[Libreoffice-commits] core.git: comphelper/source
Caolán McNamara
caolanm at redhat.com
Wed Oct 19 14:22:36 UTC 2016
comphelper/source/misc/backupfilehelper.cxx | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
New commits:
commit 724f2b20d83c340d9cb1221766a741f432ed9204
Author: Caolán McNamara <caolanm at redhat.com>
Date: Wed Oct 19 15:07:14 2016 +0100
coverity#1373663 Untrusted loop bound
Change-Id: Iabad14f8fc35656015b98693dd327a41aeaf63c7
diff --git a/comphelper/source/misc/backupfilehelper.cxx b/comphelper/source/misc/backupfilehelper.cxx
index 60ad11a9..5c55ca4 100644
--- a/comphelper/source/misc/backupfilehelper.cxx
+++ b/comphelper/source/misc/backupfilehelper.cxx
@@ -105,14 +105,7 @@ namespace
// read rTarget
if (osl::File::E_None == rFile->read(static_cast<void*>(aArray), 4, nBaseRead) && 4 == nBaseRead)
{
- //This is untainted data which comes from a controlled source
- //so, using a byte-swapping pattern which coverity doesn't
- //detect as such
- //http://security.coverity.com/blog/2014/Apr/on-detecting-heartbleed-with-static-analysis.html
- rTarget = aArray[0]; rTarget <<= 8;
- rTarget |= aArray[1]; rTarget <<= 8;
- rTarget |= aArray[2]; rTarget <<= 8;
- rTarget |= aArray[3];
+ rTarget = (sal_uInt32(aArray[0]) << 24) + (sal_uInt32(aArray[1]) << 16) + (sal_uInt32(aArray[2]) << 8) + sal_uInt32(aArray[3]);
return true;
}
@@ -674,6 +667,13 @@ namespace
return false;
}
+ // coverity#1373663 Untrusted loop bound, check file size
+ // isn't utterly broken
+ sal_uInt64 nFileSize(0);
+ rFile->getSize(nFileSize);
+ if (nFileSize < nExtEntries)
+ return false;
+
for (sal_uInt32 a(0); a < nExtEntries; a++)
{
ExtensionInfoEntry aNewEntry;
More information about the Libreoffice-commits
mailing list