diff options
author | Stephan Bergmann <sbergman@redhat.com> | 2020-01-27 09:30:39 +0100 |
---|---|---|
committer | Stephan Bergmann <sbergman@redhat.com> | 2020-01-28 07:42:15 +0100 |
commit | aef7feb3e695ecf6d411f0777196dcc4281e201a (patch) | |
tree | 6adff7e08e6431ff87c575d026e330badb9a6cd3 /filter | |
parent | 65f007c629e5a7b2710e21e3f26164b433576e27 (diff) |
New loplugin:unsignedcompare
"Find explicit casts from signed to unsigned integer in comparison against
unsigned integer, where the cast is presumably used to avoid warnings about
signed vs. unsigned comparisons, and could thus be replaced with
o3tl::make_unsigned for clairty." (compilerplugins/clang/unsignedcompare.cxx)
o3tl::make_unsigned requires its argument to be non-negative, and there is a
chance that some original code like
static_cast<sal_uInt32>(n) >= c
used the explicit cast to actually force a (potentially negative) value of
sal_Int32 to be interpreted as an unsigned sal_uInt32, rather than using the
cast to avoid a false "signed vs. unsigned comparison" warning in a case where
n is known to be non-negative. It appears that restricting this plugin to non-
equality comparisons (<, >, <=, >=) and excluding equality comparisons (==, !=)
is a useful heuristic to avoid such false positives. The only remainging false
positive I found was 0288c8ffecff4956a52b9147d441979941e8b87f "Rephrase cast
from sal_Int32 to sal_uInt32".
But which of course does not mean that there were no further false positivies
that I missed. So this commit may accidentally introduce some false hits of the
assert in o3tl::make_unsigned. At least, it passed a full (Linux ASan+UBSan
--enable-dbgutil) `make check && make screenshot`.
It is by design that o3tl::make_unsigned only accepts signed integer parameter
types (and is not defined as a nop for unsigned ones), to avoid unnecessary uses
which would in general be suspicious. But the STATIC_ARRAY_SELECT macro in
include/oox/helper/helper.hxx is used with both signed and unsigned types, so
needs a little oox::detail::make_unsigned helper function for now. (The
ultimate fix being to get rid of the macro in the first place.)
Change-Id: Ia4adc9f44c70ad1dfd608784cac39ee922c32175
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/87556
Tested-by: Jenkins
Reviewed-by: Stephan Bergmann <sbergman@redhat.com>
Diffstat (limited to 'filter')
-rw-r--r-- | filter/source/graphicfilter/icgm/cgm.cxx | 8 | ||||
-rw-r--r-- | filter/source/graphicfilter/icgm/class1.cxx | 2 | ||||
-rw-r--r-- | filter/source/graphicfilter/icgm/class7.cxx | 5 | ||||
-rw-r--r-- | filter/source/graphicfilter/idxf/dxfentrd.cxx | 9 | ||||
-rw-r--r-- | filter/source/graphicfilter/ieps/ieps.cxx | 6 | ||||
-rw-r--r-- | filter/source/msfilter/msdffimp.cxx | 7 | ||||
-rw-r--r-- | filter/source/msfilter/mstoolbar.cxx | 3 | ||||
-rw-r--r-- | filter/source/msfilter/svdfppt.cxx | 4 |
8 files changed, 26 insertions, 18 deletions
diff --git a/filter/source/graphicfilter/icgm/cgm.cxx b/filter/source/graphicfilter/icgm/cgm.cxx index 09abcac8d136..9a13e5ebb99e 100644 --- a/filter/source/graphicfilter/icgm/cgm.cxx +++ b/filter/source/graphicfilter/icgm/cgm.cxx @@ -18,7 +18,7 @@ */ #include <com/sun/star/task/XStatusIndicator.hpp> - +#include <o3tl/safeint.hxx> #include <osl/endian.h> #include <tools/stream.hxx> #include "bitmap.hxx" @@ -95,7 +95,7 @@ sal_uInt8 CGM::ImplGetByte( sal_uInt32 nSource, sal_uInt32 nPrecision ) sal_Int32 CGM::ImplGetI( sal_uInt32 nPrecision ) { sal_uInt8* pSource = mpSource + mnParaSize; - if (pSource > mpEndValidSource || static_cast<sal_uIntPtr>(mpEndValidSource - pSource) < nPrecision) + if (pSource > mpEndValidSource || o3tl::make_unsigned(mpEndValidSource - pSource) < nPrecision) throw css::uno::Exception("attempt to read past end of input", nullptr); mnParaSize += nPrecision; switch( nPrecision ) @@ -127,7 +127,7 @@ sal_Int32 CGM::ImplGetI( sal_uInt32 nPrecision ) sal_uInt32 CGM::ImplGetUI( sal_uInt32 nPrecision ) { sal_uInt8* pSource = mpSource + mnParaSize; - if (pSource > mpEndValidSource || static_cast<sal_uIntPtr>(mpEndValidSource - pSource) < nPrecision) + if (pSource > mpEndValidSource || o3tl::make_unsigned(mpEndValidSource - pSource) < nPrecision) throw css::uno::Exception("attempt to read past end of input", nullptr); mnParaSize += nPrecision; switch( nPrecision ) @@ -182,7 +182,7 @@ double CGM::ImplGetFloat( RealPrecision eRealPrecision, sal_uInt32 nRealSize ) const bool bCompatible = false; #endif - if (static_cast<sal_uIntPtr>(mpEndValidSource - (mpSource + mnParaSize)) < nRealSize) + if (o3tl::make_unsigned(mpEndValidSource - (mpSource + mnParaSize)) < nRealSize) throw css::uno::Exception("attempt to read past end of input", nullptr); if ( bCompatible ) diff --git a/filter/source/graphicfilter/icgm/class1.cxx b/filter/source/graphicfilter/icgm/class1.cxx index 30e28dd820cc..ec8cd9246cdb 100644 --- a/filter/source/graphicfilter/icgm/class1.cxx +++ b/filter/source/graphicfilter/icgm/class1.cxx @@ -188,7 +188,7 @@ void CGM::ImplDoClass1() ImplGetUI16(); // skip CharSetType sal_uInt32 nSize = ImplGetUI(1); - if (static_cast<sal_uIntPtr>(mpEndValidSource - (mpSource + mnParaSize)) < nSize) + if (o3tl::make_unsigned(mpEndValidSource - (mpSource + mnParaSize)) < nSize) throw css::uno::Exception("attempt to read past end of input", nullptr); pElement->aFontList.InsertCharSet( mpSource + mnParaSize, nSize ); diff --git a/filter/source/graphicfilter/icgm/class7.cxx b/filter/source/graphicfilter/icgm/class7.cxx index 5de4680e08f6..1b51ce98e71c 100644 --- a/filter/source/graphicfilter/icgm/class7.cxx +++ b/filter/source/graphicfilter/icgm/class7.cxx @@ -17,6 +17,9 @@ * the License at http://www.apache.org/licenses/LICENSE-2.0 . */ +#include <sal/config.h> + +#include <o3tl/safeint.hxx> #include "cgm.hxx" #include "chart.hxx" @@ -75,7 +78,7 @@ void CGM::ImplDoClass7() case 0x262 : /*AppData - ENDGROUP */break; case 0x264 : /*AppData - DATANODE*/ { - if (static_cast<size_t>(mpEndValidSource - pAppData) < sizeof(DataNode)) + if (o3tl::make_unsigned(mpEndValidSource - pAppData) < sizeof(DataNode)) throw css::uno::Exception("attempt to read past end of input", nullptr); mpChart->mDataNode[ 0 ] = *reinterpret_cast<DataNode*>( pAppData ); diff --git a/filter/source/graphicfilter/idxf/dxfentrd.cxx b/filter/source/graphicfilter/idxf/dxfentrd.cxx index dfc14ba0edcb..883dcc991818 100644 --- a/filter/source/graphicfilter/idxf/dxfentrd.cxx +++ b/filter/source/graphicfilter/idxf/dxfentrd.cxx @@ -17,6 +17,9 @@ * the License at http://www.apache.org/licenses/LICENSE-2.0 . */ +#include <sal/config.h> + +#include <o3tl/safeint.hxx> #include "dxfentrd.hxx" @@ -417,7 +420,7 @@ void DXFLWPolyLineEntity::EvaluateGroup( DXFGroupReader & rDGR ) { nCount = rDGR.GetI(); // limit alloc to max reasonable size based on remaining data in stream - if (nCount > 0 && static_cast<sal_uInt32>(nCount) <= rDGR.remainingSize()) + if (nCount > 0 && o3tl::make_unsigned(nCount) <= rDGR.remainingSize()) aP.reserve(nCount); else nCount = 0; @@ -584,7 +587,7 @@ bool DXFBoundaryPathData::EvaluateGroup( DXFGroupReader & rDGR ) { nPointCount = rDGR.GetI(); // limit alloc to max reasonable size based on remaining data in stream - if (nPointCount > 0 && static_cast<sal_uInt32>(nPointCount) <= rDGR.remainingSize()) + if (nPointCount > 0 && o3tl::make_unsigned(nPointCount) <= rDGR.remainingSize()) aP.reserve(nPointCount); else nPointCount = 0; @@ -672,7 +675,7 @@ void DXFHatchEntity::EvaluateGroup( DXFGroupReader & rDGR ) bIsInBoundaryPathContext = true; nBoundaryPathCount = rDGR.GetI(); // limit alloc to max reasonable size based on remaining data in stream - if (nBoundaryPathCount > 0 && static_cast<sal_uInt32>(nBoundaryPathCount) <= rDGR.remainingSize()) + if (nBoundaryPathCount > 0 && o3tl::make_unsigned(nBoundaryPathCount) <= rDGR.remainingSize()) pBoundaryPathData.reset( new DXFBoundaryPathData[ nBoundaryPathCount ] ); else nBoundaryPathCount = 0; diff --git a/filter/source/graphicfilter/ieps/ieps.cxx b/filter/source/graphicfilter/ieps/ieps.cxx index 7cf34b6493aa..1aaed97295b6 100644 --- a/filter/source/graphicfilter/ieps/ieps.cxx +++ b/filter/source/graphicfilter/ieps/ieps.cxx @@ -493,7 +493,7 @@ static void MakePreview(sal_uInt8* pBuf, sal_uInt32 nBytesRead, --nRemainingBytes; } nLen = ImplGetLen(pDest, std::min<sal_uInt32>(nRemainingBytes, 32)); - if (static_cast<sal_uInt32>(nLen) < nRemainingBytes) + if (o3tl::make_unsigned(nLen) < nRemainingBytes) { sal_uInt8 aOldValue(pDest[ nLen ]); pDest[ nLen ] = 0; if ( strcmp( reinterpret_cast<char*>(pDest), "none" ) != 0 ) @@ -516,7 +516,7 @@ static void MakePreview(sal_uInt8* pBuf, sal_uInt32 nBytesRead, --nRemainingBytes; } nLen = ImplGetLen(pDest, std::min<sal_uInt32>(nRemainingBytes, 32)); - if (static_cast<sal_uInt32>(nLen) < nRemainingBytes) + if (o3tl::make_unsigned(nLen) < nRemainingBytes) { sal_uInt8 aOldValue(pDest[nLen]); pDest[nLen] = 0; const char* pStr = reinterpret_cast<char*>(pDest); @@ -536,7 +536,7 @@ static void MakePreview(sal_uInt8* pBuf, sal_uInt32 nBytesRead, --nRemainingBytes; } nLen = ImplGetLen(pDest, std::min<sal_uInt32>(nRemainingBytes, 32)); - if (static_cast<sal_uInt32>(nLen) < nRemainingBytes) + if (o3tl::make_unsigned(nLen) < nRemainingBytes) { sal_uInt8 aOldValue(pDest[ nLen ]); pDest[ nLen ] = 0; if ( strcmp( reinterpret_cast<char*>(pDest), "none" ) != 0 ) diff --git a/filter/source/msfilter/msdffimp.cxx b/filter/source/msfilter/msdffimp.cxx index 753b3b11a69e..800a675dc54b 100644 --- a/filter/source/msfilter/msdffimp.cxx +++ b/filter/source/msfilter/msdffimp.cxx @@ -25,6 +25,7 @@ #include <vector> #include <o3tl/any.hxx> +#include <o3tl/safeint.hxx> #include <osl/file.hxx> #include <tools/solar.h> #include <sal/log.hxx> @@ -719,7 +720,7 @@ void SvxMSDffManager::SolveSolver( const SvxMSDffSolverContainer& rSolver ) { css::uno::Sequence< css::drawing::EnhancedCustomShapeParameterPair > aCoordinates; *pAny >>= aCoordinates; - if ( nPt < static_cast<sal_uInt32>(aCoordinates.getLength()) ) + if ( nPt < o3tl::make_unsigned(aCoordinates.getLength()) ) { nId = 4; css::drawing::EnhancedCustomShapeParameterPair& rPara = aCoordinates[ nPt ]; @@ -4217,7 +4218,7 @@ SdrObject* SvxMSDffManager::ImportGroup( const DffRecordHeader& rHd, SvStream& r } } } - if (size_t(nCalledByGroup) < maPendingGroupData.size()) + if (o3tl::make_unsigned(nCalledByGroup) < maPendingGroupData.size()) { // finalization for this group is pending, do it now pRet = FinalizeObj(maPendingGroupData.back().first, pRet); @@ -4961,7 +4962,7 @@ SdrObject* SvxMSDffManager::ImportShape( const DffRecordHeader& rHd, SvStream& r // If this shape opens a new group, push back its object data because // finalization will be called when nested objects have been imported; // otherwise, just finalize here - if (size_t(nCalledByGroup) > maPendingGroupData.size()) + if (o3tl::make_unsigned(nCalledByGroup) > maPendingGroupData.size()) { auto xHdClone = std::make_shared<DffRecordHeader>(aObjData.rSpHd); maPendingGroupData.emplace_back(DffObjData(xHdClone, aObjData), xHdClone ); diff --git a/filter/source/msfilter/mstoolbar.cxx b/filter/source/msfilter/mstoolbar.cxx index 7f0e7d70b9f6..f44cd2bbb3ca 100644 --- a/filter/source/msfilter/mstoolbar.cxx +++ b/filter/source/msfilter/mstoolbar.cxx @@ -7,6 +7,7 @@ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ #include <filter/msfilter/mstoolbar.hxx> +#include <o3tl/safeint.hxx> #include <sal/log.hxx> #include <com/sun/star/beans/XPropertySet.hpp> #include <com/sun/star/container/XIndexContainer.hpp> @@ -676,7 +677,7 @@ bool TBCCDData::Read( SvStream &rS) if (cwstrItems > 0) { //each WString is at least one byte - if (rS.remainingSize() < static_cast<size_t>(cwstrItems)) + if (rS.remainingSize() < o3tl::make_unsigned(cwstrItems)) return false; for( sal_Int32 index=0; index < cwstrItems; ++index ) { diff --git a/filter/source/msfilter/svdfppt.cxx b/filter/source/msfilter/svdfppt.cxx index 83856b5d5499..1cae88f4870f 100644 --- a/filter/source/msfilter/svdfppt.cxx +++ b/filter/source/msfilter/svdfppt.cxx @@ -1217,7 +1217,7 @@ SdrObject* SdrEscherImport::ProcessObj( SvStream& rSt, DffObjData& rObjData, Svx rSt.ReadInt16( nRowCount ).ReadInt16( i ).ReadInt16( i ); const size_t nMinRecordSize = 4; const size_t nMaxRecords = rSt.remainingSize() / nMinRecordSize; - if (nRowCount > 0 && static_cast<size_t>(nRowCount) > nMaxRecords) + if (nRowCount > 0 && o3tl::make_unsigned(nRowCount) > nMaxRecords) { SAL_WARN("filter.ms", "Parsing error: " << nMaxRecords << " max possible entries, but " << nRowCount << " claimed, truncating"); @@ -5366,7 +5366,7 @@ void PPTStyleTextPropReader::Init( SvStream& rIn, const DffRecordHeader& rTextHe } else { - if (nCharReadCnt > static_cast<sal_uInt32>(aString.getLength())) + if (nCharReadCnt > o3tl::make_unsigned(aString.getLength())) aCharPropSet.maString = OUString(); else { |