1 files changed, 14 insertions, 9 deletions

diff --git a/registry/source/reflcnst.hxx b/registry/source/reflcnst.hxx
index b76475e0c75f..e9e39449a4b1 100644
--- a/registry/source/reflcnst.hxx
+++ b/registry/source/reflcnst.hxx
@@ -138,8 +138,12 @@ inline sal_uInt32 writeUINT16(sal_uInt8* buffer, sal_uInt16 v)
 
 inline sal_uInt32 readUINT16(const sal_uInt8* buffer, sal_uInt16& v)
 {
-    v = ((buffer[0] << 8) | (buffer[1] << 0));
-
+    //This is untainted data which comes from a controlled source
+    //so, using a byte-swapping pattern which coverity doesn't
+    //detect as such
+    //http://security.coverity.com/blog/2014/Apr/on-detecting-heartbleed-with-static-analysis.html
+    v = *buffer++; v <<= 8;
+    v |= *buffer;
     return sizeof(sal_uInt16);
 }
 
@@ -177,13 +181,14 @@ inline sal_uInt32 writeUINT32(sal_uInt8* buffer, sal_uInt32 v)
 
 inline sal_uInt32 readUINT32(const sal_uInt8* buffer, sal_uInt32& v)
 {
-    v = (
-            (buffer[0] << 24) |
-            (buffer[1] << 16) |
-            (buffer[2] << 8)  |
-            (buffer[3] << 0)
-        );
-
+    //This is untainted data which comes from a controlled source
+    //so, using a byte-swapping pattern which coverity doesn't
+    //detect as such
+    //http://security.coverity.com/blog/2014/Apr/on-detecting-heartbleed-with-static-analysis.html
+    v = *buffer++; v <<= 8;
+    v |= *buffer++; v <<= 8;
+    v |= *buffer++; v <<= 8;
+    v |= *buffer;
     return sizeof(sal_uInt32);
 }