summaryrefslogtreecommitdiff
path: root/connectivity
diff options
context:
space:
mode:
authorCaolán McNamara <caolanm@redhat.com>2014-08-08 15:55:02 +0100
committerCaolán McNamara <caolanm@redhat.com>2014-08-09 13:35:48 +0100
commita9201a4dfe54d920ff6272aae949eefb7888dc20 (patch)
treebe0bb6966c8e31d0c56e9ea43d91d58be27d7c8e /connectivity
parent1b7d2016f3227afafb31c3ff3fadab68247440f4 (diff)
Conditional jump or move depends on uninitialised value(s)
at 0x2DC948DF: connectivity::dbase::ODbaseTable::fillColumns() (DTable.cxx:330) ... by 0x2C57E3B3: ScDocShell::DBaseImport(rtl::OUString const&, unsigned short, ScColWidthParam*, ScFlatBoolRowSegments&) (docsh8.cxx:345) bff + valgrind: sf_52f907dbea3069ba59ef1e183a0f4160-430.pcx fuzz a pcx long enough and it turns into a dbase file Change-Id: Idf1622d6b55ae2cca381f263333d0ab0b6a469b2
Diffstat (limited to 'connectivity')
-rw-r--r--connectivity/source/drivers/dbase/DTable.cxx20
1 files changed, 16 insertions, 4 deletions
diff --git a/connectivity/source/drivers/dbase/DTable.cxx b/connectivity/source/drivers/dbase/DTable.cxx
index 5d04f13117e1..b205958da3bc 100644
--- a/connectivity/source/drivers/dbase/DTable.cxx
+++ b/connectivity/source/drivers/dbase/DTable.cxx
@@ -322,13 +322,20 @@ void ODbaseTable::fillColumns()
for (; i < nFieldCount; i++)
{
DBFColumn aDBFColumn;
- m_pFileStream->Read((char*)&aDBFColumn, sizeof(aDBFColumn));
+ sal_Size nRead = m_pFileStream->Read(&aDBFColumn, sizeof(aDBFColumn));
+ if (nRead != sizeof(aDBFColumn))
+ {
+ SAL_WARN("connectivity.drivers", "ODbaseTable::fillColumns: short read!");
+ break;
+ }
if ( FIELD_DESCRIPTOR_TERMINATOR == aDBFColumn.db_fnm[0] ) // 0x0D stored as the Field Descriptor terminator.
break;
- bool bIsRowVersion = bFoxPro && ( aDBFColumn.db_frei2[0] & 0x01 ) == 0x01;
+ aDBFColumn.db_fnm[sizeof(aDBFColumn.db_fnm)-1] = 0; //ensure null termination for broken input
const OUString aColumnName((const char *)aDBFColumn.db_fnm, strlen((const char *)aDBFColumn.db_fnm), m_eEncoding);
+ bool bIsRowVersion = bFoxPro && ( aDBFColumn.db_frei2[0] & 0x01 ) == 0x01;
+
m_aRealFieldLengths.push_back(aDBFColumn.db_flng);
sal_Int32 nPrecision = aDBFColumn.db_flng;
sal_Int32 eType;
@@ -2605,7 +2612,12 @@ bool ODbaseTable::seekRow(IResultSetHelper::Movement eCursorPosition, sal_Int32
if (m_pFileStream->GetError() != ERRCODE_NONE)
goto Error;
- m_pFileStream->Read((char*)m_pBuffer, nEntryLen);
+ sal_Size nRead = m_pFileStream->Read((char*)m_pBuffer, nEntryLen);
+ if (nRead != nEntryLen)
+ {
+ SAL_WARN("connectivity.drivers", "ODbaseTable::seekRow: short read!");
+ goto Error;
+ }
if (m_pFileStream->GetError() != ERRCODE_NONE)
goto Error;
}
@@ -2728,7 +2740,7 @@ void ODbaseTable::AllocBuffer()
if (m_pBuffer == NULL && nSize > 0)
{
m_nBufferSize = nSize;
- m_pBuffer = new sal_uInt8[m_nBufferSize+1];
+ m_pBuffer = new sal_uInt8[m_nBufferSize+1];
}
}