[Libreoffice-commits] core.git: sal/rtl
Caolán McNamara
caolanm at redhat.com
Sun Jan 22 21:31:01 UTC 2017
sal/rtl/alloc_arena.cxx | 5 +++--
sal/rtl/alloc_cache.cxx | 6 +++---
2 files changed, 6 insertions(+), 5 deletions(-)
New commits:
commit 49889a296e9e15077b36917329538e154789dd9f
Author: Caolán McNamara <caolanm at redhat.com>
Date: Sun Jan 22 21:26:45 2017 +0000
coverity#1399029 silence Out-of-bounds read
Change-Id: I025e416a6a162316d82cfbde9fbfcb0a45e888d5
diff --git a/sal/rtl/alloc_arena.cxx b/sal/rtl/alloc_arena.cxx
index 19bc424..68dd298 100644
--- a/sal/rtl/alloc_arena.cxx
+++ b/sal/rtl/alloc_arena.cxx
@@ -217,8 +217,9 @@ rtl_arena_freelist_insert (
)
{
rtl_arena_segment_type * head;
-
- head = &(arena->m_freelist_head[highbit(segment->m_size) - 1]);
+ const auto bit = highbit(segment->m_size);
+ assert(bit > 0);
+ head = &(arena->m_freelist_head[bit - 1]);
QUEUE_INSERT_TAIL_NAMED(head, segment, f);
arena->m_freelist_bitmap |= head->m_size;
diff --git a/sal/rtl/alloc_cache.cxx b/sal/rtl/alloc_cache.cxx
index 29d2008..fd8a8c0 100644
--- a/sal/rtl/alloc_cache.cxx
+++ b/sal/rtl/alloc_cache.cxx
@@ -140,7 +140,6 @@ rtl_cache_hash_rescale (
rtl_cache_bufctl_type * next = curr->m_next;
rtl_cache_bufctl_type ** head;
- // coverity[negative_shift]
head = &(cache->m_hash_table[RTL_CACHE_HASH_INDEX(cache, curr->m_addr)]);
curr->m_next = (*head);
(*head) = curr;
@@ -212,8 +211,9 @@ rtl_cache_hash_remove (
if (!(cache->m_features & RTL_CACHE_FEATURE_RESCALE))
{
sal_Size ave = nbuf >> cache->m_hash_shift;
- // coverity[negative_shift]
- sal_Size new_size = cache->m_hash_size << (highbit(ave) - 1);
+ const auto bit = highbit(ave);
+ assert(bit > 0);
+ sal_Size new_size = cache->m_hash_size << (bit - 1);
cache->m_features |= RTL_CACHE_FEATURE_RESCALE;
RTL_MEMORY_LOCK_RELEASE(&(cache->m_slab_lock));
More information about the Libreoffice-commits
mailing list