check len before memcpying into it

valgrind + bff on sf_3e0068c9b19bb548826bed0599f65745-CrdWMI-minimized.gif Change-Id: I74cc21609f1c97a27e13615593f678cbbc8463e3
author: Caolán McNamara <caolanm@redhat.com> 2014-08-18 12:07:27 +0100
committer: Caolán McNamara <caolanm@redhat.com> 2014-08-18 12:59:48 +0100
commit: d4e64d030092984077021a9af9d281cd64c476bf (patch)
tree: deda3d99f4e5a576949d79aa673b6912cd2e40c9
parent: 21470afc81cd7d4c0bd165ff2877ae69f1bfc89a (diff)
1 files changed, 15 insertions, 0 deletions
diff --git a/connectivity/source/drivers/dbase/DTable.cxx b/connectivity/source/drivers/dbase/DTable.cxx
index b205958da3bc..a9f74b9494e9 100644
--- a/connectivity/source/drivers/dbase/DTable.cxx
+++ b/connectivity/source/drivers/dbase/DTable.cxx
@@ -806,6 +806,7 @@ bool ODbaseTable::fetchRow(OValueRefRow& _rRow, const OSQLColumns & _rCols, bool
             (*aIter)->getPropertyValue(OMetaConnection::getPropMap().getNameByIndex(PROPERTY_ID_PRECISION)) >>= nLen;
             (*aIter)->getPropertyValue(OMetaConnection::getPropMap().getNameByIndex(PROPERTY_ID_TYPE))      >>= nType;
         }
+
         switch(nType)
         {
             case DataType::INTEGER:
@@ -882,6 +883,8 @@ bool ODbaseTable::fetchRow(OValueRefRow& _rRow, const OSQLColumns & _rCols, bool
         else if ( DataType::INTEGER == nType )
         {
             sal_Int32 nValue = 0;
+            if (static_cast<size_t>(nLen) > sizeof(nValue))
+                return false;
             memcpy(&nValue, pData, nLen);
             *(_rRow->get())[i] = nValue;
         }
@@ -891,6 +894,8 @@ bool ODbaseTable::fetchRow(OValueRefRow& _rRow, const OSQLColumns & _rCols, bool
             if (getBOOL((*aIter)->getPropertyValue(OMetaConnection::getPropMap().getNameByIndex(PROPERTY_ID_ISCURRENCY)))) // Currency is treated separately
             {
                 sal_Int64 nValue = 0;
+                if (static_cast<size_t>(nLen) > sizeof(nValue))
+                    return false;
                 memcpy(&nValue, pData, nLen);
 
                 if ( m_aScales[i-1] )
@@ -900,6 +905,8 @@ bool ODbaseTable::fetchRow(OValueRefRow& _rRow, const OSQLColumns & _rCols, bool
             }
             else
             {
+                if (static_cast<size_t>(nLen) > sizeof(d))
+                    return false;
                 memcpy(&d, pData, nLen);
             }
 
@@ -1873,6 +1880,8 @@ bool ODbaseTable::UpdateBuffer(OValueRefVector& rRow, OValueRefRow pOrgRow, cons
                 case DataType::INTEGER:
                     {
                         sal_Int32 nValue = thisColVal;
+                        if (static_cast<size_t>(nLen) > sizeof(nValue))
+                            return false;
                         memcpy(pData,&nValue,nLen);
                     }
                     break;
@@ -1888,10 +1897,16 @@ bool ODbaseTable::UpdateBuffer(OValueRefVector& rRow, OValueRefRow pOrgRow, cons
                                 nValue = (sal_Int64)(d * pow(10.0,(int)m_aScales[i]));
                             else
                                 nValue = (sal_Int64)(d);
+                            if (static_cast<size_t>(nLen) > sizeof(nValue))
+                                return false;
                             memcpy(pData,&nValue,nLen);
                         } // if (getBOOL(xCol->getPropertyValue(OMetaConnection::getPropMap().getNameByIndex(PROPERTY_ID_ISCURRENCY)))) // Currency is treated separately
                         else
+                        {
+                            if (static_cast<size_t>(nLen) > sizeof(d))
+                                return false;
                             memcpy(pData,&d,nLen);
+                        }
                     }
                     break;
                 case DataType::DECIMAL:
author	Caolán McNamara <caolanm@redhat.com>	2014-08-18 12:07:27 +0100
committer	Caolán McNamara <caolanm@redhat.com>	2014-08-18 12:59:48 +0100
commit	d4e64d030092984077021a9af9d281cd64c476bf (patch)
tree	deda3d99f4e5a576949d79aa673b6912cd2e40c9
parent	21470afc81cd7d4c0bd165ff2877ae69f1bfc89a (diff)