diff options
| -rw-r--r-- | comphelper/source/misc/backupfilehelper.cxx | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/comphelper/source/misc/backupfilehelper.cxx b/comphelper/source/misc/backupfilehelper.cxx index 60ad11a92444..5c55ca4e436f 100644 --- a/comphelper/source/misc/backupfilehelper.cxx +++ b/comphelper/source/misc/backupfilehelper.cxx @@ -105,14 +105,7 @@ namespace // read rTarget if (osl::File::E_None == rFile->read(static_cast<void*>(aArray), 4, nBaseRead) && 4 == nBaseRead) { - //This is untainted data which comes from a controlled source - //so, using a byte-swapping pattern which coverity doesn't - //detect as such - //http://security.coverity.com/blog/2014/Apr/on-detecting-heartbleed-with-static-analysis.html - rTarget = aArray[0]; rTarget <<= 8; - rTarget |= aArray[1]; rTarget <<= 8; - rTarget |= aArray[2]; rTarget <<= 8; - rTarget |= aArray[3]; + rTarget = (sal_uInt32(aArray[0]) << 24) + (sal_uInt32(aArray[1]) << 16) + (sal_uInt32(aArray[2]) << 8) + sal_uInt32(aArray[3]); return true; } @@ -674,6 +667,13 @@ namespace return false; } + // coverity#1373663 Untrusted loop bound, check file size + // isn't utterly broken + sal_uInt64 nFileSize(0); + rFile->getSize(nFileSize); + if (nFileSize < nExtEntries) + return false; + for (sal_uInt32 a(0); a < nExtEntries; a++) { ExtensionInfoEntry aNewEntry; |