diff options
| author | Caolán McNamara <caolanm@redhat.com> | 2014-11-01 20:46:35 +0000 |
|---|---|---|
| committer | Caolán McNamara <caolanm@redhat.com> | 2014-11-01 21:02:17 +0000 |
| commit | 8f69c7a11bf31f7134caf4e03fbcd4c6ef86382d (patch) | |
| tree | 3bebeacced867ed210eb57061f93f0f5ddca4a78 /registry | |
| parent | 78e670b3055f92740402803174d61d058effb5d7 (diff) | |
coverity#1213373 Use of untrusted scalar value
Change-Id: Ia5cafdde1171f81ea7387e073026a2e860d36544
Diffstat (limited to 'registry')
| -rw-r--r-- | registry/source/reflread.cxx | 23 |
1 files changed, 16 insertions, 7 deletions
diff --git a/registry/source/reflread.cxx b/registry/source/reflread.cxx index 3f0a994b09fb..f8a5e8f4868a 100644 --- a/registry/source/reflread.cxx +++ b/registry/source/reflread.cxx @@ -72,7 +72,13 @@ public: inline sal_uInt16 readUINT16(sal_uInt32 index) const { - return ((m_pBuffer[index] << 8) | (m_pBuffer[index+1] << 0)); + //This is untainted data which comes from a controlled source + //so, using a byte-swapping pattern which coverity doesn't + //detect as such + //http://security.coverity.com/blog/2014/Apr/on-detecting-heartbleed-with-static-analysis.html + sal_uInt32 v = m_pBuffer[index]; v <<= 8; + v |= m_pBuffer[index+1]; + return v; } inline sal_Int32 readINT32(sal_uInt32 index) const @@ -87,12 +93,15 @@ public: inline sal_uInt32 readUINT32(sal_uInt32 index) const { - return ( - (m_pBuffer[index] << 24) | - (m_pBuffer[index+1] << 16) | - (m_pBuffer[index+2] << 8) | - (m_pBuffer[index+3] << 0) - ); + //This is untainted data which comes from a controlled source + //so, using a byte-swapping pattern which coverity doesn't + //detect as such + //http://security.coverity.com/blog/2014/Apr/on-detecting-heartbleed-with-static-analysis.html + sal_uInt32 v = m_pBuffer[index]; v <<= 8; + v |= m_pBuffer[index+1]; v <<= 8; + v |= m_pBuffer[index+2]; v <<= 8; + v |= m_pBuffer[index+3]; + return v; } inline sal_Int64 readINT64(sal_uInt32 index) const |