include/svl/itempool.hxx | 1 sc/source/filter/excel/xistream.cxx | 1 store/source/storpage.cxx | 4 svl/source/items/poolio.cxx | 280 ------------------------------------ sw/source/core/layout/layact.cxx | 3 vcl/source/fontsubset/sft.cxx | 46 +++++ vcl/source/gdi/bitmap4.cxx | 14 + 7 files changed, 59 insertions(+), 290 deletions(-)
New commits: commit d72b93a5a64ecc5f620a6af999a605385a0b997a Author: Caolán McNamara <[email protected]> Date: Wed Nov 12 16:03:14 2014 +0000 drop pool ver 1 import support this unloved streaming format is internal only now and used for editengine c&p and (reportedly) autotable format storage. So we shouldn't encounter version 1 files anymore coverity#1242764 Untrusted loop bound Change-Id: If8e5717e997cf915f45f6e9484bb97d472e4dc2f diff --git a/include/svl/itempool.hxx b/include/svl/itempool.hxx index 8f83f4f..a52a0b2 100644 --- a/include/svl/itempool.hxx +++ b/include/svl/itempool.hxx @@ -77,7 +77,6 @@ private: sal_uInt16 GetIndex_Impl(sal_uInt16 nWhich) const; sal_uInt16 GetSize_Impl() const; - SVL_DLLPRIVATE SvStream& Load1_Impl( SvStream &rStream ); SVL_DLLPRIVATE bool IsItemFlag_Impl( sal_uInt16 nWhich, sal_uInt16 nFlag ) const; public: diff --git a/svl/source/items/poolio.cxx b/svl/source/items/poolio.cxx index b86d25a..6c09ef3 100644 --- a/svl/source/items/poolio.cxx +++ b/svl/source/items/poolio.cxx @@ -510,13 +510,8 @@ SvStream &SfxItemPool::Load(SvStream &rStream) pImp->mpMaster->pImp->nMajorVer = pImp->nMajorVer; pImp->mpMaster->pImp->nMinorVer = pImp->nMinorVer; - // Old Format? - if ( pImp->nMajorVer < 2 ) - // pImp->bStreaming is reset by Load1_Impl() - return Load1_Impl( rStream ); - - // New Format? - if ( pImp->nMajorVer > SFX_ITEMPOOL_VER_MAJOR ) + // Unknown Format + if (pImp->nMajorVer < 2 || pImp->nMajorVer > SFX_ITEMPOOL_VER_MAJOR) { rStream.SetError(SVSTREAM_FILEFORMAT_ERROR); pImp->bStreaming = false; @@ -709,277 +704,6 @@ sal_uInt16 SfxItemPool::GetSize_Impl() const return pImp->mnEnd - pImp->mnStart + 1; } - -SvStream &SfxItemPool::Load1_Impl(SvStream &rStream) -{ - // For the Master the Header has already been loaded in Load() - if ( !pImp->bStreaming ) - { - // Read the secondary's Header - CHECK_FILEFORMAT( rStream, SFX_ITEMPOOL_TAG_STARTPOOL_4 ); - rStream.ReadUChar( pImp->nMajorVer ).ReadUChar( pImp->nMinorVer ); - } - sal_uInt32 nAttribSize(0); - OUString aExternName; - if ( pImp->nMajorVer > 1 || pImp->nMinorVer >= 2 ) - rStream.ReadUInt16( pImp->nLoadingVersion ); - aExternName = readByteString(rStream); - bool bOwnPool = aExternName == pImp->aName; - pImp->bStreaming = true; - - //! As long as we cannot read foreign ones - if ( !bOwnPool ) - { - rStream.SetError(SVSTREAM_FILEFORMAT_ERROR); - pImp->bStreaming = false; - return rStream; - } - - // Versions up to 1.3 cannot read WhichMoves - if ( pImp->nMajorVer == 1 && pImp->nMinorVer <= 2 && - pImp->nVersion < pImp->nLoadingVersion ) - { - rStream.SetError(ERRCODE_IO_WRONGVERSION); - pImp->bStreaming = false; - return rStream; - } - - // SizeTable comes after the actual attributes - rStream.ReadUInt32( nAttribSize ); - - // Read SizeTable - sal_uLong nStartPos = rStream.Tell(); - rStream.SeekRel( nAttribSize ); - CHECK_FILEFORMAT( rStream, SFX_ITEMPOOL_TAG_SIZES ); - sal_uInt32 nSizeTableLen(0); - rStream.ReadUInt32( nSizeTableLen ); - boost::scoped_array<sal_Char> pBuf(new sal_Char[nSizeTableLen]); - rStream.Read( pBuf.get(), nSizeTableLen ); - sal_uLong nEndOfSizes = rStream.Tell(); - SvMemoryStream aSizeTable( pBuf.get(), nSizeTableLen, STREAM_READ ); - - // Starting with version 1.3 the SizeTable contains a versions map - if ( pImp->nMajorVer > 1 || pImp->nMinorVer >= 3 ) - { - // Find version map (last sal_uLong of the SizeTable determines position) - rStream.Seek( nEndOfSizes - sizeof(sal_uInt32) ); - sal_uInt32 nVersionMapPos(0); - rStream.ReadUInt32( nVersionMapPos ); - rStream.Seek( nVersionMapPos ); - - // Read version maps - CHECK_FILEFORMAT( rStream, SFX_ITEMPOOL_TAG_VERSIONMAP ); - sal_uInt16 nVerCount(0); - rStream.ReadUInt16( nVerCount ); - for ( sal_uInt16 nVerNo = 0; nVerNo < nVerCount; ++nVerNo ) - { - // Read Header for single versions - sal_uInt16 nVersion(0), nHStart(0), nHEnd(0); - rStream.ReadUInt16( nVersion ).ReadUInt16( nHStart ).ReadUInt16( nHEnd ); - sal_uInt16 nCount = nHEnd - nHStart + 1; - sal_uInt16 nBytes = (nCount)*sizeof(sal_uInt16); - - // Is new version known? - if ( nVerNo >= pImp->aVersions.size() ) - { - // Add new version - sal_uInt16 *pMap = new sal_uInt16[nCount]; - memset(pMap, 0, nCount * sizeof(sal_uInt16)); - for ( sal_uInt16 n = 0; n < nCount; ++n ) - rStream.ReadUInt16( pMap[n] ); - SetVersionMap( nVersion, nHStart, nHEnd, pMap ); - } - else - // Skip known versions - rStream.SeekRel( nBytes ); - } - } - - // Load Items - rStream.Seek( nStartPos ); - CHECK_FILEFORMAT( rStream, SFX_ITEMPOOL_TAG_ITEMS ); - bool bSecondaryLoaded = false; - long nSecondaryEnd = 0; - sal_uInt16 nWhich(0), nSlot(0); - while ( rStream.ReadUInt16( nWhich ), nWhich ) - { - // Move WhichId from old version? - if ( pImp->nLoadingVersion != pImp->nVersion ) - nWhich = GetNewWhich( nWhich ); - - rStream.ReadUInt16( nSlot ); - - sal_uInt16 nRef(0), nCount(0), nVersion(0); - sal_uInt32 nAttrSize(0); - rStream.ReadUInt16( nVersion ).ReadUInt16( nCount ); - - //!SFX_ASSERTWARNING( !nSlot || !HasMap() || - //! ( nSlot == GetSlotId( nWhich, sal_False ) ) || - //! !GetSlotId( nWhich, sal_False ), - //! nWhich, "Slot/Which mismatch" ); - - sal_uInt16 nIndex = GetIndex_Impl(nWhich); - std::vector<SfxPoolItemArray_Impl*>::iterator ppArr = pImp->maPoolItems.begin(); - std::advance(ppArr, nIndex); - SfxPoolItemArray_Impl *pNewArr = new SfxPoolItemArray_Impl(); - SfxPoolItem *pDefItem = *(pImp->ppStaticDefaults + nIndex); - - // Remember position of first Item - sal_uLong nLastPos = rStream.Tell(); - - // SfxSetItems could contain Items from secondary Pool - if ( !bSecondaryLoaded && pImp->mpSecondary && pDefItem->ISA(SfxSetItem) ) - { - // Seek to end of own Pool - rStream.Seek(nEndOfSizes); - CHECK_FILEFORMAT_RELEASE( rStream, SFX_ITEMPOOL_TAG_ENDPOOL, pNewArr ); - CHECK_FILEFORMAT_RELEASE( rStream, SFX_ITEMPOOL_TAG_ENDPOOL, pNewArr ); - - // Read secondary Pool - pImp->mpSecondary->Load1_Impl( rStream ); - bSecondaryLoaded = true; - nSecondaryEnd = rStream.Tell(); - - // Back to our own Items - rStream.Seek(nLastPos); - } - - // Read Items - for ( sal_uInt16 j = 0; j < nCount; ++j ) - { - sal_uLong nPos = nLastPos; - rStream.ReadUInt16( nRef ); - - SfxPoolItem *pItem = 0; - if ( nRef ) - { - pItem = pDefItem->Create(rStream, nVersion); - - if ( !pImp->mbPersistentRefCounts ) - // Hold onto them until SfxItemPool::LoadCompleted() - AddRef(*pItem, 1); - else - { - if ( nRef > SFX_ITEMS_OLD_MAXREF ) - pItem->SetKind( convertUInt16ToSfxItemKind(nRef) ); - else - AddRef(*pItem, nRef); - } - } - //pNewArr->insert( pItem, j ); - pNewArr->push_back( (SfxPoolItem*) pItem ); - - // Skip the rest of the saved length (newer format) - nLastPos = rStream.Tell(); - - aSizeTable.ReadUInt32( nAttrSize ); - SFX_ASSERT( ( nPos + nAttrSize) >= nLastPos, - nPos, - "too many bytes read - version mismatch?" ); - - if (nLastPos < (nPos + nAttrSize)) - { - nLastPos = nPos + nAttrSize; - rStream.Seek( nLastPos ); - } - } - - SfxPoolItemArray_Impl *pOldArr = *ppArr; - *ppArr = pNewArr; - - // Remember Items already in the Pool - bool bEmpty = true; - if ( 0 != pOldArr ) - for ( size_t n = 0; bEmpty && n < pOldArr->size(); ++n ) - bEmpty = pOldArr->operator[](n) == 0; - DBG_ASSERTWARNING( bEmpty, "loading non-empty pool" ); - if ( !bEmpty ) - { - // Find out for all old ones, whether there's a same new one - for ( size_t nOld = 0; nOld < pOldArr->size(); ++nOld ) - { - SfxPoolItem *pOldItem = (*pOldArr)[nOld]; - if ( pOldItem ) - { - bool bFound = false; - for ( size_t nNew = 0; - nNew < (*ppArr)->size(); ++nNew ) - { - SfxPoolItem *&rpNewItem = - (SfxPoolItem*&)(*ppArr)->operator[](nNew); - - if ( rpNewItem && *rpNewItem == *pOldItem ) - { - AddRef( *pOldItem, rpNewItem->GetRefCount() ); - SetRefCount( *rpNewItem, 0 ); - delete rpNewItem; - rpNewItem = pOldItem; - bFound = true; - SAL_INFO("svl", "reusing item" << pOldItem); - break; - } - } - SAL_INFO_IF( - !bFound, "svl", "item not found: " << pOldItem); - } - } - } - delete pOldArr; - } - - // Read Pool defaults - if ( pImp->nMajorVer > 1 || pImp->nMinorVer > 0 ) - CHECK_FILEFORMAT( rStream, SFX_ITEMPOOL_TAG_DEFAULTS ); - - sal_uLong nLastPos = rStream.Tell(); - while ( rStream.ReadUInt16( nWhich ), nWhich ) - { - // Move WhichId from old version? - if ( pImp->nLoadingVersion != pImp->nVersion ) - nWhich = GetNewWhich( nWhich ); - - rStream.ReadUInt16( nSlot ); - - sal_uLong nPos = nLastPos; - sal_uInt32 nSize(0); - sal_uInt16 nVersion(0); - rStream.ReadUInt16( nVersion ); - - SfxPoolItem *pItem = - ( *( pImp->ppStaticDefaults + GetIndex_Impl(nWhich) ) ) - ->Create( rStream, nVersion ); - pItem->SetKind( SFX_ITEMS_POOLDEFAULT ); - *( pImp->ppPoolDefaults + GetIndex_Impl(nWhich) ) = pItem; - - nLastPos = rStream.Tell(); - aSizeTable.ReadUInt32( nSize ); - SFX_ASSERT( ( nPos + nSize) >= nLastPos, nPos, - "too many bytes read - version mismatch?" ); - if ( nLastPos < (nPos + nSize) ) - rStream.Seek( nPos + nSize ); - } - - pBuf.reset(); - rStream.Seek(nEndOfSizes); - CHECK_FILEFORMAT( rStream, SFX_ITEMPOOL_TAG_ENDPOOL ); - CHECK_FILEFORMAT( rStream, SFX_ITEMPOOL_TAG_ENDPOOL ); - - if ( pImp->mpSecondary ) - { - if ( !bSecondaryLoaded ) - pImp->mpSecondary->Load1_Impl( rStream ); - else - rStream.Seek( nSecondaryEnd ); - } - - if ( aExternName != pImp->aName ) - pImp->aName = OUString(); - - pImp->bStreaming = false; - return rStream; -} - - /** * Loads surrogate from 'rStream' and returns the corresponding SfxPoolItem * from the rRefPool. commit 6cec5d9725375bc2254e44324610e6f44f1f5143 Author: Caolán McNamara <[email protected]> Date: Wed Nov 12 15:49:04 2014 +0000 coverity#1213365 Untrusted value as argument Change-Id: Ic03462f315296cf058600155c54d53f0d712df93 diff --git a/vcl/source/fontsubset/sft.cxx b/vcl/source/fontsubset/sft.cxx index 3966c8d..6f4957e 100644 --- a/vcl/source/fontsubset/sft.cxx +++ b/vcl/source/fontsubset/sft.cxx @@ -1341,6 +1341,7 @@ static void FindCmap(TrueTypeFont *ttf) static void GetKern(TrueTypeFont *ttf) { const sal_uInt8* table = getTable(ttf, O_kern); + int nTableSize = getTableSize(ttf, O_kern); const sal_uInt8 *ptr; if( !table ) @@ -1348,10 +1349,23 @@ static void GetKern(TrueTypeFont *ttf) if (GetUInt16(table, 0, 1) == 0) { /* Traditional Microsoft style table with sal_uInt16 version and nTables fields */ ttf->nkern = GetUInt16(table, 2, 1); - ttf->kerntables = (const sal_uInt8**)calloc(ttf->nkern, sizeof(sal_uInt8 *)); - assert(ttf->kerntables != 0); ttf->kerntype = KT_MICROSOFT; ptr = table + 4; + + const sal_uInt32 remaining_table_size = nTableSize-4; + const sal_uInt32 nMinRecordSize = 2; + const sal_uInt32 nMaxRecords = remaining_table_size / nMinRecordSize; + if (ttf->nkern > nMaxRecords) + { + SAL_WARN("vcl.fonts", "Parsing error in " << OUString::createFromAscii(ttf->fname) << + ": " << nMaxRecords << " max possible entries, but " << + ttf->nkern << " claimed, truncating"); + ttf->nkern = nMaxRecords; + } + + ttf->kerntables = (const sal_uInt8**)calloc(ttf->nkern, sizeof(sal_uInt8 *)); + assert(ttf->kerntables != 0); + for( unsigned i = 0; i < ttf->nkern; ++i) { ttf->kerntables[i] = ptr; ptr += GetUInt16(ptr, 2, 1); @@ -1367,10 +1381,23 @@ static void GetKern(TrueTypeFont *ttf) if (GetUInt32(table, 0, 1) == 0x00010000) { /* MacOS style kern tables: fixed32 version and sal_uInt32 nTables fields */ ttf->nkern = GetUInt32(table, 4, 1); - ttf->kerntables = (const sal_uInt8**)calloc(ttf->nkern, sizeof(sal_uInt8 *)); - assert(ttf->kerntables != 0); ttf->kerntype = KT_APPLE_NEW; ptr = table + 8; + + const sal_uInt32 remaining_table_size = nTableSize-8; + const sal_uInt32 nMinRecordSize = 4; + const sal_uInt32 nMaxRecords = remaining_table_size / nMinRecordSize; + if (ttf->nkern > nMaxRecords) + { + SAL_WARN("vcl.fonts", "Parsing error in " << OUString::createFromAscii(ttf->fname) << + ": " << nMaxRecords << " max possible entries, but " << + ttf->nkern << " claimed, truncating"); + ttf->nkern = nMaxRecords; + } + + ttf->kerntables = (const sal_uInt8**)calloc(ttf->nkern, sizeof(sal_uInt8 *)); + assert(ttf->kerntables != 0); + for( unsigned i = 0; i < ttf->nkern; ++i) { ttf->kerntables[i] = ptr; ptr += GetUInt32(ptr, 0, 1); commit 703beb33b1a71a36e2b0381aa015c683323d8835 Author: Caolán McNamara <[email protected]> Date: Wed Nov 12 15:41:51 2014 +0000 coverity#1213370 Untrusted value as argument Change-Id: I89e29dd0382c60b0aeadc9f664e8c2784e216f2f diff --git a/vcl/source/fontsubset/sft.cxx b/vcl/source/fontsubset/sft.cxx index 9ee4988..3966c8d 100644 --- a/vcl/source/fontsubset/sft.cxx +++ b/vcl/source/fontsubset/sft.cxx @@ -2648,6 +2648,17 @@ int GetTTNameRecords(TrueTypeFont *ttf, NameRecord **nr) *nr = 0; if (n == 0) return 0; + const sal_uInt32 remaining_table_size = nTableSize-6; + const sal_uInt32 nMinRecordSize = 12; + const sal_uInt32 nMaxRecords = remaining_table_size / nMinRecordSize; + if (n > nMaxRecords) + { + SAL_WARN("vcl.fonts", "Parsing error in " << OUString::createFromAscii(ttf->fname) << + ": " << nMaxRecords << " max possible entries, but " << + n << " claimed, truncating"); + n = nMaxRecords; + } + NameRecord* rec = (NameRecord*)calloc(n, sizeof(NameRecord)); for (i = 0; i < n; i++) { commit 0a7b110d9ed617c9a8be15736709fe54ce18038d Author: Caolán McNamara <[email protected]> Date: Wed Nov 12 15:09:36 2014 +0000 coverity#1242813 Unused value and coverity#1242867 Unused value Change-Id: I8ad069a5a84b97e956cafcd925fd733fb5ed9b2e diff --git a/store/source/storpage.cxx b/store/source/storpage.cxx index b97a945..5599eef 100644 --- a/store/source/storpage.cxx +++ b/store/source/storpage.cxx @@ -919,13 +919,13 @@ storeError OStorePageManager::rebuild ( continue; // Write 'Destination' data page. @@@ READONLY @@@ - eErrCode = aDstPage.write (i, aData, *this); + (void) aDstPage.write (i, aData, *this); } } // Update 'Destination' directory page. aDstPage.dataLength (nDataLen); - eErrCode = base::saveObjectAt (aDstPage, aDstPage.location()); + (void) base::saveObjectAt (aDstPage, aDstPage.location()); } // Save directory scan results. commit 22681a96efc8c34b623679f59899ba76b2cd580e Author: Caolán McNamara <[email protected]> Date: Wed Nov 12 15:04:44 2014 +0000 coverity#1242892 Untrusted value as argument Change-Id: I6a384b0cf8a08883a0bfab8fd62a2e6badeb09cd diff --git a/sc/source/filter/excel/xistream.cxx b/sc/source/filter/excel/xistream.cxx index ceaf16a..08b912b 100644 --- a/sc/source/filter/excel/xistream.cxx +++ b/sc/source/filter/excel/xistream.cxx @@ -986,6 +986,7 @@ void XclImpStream::IgnoreUniString( sal_uInt16 nChars ) OUString XclImpStream::ReadRawByteString( sal_uInt16 nChars ) { + nChars = GetMaxRawReadSize(nChars); boost::scoped_array<sal_Char> pcBuffer(new sal_Char[ nChars + 1 ]); sal_uInt16 nCharsRead = ReadRawData( pcBuffer.get(), nChars ); pcBuffer[ nCharsRead ] = '\0'; commit c4f821f17cb8c970d1d8abd86a1f780250d96734 Author: Caolán McNamara <[email protected]> Date: Wed Nov 12 14:39:40 2014 +0000 coverity#735657 Division or modulo by float zero or maybe this is closed to the original intent Change-Id: I0df98616de0b7612acc35e406d34ef9d56c8585c diff --git a/sw/source/core/layout/layact.cxx b/sw/source/core/layout/layact.cxx index f664f70..64428e1 100644 --- a/sw/source/core/layout/layact.cxx +++ b/sw/source/core/layout/layact.cxx @@ -474,8 +474,7 @@ void SwLayAction::InternalAction() sal_uInt16 nPercentPageNum = 0; while ( (pPage && !IsInterrupt()) || nCheckPageNum != USHRT_MAX ) { - if ( !pPage && nCheckPageNum != USHRT_MAX && - (!pPage || pPage->GetPhyPageNum() >= nCheckPageNum) ) + if (!pPage || (nCheckPageNum != USHRT_MAX && pPage->GetPhyPageNum() >= nCheckPageNum)) { if ( !pPage || pPage->GetPhyPageNum() > nCheckPageNum ) { commit c75d632c85ddf18d51b98894a424e178a77dd2d3 Author: Caolán McNamara <[email protected]> Date: Wed Nov 12 13:42:57 2014 +0000 coverity#735657 Division or modulo by float zero Change-Id: I001cc2b0c8866956d9fffb67f3a30306f9b02e63 diff --git a/vcl/source/gdi/bitmap4.cxx b/vcl/source/gdi/bitmap4.cxx index 26239bd..9236308 100644 --- a/vcl/source/gdi/bitmap4.cxx +++ b/vcl/source/gdi/bitmap4.cxx @@ -787,11 +787,19 @@ bool Bitmap::ImplMosaic( const BmpFilterParam* pFilterParam, const Link* /*pProg pWriteAcc = pNewBmp->AcquireWriteAccess(); } - if( pReadAcc && pWriteAcc ) + bool bConditionsMet = false; + long nWidth; + long nHeight; + if (pReadAcc && pWriteAcc) + { + nWidth = pReadAcc->Width(); + nHeight = pReadAcc->Height(); + bConditionsMet = (nWidth > 0 && nHeight > 0); + } + + if (bConditionsMet) { BitmapColor aCol; - long nWidth = pReadAcc->Width(); - long nHeight = pReadAcc->Height(); long nX, nY, nX1, nX2, nY1, nY2, nSumR, nSumG, nSumB; double fArea_1;
_______________________________________________ Libreoffice-commits mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
