From a177c4c77236617fcdb34c89ea2746614a232051 Mon Sep 17 00:00:00 2001 From: Stephan Bergmann Date: Tue, 18 Nov 2014 16:33:28 +0100 Subject: Avoid overflow Change-Id: Ia80682aeb87225b9bde7398186e121b1d3bdc2ad --- unoidl/source/unoidlprovider.cxx | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) (limited to 'unoidl/source') diff --git a/unoidl/source/unoidlprovider.cxx b/unoidl/source/unoidlprovider.cxx index deda03a08567..aef380daa8f0 100644 --- a/unoidl/source/unoidlprovider.cxx +++ b/unoidl/source/unoidlprovider.cxx @@ -630,7 +630,9 @@ rtl::Reference< Entity > readEntity( throw FileFormatException( file->uri, "UNOIDL format: too many items in module"); } - if (offset + 5 + 8 * n > file->size) { //TODO: overflow + if (sal_uInt64(offset) + 5 + 8 * sal_uInt64(n) > file->size) + // cannot overflow + { throw FileFormatException( file->uri, "UNOIDL format: module map offset + size too large"); @@ -954,7 +956,9 @@ rtl::Reference< Entity > readEntity( file->uri, "UNOIDL format: too many constants in constant group"); } - if (offset + 5 + 8 * n > file->size) { //TODO: overflow + if (sal_uInt64(offset) + 5 + 8 * sal_uInt64(n) > file->size) + // cannot overflow + { throw FileFormatException( file->uri, ("UNOIDL format: constant group map offset + size too" @@ -1237,7 +1241,9 @@ rtl::Reference< Entity > UnoidlProvider::findEntity(OUString const & name) const } } mapSize = file_->read32(off + 1); - if (8 * mapSize > file_->size - off - 5) { //TODO: overflow + if (sal_uInt64(off) + 5 + 8 * sal_uInt64(mapSize) > file_->size) + // cannot overflow + { throw FileFormatException( file_->uri, "UNOIDL format: map offset + size too large"); } -- cgit