[Libreoffice-commits] core.git: sw/source
Caolán McNamara (via logerrit)
logerrit at kemper.freedesktop.org
Sat Aug 14 17:40:59 UTC 2021
sw/source/filter/ww8/ww8par.cxx | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
New commits:
commit 175a313744e66325053f962ff7a65213e48ebb36
Author: Caolán McNamara <caolanm at redhat.com>
AuthorDate: Sat Aug 14 17:22:31 2021 +0100
Commit: Caolán McNamara <caolanm at redhat.com>
CommitDate: Sat Aug 14 19:40:21 2021 +0200
cid#1490212 silence Untrusted divisor
"The divisor could be controlled by an attacker, who could cause a
division by zero." but this division can only happen if the divisor is
either 8 or 4
Change-Id: I7cae93f48d84e023912b8613be89cf9db5589d4c
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/120489
Tested-by: Caolán McNamara <caolanm at redhat.com>
Reviewed-by: Caolán McNamara <caolanm at redhat.com>
diff --git a/sw/source/filter/ww8/ww8par.cxx b/sw/source/filter/ww8/ww8par.cxx
index 3cd81b1c95eb..e26df0532845 100644
--- a/sw/source/filter/ww8/ww8par.cxx
+++ b/sw/source/filter/ww8/ww8par.cxx
@@ -1024,9 +1024,9 @@ SdrObject* SwMSDffManager::ProcessObj(SvStream& rSt,
bool bOk = false;
if (nNumElemVert && (nElemSizeVert == 8 || nElemSizeVert == 4))
{
- assert(nElemSizeVert == 8 || nElemSizeVert == 4);
//check if there is enough data in the file to make the
//record sane
+ // coverity[tainted_data : FALSE] - nElemSizeVert is either 8 or 4 so it has been sanitized
bOk = rSt.remainingSize() / nElemSizeVert >= nNumElemVert;
}
if (bOk)
More information about the Libreoffice-commits
mailing list