sal/rtl/ustring.cxx | 9 +++++---- sc/source/filter/starcalc/scflt.cxx | 36 ++++++++++++++++++++---------------- vcl/source/gdi/jobset.cxx | 4 ++-- 3 files changed, 27 insertions(+), 22 deletions(-)
New commits: commit 5e62dc99bfa59654166609fa57141e4303c734e3 Author: Caolán McNamara <[email protected]> Date: Thu Feb 12 11:41:49 2015 +0000 coverity#1268298 mark up code Change-Id: I6e48e2593f93efd71e84a076a99457c3daf7d9e0 diff --git a/sal/rtl/ustring.cxx b/sal/rtl/ustring.cxx index 90e5ba1..cc99812 100644 --- a/sal/rtl/ustring.cxx +++ b/sal/rtl/ustring.cxx @@ -569,11 +569,12 @@ void SAL_CALL rtl_uString_newFromCodePoints( ++n; } } - /* coverity[dead_error_condition] - Builds on the assumption that sal_Int32 - uses 32 bit two's complement representation with wrap around (the - necessary number of UTF-16 code units will be no larger than 2 * - SAL_MAX_INT32, represented as sal_Int32 -2): */ + /* Builds on the assumption that sal_Int32 uses 32 bit two's complement + representation with wrap around (the necessary number of UTF-16 code + units will be no larger than 2 * SAL_MAX_INT32, represented as + sal_Int32 -2): */ if (n < 0) { + // coverity[dead_error_begin] - assumes wrap around *newString = NULL; return; } commit 5b59724d081e429f13bec8b4aee4d6da01c657af Author: Caolán McNamara <[email protected]> Date: Thu Feb 12 11:38:29 2015 +0000 coverity#1266485 Untrusted value as argument Change-Id: I235a65f5521de1b90c8af3dc64b09eb2726d00ae diff --git a/vcl/source/gdi/jobset.cxx b/vcl/source/gdi/jobset.cxx index 8066718..6e46fc0 100644 --- a/vcl/source/gdi/jobset.cxx +++ b/vcl/source/gdi/jobset.cxx @@ -234,7 +234,7 @@ SvStream& ReadJobSetup( SvStream& rIStream, JobSetup& rJobSetup ) " max possible entries, but " << nRead << " claimed, truncating"); return rIStream; } - boost::scoped_array<char> pTempBuf(new char[nLen]); + boost::scoped_array<char> pTempBuf(new char[nRead]); rIStream.Read(pTempBuf.get(), nRead); if ( nLen >= sizeof(ImplOldJobSetupData)+4 ) { @@ -261,7 +261,7 @@ SvStream& ReadJobSetup( SvStream& rIStream, JobSetup& rJobSetup ) nSystem == JOBSET_FILE605_SYSTEM ) { Impl364JobSetupData* pOldJobData = reinterpret_cast<Impl364JobSetupData*>(pTempBuf.get() + sizeof( ImplOldJobSetupData )); - sal_uInt16 nOldJobDataSize = SVBT16ToShort( pOldJobData->nSize ); + sal_uInt16 nOldJobDataSize = SVBT16ToShort( pOldJobData->nSize ); pJobData->mnSystem = SVBT16ToShort( pOldJobData->nSystem ); pJobData->mnDriverDataLen = SVBT32ToUInt32( pOldJobData->nDriverDataLen ); pJobData->meOrientation = (Orientation)SVBT16ToShort( pOldJobData->nOrientation ); commit d889f83a75cddd18839a0bc2ecfde5c00f6ca603 Author: Caolán McNamara <[email protected]> Date: Thu Feb 12 11:30:59 2015 +0000 coverity#1242895 Untrusted loop bound Change-Id: I73b8d2c6f9ef81c246b541aa34c4b61109964440 diff --git a/sc/source/filter/starcalc/scflt.cxx b/sc/source/filter/starcalc/scflt.cxx index c2c1dab..8c29094 100644 --- a/sc/source/filter/starcalc/scflt.cxx +++ b/sc/source/filter/starcalc/scflt.cxx @@ -1355,6 +1355,22 @@ void Sc10Import::LoadDataBaseCollection() } } +namespace +{ + sal_uInt16 SanitizeDataCount(sal_uInt16 nDataCount, SvStream &rStream) + { + const size_t nMinRecordSize = sizeof(sal_uInt16)*2; + const size_t nMaxRecords = rStream.remainingSize() / nMinRecordSize; + if (nDataCount > nMaxRecords) + { + SAL_WARN("sc", "Parsing error: " << nMaxRecords << + " max possible entries, but " << nDataCount << " claimed, truncating"); + nDataCount = nMaxRecords; + } + return nDataCount; + } +} + void Sc10Import::LoadTables() { Sc10PageCollection aPageCollection; @@ -1456,13 +1472,7 @@ void Sc10Import::LoadTables() return; } rStream.ReadUInt16( DataCount ); - const sal_Size nMaxPossibleRecords = rStream.remainingSize() / (sizeof(sal_uInt16)*2); - if (DataCount > nMaxPossibleRecords) - { - SAL_WARN("sc", "Parsing error: " << nMaxPossibleRecords << - " max possible pairs, but " << DataCount << " claimed, truncating"); - DataCount = nMaxPossibleRecords; - } + DataCount = SanitizeDataCount(DataCount, rStream); DataStart = 0; for (i=0; i < DataCount; i++) { @@ -1485,6 +1495,7 @@ void Sc10Import::LoadTables() } rStream.ReadUInt16( DataCount ); + DataCount = SanitizeDataCount(DataCount, rStream); DataStart = 0; for (i=0; i < DataCount; i++) { @@ -1515,6 +1526,7 @@ void Sc10Import::LoadTables() } rStream.ReadUInt16( DataCount ); + DataCount = SanitizeDataCount(DataCount, rStream); DataStart = 0; for (i=0; i < DataCount; i++) { @@ -1535,15 +1547,7 @@ void Sc10Import::LoadTables() } rStream.ReadUInt16(DataCount); - const size_t nMinRecordSize = sizeof(sal_uInt16)*2; - const size_t nMaxRecords = rStream.remainingSize() / nMinRecordSize; - if (DataCount > nMaxRecords) - { - SAL_WARN("sc", "Parsing error: " << nMaxRecords << - " max possible entries, but " << DataCount << " claimed, truncating"); - DataCount = nMaxRecords; - } - + DataCount = SanitizeDataCount(DataCount, rStream); DataStart = 0; for (i=0; i < DataCount; i++) {
_______________________________________________ Libreoffice-commits mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
