[Libreoffice-commits] core.git: filter/source oox/source

[Caolán McNamara]

 filter/source/msfilter/mscodec.cxx |    5 ++---
 oox/source/core/binarycodec.cxx    |    9 ++++-----
 2 files changed, 6 insertions(+), 8 deletions(-)

New commits:
commit fc81a580dd2c4e322a28c4f042530668f8516c60
Author: Caolán McNamara <caolanm at redhat.com>
Date:   Fri Feb 10 11:07:46 2017 +0000

    coverity#736181 Out-of-bounds read
    
    it should be fine, as we rely on there being at least one password
    char, this is the same as,
    
    commit 2d3ed7ebb592401de214eaeee68c656afbefbe05
    Author: Michael Meeks <michael.meeks at collabora.com>
    Date:   Tue Feb 25 22:48:48 2014 +0000
    
        cid#736173 - increase default fill chars buffer size.
    
    which is another impl of this
    
    Change-Id: I5e1e07af37bea0398153ede300beed67d37d5e12

diff --git a/filter/source/msfilter/mscodec.cxx b/filter/source/msfilter/mscodec.cxx
index c57559b..f6a4a57 100644
--- a/filter/source/msfilter/mscodec.cxx
+++ b/filter/source/msfilter/mscodec.cxx
@@ -145,16 +145,15 @@ void MSCodec_Xor95::InitKey( const sal_uInt8 pnPassData[ 16 ] )
         0xBF, 0x0F, 0x00, 0x00
     };
 
-    std::size_t nIndex;
     std::size_t nLen = lclGetLen( pnPassData, 16 );
     const sal_uInt8* pnFillChar = spnFillChars;
-    for( nIndex = nLen; nIndex < sizeof( mpnKey ); ++nIndex, ++pnFillChar )
+    for (std::size_t nIndex = nLen; nIndex < sizeof(mpnKey); ++nIndex, ++pnFillChar)
         mpnKey[ nIndex ] = *pnFillChar;
 
     SVBT16 pnOrigKey;
     ShortToSVBT16( mnKey, pnOrigKey );
     sal_uInt8* pnKeyChar = mpnKey;
-    for( nIndex = 0; nIndex < sizeof( mpnKey ); ++nIndex, ++pnKeyChar )
+    for (std::size_t nIndex = 0; nIndex < sizeof(mpnKey); ++nIndex, ++pnKeyChar)
     {
         *pnKeyChar ^= pnOrigKey[ nIndex & 0x01 ];
         lclRotateLeft( *pnKeyChar, mnRotateDistance );
diff --git a/oox/source/core/binarycodec.cxx b/oox/source/core/binarycodec.cxx
index 360e92c..9ea36ee 100644
--- a/oox/source/core/binarycodec.cxx
+++ b/oox/source/core/binarycodec.cxx
@@ -133,19 +133,18 @@ void BinaryCodec_XOR::initKey( const sal_uInt8 pnPassData[ 16 ] )
     mnBaseKey = lclGetKey( pnPassData, 16 );
     mnHash = lclGetHash( pnPassData, 16 );
 
-     static const sal_uInt8 spnFillChars[] =
+    static const sal_uInt8 spnFillChars[] =
     {
         0xBB, 0xFF, 0xFF, 0xBA,
         0xFF, 0xFF, 0xB9, 0x80,
         0x00, 0xBE, 0x0F, 0x00,
-        0xBF, 0x0F, 0x00
+        0xBF, 0x0F, 0x00, 0x00
     };
 
     (void)memcpy( mpnKey, pnPassData, 16 );
-    sal_Int32 nIndex;
     sal_Int32 nLen = lclGetLen( pnPassData, 16 );
     const sal_uInt8* pnFillChar = spnFillChars;
-    for( nIndex = nLen; nIndex < static_cast< sal_Int32 >( sizeof( mpnKey ) ); ++nIndex, ++pnFillChar )
+    for (sal_Int32 nIndex = nLen; nIndex < static_cast<sal_Int32>(sizeof(mpnKey)); ++nIndex, ++pnFillChar )
         mpnKey[ nIndex ] = *pnFillChar;
 
     // rotation of key values is application dependent
@@ -162,7 +161,7 @@ void BinaryCodec_XOR::initKey( const sal_uInt8 pnPassData[ 16 ] )
     pnBaseKeyLE[ 0 ] = static_cast< sal_uInt8 >( mnBaseKey );
     pnBaseKeyLE[ 1 ] = static_cast< sal_uInt8 >( mnBaseKey >> 8 );
     sal_uInt8* pnKeyChar = mpnKey;
-    for( nIndex = 0; nIndex < static_cast< sal_Int32 >( sizeof( mpnKey ) ); ++nIndex, ++pnKeyChar )
+    for (sal_Int32 nIndex = 0; nIndex < static_cast<sal_Int32>(sizeof(mpnKey)); ++nIndex, ++pnKeyChar )
     {
         *pnKeyChar ^= pnBaseKeyLE[ nIndex & 1 ];
         lclRotateLeft( *pnKeyChar, nRotateSize );