[Libreoffice-commits] core.git: 5 commits - lotuswordpro/source sd/source sfx2/source sw/source
Caolán McNamara
caolanm at redhat.com
Sat Jun 11 20:01:20 UTC 2016
lotuswordpro/source/filter/lwpsdwgrouploaderv0102.cxx | 22 ++++++++++++---
sd/source/filter/eppt/pptx-text.cxx | 25 ++++++++++--------
sfx2/source/control/templateabstractview.cxx | 2 -
sfx2/source/control/thumbnailview.cxx | 2 -
sw/source/uibase/app/docstyle.cxx | 5 ++-
5 files changed, 38 insertions(+), 18 deletions(-)
New commits:
commit 08c9c0a3ae3a34609f31da5c229dfaedacdd27d6
Author: Caolán McNamara <caolanm at redhat.com>
Date: Sat Jun 11 20:53:18 2016 +0100
coverity#1362681 Untrusted loop bound
and
coverity#1362682 Untrusted loop bound
Change-Id: I97eacad09abed4f91744b36f572761e43a3477fb
diff --git a/lotuswordpro/source/filter/lwpsdwgrouploaderv0102.cxx b/lotuswordpro/source/filter/lwpsdwgrouploaderv0102.cxx
index 51c8dec..39d1b3f 100644
--- a/lotuswordpro/source/filter/lwpsdwgrouploaderv0102.cxx
+++ b/lotuswordpro/source/filter/lwpsdwgrouploaderv0102.cxx
@@ -115,12 +115,12 @@ void LwpSdwGroupLoaderV0102::BeginDrawObjects(std::vector< rtl::Reference<XFFram
// topObj, botObj
m_pStream->SeekRel(4);
//record count
- unsigned short nRecCount;
+ unsigned short nRecCount(0);
m_pStream->ReadUInt16(nRecCount);
// selCount
m_pStream->SeekRel(2);
//boundrect
- unsigned short left,top,right,bottom;
+ unsigned short left(0),top(0),right(0),bottom(0);
m_pStream->ReadUInt16(left);
m_pStream->ReadUInt16(top);
m_pStream->ReadUInt16(right);
@@ -222,6 +222,12 @@ void LwpSdwGroupLoaderV0102::BeginDrawObjects(std::vector< rtl::Reference<XFFram
}
}
+ if (nRecCount > m_pStream->remainingSize())
+ {
+ SAL_WARN("lwp", "stream too short for claimed no of records");
+ nRecCount = m_pStream->remainingSize();
+ }
+
//load draw object
for (unsigned short i = 0; i < nRecCount; i++)
{
@@ -260,12 +266,12 @@ XFDrawGroup* LwpSdwGroupLoaderV0102::CreateDrawGroupObject()
// topObj, botObj
m_pStream->SeekRel(4);
//record count
- unsigned short nRecCount;
+ unsigned short nRecCount(0);
m_pStream->ReadUInt16(nRecCount);
// selCount
m_pStream->SeekRel(2);
//boundrect
- unsigned short left,top,right,bottom;
+ unsigned short left(0),top(0),right(0),bottom(0);
m_pStream->ReadUInt16(left);
m_pStream->ReadUInt16(top);
m_pStream->ReadUInt16(right);
@@ -275,6 +281,12 @@ XFDrawGroup* LwpSdwGroupLoaderV0102::CreateDrawGroupObject()
XFDrawGroup* pXFDrawGroup = new XFDrawGroup();
+ if (nRecCount > m_pStream->remainingSize())
+ {
+ SAL_WARN("lwp", "stream too short for claimed no of records");
+ nRecCount = m_pStream->remainingSize();
+ }
+
//load draw object
for (unsigned short i = 0; i < nRecCount; i++)
{
@@ -303,7 +315,7 @@ XFDrawGroup* LwpSdwGroupLoaderV0102::CreateDrawGroupObject()
XFFrame* LwpSdwGroupLoaderV0102::CreateDrawObject()
{
//record type
- unsigned char recType;
+ unsigned char recType(0);
m_pStream->ReadUChar(recType);
LwpDrawObj* pDrawObj = nullptr;
commit 51a09942d9f9b0d8ef9c24bff2ee1dc270e43d5e
Author: Caolán McNamara <caolanm at redhat.com>
Date: Sat Jun 11 20:44:38 2016 +0100
coverity#1362677 Unchecked dynamic_cast
Change-Id: Idf3819ef702c259c448a0c346a3fa1896f1088a2
diff --git a/sfx2/source/control/templateabstractview.cxx b/sfx2/source/control/templateabstractview.cxx
index 117c11e..45f5555 100644
--- a/sfx2/source/control/templateabstractview.cxx
+++ b/sfx2/source/control/templateabstractview.cxx
@@ -322,7 +322,7 @@ void TemplateAbstractView::RemoveDefaultTemplateIcon(const OUString& rPath)
for (ThumbnailViewItem* pItem : mItemList)
{
TemplateViewItem* pViewItem = dynamic_cast<TemplateViewItem*>(pItem);
- if(pViewItem->getPath().match(rPath))
+ if (pViewItem && pViewItem->getPath().match(rPath))
{
pViewItem->showDefaultIcon(false);
Invalidate();
commit 7fa26f6a3948eb75abee63bd49f71ae9589fba69
Author: Caolán McNamara <caolanm at redhat.com>
Date: Sat Jun 11 20:36:01 2016 +0100
coverity#1202784 Division or modulo by zero
Change-Id: I8fda65d21ab0aed7ccc149a57272b337580374b0
diff --git a/sfx2/source/control/thumbnailview.cxx b/sfx2/source/control/thumbnailview.cxx
index d25e279..b510328 100644
--- a/sfx2/source/control/thumbnailview.cxx
+++ b/sfx2/source/control/thumbnailview.cxx
@@ -1098,7 +1098,7 @@ void ThumbnailView::SelectItem( sal_uInt16 nItemId )
bool bNewOut = IsReallyVisible() && IsUpdateMode();
// if necessary scroll to the visible area
- if ( mbScroll && nItemId )
+ if (mbScroll && nItemId && mnCols)
{
sal_uInt16 nNewLine = (sal_uInt16)(nItemPos / mnCols);
if ( nNewLine < mnFirstLine )
commit b1578655f2a0cdf31d343a8ccec080783a8bcefc
Author: Caolán McNamara <caolanm at redhat.com>
Date: Sat Jun 11 20:32:21 2016 +0100
coverity#1362687 Uninitialized pointer field
and
coverity#1362688 Uninitialized pointer field
Change-Id: Ie9711dc7131ee41e4acd9d0a628d63272bf2a0c6
diff --git a/sw/source/uibase/app/docstyle.cxx b/sw/source/uibase/app/docstyle.cxx
index 277c222..f91c3fc 100644
--- a/sw/source/uibase/app/docstyle.cxx
+++ b/sw/source/uibase/app/docstyle.cxx
@@ -448,7 +448,8 @@ SwDocStyleSheet::SwDocStyleSheet( SwDoc& rDocument,
pFrameFormat(nullptr),
pDesc(nullptr),
pNumRule(nullptr),
-
+ pTableFormat(nullptr),
+ pBoxFormat(nullptr),
rDoc(rDocument),
aCoreSet(GetPool().GetPool(), //UUUU sorted by indices, one double removed
RES_CHRATR_BEGIN, RES_CHRATR_END - 1, // [1
@@ -491,6 +492,8 @@ SwDocStyleSheet::SwDocStyleSheet( const SwDocStyleSheet& rOrg) :
pFrameFormat(rOrg.pFrameFormat),
pDesc(rOrg.pDesc),
pNumRule(rOrg.pNumRule),
+ pTableFormat(rOrg.pTableFormat),
+ pBoxFormat(rOrg.pBoxFormat),
rDoc(rOrg.rDoc),
aCoreSet(rOrg.aCoreSet),
bPhysical(rOrg.bPhysical)
commit 0b555719403d494c40a7e12eb44e88cd28123a4f
Author: Caolán McNamara <caolanm at redhat.com>
Date: Sat Jun 11 20:26:32 2016 +0100
coverity#1362686 Uninitialized scalar variable
Change-Id: Ic077e3324897f427b7d509bce7884ecb5945c725
diff --git a/sd/source/filter/eppt/pptx-text.cxx b/sd/source/filter/eppt/pptx-text.cxx
index 4664a8a..fb10c86 100644
--- a/sd/source/filter/eppt/pptx-text.cxx
+++ b/sd/source/filter/eppt/pptx-text.cxx
@@ -54,16 +54,21 @@
css::uno::Reference< css::i18n::XBreakIterator > xPPTBreakIter;
-PortionObj::PortionObj( const css::uno::Reference< css::beans::XPropertySet > & rXPropSet,
- FontCollection& rFontCollection ) :
- mnCharAttrHard ( 0 ),
- mnCharAttr ( 0 ),
- mnFont ( 0 ),
- mnAsianOrComplexFont( 0xffff ),
- mnTextSize ( 0 ),
- mbLastPortion ( true ),
- mpText ( nullptr ),
- mpFieldEntry ( nullptr )
+PortionObj::PortionObj(const css::uno::Reference< css::beans::XPropertySet > & rXPropSet,
+ FontCollection& rFontCollection)
+ : meCharColor(css::beans::PropertyState_AMBIGUOUS_VALUE)
+ , meCharHeight(css::beans::PropertyState_AMBIGUOUS_VALUE)
+ , meFontName(css::beans::PropertyState_AMBIGUOUS_VALUE)
+ , meAsianOrComplexFont(css::beans::PropertyState_AMBIGUOUS_VALUE)
+ , meCharEscapement(css::beans::PropertyState_AMBIGUOUS_VALUE)
+ , mnCharAttrHard(0)
+ , mnCharAttr(0)
+ , mnFont(0)
+ , mnAsianOrComplexFont(0xffff)
+ , mnTextSize(0)
+ , mbLastPortion(true)
+ , mpText(nullptr)
+ , mpFieldEntry(nullptr)
{
mXPropSet = rXPropSet;
More information about the Libreoffice-commits
mailing list