coverity#1209861 untaint image data

Change-Id: Icc3fd75533a6173f1cb051f3cd7a47d63e523652

1 files changed, 16 insertions, 6 deletions

diff --git a/vcl/unx/generic/dtrans/bmp.cxx b/vcl/unx/generic/dtrans/bmp.cxx
index 9109f45cc567..130c7f2b3ba7 100644
--- a/vcl/unx/generic/dtrans/bmp.cxx
+++ b/vcl/unx/generic/dtrans/bmp.cxx
@@ -54,16 +54,26 @@ inline void writeLE( sal_uInt32 nNumber, sal_uInt8* pBuffer )
 
 inline sal_uInt16 readLE16( const sal_uInt8* pBuffer )
 {
-    return (((sal_uInt16)pBuffer[1]) << 8 ) | pBuffer[0];
+    //This is untainted data which comes from a controlled source
+    //so, using a byte-swapping pattern which coverity doesn't
+    //detect as such
+    //http://security.coverity.com/blog/2014/Apr/on-detecting-heartbleed-with-static-analysis.html
+    sal_uInt16 v = pBuffer[1]; v <<= 8;
+    v |= pBuffer[0];
+    return v;
 }
 
 inline sal_uInt32 readLE32( const sal_uInt8* pBuffer )
 {
-    return
-        (((sal_uInt32)pBuffer[3]) << 24 ) |
-        (((sal_uInt32)pBuffer[2]) << 16 ) |
-        (((sal_uInt32)pBuffer[1]) <<  8 ) |
-        pBuffer[0];
+    //This is untainted data which comes from a controlled source
+    //so, using a byte-swapping pattern which coverity doesn't
+    //detect as such
+    //http://security.coverity.com/blog/2014/Apr/on-detecting-heartbleed-with-static-analysis.html
+    sal_uInt32 v = pBuffer[3]; v <<= 8;
+    v |= pBuffer[2]; v <<= 8;
+    v |= pBuffer[1]; v <<= 8;
+    v |= pBuffer[0];
+    return v;
 }
 
 /*