[Libreoffice-commits] core.git: comphelper/source
Caolán McNamara
caolanm at redhat.com
Fri Oct 14 08:18:30 UTC 2016
comphelper/source/misc/backupfilehelper.cxx | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
New commits:
commit 482f6261791c5467918213f63d198e19c0e7720d
Author: Caolán McNamara <caolanm at redhat.com>
Date: Fri Oct 14 09:11:38 2016 +0100
coverity#1373663 consider backupfilehelper byte twiddling as untainted
Change-Id: I13f7c3df20b3c9f81a9519b4bb84f556a8f4db7e
diff --git a/comphelper/source/misc/backupfilehelper.cxx b/comphelper/source/misc/backupfilehelper.cxx
index d5468f4..518a5e9 100644
--- a/comphelper/source/misc/backupfilehelper.cxx
+++ b/comphelper/source/misc/backupfilehelper.cxx
@@ -104,7 +104,14 @@ namespace
// read rTarget
if (osl::File::E_None == rFile->read(static_cast<void*>(aArray), 4, nBaseRead) && 4 == nBaseRead)
{
- rTarget = (sal_uInt32(aArray[0]) << 24) + (sal_uInt32(aArray[1]) << 16) + (sal_uInt32(aArray[2]) << 8) + sal_uInt32(aArray[3]);
+ //This is untainted data which comes from a controlled source
+ //so, using a byte-swapping pattern which coverity doesn't
+ //detect as such
+ //http://security.coverity.com/blog/2014/Apr/on-detecting-heartbleed-with-static-analysis.html
+ rTarget = aArray[0]; rTarget <<= 8;
+ rTarget |= aArray[1]; rTarget <<= 8;
+ rTarget |= aArray[2]; rTarget <<= 8;
+ rTarget |= aArray[3];
return true;
}
More information about the Libreoffice-commits
mailing list