sfx2/inc/bitset.hxx | 4 sfx2/inc/idpool.hxx | 56 ---------- sfx2/source/bastyp/bitset.cxx | 41 +++---- sfx2/source/menu/mnuitem.cxx | 1 sfx2/source/menu/virtmenu.cxx | 1 svx/source/tbxctrls/itemwin.cxx | 2 sw/source/core/crsr/crstrvl.cxx | 6 - sw/source/core/doc/DocumentLinksAdministrationManager.cxx | 34 ++---- vcl/qa/cppunit/graphicfilter/data/bmp/pass/afl-sample-bad-rle-1.bmp |binary vcl/qa/cppunit/graphicfilter/data/gif/pass/afl-sample-short-read-1.gif |binary vcl/qa/cppunit/graphicfilter/data/gif/pass/afl-sample-short-read-2.gif |binary vcl/qa/cppunit/graphicfilter/data/png/pass/afl-sample-IDAT.png |binary vcl/source/filter/graphicfilter.cxx | 4 vcl/source/filter/igif/gifread.cxx | 53 +++++---- vcl/source/fontsubset/cff.cxx | 11 + vcl/source/gdi/dibtools.cxx | 43 ++++++- vcl/source/gdi/pngread.cxx | 6 - 17 files changed, 122 insertions(+), 140 deletions(-)
New commits: commit 631378fe110ec7c4161a6c36011640522b881c27 Author: Caolán McNamara <[email protected]> Date: Wed Nov 12 11:53:25 2014 +0000 valgrind: logic for last-ditch svg detection is busted bIsGZip was never set, and the condition that uses it is additionally inverted Change-Id: I0496bb27435c4323d74c1b99467d3ede68e7bee6 diff --git a/vcl/source/filter/graphicfilter.cxx b/vcl/source/filter/graphicfilter.cxx index b7d0466..8552488 100644 --- a/vcl/source/filter/graphicfilter.cxx +++ b/vcl/source/filter/graphicfilter.cxx @@ -662,6 +662,8 @@ static bool ImpPeekGraphicFormat( SvStream& rStream, OUString& rFormatExtension, nCheckSize = nDecompressedSize < 256 ? nDecompressedSize : 256; aCodec.EndCompression(); pCheckArray = sExtendedOrDecompressedFirstBytes; + + bIsGZip = true; } bool bIsSvg(false); @@ -696,7 +698,7 @@ static bool ImpPeekGraphicFormat( SvStream& rStream, OUString& rFormatExtension, pCheckArray = sExtendedOrDecompressedFirstBytes; - if(!bIsGZip) + if (bIsGZip) { nCheckSize = nDecompressedSize < 2048 ? nDecompressedSize : 2048; } commit 3cd91d1204f8982b2ac7861e4479c8614a8d960f Author: Caolán McNamara <[email protected]> Date: Wed Nov 12 11:26:37 2014 +0000 coverity#735490 reimplement bit counting with a classic solution rather than a bizarro one that confuses coverity Change-Id: Id9427a47693897683193c0c778f0cd6c39740f6f diff --git a/sfx2/source/bastyp/bitset.cxx b/sfx2/source/bastyp/bitset.cxx index 621e565..bff716d 100644 --- a/sfx2/source/bastyp/bitset.cxx +++ b/sfx2/source/bastyp/bitset.cxx @@ -283,24 +283,19 @@ bool BitSet::operator==( const BitSet& rSet ) const return true; } - - // counts the number of 1-bits in the parameter - -sal_uInt16 BitSet::CountBits( sal_uInt32 nBits ) +// Wegner/Kernighan/Ritchie method +sal_uInt16 BitSet::CountBits(sal_uInt32 nBits) { - sal_uInt16 nCount = 0; - int nBit = 32; - while ( nBit-- && nBits ) - { if ( ( (long)nBits ) < 0 ) - ++nCount; - nBits = nBits << 1; + sal_uInt32 nCount = 0; + while (nBits) + { + nBits &= nBits - 1; // clear the least significant bit set + ++nCount; } return nCount; } - - sal_uInt16 IndexBitSet::GetFreeIndex() { for(sal_uInt16 i=0;i<USHRT_MAX;i++) commit c24df3e0904cdf8aa289db435ad3e6dc8c25a437 Author: Caolán McNamara <[email protected]> Date: Wed Nov 12 11:09:55 2014 +0000 sal_uIntPtr->sal_uInt32 for BitSet because this ancient horror expects a 32bit type here Change-Id: Icf8b775ea67afa0ead559a55b8c335ad1afc4010 diff --git a/sfx2/inc/bitset.hxx b/sfx2/inc/bitset.hxx index fdc17e1..e884746 100644 --- a/sfx2/inc/bitset.hxx +++ b/sfx2/inc/bitset.hxx @@ -25,11 +25,11 @@ private: void CopyFrom( const BitSet& rSet ); sal_uInt16 nBlocks; sal_uInt16 nCount; - sal_uIntPtr* pBitmap; + sal_uInt32* pBitmap; public: BitSet operator<<( sal_uInt16 nOffset ) const; BitSet operator>>( sal_uInt16 nOffset ) const; - static sal_uInt16 CountBits( sal_uIntPtr nBits ); + static sal_uInt16 CountBits(sal_uInt32 nBits); bool operator!() const; BitSet(); BitSet( const BitSet& rOrig ); diff --git a/sfx2/source/bastyp/bitset.cxx b/sfx2/source/bastyp/bitset.cxx index d8ded8b..621e565 100644 --- a/sfx2/source/bastyp/bitset.cxx +++ b/sfx2/source/bastyp/bitset.cxx @@ -37,7 +37,7 @@ BitSet BitSet::operator<<( sal_uInt16 nOffset ) const // compute the shiftment in long-words and bits sal_uInt16 nBlockDiff = nOffset / 32; - sal_uIntPtr nBitValDiff = nOffset % 32; + sal_uInt32 nBitValDiff = nOffset % 32; // compute the new number of bits for ( sal_uInt16 nBlock = 0; nBlock < nBlockDiff; ++nBlock ) @@ -64,7 +64,7 @@ BitSet BitSet::operator<<( sal_uInt16 nOffset ) const // shorten the block-array if ( nTarget < aSet.nBlocks ) { - sal_uIntPtr* pNewMap = new sal_uIntPtr[nTarget]; + sal_uInt32* pNewMap = new sal_uInt32[nTarget]; memcpy( pNewMap, aSet.pBitmap, 4 * nTarget ); delete [] aSet.pBitmap; aSet.pBitmap = pNewMap; @@ -93,7 +93,7 @@ void BitSet::CopyFrom( const BitSet& rSet ) nBlocks = rSet.nBlocks; if ( rSet.nBlocks ) { - pBitmap = new sal_uIntPtr[nBlocks]; + pBitmap = new sal_uInt32[nBlocks]; memcpy( pBitmap, rSet.pBitmap, 4 * nBlocks ); } else @@ -152,10 +152,10 @@ BitSet& BitSet::operator=( sal_uInt16 nBit ) delete [] pBitmap; nBlocks = nBit / 32; - sal_uIntPtr nBitVal = 1L << (nBit % 32); + sal_uInt32 nBitVal = 1L << (nBit % 32); nCount = 1; - pBitmap = new sal_uIntPtr[nBlocks + 1]; + pBitmap = new sal_uInt32[nBlocks + 1]; memset( pBitmap, 0, 4 * (nBlocks + 1) ); *(pBitmap+nBlocks) = nBitVal; @@ -170,7 +170,7 @@ BitSet& BitSet::operator=( sal_uInt16 nBit ) BitSet& BitSet::operator-=(sal_uInt16 nBit) { sal_uInt16 nBlock = nBit / 32; - sal_uIntPtr nBitVal = 1L << (nBit % 32); + sal_uInt32 nBitVal = 1L << (nBit % 32); if ( nBlock >= nBlocks ) return *this; @@ -195,7 +195,7 @@ BitSet& BitSet::operator|=( const BitSet& rSet ) // expand the bitmap if ( nBlocks < rSet.nBlocks ) { - sal_uIntPtr *pNewMap = new sal_uIntPtr[rSet.nBlocks]; + sal_uInt32 *pNewMap = new sal_uInt32[rSet.nBlocks]; memset( pNewMap + nBlocks, 0, 4 * (rSet.nBlocks - nBlocks) ); if ( pBitmap ) @@ -211,7 +211,7 @@ BitSet& BitSet::operator|=( const BitSet& rSet ) for ( sal_uInt16 nBlock = 0; nBlock < nMax; ++nBlock ) { // compute numberof additional bits - sal_uIntPtr nDiff = ~*(pBitmap+nBlock) & *(rSet.pBitmap+nBlock); + sal_uInt32 nDiff = ~*(pBitmap+nBlock) & *(rSet.pBitmap+nBlock); nCount = nCount + CountBits(nDiff); *(pBitmap+nBlock) |= *(rSet.pBitmap+nBlock); @@ -227,11 +227,11 @@ BitSet& BitSet::operator|=( const BitSet& rSet ) BitSet& BitSet::operator|=( sal_uInt16 nBit ) { sal_uInt16 nBlock = nBit / 32; - sal_uIntPtr nBitVal = 1L << (nBit % 32); + sal_uInt32 nBitVal = 1L << (nBit % 32); if ( nBlock >= nBlocks ) { - sal_uIntPtr *pNewMap = new sal_uIntPtr[nBlock+1]; + sal_uInt32 *pNewMap = new sal_uInt32[nBlock+1]; memset( pNewMap + nBlocks, 0, 4 * (nBlock - nBlocks + 1) ); if ( pBitmap ) @@ -259,7 +259,7 @@ BitSet& BitSet::operator|=( sal_uInt16 nBit ) bool BitSet::Contains( sal_uInt16 nBit ) const { sal_uInt16 nBlock = nBit / 32; - sal_uIntPtr nBitVal = 1L << (nBit % 32); + sal_uInt32 nBitVal = 1L << (nBit % 32); if ( nBlock >= nBlocks ) return false; @@ -287,7 +287,7 @@ bool BitSet::operator==( const BitSet& rSet ) const // counts the number of 1-bits in the parameter -sal_uInt16 BitSet::CountBits( sal_uIntPtr nBits ) +sal_uInt16 BitSet::CountBits( sal_uInt32 nBits ) { sal_uInt16 nCount = 0; int nBit = 32; commit 95f4ec094fdd0e06626ac4f7952309c18877c3e9 Author: Caolán McNamara <[email protected]> Date: Wed Nov 12 11:03:34 2014 +0000 ditch this unused idpool horror Change-Id: I527b310126518357f9830f75d16b4848c9383999 diff --git a/sfx2/inc/idpool.hxx b/sfx2/inc/idpool.hxx deleted file mode 100644 index 89d3077..0000000 --- a/sfx2/inc/idpool.hxx +++ /dev/null @@ -1,56 +0,0 @@ -/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ -/* - * This file is part of the LibreOffice project. - * - * This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. - * - * This file incorporates work covered by the following license notice: - * - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed - * with this work for additional information regarding copyright - * ownership. The ASF licenses this file to you under the Apache - * License, Version 2.0 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.apache.org/licenses/LICENSE-2.0 . - */ -#ifndef INCLUDED_SFX2_INC_IDPOOL_HXX -#define INCLUDED_SFX2_INC_IDPOOL_HXX - -#include <limits.h> -#include "bitset.hxx" - -// class IdPool ---------------------------------------------------------- - -class IdPool: private BitSet -{ -private: - sal_uInt16 nNextFree; - sal_uInt16 nRange; - sal_uInt16 nOffset; -public: - bool Lock( const BitSet& rLockSet ); - bool IsLocked( sal_uInt16 nId ) const; - IdPool( sal_uInt16 nMin = 1, sal_uInt16 nMax = USHRT_MAX ); - sal_uInt16 Get(); - bool Put( sal_uInt16 nId ); - bool Lock( const Range& rRange ); - bool Lock( sal_uInt16 nId ); - -}; - - - -// returns sal_True if the id is locked - -inline bool IdPool::IsLocked( sal_uInt16 nId ) const -{ - return ( this->Contains(nId-nOffset) ); -} - - -#endif - -/* vim:set shiftwidth=4 softtabstop=4 expandtab: */ diff --git a/sfx2/source/menu/mnuitem.cxx b/sfx2/source/menu/mnuitem.cxx index c92de8a..8db0e1e 100644 --- a/sfx2/source/menu/mnuitem.cxx +++ b/sfx2/source/menu/mnuitem.cxx @@ -46,7 +46,6 @@ #include <sfx2/msg.hxx> #include <sfx2/bindings.hxx> #include <sfx2/dispatch.hxx> -#include "idpool.hxx" #include "sfxtypes.hxx" #include "virtmenu.hxx" #include <sfx2/mnuitem.hxx> diff --git a/sfx2/source/menu/virtmenu.cxx b/sfx2/source/menu/virtmenu.cxx index ea3faab..84c4208 100644 --- a/sfx2/source/menu/virtmenu.cxx +++ b/sfx2/source/menu/virtmenu.cxx @@ -32,7 +32,6 @@ #include <sfx2/msgpool.hxx> #include "statcach.hxx" #include <sfx2/msg.hxx> -#include "idpool.hxx" #include <sfx2/mnuitem.hxx> #include <sfx2/mnumgr.hxx> #include <sfx2/bindings.hxx> commit a9aee04ecfbc4494b752b10e2a2348a0ccb991f1 Author: Caolán McNamara <[email protected]> Date: Wed Nov 12 10:49:40 2014 +0000 valgrind+afl: bad rle Change-Id: I0a9e5fc88ed1fcc7f1bd21218cabeb0adf65c9f4 diff --git a/vcl/qa/cppunit/graphicfilter/data/bmp/pass/afl-sample-bad-rle-1.bmp b/vcl/qa/cppunit/graphicfilter/data/bmp/pass/afl-sample-bad-rle-1.bmp new file mode 100644 index 0000000..1ca6e00 Binary files /dev/null and b/vcl/qa/cppunit/graphicfilter/data/bmp/pass/afl-sample-bad-rle-1.bmp differ diff --git a/vcl/source/gdi/dibtools.cxx b/vcl/source/gdi/dibtools.cxx index 93f5dad..9750513 100644 --- a/vcl/source/gdi/dibtools.cxx +++ b/vcl/source/gdi/dibtools.cxx @@ -283,9 +283,10 @@ bool ImplReadDIBPalette( SvStream& rIStm, BitmapWriteAccess& rAcc, bool bQuad ) return( rIStm.GetError() == 0UL ); } -void ImplDecodeRLE( sal_uInt8* pBuffer, DIBV5Header& rHeader, BitmapWriteAccess& rAcc, bool bRLE4 ) +bool ImplDecodeRLE( sal_uInt8* pBuffer, DIBV5Header& rHeader, BitmapWriteAccess& rAcc, bool bRLE4 ) { - Scanline pRLE = pBuffer; + Scanline pRLE = pBuffer; + Scanline pEndRLE = pBuffer + rHeader.nSizeImage; long nY = rHeader.nHeight - 1L; const sal_uLong nWidth = rAcc.Width(); sal_uLong nCountByte; @@ -296,8 +297,12 @@ void ImplDecodeRLE( sal_uInt8* pBuffer, DIBV5Header& rHeader, BitmapWriteAccess& do { + if (pRLE == pEndRLE) + return false; if( ( nCountByte = *pRLE++ ) == 0 ) { + if (pRLE == pEndRLE) + return false; nRunByte = *pRLE++; if( nRunByte > 2 ) @@ -308,6 +313,9 @@ void ImplDecodeRLE( sal_uInt8* pBuffer, DIBV5Header& rHeader, BitmapWriteAccess& for( sal_uLong i = 0UL; i < nCountByte; i++ ) { + if (pRLE == pEndRLE) + return false; + cTmp = *pRLE++; if( nX < nWidth ) @@ -319,6 +327,9 @@ void ImplDecodeRLE( sal_uInt8* pBuffer, DIBV5Header& rHeader, BitmapWriteAccess& if( nRunByte & 1 ) { + if (pRLE == pEndRLE) + return false; + if( nX < nWidth ) rAcc.SetPixelIndex( nY, nX++, *pRLE >> 4 ); @@ -326,12 +337,20 @@ void ImplDecodeRLE( sal_uInt8* pBuffer, DIBV5Header& rHeader, BitmapWriteAccess& } if( ( ( nRunByte + 1 ) >> 1 ) & 1 ) + { + if (pRLE == pEndRLE) + return false; + pRLE++; + } } else { for( sal_uLong i = 0UL; i < nRunByte; i++ ) { + if (pRLE == pEndRLE) + return false; + if( nX < nWidth ) rAcc.SetPixelIndex( nY, nX++, *pRLE ); @@ -339,7 +358,12 @@ void ImplDecodeRLE( sal_uInt8* pBuffer, DIBV5Header& rHeader, BitmapWriteAccess& } if( nRunByte & 1 ) + { + if (pRLE == pEndRLE) + return false; + pRLE++; + } } } else if( !nRunByte ) @@ -351,12 +375,21 @@ void ImplDecodeRLE( sal_uInt8* pBuffer, DIBV5Header& rHeader, BitmapWriteAccess& bEndDecoding = true; else { + if (pRLE == pEndRLE) + return false; + nX += *pRLE++; + + if (pRLE == pEndRLE) + return false; + nY -= *pRLE++; } } else { + if (pRLE == pEndRLE) + return false; cTmp = *pRLE++; if( bRLE4 ) @@ -382,7 +415,9 @@ void ImplDecodeRLE( sal_uInt8* pBuffer, DIBV5Header& rHeader, BitmapWriteAccess& } } } - while ( !bEndDecoding && ( nY >= 0L ) ); + while (!bEndDecoding && (nY >= 0L)); + + return true; } bool ImplReadDIBBits(SvStream& rIStm, DIBV5Header& rHeader, BitmapWriteAccess& rAcc, BitmapWriteAccess* pAccAlpha, bool bTopDown, bool& rAlphaUsed) commit c6bad400de605adf9c4cb32663b0f3610dab7024 Author: Caolán McNamara <[email protected]> Date: Wed Nov 12 10:39:32 2014 +0000 coverity#735344 Unchecked return value from library Change-Id: I6dbb5ce74225e092d4098174fd4b53aa8c4201fa diff --git a/vcl/source/fontsubset/cff.cxx b/vcl/source/fontsubset/cff.cxx index 1bb6f06..1d22d09 100644 --- a/vcl/source/fontsubset/cff.cxx +++ b/vcl/source/fontsubset/cff.cxx @@ -1778,11 +1778,14 @@ size_t Type1Emitter::updateLen( int nTellPos, size_t nLength) cData[1] = static_cast<U8>(nLength >> 8); cData[2] = static_cast<U8>(nLength >> 16); cData[3] = static_cast<U8>(nLength >> 24); - const long nCurrPos = ftell( mpFileOut); - fseek( mpFileOut, nTellPos, SEEK_SET); - size_t nWrote = fwrite( cData, 1, sizeof(cData), mpFileOut); + const long nCurrPos = ftell(mpFileOut); + if (nCurrPos < 0) + return 0; + if (fseek( mpFileOut, nTellPos, SEEK_SET) != 0) + return 0; + size_t nWrote = fwrite(cData, 1, sizeof(cData), mpFileOut); if( nCurrPos >= 0) - fseek( mpFileOut, nCurrPos, SEEK_SET); + (void)fseek(mpFileOut, nCurrPos, SEEK_SET); return nWrote; } commit 8d38824b3866d5a1da7d792bd06613ecc4c52be5 Author: Caolán McNamara <[email protected]> Date: Wed Nov 12 10:36:34 2014 +0000 coverity#1187642 Unchecked return value Change-Id: I6b96ef79d0996e5b783d27c4da8e45ddeac5c7ab diff --git a/svx/source/tbxctrls/itemwin.cxx b/svx/source/tbxctrls/itemwin.cxx index e5a7fb5..ebc7161 100644 --- a/svx/source/tbxctrls/itemwin.cxx +++ b/svx/source/tbxctrls/itemwin.cxx @@ -375,7 +375,7 @@ bool SvxMetricField::Notify( NotifyEvent& rNEvt ) SfxViewShell* pSh = SfxViewShell::Current(); if ( rKey.GetModifier() && rKey.GetGroup() != KEYGROUP_CURSOR && pSh ) - pSh->KeyInput( *pKEvt ); + (void)pSh->KeyInput( *pKEvt ); else { bool bHandled = false; commit 84e44386d70e886f9bae633ebe915ea3a52f8dbd Author: Caolán McNamara <[email protected]> Date: Wed Nov 12 10:35:18 2014 +0000 coverity#982189 Unchecked return value Change-Id: I6f5ef42b38236ea5f70ddbccfa25a81f2f3e976c diff --git a/sw/source/core/crsr/crstrvl.cxx b/sw/source/core/crsr/crstrvl.cxx index 73f6e35..f688b5e 100644 --- a/sw/source/core/crsr/crstrvl.cxx +++ b/sw/source/core/crsr/crstrvl.cxx @@ -983,10 +983,8 @@ bool SwCrsrShell::GotoPrevOutline() SwNode* pNd = &(pCrsr->GetNode()); sal_uInt16 nPos; - rNds.GetOutLineNds().Seek_Entry( pNd, &nPos ); - - bool bRet = false; - if( nPos ) + bool bRet = rNds.GetOutLineNds().Seek_Entry(pNd, &nPos); + if (bRet && nPos) { --nPos; // before diff --git a/sw/source/core/doc/DocumentLinksAdministrationManager.cxx b/sw/source/core/doc/DocumentLinksAdministrationManager.cxx index 0d2633c..1d596a4 100644 --- a/sw/source/core/doc/DocumentLinksAdministrationManager.cxx +++ b/sw/source/core/doc/DocumentLinksAdministrationManager.cxx @@ -498,24 +498,22 @@ bool DocumentLinksAdministrationManager::SelectServerObj( const OUString& rStr, const SwOutlineNodes& rOutlNds = m_rDoc.GetNodes().GetOutLineNds(); sal_uInt16 nTmpPos; - if ( rOutlNds.Seek_Entry( pNd, &nTmpPos ) ) - { - rpRange = new SwNodeRange( aPos.nNode, 0, aPos.nNode ); - - // look for the section's end, now - for( ++nTmpPos; - nTmpPos < rOutlNds.size() && - nLvl < rOutlNds[ nTmpPos ]->GetTxtNode()-> - GetAttrOutlineLevel()-1; - ++nTmpPos ) - ; // there is no block - - if( nTmpPos < rOutlNds.size() ) - rpRange->aEnd = *rOutlNds[ nTmpPos ]; - else - rpRange->aEnd = m_rDoc.GetNodes().GetEndOfContent(); - return true; - } + (void)rOutlNds.Seek_Entry( pNd, &nTmpPos ); + rpRange = new SwNodeRange( aPos.nNode, 0, aPos.nNode ); + + // look for the section's end, now + for( ++nTmpPos; + nTmpPos < rOutlNds.size() && + nLvl < rOutlNds[ nTmpPos ]->GetTxtNode()-> + GetAttrOutlineLevel()-1; + ++nTmpPos ) + ; // there is no block + + if( nTmpPos < rOutlNds.size() ) + rpRange->aEnd = *rOutlNds[ nTmpPos ]; + else + rpRange->aEnd = m_rDoc.GetNodes().GetEndOfContent(); + return true; } } commit 1e9a50075bd39e1387f43605eeaa0132af1bd2c0 Author: Caolán McNamara <[email protected]> Date: Wed Nov 12 10:20:54 2014 +0000 valgrind+afl: short read Change-Id: I4e78a434e4e49b376864549f7b96ca515eb1654a diff --git a/vcl/qa/cppunit/graphicfilter/data/gif/pass/afl-sample-short-read.gif b/vcl/qa/cppunit/graphicfilter/data/gif/pass/afl-sample-short-read-1.gif similarity index 100% rename from vcl/qa/cppunit/graphicfilter/data/gif/pass/afl-sample-short-read.gif rename to vcl/qa/cppunit/graphicfilter/data/gif/pass/afl-sample-short-read-1.gif diff --git a/vcl/qa/cppunit/graphicfilter/data/gif/pass/afl-sample-short-read-2.gif b/vcl/qa/cppunit/graphicfilter/data/gif/pass/afl-sample-short-read-2.gif new file mode 100644 index 0000000..cddbdc3 Binary files /dev/null and b/vcl/qa/cppunit/graphicfilter/data/gif/pass/afl-sample-short-read-2.gif differ diff --git a/vcl/source/filter/igif/gifread.cxx b/vcl/source/filter/igif/gifread.cxx index 720aeec..7ded7a0 100644 --- a/vcl/source/filter/igif/gifread.cxx +++ b/vcl/source/filter/igif/gifread.cxx @@ -356,8 +356,8 @@ bool GIFReader::ReadLocalHeader() sal_uInt8 pBuf[ 9 ]; bool bRet = false; - rIStm.Read( pBuf, 9 ); - if( NO_PENDING( rIStm ) ) + sal_Size nRead = rIStm.Read(pBuf, 9); + if (NO_PENDING(rIStm) && nRead == 9) { SvMemoryStream aMemStm; BitmapPalette* pPal; diff --git a/vcl/source/gdi/dibtools.cxx b/vcl/source/gdi/dibtools.cxx index f624382..93f5dad 100644 --- a/vcl/source/gdi/dibtools.cxx +++ b/vcl/source/gdi/dibtools.cxx @@ -451,7 +451,7 @@ bool ImplReadDIBBits(SvStream& rIStm, DIBV5Header& rHeader, BitmapWriteAccess& r boost::scoped_array<sal_uInt8> pBuffer( new sal_uInt8[rHeader.nSizeImage]); - if (rIStm.Read((char*)pBuffer.get(), rHeader.nSizeImage) + if (rIStm.Read(pBuffer.get(), rHeader.nSizeImage) != rHeader.nSizeImage) { return false; commit a967c85b13819e2c81082edec0f217259dca7ca8 Author: Caolán McNamara <[email protected]> Date: Wed Nov 12 09:53:14 2014 +0000 valgrind+afl: short read Change-Id: I48fe6550c07c1b3d6b1099fd27f8c21427e37601 diff --git a/vcl/qa/cppunit/graphicfilter/data/gif/pass/afl-sample-short-read.gif b/vcl/qa/cppunit/graphicfilter/data/gif/pass/afl-sample-short-read.gif new file mode 100644 index 0000000..7cb2a03 Binary files /dev/null and b/vcl/qa/cppunit/graphicfilter/data/gif/pass/afl-sample-short-read.gif differ diff --git a/vcl/source/filter/igif/gifread.cxx b/vcl/source/filter/igif/gifread.cxx index 3917f1c..720aeec 100644 --- a/vcl/source/filter/igif/gifread.cxx +++ b/vcl/source/filter/igif/gifread.cxx @@ -329,14 +329,17 @@ bool GIFReader::ReadExtension() bRet = true; while( cSize && bStatus && !rIStm.IsEof() ) { - sal_uInt16 nCount = (sal_uInt16) cSize + 1; - boost::scoped_array<char> pBuffer(new char[ nCount ]); + sal_uInt16 nCount = (sal_uInt16) cSize + 1; + const sal_uInt64 nMaxPossible = rIStm.remainingSize(); + if (nMaxPossible > nCount) + nCount = nMaxPossible; + boost::scoped_array<sal_uInt8> pBuffer(new sal_uInt8[nCount]); bRet = false; - rIStm.Read( pBuffer.get(), nCount ); - if( NO_PENDING( rIStm ) ) + sal_Size nRead = rIStm.Read(pBuffer.get(), nCount); + if (NO_PENDING(rIStm) && cSize < nRead) { - cSize = (sal_uInt8) pBuffer[ cSize ]; + cSize = pBuffer[cSize]; bRet = true; } else commit f23a51c9f978a3a8796a63ebcc03f7fcad52c6dc Author: Caolán McNamara <[email protected]> Date: Wed Nov 12 09:24:00 2014 +0000 valgrind+afl: initialize nFlags Change-Id: I3543f7f6616b6f400a74930fd998e4d517f56afa diff --git a/vcl/source/filter/igif/gifread.cxx b/vcl/source/filter/igif/gifread.cxx index 3d2042c..3917f1c 100644 --- a/vcl/source/filter/igif/gifread.cxx +++ b/vcl/source/filter/igif/gifread.cxx @@ -358,14 +358,14 @@ bool GIFReader::ReadLocalHeader() { SvMemoryStream aMemStm; BitmapPalette* pPal; - sal_uInt8 nFlags; aMemStm.SetBuffer( (char*) pBuf, 9, false, 9 ); aMemStm.ReadUInt16( nImagePosX ); aMemStm.ReadUInt16( nImagePosY ); aMemStm.ReadUInt16( nImageWidth ); aMemStm.ReadUInt16( nImageHeight ); - aMemStm.ReadUChar( nFlags ); + sal_uInt8 nFlags(0); + aMemStm.ReadUChar(nFlags); // if interlaced, first define startvalue bInterlaced = ( ( nFlags & 0x40 ) == 0x40 ); commit 9d7979b1319ed7360cec8765a1b387dc1e086148 Author: Caolán McNamara <[email protected]> Date: Wed Nov 12 09:22:34 2014 +0000 valgrind+afl: short read Change-Id: I8165ac1b1ff17bf8165319b21c2a5cf595f75f36 diff --git a/vcl/source/filter/igif/gifread.cxx b/vcl/source/filter/igif/gifread.cxx index a99167f..3d2042c 100644 --- a/vcl/source/filter/igif/gifread.cxx +++ b/vcl/source/filter/igif/gifread.cxx @@ -184,17 +184,20 @@ bool GIFReader::ReadGlobalHeader() void GIFReader::ReadPaletteEntries( BitmapPalette* pPal, sal_uLong nCount ) { - const sal_uLong nLen = 3UL * nCount; + sal_uLong nLen = 3UL * nCount; + const sal_uInt64 nMaxPossible = rIStm.remainingSize(); + if (nLen > nMaxPossible) + nLen = nMaxPossible; boost::scoped_array<sal_uInt8> pBuf(new sal_uInt8[ nLen ]); - - rIStm.Read( pBuf.get(), nLen ); + sal_Size nRead = rIStm.Read(pBuf.get(), nLen); + nCount = nRead/3UL; if( NO_PENDING( rIStm ) ) { sal_uInt8* pTmp = pBuf.get(); - for( sal_uLong i = 0UL; i < nCount; ) + for (sal_uLong i = 0UL; i < nCount; ++i) { - BitmapColor& rColor = (*pPal)[ (sal_uInt16) i++ ]; + BitmapColor& rColor = (*pPal)[i]; rColor.SetRed( *pTmp++ ); rColor.SetGreen( *pTmp++ ); commit 9313095ea2d5f3dcc531d658e159e16ac2cb44fd Author: Caolán McNamara <[email protected]> Date: Wed Nov 12 09:12:34 2014 +0000 valgrind+afl: initialize cSize Change-Id: Ia1b553fed82645023c28467b837b51bd959adbbe diff --git a/vcl/source/filter/igif/gifread.cxx b/vcl/source/filter/igif/gifread.cxx index 9602e85..a99167f 100644 --- a/vcl/source/filter/igif/gifread.cxx +++ b/vcl/source/filter/igif/gifread.cxx @@ -214,16 +214,15 @@ void GIFReader::ReadPaletteEntries( BitmapPalette* pPal, sal_uLong nCount ) bool GIFReader::ReadExtension() { - sal_uInt8 cFunction; - sal_uInt8 cSize; - sal_uInt8 cByte; bool bRet = false; bool bOverreadDataBlocks = false; // Extension-Label + sal_uInt8 cFunction(0); rIStm.ReadUChar( cFunction ); if( NO_PENDING( rIStm ) ) { + sal_uInt8 cSize(0); // Block length rIStm.ReadUChar( cSize ); @@ -232,12 +231,12 @@ bool GIFReader::ReadExtension() // 'Graphic Control Extension' case( 0xf9 ) : { - sal_uInt8 cFlags; - - rIStm.ReadUChar( cFlags ); - rIStm.ReadUInt16( nTimer ); - rIStm.ReadUChar( nGCTransparentIndex ); - rIStm.ReadUChar( cByte ); + sal_uInt8 cFlags(0); + rIStm.ReadUChar(cFlags); + rIStm.ReadUInt16(nTimer); + rIStm.ReadUChar(nGCTransparentIndex); + sal_uInt8 cByte(0); + rIStm.ReadUChar(cByte); if ( NO_PENDING( rIStm ) ) { @@ -267,6 +266,7 @@ bool GIFReader::ReadExtension() // NetScape-Extension if( aAppId == "NETSCAPE" && aAppCode == "2.0" && cSize == 3 ) { + sal_uInt8 cByte(0); rIStm.ReadUChar( cByte ); // Loop-Extension @@ -293,6 +293,7 @@ bool GIFReader::ReadExtension() } else if ( aAppId == "STARDIV " && aAppCode == "5.0" && cSize == 9 ) { + sal_uInt8 cByte(0); rIStm.ReadUChar( cByte ); // Loop extension commit e76098b22e5d3f5bb422dfcca34b4d61fe2bd593 Author: Caolán McNamara <[email protected]> Date: Tue Nov 11 17:48:26 2014 +0000 valgrind+afl: check p1 at start of loop Change-Id: I9ef947d9a9089f2bcf6c86711f10224a03abf394 diff --git a/vcl/qa/cppunit/graphicfilter/data/png/pass/afl-sample-IDAT.png b/vcl/qa/cppunit/graphicfilter/data/png/pass/afl-sample-IDAT.png new file mode 100644 index 0000000..b116a92 Binary files /dev/null and b/vcl/qa/cppunit/graphicfilter/data/png/pass/afl-sample-IDAT.png differ diff --git a/vcl/source/gdi/pngread.cxx b/vcl/source/gdi/pngread.cxx index 2bbfede..36e6803 100644 --- a/vcl/source/gdi/pngread.cxx +++ b/vcl/source/gdi/pngread.cxx @@ -1030,9 +1030,11 @@ void PNGReaderImpl::ImplApplyFilter() p1 += mnBPP; // use left pixels - do + while (p1 < pScanEnd) + { *p1 = static_cast<sal_uInt8>( *p1 + *(p2++) ); - while( ++p1 < pScanEnd ); + ++p1; + } } break;
_______________________________________________ Libreoffice-commits mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
