[Libreoffice-commits] core.git: 3 commits - sal/rtl sc/source vcl/source
Caolán McNamara
caolanm at redhat.com
Thu Feb 12 03:46:30 PST 2015
sal/rtl/ustring.cxx | 9 +++++----
sc/source/filter/starcalc/scflt.cxx | 36 ++++++++++++++++++++----------------
vcl/source/gdi/jobset.cxx | 4 ++--
3 files changed, 27 insertions(+), 22 deletions(-)
New commits:
commit 5e62dc99bfa59654166609fa57141e4303c734e3
Author: Caolán McNamara <caolanm at redhat.com>
Date: Thu Feb 12 11:41:49 2015 +0000
coverity#1268298 mark up code
Change-Id: I6e48e2593f93efd71e84a076a99457c3daf7d9e0
diff --git a/sal/rtl/ustring.cxx b/sal/rtl/ustring.cxx
index 90e5ba1..cc99812 100644
--- a/sal/rtl/ustring.cxx
+++ b/sal/rtl/ustring.cxx
@@ -569,11 +569,12 @@ void SAL_CALL rtl_uString_newFromCodePoints(
++n;
}
}
- /* coverity[dead_error_condition] - Builds on the assumption that sal_Int32
- uses 32 bit two's complement representation with wrap around (the
- necessary number of UTF-16 code units will be no larger than 2 *
- SAL_MAX_INT32, represented as sal_Int32 -2): */
+ /* Builds on the assumption that sal_Int32 uses 32 bit two's complement
+ representation with wrap around (the necessary number of UTF-16 code
+ units will be no larger than 2 * SAL_MAX_INT32, represented as
+ sal_Int32 -2): */
if (n < 0) {
+ // coverity[dead_error_begin] - assumes wrap around
*newString = NULL;
return;
}
commit 5b59724d081e429f13bec8b4aee4d6da01c657af
Author: Caolán McNamara <caolanm at redhat.com>
Date: Thu Feb 12 11:38:29 2015 +0000
coverity#1266485 Untrusted value as argument
Change-Id: I235a65f5521de1b90c8af3dc64b09eb2726d00ae
diff --git a/vcl/source/gdi/jobset.cxx b/vcl/source/gdi/jobset.cxx
index 8066718..6e46fc0 100644
--- a/vcl/source/gdi/jobset.cxx
+++ b/vcl/source/gdi/jobset.cxx
@@ -234,7 +234,7 @@ SvStream& ReadJobSetup( SvStream& rIStream, JobSetup& rJobSetup )
" max possible entries, but " << nRead << " claimed, truncating");
return rIStream;
}
- boost::scoped_array<char> pTempBuf(new char[nLen]);
+ boost::scoped_array<char> pTempBuf(new char[nRead]);
rIStream.Read(pTempBuf.get(), nRead);
if ( nLen >= sizeof(ImplOldJobSetupData)+4 )
{
@@ -261,7 +261,7 @@ SvStream& ReadJobSetup( SvStream& rIStream, JobSetup& rJobSetup )
nSystem == JOBSET_FILE605_SYSTEM )
{
Impl364JobSetupData* pOldJobData = reinterpret_cast<Impl364JobSetupData*>(pTempBuf.get() + sizeof( ImplOldJobSetupData ));
- sal_uInt16 nOldJobDataSize = SVBT16ToShort( pOldJobData->nSize );
+ sal_uInt16 nOldJobDataSize = SVBT16ToShort( pOldJobData->nSize );
pJobData->mnSystem = SVBT16ToShort( pOldJobData->nSystem );
pJobData->mnDriverDataLen = SVBT32ToUInt32( pOldJobData->nDriverDataLen );
pJobData->meOrientation = (Orientation)SVBT16ToShort( pOldJobData->nOrientation );
commit d889f83a75cddd18839a0bc2ecfde5c00f6ca603
Author: Caolán McNamara <caolanm at redhat.com>
Date: Thu Feb 12 11:30:59 2015 +0000
coverity#1242895 Untrusted loop bound
Change-Id: I73b8d2c6f9ef81c246b541aa34c4b61109964440
diff --git a/sc/source/filter/starcalc/scflt.cxx b/sc/source/filter/starcalc/scflt.cxx
index c2c1dab..8c29094 100644
--- a/sc/source/filter/starcalc/scflt.cxx
+++ b/sc/source/filter/starcalc/scflt.cxx
@@ -1355,6 +1355,22 @@ void Sc10Import::LoadDataBaseCollection()
}
}
+namespace
+{
+ sal_uInt16 SanitizeDataCount(sal_uInt16 nDataCount, SvStream &rStream)
+ {
+ const size_t nMinRecordSize = sizeof(sal_uInt16)*2;
+ const size_t nMaxRecords = rStream.remainingSize() / nMinRecordSize;
+ if (nDataCount > nMaxRecords)
+ {
+ SAL_WARN("sc", "Parsing error: " << nMaxRecords <<
+ " max possible entries, but " << nDataCount << " claimed, truncating");
+ nDataCount = nMaxRecords;
+ }
+ return nDataCount;
+ }
+}
+
void Sc10Import::LoadTables()
{
Sc10PageCollection aPageCollection;
@@ -1456,13 +1472,7 @@ void Sc10Import::LoadTables()
return;
}
rStream.ReadUInt16( DataCount );
- const sal_Size nMaxPossibleRecords = rStream.remainingSize() / (sizeof(sal_uInt16)*2);
- if (DataCount > nMaxPossibleRecords)
- {
- SAL_WARN("sc", "Parsing error: " << nMaxPossibleRecords <<
- " max possible pairs, but " << DataCount << " claimed, truncating");
- DataCount = nMaxPossibleRecords;
- }
+ DataCount = SanitizeDataCount(DataCount, rStream);
DataStart = 0;
for (i=0; i < DataCount; i++)
{
@@ -1485,6 +1495,7 @@ void Sc10Import::LoadTables()
}
rStream.ReadUInt16( DataCount );
+ DataCount = SanitizeDataCount(DataCount, rStream);
DataStart = 0;
for (i=0; i < DataCount; i++)
{
@@ -1515,6 +1526,7 @@ void Sc10Import::LoadTables()
}
rStream.ReadUInt16( DataCount );
+ DataCount = SanitizeDataCount(DataCount, rStream);
DataStart = 0;
for (i=0; i < DataCount; i++)
{
@@ -1535,15 +1547,7 @@ void Sc10Import::LoadTables()
}
rStream.ReadUInt16(DataCount);
- const size_t nMinRecordSize = sizeof(sal_uInt16)*2;
- const size_t nMaxRecords = rStream.remainingSize() / nMinRecordSize;
- if (DataCount > nMaxRecords)
- {
- SAL_WARN("sc", "Parsing error: " << nMaxRecords <<
- " max possible entries, but " << DataCount << " claimed, truncating");
- DataCount = nMaxRecords;
- }
-
+ DataCount = SanitizeDataCount(DataCount, rStream);
DataStart = 0;
for (i=0; i < DataCount; i++)
{
More information about the Libreoffice-commits
mailing list