sc/source/filter/lotus/op.cxx | 2 ++ sc/source/filter/lotus/tool.cxx | 2 +- sc/source/filter/starcalc/scflt.cxx | 7 +++++++ svl/source/items/poolio.cxx | 7 ++++++- 4 files changed, 16 insertions(+), 2 deletions(-)
New commits: commit 1a858eabef5dda2368c51a155209e5303c2f0547 Author: Caolán McNamara <caol...@redhat.com> Date: Fri Dec 12 13:43:10 2014 +0000 fix typo, thanks to Matteo Change-Id: I6fd3f69cc56672fe2639ee575f9ed0cdf45490bd diff --git a/sc/source/filter/lotus/tool.cxx b/sc/source/filter/lotus/tool.cxx index 03751d2..f09182c 100644 --- a/sc/source/filter/lotus/tool.cxx +++ b/sc/source/filter/lotus/tool.cxx @@ -87,7 +87,7 @@ void SetFormat(LotusContext& rContext, SCCOL nCol, SCROW nRow, SCTAB nTab, sal_u { nCol = SanitizeCol(nCol); nRow = SanitizeRow(nRow); - nRow = SanitizeTab(nTab); + nTab = SanitizeTab(nTab); // PREC: nSt = default number of decimal places rContext.pDoc->ApplyAttr(nCol, nRow, nTab, *(rContext.pValueFormCache->GetAttr(nFormat, nSt))); commit 6daf1083c2e4c0273449430db05ef8aba9648248 Author: Caolán McNamara <caol...@redhat.com> Date: Fri Dec 12 12:46:50 2014 +0000 coverity#1242875 Untrusted pointer write Change-Id: I197a67320bd6cd8f0e6735b8cd24deebcdf190f1 diff --git a/svl/source/items/poolio.cxx b/svl/source/items/poolio.cxx index 66f5ed7..1ccba90 100644 --- a/svl/source/items/poolio.cxx +++ b/svl/source/items/poolio.cxx @@ -696,7 +696,11 @@ SvStream &SfxItemPool::Load(SvStream &rStream) sal_uInt16 SfxItemPool::GetIndex_Impl(sal_uInt16 nWhich) const { - assert(nWhich >= pImp->mnStart && nWhich <= pImp->mnEnd); + if (nWhich < pImp->mnStart || nWhich > pImp->mnEnd) + { + assert(false && "missing bounds check before use"); + return 0; + } return nWhich - pImp->mnStart; } commit 9785fd625f4799019ee0fb52868321b177526497 Author: Caolán McNamara <caol...@redhat.com> Date: Fri Dec 12 12:35:24 2014 +0000 silence coverity#1242911 Untrusted loop bound Change-Id: Ifab75371cbedd26d510f162efe2c9247e37893ed diff --git a/svl/source/items/poolio.cxx b/svl/source/items/poolio.cxx index 4a026cf..66f5ed7 100644 --- a/svl/source/items/poolio.cxx +++ b/svl/source/items/poolio.cxx @@ -377,6 +377,7 @@ void SfxItemPool_Impl::readTheItems ( "not an item content" ); // Fill up missing ones + // coverity[tainted_data] - ignore this, though we should finally kill off this format for ( pItem = 0, n = nLastSurrogate+1; n < nSurrogate; ++n ) pNewArr->push_back( (SfxPoolItem*) pItem ); nLastSurrogate = nSurrogate; commit bab07202fcf5ea23d771ddb73180316524c63574 Author: Caolán McNamara <caol...@redhat.com> Date: Fri Dec 12 12:32:03 2014 +0000 coverity#1242775 Use of untrusted scalar value Change-Id: Iaaf92c4be9b41c5824a1b1474fbce19a1afa49ae diff --git a/sc/source/filter/lotus/op.cxx b/sc/source/filter/lotus/op.cxx index 69fa71b..69a9214 100644 --- a/sc/source/filter/lotus/op.cxx +++ b/sc/source/filter/lotus/op.cxx @@ -175,6 +175,8 @@ void OP_ColumnWidth(LotusContext& rContext, SvStream& r, sal_uInt16 /*n*/) if (ValidCol(nCol)) { + nCol = SanitizeCol(nCol); + sal_uInt16 nBreite; if( nWidthSpaces ) // assuming 10cpi character set commit 24d2831e69b86023ee4786a970cb988cbf610f9d Author: Caolán McNamara <caol...@redhat.com> Date: Fri Dec 12 12:27:07 2014 +0000 coverity#1242895 Untrusted loop bound Change-Id: If01f0edecca8988087386507717ea8222058bab8 diff --git a/sc/source/filter/starcalc/scflt.cxx b/sc/source/filter/starcalc/scflt.cxx index 25b350d..0355701 100644 --- a/sc/source/filter/starcalc/scflt.cxx +++ b/sc/source/filter/starcalc/scflt.cxx @@ -1456,6 +1456,13 @@ void Sc10Import::LoadTables() return; } rStream.ReadUInt16( DataCount ); + const sal_Size nMaxPossibleRecords = rStream.remainingSize() / (sizeof(sal_uInt16)*2); + if (DataCount > nMaxPossibleRecords) + { + SAL_WARN("sc", "Parsing error: " << nMaxPossibleRecords << + " max possible pairs, but " << DataCount << " claimed, truncating"); + DataCount = nMaxPossibleRecords; + } DataStart = 0; for (i=0; i < DataCount; i++) {
_______________________________________________ Libreoffice-commits mailing list libreoffice-comm...@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/libreoffice-commits