[Libreoffice-commits] core.git: unoidl/source
Stephan Bergmann
sbergman at redhat.com
Tue Nov 18 07:34:19 PST 2014
unoidl/source/unoidlprovider.cxx | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
New commits:
commit a177c4c77236617fcdb34c89ea2746614a232051
Author: Stephan Bergmann <sbergman at redhat.com>
Date: Tue Nov 18 16:33:28 2014 +0100
Avoid overflow
Change-Id: Ia80682aeb87225b9bde7398186e121b1d3bdc2ad
diff --git a/unoidl/source/unoidlprovider.cxx b/unoidl/source/unoidlprovider.cxx
index deda03a..aef380d 100644
--- a/unoidl/source/unoidlprovider.cxx
+++ b/unoidl/source/unoidlprovider.cxx
@@ -630,7 +630,9 @@ rtl::Reference< Entity > readEntity(
throw FileFormatException(
file->uri, "UNOIDL format: too many items in module");
}
- if (offset + 5 + 8 * n > file->size) { //TODO: overflow
+ if (sal_uInt64(offset) + 5 + 8 * sal_uInt64(n) > file->size)
+ // cannot overflow
+ {
throw FileFormatException(
file->uri,
"UNOIDL format: module map offset + size too large");
@@ -954,7 +956,9 @@ rtl::Reference< Entity > readEntity(
file->uri,
"UNOIDL format: too many constants in constant group");
}
- if (offset + 5 + 8 * n > file->size) { //TODO: overflow
+ if (sal_uInt64(offset) + 5 + 8 * sal_uInt64(n) > file->size)
+ // cannot overflow
+ {
throw FileFormatException(
file->uri,
("UNOIDL format: constant group map offset + size too"
@@ -1237,7 +1241,9 @@ rtl::Reference< Entity > UnoidlProvider::findEntity(OUString const & name) const
}
}
mapSize = file_->read32(off + 1);
- if (8 * mapSize > file_->size - off - 5) { //TODO: overflow
+ if (sal_uInt64(off) + 5 + 8 * sal_uInt64(mapSize) > file_->size)
+ // cannot overflow
+ {
throw FileFormatException(
file_->uri, "UNOIDL format: map offset + size too large");
}
More information about the Libreoffice-commits
mailing list