nMaxPossibleRecords)
+ {
+ SAL_WARN("sc", "Parsing error: " << nMaxPossibleRecords <<
+ " max possible pairs, but " << DataCount << " claimed, truncating");
+ DataCount = nMaxPossibleRecords;
+ }
DataStart = 0;
for (i=0; i < DataCount; i++)
{
More information about the Libreoffice-commits
mailing list