unoidl/source/unoidlprovider.cxx | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-)
New commits: commit a177c4c77236617fcdb34c89ea2746614a232051 Author: Stephan Bergmann <[email protected]> Date: Tue Nov 18 16:33:28 2014 +0100 Avoid overflow Change-Id: Ia80682aeb87225b9bde7398186e121b1d3bdc2ad diff --git a/unoidl/source/unoidlprovider.cxx b/unoidl/source/unoidlprovider.cxx index deda03a..aef380d 100644 --- a/unoidl/source/unoidlprovider.cxx +++ b/unoidl/source/unoidlprovider.cxx @@ -630,7 +630,9 @@ rtl::Reference< Entity > readEntity( throw FileFormatException( file->uri, "UNOIDL format: too many items in module"); } - if (offset + 5 + 8 * n > file->size) { //TODO: overflow + if (sal_uInt64(offset) + 5 + 8 * sal_uInt64(n) > file->size) + // cannot overflow + { throw FileFormatException( file->uri, "UNOIDL format: module map offset + size too large"); @@ -954,7 +956,9 @@ rtl::Reference< Entity > readEntity( file->uri, "UNOIDL format: too many constants in constant group"); } - if (offset + 5 + 8 * n > file->size) { //TODO: overflow + if (sal_uInt64(offset) + 5 + 8 * sal_uInt64(n) > file->size) + // cannot overflow + { throw FileFormatException( file->uri, ("UNOIDL format: constant group map offset + size too" @@ -1237,7 +1241,9 @@ rtl::Reference< Entity > UnoidlProvider::findEntity(OUString const & name) const } } mapSize = file_->read32(off + 1); - if (8 * mapSize > file_->size - off - 5) { //TODO: overflow + if (sal_uInt64(off) + 5 + 8 * sal_uInt64(mapSize) > file_->size) + // cannot overflow + { throw FileFormatException( file_->uri, "UNOIDL format: map offset + size too large"); } _______________________________________________ Libreoffice-commits mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
