[Libreoffice-commits] core.git: 13 commits - basic/source filter/source package/source rsc/source sd/inc sd/source svtools/qa vcl/opengl vcl/source

Caolán McNamara caolanm at redhat.com
Fri Nov 21 03:55:49 PST 2014


 basic/source/runtime/methods.cxx            |    5 ++--
 filter/source/graphicfilter/ipict/ipict.cxx |   27 +++++++++++++++++++++++++
 package/source/zipapi/ZipFile.cxx           |    2 +
 rsc/source/rscpp/cpp3.c                     |    1 
 sd/inc/sdmod.hxx                            |    2 -
 sd/source/ui/app/sdmod1.cxx                 |    4 +--
 svtools/qa/unit/GraphicObjectTest.cxx       |    1 
 vcl/opengl/gdiimpl.cxx                      |    3 ++
 vcl/source/fontsubset/sft.cxx               |   30 +++++++++++++++++-----------
 vcl/source/gdi/impfont.cxx                  |    8 +++++--
 10 files changed, 65 insertions(+), 18 deletions(-)

New commits:
commit fcf43d7e8a908a303ccae274dcd6668aa93d4d50
Author: Caolán McNamara <caolanm at redhat.com>
Date:   Fri Nov 21 10:40:40 2014 +0000

    coverity#1213367 rework to make comparison to len more clear
    
    Change-Id: I9cb09bfc35f2b04567e52247f8bd1378910aeeb5

diff --git a/vcl/source/fontsubset/sft.cxx b/vcl/source/fontsubset/sft.cxx
index 1e0aa29..2a33640 100644
--- a/vcl/source/fontsubset/sft.cxx
+++ b/vcl/source/fontsubset/sft.cxx
@@ -844,7 +844,9 @@ static char *nameExtract( const sal_uInt8* name, int nTableSize, int n, int dbFl
     int len = GetUInt16(name+6, 12 * n + 8, 1);
 
     // sanity check
-    if( (len <= 0) || ((ptr+len) > (name+nTableSize)) )
+    const sal_uInt8* end_table = name+nTableSize;
+    const int available_space = ptr > end_table ? 0 : (end_table - ptr);
+    if( (len <= 0) || len > available_space)
     {
         if( ucs2result )
             *ucs2result = NULL;
commit 46bdfa98c107e0aba92e42b46c0c5a287251017b
Author: Caolán McNamara <caolanm at redhat.com>
Date:   Fri Nov 21 10:34:48 2014 +0000

    coverity#1213368 Untrusted value as argument
    
    Change-Id: Ia1bd6464e6d4c6054ca8f2fce792de365984c02e

diff --git a/vcl/source/fontsubset/sft.cxx b/vcl/source/fontsubset/sft.cxx
index 390777e..1e0aa29 100644
--- a/vcl/source/fontsubset/sft.cxx
+++ b/vcl/source/fontsubset/sft.cxx
@@ -920,9 +920,9 @@ static int findname( const sal_uInt8 *name, sal_uInt16 n, sal_uInt16 platformID,
 static void GetNames(TrueTypeFont *t)
 {
     const sal_uInt8* table = getTable( t, O_name );
-    int nTableSize = getTableSize(t, O_name);
+    const sal_uInt32 nTableSize = getTableSize(t, O_name);
 
-    if (nTableSize < 4)
+    if (nTableSize < 6)
     {
 #if OSL_DEBUG_LEVEL > 1
         fprintf(stderr, "O_name table too small\n");
@@ -931,13 +931,17 @@ static void GetNames(TrueTypeFont *t)
     }
 
     sal_uInt16 n = GetUInt16(table, 2, 1);
-    int i, r;
-    bool bPSNameOK = true;
 
-    /* #129743# simple sanity check for name table entry count */
-    if( nTableSize <= n * 12 + 6 )
+    /* simple sanity check for name table entry count */
+    const size_t nMinRecordSize = 12;
+    const size_t nSpaceAvailable = nTableSize - 6;
+    const size_t nMaxRecords = nSpaceAvailable/nMinRecordSize;
+    if (n >= nMaxRecords)
         n = 0;
 
+    int i, r;
+    bool bPSNameOK = true;
+
     /* PostScript name: preferred Microsoft */
     t->psname = NULL;
     if ((r = findname(table, n, 3, 1, 0x0409, 6)) != -1)
commit b3c282f12931b7e1cf152cb39664e3139012d7d0
Author: Caolán McNamara <caolanm at redhat.com>
Date:   Fri Nov 21 10:26:51 2014 +0000

    move error patch test to start
    
    Change-Id: Icd6a8b301eb7cc53aac9b84d2208bcde94218470

diff --git a/vcl/source/fontsubset/sft.cxx b/vcl/source/fontsubset/sft.cxx
index 2d52a19..390777e 100644
--- a/vcl/source/fontsubset/sft.cxx
+++ b/vcl/source/fontsubset/sft.cxx
@@ -879,12 +879,12 @@ static char *nameExtract( const sal_uInt8* name, int nTableSize, int n, int dbFl
 static int findname( const sal_uInt8 *name, sal_uInt16 n, sal_uInt16 platformID,
     sal_uInt16 encodingID, sal_uInt16 languageID, sal_uInt16 nameID )
 {
+    if (n == 0) return -1;
+
     int l = 0, r = n-1, i;
     sal_uInt32 t1, t2;
     sal_uInt32 m1, m2;
 
-    if (n == 0) return -1;
-
     m1 = (platformID << 16) | encodingID;
     m2 = (languageID << 16) | nameID;
 
commit 6027c7575bc7b8821a60bad3b70c237cae69ed72
Author: Caolán McNamara <caolanm at redhat.com>
Date:   Fri Nov 21 10:19:53 2014 +0000

    coverity#1213370 rework to make comparison to rec[i].slen more clear
    
    Change-Id: I13ff12f0023b2752ea40cbf941350ca4c7dc7f78

diff --git a/vcl/source/fontsubset/sft.cxx b/vcl/source/fontsubset/sft.cxx
index 4cdb95c..2d52a19 100644
--- a/vcl/source/fontsubset/sft.cxx
+++ b/vcl/source/fontsubset/sft.cxx
@@ -2716,9 +2716,11 @@ int GetTTNameRecords(TrueTypeFont *ttf, NameRecord **nr)
                 continue;
             }
 
-            const  sal_uInt8* rec_string = table + nStrBase + nStrOffset;
+            const sal_uInt8* rec_string = table + nStrBase + nStrOffset;
             // sanity check
-            if( rec_string > (sal_uInt8*)ttf->ptr && rec_string < ((sal_uInt8*)ttf->ptr + ttf->fsize - rec[i].slen ) )
+            const sal_uInt8* end_table = ttf->ptr + ttf->fsize;
+            const size_t available_space = rec_string > end_table ? 0 : (end_table - rec_string);
+            if (rec[i].slen <= available_space)
             {
                 rec[i].sptr = (sal_uInt8 *) malloc(rec[i].slen); assert(rec[i].sptr != 0);
                 memcpy(rec[i].sptr, rec_string, rec[i].slen);
commit 2abcb6cba9b5cd98d76d70418f6222f481fcd878
Author: Caolán McNamara <caolanm at redhat.com>
Date:   Fri Nov 21 10:10:09 2014 +0000

    coverity#1209863 rework to explicitly compare cMaxChar
    
    Change-Id: I739cf10c5031fd7abeb0c58569d65c03e225f5e4

diff --git a/vcl/source/gdi/impfont.cxx b/vcl/source/gdi/impfont.cxx
index d36005a..327b0d7 100644
--- a/vcl/source/gdi/impfont.cxx
+++ b/vcl/source/gdi/impfont.cxx
@@ -209,8 +209,12 @@ bool ParseCMAP( const unsigned char* pCmap, int nLength, CmapResult& rResult )
                 const unsigned char* pGlyphIdPtr = pOffsetBase + 2*i + nRangeOffset;
                 const size_t nRemainingSize = pEndValidArea - pGlyphIdPtr;
                 const size_t nMaxPossibleRecords = nRemainingSize/2;
-                const size_t nRequestedRecords = cMaxChar - cMinChar + 1;
-                if (nRequestedRecords > nMaxPossibleRecords) {  // no sane font should trigger this
+                if (nMaxPossibleRecords == 0) {  // no sane font should trigger this
+                    SAL_WARN("vcl.gdi", "More indexes claimed that space available in font!");
+                    break;
+                }
+                const size_t nMaxLegalChar = cMinChar + nMaxPossibleRecords-1;
+                if (cMaxChar > nMaxLegalChar) {  // no sane font should trigger this
                     SAL_WARN("vcl.gdi", "More indexes claimed that space available in font!");
                     break;
                 }
commit 0674dd36b6a344acc3f22676d8aa09158e17062f
Author: Caolán McNamara <caolanm at redhat.com>
Date:   Fri Nov 21 09:49:27 2014 +0000

    coverity#1242675 Untrusted value as argument
    
    Change-Id: Id1f1ff8de23b041742d2a8286b78312529f6566e

diff --git a/package/source/zipapi/ZipFile.cxx b/package/source/zipapi/ZipFile.cxx
index bb178f5..f2dc709 100644
--- a/package/source/zipapi/ZipFile.cxx
+++ b/package/source/zipapi/ZipFile.cxx
@@ -664,6 +664,8 @@ bool ZipFile::readLOC( ZipEntry &rEntry )
         const sal_Int64 nBytesAvailable = aGrabber.getLength() - aGrabber.getPosition();
         if (nPathLenToRead > nBytesAvailable)
             nPathLenToRead = nBytesAvailable;
+        else if (nPathLenToRead < 0)
+            nPathLenToRead = 0;
 
         // read always in UTF8, some tools seem not to set UTF8 bit
         uno::Sequence<sal_Int8> aNameBuffer(nPathLenToRead);
commit af4700d70a807857ecb118c2bd23c023cfe387e7
Author: Caolán McNamara <caolanm at redhat.com>
Date:   Fri Nov 21 09:47:33 2014 +0000

    document coverity#983096 Resource leak
    
    Change-Id: If5a60dac2329432b30a7b5528e0fca05d4369b1a

diff --git a/rsc/source/rscpp/cpp3.c b/rsc/source/rscpp/cpp3.c
index f663a9f..1ab8816 100644
--- a/rsc/source/rscpp/cpp3.c
+++ b/rsc/source/rscpp/cpp3.c
@@ -148,6 +148,7 @@ int AddInclude( char* pIncStr )
         *incend++ = pIncPos;
         pIncPos   = strtok( NULL, ";" );
     }
+    /* coverity[leaked_storage] - we know this leaks, but it doesn't matter in this short lived utility */
     return( 1 );
 }
 
commit b5c51b706850f4fd86f26b17169a272ae02c3da8
Author: Caolán McNamara <caolanm at redhat.com>
Date:   Fri Nov 21 09:40:09 2014 +0000

    coverity#1242658 Untrusted loop bound
    
    Change-Id: Ib3bb7f28b051c2886b470a77bdc6daf683a03f84

diff --git a/filter/source/graphicfilter/ipict/ipict.cxx b/filter/source/graphicfilter/ipict/ipict.cxx
index 852e69b..acef0b7 100644
--- a/filter/source/graphicfilter/ipict/ipict.cxx
+++ b/filter/source/graphicfilter/ipict/ipict.cxx
@@ -909,6 +909,19 @@ sal_uLong PictReader::ReadPixMapEtc( Bitmap &rBitmap, bool bBaseAddr, bool bColo
         if ( nRowBytes < 2 * nWidth )
             BITMAPERROR;
 
+        size_t nMinRecordSize;
+        if ( nRowBytes < 8 || nPackType == 1 )
+            nMinRecordSize = sizeof(sal_uInt16);
+        else if ( nRowBytes > 250 )
+            nMinRecordSize = sizeof(sal_uInt16);
+        else
+            nMinRecordSize = 1;
+
+        const size_t nMinRowWidth = nWidth * nMinRecordSize;
+        const size_t nMaxRows = pPict->remainingSize() / nMinRowWidth;
+        if (nHeight > nMaxRows)
+            BITMAPERROR;
+
         for ( ny = 0; ny < nHeight; ny++ )
         {
             nx = 0;
@@ -1031,6 +1044,20 @@ sal_uLong PictReader::ReadPixMapEtc( Bitmap &rBitmap, bool bBaseAddr, bool bColo
         {
             if ( ( nCmpCount == 3 ) || ( nCmpCount == 4 ) )
             {
+                size_t nMinRecordSize;
+                if (nRowBytes > 250)
+                    nMinRecordSize = sizeof(sal_uInt16);
+                else
+                    nMinRecordSize = 1;
+
+                const size_t nMinRowWidth = nWidth * nMinRecordSize;
+                const size_t nMaxRows = pPict->remainingSize() / nMinRowWidth;
+                if (nHeight > nMaxRows)
+                    BITMAPERROR;
+                const size_t nMaxWidth = pPict->remainingSize() / nHeight;
+                if (nWidth > nMaxWidth)
+                    BITMAPERROR;
+
                 boost::scoped_array<sal_uInt8> pScanline(new sal_uInt8[static_cast<size_t>(nWidth) * nCmpCount]);
                 for ( ny = 0; ny < nHeight; ny++ )
                 {
commit af26bb77d2dd63fd6d5473c234f746b3b38dc3f6
Author: Caolán McNamara <caolanm at redhat.com>
Date:   Fri Nov 21 09:24:11 2014 +0000

    coverity#1255388 Division or modulo by float zero
    
    and
    
    coverity#1255387 Division or modulo by float zero
    
    Change-Id: I86c6d5874a7a2c2eecefe7f786edff89ff50ffbf

diff --git a/vcl/opengl/gdiimpl.cxx b/vcl/opengl/gdiimpl.cxx
index 3929d63..1abc86e 100644
--- a/vcl/opengl/gdiimpl.cxx
+++ b/vcl/opengl/gdiimpl.cxx
@@ -727,6 +727,9 @@ void OpenGLSalGraphicsImpl::DrawTransformedTexture(
     const basegfx::B2DPoint& rX,
     const basegfx::B2DPoint& rY )
 {
+    if (!rTexture.GetWidth() || !rTexture.GetHeight())
+        return;
+
     const basegfx::B2DVector aXRel = rX - rNull;
     const basegfx::B2DVector aYRel = rY - rNull;
     const float aValues[] = {
commit ecc56da366960b642d0a7da1b4a47245243252f8
Author: Caolán McNamara <caolanm at redhat.com>
Date:   Fri Nov 21 09:22:38 2014 +0000

    busted loop condition
    
    regression from
    
    commit 119873328acd70ca3569c21a0b1fe36277e8bf4c
    Date:   Thu Oct 21 15:34:02 2010 -0500
        convert vos/process.hxx and related API
    
    Change-Id: I36527a4f0109105b9853a79773b4c92f9bc4e902

diff --git a/basic/source/runtime/methods.cxx b/basic/source/runtime/methods.cxx
index 662dcc3..f27e771 100644
--- a/basic/source/runtime/methods.cxx
+++ b/basic/source/runtime/methods.cxx
@@ -3716,10 +3716,9 @@ RTLFUNC(Shell)
             osl_freeProcessHandle( pApp );
         }
 
-        for(int j = 0; i < nParamCount; i++)
+        for(int j = 0; j < nParamCount; ++j)
         {
             rtl_uString_release(pParamList[j]);
-            pParamList[j] = NULL;
         }
 
         delete [] pParamList;
commit ef076fa1c1aa15d42969c701803564bbc75a0cb0
Author: Caolán McNamara <caolanm at redhat.com>
Date:   Fri Nov 21 09:20:31 2014 +0000

    coverity#1255390 Resource leak
    
    Change-Id: I3631d6bbcf45986deb1e911fcdb0e6606a0c6d91

diff --git a/basic/source/runtime/methods.cxx b/basic/source/runtime/methods.cxx
index c1b6889..662dcc3 100644
--- a/basic/source/runtime/methods.cxx
+++ b/basic/source/runtime/methods.cxx
@@ -3722,6 +3722,8 @@ RTLFUNC(Shell)
             pParamList[j] = NULL;
         }
 
+        delete [] pParamList;
+
         if( !bSucc )
         {
             StarBASIC::Error( SbERR_FILE_NOT_FOUND );
commit 4ea173180609df25a765c5a10889fc25863c659f
Author: Caolán McNamara <caolanm at redhat.com>
Date:   Fri Nov 21 09:16:50 2014 +0000

    coverity#1255389 Dereference null return value
    
    Change-Id: I3b2a4e69a1c86d9b9ce9f51d6f321bda9e18f8b5

diff --git a/svtools/qa/unit/GraphicObjectTest.cxx b/svtools/qa/unit/GraphicObjectTest.cxx
index 0c96f15..3c4645b 100644
--- a/svtools/qa/unit/GraphicObjectTest.cxx
+++ b/svtools/qa/unit/GraphicObjectTest.cxx
@@ -168,6 +168,7 @@ void GraphicObjectTest::testSizeBasedAutoSwap()
         if( aNodes[nIndex]->IsGrfNode() )
         {
             SwGrfNode* pGrfNode = aNodes[nIndex]->GetGrfNode();
+            CPPUNIT_ASSERT(pGrfNode);
             if( !pGrafObj1 )
             {
                 pGrafObj1 = &pGrfNode->GetGrfObj();
commit cdf7572996c553348deae7698f9b1170f5a105f2
Author: Caolán McNamara <caolanm at redhat.com>
Date:   Fri Nov 21 09:16:46 2014 +0000

    coverity#1209008 Unchecked return value
    
    Change-Id: I7204f02253ff970a6b6f25b83268372d914d7f13

diff --git a/sd/inc/sdmod.hxx b/sd/inc/sdmod.hxx
index b1b4291..d339c09 100644
--- a/sd/inc/sdmod.hxx
+++ b/sd/inc/sdmod.hxx
@@ -168,7 +168,7 @@ private:
             This typically is the unmodified request from a execute()
             function from where this function is called.
     */
-    void OutlineToImpress (SfxRequest& rRequest);
+    bool OutlineToImpress(SfxRequest& rRequest);
 
     /** Add an eventlistener as soon as possible in sd, allows to use
         remote devices to start the slideshow elegantly, and respecting
diff --git a/sd/source/ui/app/sdmod1.cxx b/sd/source/ui/app/sdmod1.cxx
index a4aff4d..672ccdd 100644
--- a/sd/source/ui/app/sdmod1.cxx
+++ b/sd/source/ui/app/sdmod1.cxx
@@ -252,7 +252,7 @@ void SdModule::Execute(SfxRequest& rReq)
     }
 }
 
-void SdModule::OutlineToImpress (SfxRequest& rRequest)
+bool SdModule::OutlineToImpress(SfxRequest& rRequest)
 {
     const SfxItemSet* pSet = rRequest.GetArgs();
 
@@ -312,7 +312,7 @@ void SdModule::OutlineToImpress (SfxRequest& rRequest)
         }
     }
 
-    rRequest.IsDone();
+    return rRequest.IsDone();
 }
 
 static bool bOnce = false;


More information about the Libreoffice-commits mailing list