[Libreoffice-commits] core.git: 2 commits - unoidl/source
Stephan Bergmann
sbergman at redhat.com
Tue Nov 18 07:24:35 PST 2014
unoidl/source/unoidlprovider.cxx | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
New commits:
commit f542ad9f3022dae7439856dadb0130d66f51929a
Author: Stephan Bergmann <sbergman at redhat.com>
Date: Tue Nov 18 16:23:45 2014 +0100
Check that UNOIDL enum has members
Change-Id: I5b362ad374dad5fd4a79b8a7706defb749e25eb3
diff --git a/unoidl/source/unoidlprovider.cxx b/unoidl/source/unoidlprovider.cxx
index dc42fa1..deda03a 100644
--- a/unoidl/source/unoidlprovider.cxx
+++ b/unoidl/source/unoidlprovider.cxx
@@ -640,6 +640,10 @@ rtl::Reference< Entity > readEntity(
case 1: // enum type
{
sal_uInt32 n = file->read32(offset + 1);
+ if (n == 0) {
+ throw FileFormatException(
+ file->uri, "UNOIDL format: enum type with no members");
+ }
if (n > SAL_MAX_INT32) {
throw FileFormatException(
file->uri, "UNOIDL format: too many members of enum type");
commit 55cc5a146d72b4f20d654d87d246caffbd783c20
Author: Stephan Bergmann <sbergman at redhat.com>
Date: Tue Nov 18 16:22:43 2014 +0100
Avoid overflow
Change-Id: I4afe86dc29788a7b2d2d9c438f182726f80b1cbd
diff --git a/unoidl/source/unoidlprovider.cxx b/unoidl/source/unoidlprovider.cxx
index 68d5ebc..dc42fa1 100644
--- a/unoidl/source/unoidlprovider.cxx
+++ b/unoidl/source/unoidlprovider.cxx
@@ -1186,7 +1186,7 @@ UnoidlProvider::UnoidlProvider(OUString const & uri): file_(new MappedFile(uri))
}
sal_uInt32 off = file_->read32(8);
mapSize_ = file_->read32(12);
- if (off + 8 * mapSize_ > file_->size) { //TODO: overflow
+ if (off + 8 * sal_uInt64(mapSize_) > file_->size) { // cannot overflow
throw FileFormatException(
file_->uri, "UNOIDL format: root map offset + size too large");
}
More information about the Libreoffice-commits
mailing list