[Libreoffice-commits] core.git: 8 commits - basic/source dbaccess/source editeng/source sc/source sw/source
Caolán McNamara
caolanm at redhat.com
Wed Nov 5 13:04:00 PST 2014
basic/source/basmgr/basmgr.cxx | 10 +++++++++-
basic/source/classes/image.cxx | 11 ++++++++++-
basic/source/classes/sb.cxx | 12 ++++++++++--
dbaccess/source/core/dataaccess/databasedocument.cxx | 19 +++++++++++++++++--
editeng/source/editeng/editobj.cxx | 18 +++++++++++++-----
sc/source/core/data/documen8.cxx | 16 ++++++++++++++--
sw/source/uibase/uiview/srcview.cxx | 6 +++---
7 files changed, 76 insertions(+), 16 deletions(-)
New commits:
commit ff1aae469f6521b67e51c9e77415ba847eed69e8
Author: Caolán McNamara <caolanm at redhat.com>
Date: Wed Nov 5 17:22:36 2014 +0000
coverity#1242614 Untrusted loop bound
Change-Id: I913e14d30d54b4b370c14017b0702005c23c4fc4
diff --git a/sc/source/core/data/documen8.cxx b/sc/source/core/data/documen8.cxx
index f6132be..ee3bd90 100644
--- a/sc/source/core/data/documen8.cxx
+++ b/sc/source/core/data/documen8.cxx
@@ -757,9 +757,21 @@ void ScDocument::LoadDdeLinks(SvStream& rStream)
ScMultipleReadHeader aHdr( rStream );
- sal_uInt16 nCount;
+ sal_uInt16 nCount(0);
rStream.ReadUInt16( nCount );
- for (sal_uInt16 i=0; i<nCount; i++)
+
+ const rtl_TextEncoding eCharSet = rStream.GetStreamCharSet();
+ const size_t nMinStringSize = eCharSet == RTL_TEXTENCODING_UNICODE ? sizeof(sal_uInt32) : sizeof(sal_uInt16);
+ const size_t nMinRecordSize = 1 + nMinStringSize*3;
+ const size_t nMaxRecords = rStream.remainingSize() / nMinRecordSize;
+ if (nCount > nMaxRecords)
+ {
+ SAL_WARN("sc", "Parsing error: " << nMaxRecords <<
+ " max possible entries, but " << nCount << " claimed, truncating");
+ nCount = nMaxRecords;
+ }
+
+ for (sal_uInt16 i=0; i<nCount; ++i)
{
ScDdeLink* pLink = new ScDdeLink( this, rStream, aHdr );
pMgr->InsertDDELink(pLink, pLink->GetAppl(), pLink->GetTopic(), pLink->GetItem());
commit eee29076a141d200b8ce6b2792c698bbbfb80118
Author: Caolán McNamara <caolanm at redhat.com>
Date: Wed Nov 5 16:59:13 2014 +0000
coverity#1242632 Untrusted loop bound
Change-Id: I4ec2e1a21a6a27c31c3308a5f72dbdcb33a62f39
diff --git a/editeng/source/editeng/editobj.cxx b/editeng/source/editeng/editobj.cxx
index 33ecb67..9c1da0e 100644
--- a/editeng/source/editeng/editobj.cxx
+++ b/editeng/source/editeng/editobj.cxx
@@ -1288,17 +1288,25 @@ void EditTextObjectImpl::CreateData( SvStream& rIStream )
pC->GetParaAttribs().Load( rIStream );
// The number of attributes ...
- sal_uInt16 nTmp16;
+ sal_uInt16 nTmp16(0);
rIStream.ReadUInt16( nTmp16 );
size_t nAttribs = nTmp16;
+ const size_t nMinRecordSize(10);
+ const size_t nMaxRecords = rIStream.remainingSize() / nMinRecordSize;
+ if (nAttribs > nMaxRecords)
+ {
+ SAL_WARN("editeng", "Parsing error: " << nMaxRecords <<
+ " max possible entries, but " << nAttribs << " claimed, truncating");
+ nAttribs = nMaxRecords;
+ }
+
// And the individual attributes
// Items as Surregate => always 8 bytes per Attributes
// Which = 2; Surregat = 2; Start = 2; End = 2;
- size_t nAttr;
- for (nAttr = 0; nAttr < nAttribs; ++nAttr)
+ for (size_t nAttr = 0; nAttr < nAttribs; ++nAttr)
{
- sal_uInt16 _nWhich, nStart, nEnd;
+ sal_uInt16 _nWhich(0), nStart(0), nEnd(0);
const SfxPoolItem* pItem;
rIStream.ReadUInt16( _nWhich );
@@ -1345,7 +1353,7 @@ void EditTextObjectImpl::CreateData( SvStream& rIStream )
}
}
- for (nAttr = pC->aAttribs.size(); nAttr; )
+ for (size_t nAttr = pC->aAttribs.size(); nAttr; )
{
const XEditAttribute& rAttr = pC->aAttribs[--nAttr];
if ( rAttr.GetItem()->Which() == EE_CHAR_FONTINFO )
commit 712d781538880d96a511d0b1323283a4112c93cc
Author: Caolán McNamara <caolanm at redhat.com>
Date: Wed Nov 5 16:53:46 2014 +0000
coverity#706401 Uncaught exception
Change-Id: Iacbaf56a23d6f1878c5a5ec6f00db8211cb8ed62
diff --git a/dbaccess/source/core/dataaccess/databasedocument.cxx b/dbaccess/source/core/dataaccess/databasedocument.cxx
index fd62f8a..cac2576 100644
--- a/dbaccess/source/core/dataaccess/databasedocument.cxx
+++ b/dbaccess/source/core/dataaccess/databasedocument.cxx
@@ -45,6 +45,7 @@
#include <com/sun/star/io/XSeekable.hpp>
#include <com/sun/star/io/XOutputStream.hpp>
#include <com/sun/star/io/XTruncate.hpp>
+#include <com/sun/star/lang/WrappedTargetRuntimeException.hpp>
#include <com/sun/star/script/provider/theMasterScriptProviderFactory.hpp>
#include <com/sun/star/sdb/DatabaseContext.hpp>
#include <com/sun/star/sdb/application/XDatabaseDocumentUI.hpp>
@@ -755,7 +756,21 @@ void SAL_CALL ODatabaseDocument::recoverFromFile( const OUString& i_SourceLocati
sal_Bool SAL_CALL ODatabaseDocument::attachResource( const OUString& _rURL, const Sequence< PropertyValue >& _rArguments ) throw (RuntimeException, std::exception)
{
DocumentGuard aGuard( *this, DocumentGuard::MethodUsedDuringInit );
- return impl_attachResource( _rURL, _rArguments, aGuard );
+ sal_Bool bRet(sal_False);
+ try
+ {
+ bRet = impl_attachResource( _rURL, _rArguments, aGuard );
+ }
+ catch( const RuntimeException& )
+ {
+ throw;
+ }
+ catch( const Exception& )
+ {
+ Any aError = ::cppu::getCaughtException();
+ throw WrappedTargetRuntimeException( OUString(), *this, aError );
+ }
+ return bRet;
}
bool ODatabaseDocument::impl_attachResource( const OUString& i_rLogicalDocumentURL,
commit 68016b4407e3363b4ce4c54c3c653d7574283528
Author: Caolán McNamara <caolanm at redhat.com>
Date: Wed Nov 5 16:42:36 2014 +0000
coverity#706388 Uncaught exception
Change-Id: I4382645e47ae81e3f15bf69aaa2432dcebd40712
diff --git a/dbaccess/source/core/dataaccess/databasedocument.cxx b/dbaccess/source/core/dataaccess/databasedocument.cxx
index 993262b..fd62f8a 100644
--- a/dbaccess/source/core/dataaccess/databasedocument.cxx
+++ b/dbaccess/source/core/dataaccess/databasedocument.cxx
@@ -1152,7 +1152,7 @@ void SAL_CALL ODatabaseDocument::storeAsURL( const OUString& _rURL, const Sequen
bool bImplicitInitialization = !impl_isInitialized();
// implicit initialization while another initialization is just running is not possible
if ( bImplicitInitialization && impl_isInitializing() )
- throw DoubleInitializationException();
+ throw RuntimeException();
if ( bImplicitInitialization )
impl_setInitializing();
commit 7d6c07fa2b48376013b9f8784496d9c1207708f2
Author: Caolán McNamara <caolanm at redhat.com>
Date: Wed Nov 5 16:37:27 2014 +0000
coverity#1242689 Untrusted loop bound
Change-Id: Ie226805ef8d430eb3f7b3abaa54ac3af31f72f7b
diff --git a/basic/source/basmgr/basmgr.cxx b/basic/source/basmgr/basmgr.cxx
index 1505652..b0f0521 100644
--- a/basic/source/basmgr/basmgr.cxx
+++ b/basic/source/basmgr/basmgr.cxx
@@ -860,7 +860,15 @@ void BasicManager::LoadBasicManager( SotStorage& rStorage, const OUString& rBase
DBG_ASSERT( false, "BasicManager-Stream defect!" );
return;
}
- for ( sal_uInt16 nL = 0; nL < nLibs; nL++ )
+ const size_t nMinBasicLibSize(8);
+ const size_t nMaxPossibleLibs = xManagerStream->remainingSize() / nMinBasicLibSize;
+ if (nLibs > nMaxPossibleLibs)
+ {
+ SAL_WARN("basic", "Parsing error: " << nMaxPossibleLibs <<
+ " max possible entries, but " << nLibs << " claimed, truncating");
+ nLibs = nMaxPossibleLibs;
+ }
+ for (sal_uInt16 nL = 0; nL < nLibs; ++nL)
{
BasicLibInfo* pInfo = BasicLibInfo::Create( *xManagerStream );
commit 1409c0bd884ffc2c9fb656fe61ac62d759bc436d
Author: Caolán McNamara <caolanm at redhat.com>
Date: Wed Nov 5 16:33:55 2014 +0000
coverity#1242865 Untrusted loop bound
Change-Id: I9dc9cd98d0a02a2867d4c40c7afb7bf873513143
diff --git a/basic/source/classes/image.cxx b/basic/source/classes/image.cxx
index 7a15cce..1543cae 100644
--- a/basic/source/classes/image.cxx
+++ b/basic/source/classes/image.cxx
@@ -156,7 +156,16 @@ bool SbiImage::Load( SvStream& r, sal_uInt32& nVersion )
}
case B_EXTSOURCE:
{
- for( sal_uInt16 j = 0 ; j < nCount ; j++ )
+ //assuming an empty string with just the lead 32bit/16bit len indicator
+ const size_t nMinStringSize = (eCharSet == RTL_TEXTENCODING_UNICODE) ? 4 : 2;
+ const size_t nMaxStrings = r.remainingSize() / nMinStringSize;
+ if (nCount > nMaxStrings)
+ {
+ SAL_WARN("basic", "Parsing error: " << nMaxStrings <<
+ " max possible entries, but " << nCount << " claimed, truncating");
+ nCount = nMaxStrings;
+ }
+ for( sal_uInt16 j = 0; j < nCount; ++j)
{
aOUSource += r.ReadUniOrByteString(eCharSet);
}
commit 5b0c95d81eb4c311d80aabaa1cfe16bc1b426111
Author: Caolán McNamara <caolanm at redhat.com>
Date: Wed Nov 5 16:16:14 2014 +0000
coverity#1242794 Untrusted loop bound
Change-Id: I902a5bf989a8f385994a2f927cce4975b18f06d2
diff --git a/basic/source/classes/sb.cxx b/basic/source/classes/sb.cxx
index 5a88c3d..8c2155e 100644
--- a/basic/source/classes/sb.cxx
+++ b/basic/source/classes/sb.cxx
@@ -1895,10 +1895,18 @@ bool StarBASIC::LoadData( SvStream& r, sal_uInt16 nVer )
}
ppDeleteTab.reset();
- sal_uInt16 nMod;
+ sal_uInt16 nMod(0);
pModules->Clear();
r.ReadUInt16( nMod );
- for( sal_uInt16 i = 0; i < nMod; i++ )
+ const size_t nMinSbxSize(14);
+ const size_t nMaxPossibleEntries = r.remainingSize() / nMinSbxSize;
+ if (nMod > nMaxPossibleEntries)
+ {
+ nMod = nMaxPossibleEntries;
+ SAL_WARN("basic", "Parsing error: " << nMaxPossibleEntries <<
+ " max possible entries, but " << nMod << " claimed, truncating");
+ }
+ for (sal_uInt16 i = 0; i < nMod; ++i)
{
SbxBase* pBase = SbxBase::Load( r );
SbModule* pMod = dynamic_cast<SbModule*>(pBase);
commit 4a83b67e3c3dc8bceb6602ce155f2463f72f4855
Author: Caolán McNamara <caolanm at redhat.com>
Date: Wed Nov 5 16:10:18 2014 +0000
coverity#735652 Division or modulo by zero
and
coverity#735651 Division or modulo by zero
Change-Id: I412308ef3e736b1e9c72d1dd3a8d80d2dce92d67
diff --git a/sw/source/uibase/uiview/srcview.cxx b/sw/source/uibase/uiview/srcview.cxx
index 0a21851..9ba50da 100644
--- a/sw/source/uibase/uiview/srcview.cxx
+++ b/sw/source/uibase/uiview/srcview.cxx
@@ -721,9 +721,9 @@ sal_Int32 SwSrcView::PrintSource(
aPaperSz.Height() -= (TMARGPRN + BMARGPRN);
// nLinepPage is not true, if lines have to be wrapped...
- const long nLinespPage = aPaperSz.Height() / nLineHeight;
- const sal_Int32 nCharspLine =
- static_cast<sal_Int32>(aPaperSz.Width() / pOutDev->GetTextWidth("X"));
+ const long nLinespPage = nLineHeight ? aPaperSz.Height() / nLineHeight : 1;
+ const long nCharWidth = pOutDev->GetTextWidth("X");
+ const sal_Int32 nCharspLine = nCharWidth ? static_cast<sal_Int32>(aPaperSz.Width() / nCharWidth) : 1;
const sal_uLong nParas = pTextEngine->GetParagraphCount();
const sal_Int32 nPages = static_cast<sal_Int32>(nParas / nLinespPage + 1 );
More information about the Libreoffice-commits
mailing list