summaryrefslogtreecommitdiff
path: root/comphelper
diff options
context:
space:
mode:
authorCaolán McNamara <caolanm@redhat.com>2016-10-14 09:11:38 +0100
committerCaolán McNamara <caolanm@redhat.com>2016-10-14 09:13:19 +0100
commit482f6261791c5467918213f63d198e19c0e7720d (patch)
treee73a8a2db64566a77d955b7e6531cb401aa85800 /comphelper
parent04e544dd51d9a0d3a1d19c42e1ec5dc63f7284cb (diff)
coverity#1373663 consider backupfilehelper byte twiddling as untainted
Change-Id: I13f7c3df20b3c9f81a9519b4bb84f556a8f4db7e
Diffstat (limited to 'comphelper')
-rw-r--r--comphelper/source/misc/backupfilehelper.cxx9
1 files changed, 8 insertions, 1 deletions
diff --git a/comphelper/source/misc/backupfilehelper.cxx b/comphelper/source/misc/backupfilehelper.cxx
index d5468f4cdce5..518a5e954b00 100644
--- a/comphelper/source/misc/backupfilehelper.cxx
+++ b/comphelper/source/misc/backupfilehelper.cxx
@@ -104,7 +104,14 @@ namespace
// read rTarget
if (osl::File::E_None == rFile->read(static_cast<void*>(aArray), 4, nBaseRead) && 4 == nBaseRead)
{
- rTarget = (sal_uInt32(aArray[0]) << 24) + (sal_uInt32(aArray[1]) << 16) + (sal_uInt32(aArray[2]) << 8) + sal_uInt32(aArray[3]);
+ //This is untainted data which comes from a controlled source
+ //so, using a byte-swapping pattern which coverity doesn't
+ //detect as such
+ //http://security.coverity.com/blog/2014/Apr/on-detecting-heartbleed-with-static-analysis.html
+ rTarget = aArray[0]; rTarget <<= 8;
+ rTarget |= aArray[1]; rTarget <<= 8;
+ rTarget |= aArray[2]; rTarget <<= 8;
+ rTarget |= aArray[3];
return true;
}