chart2/source/tools/PolynomialRegressionCurveCalculator.cxx | 1
chart2/source/view/charttypes/PieChart.cxx | 1
compilerplugins/clang/test/writeonlyvars.cxx | 1
connectivity/source/drivers/dbase/DIndexIter.cxx | 1
connectivity/source/drivers/dbase/dindexnode.cxx | 2
include/o3tl/safeint.hxx | 56 ------
include/o3tl/untaint.hxx | 81 ++++++++++
lotuswordpro/source/filter/lwptablelayout.cxx | 1
sal/rtl/string.cxx | 9 -
sal/rtl/ustring.cxx | 9 -
sc/inc/kahan.hxx | 1
sc/source/core/data/document.cxx | 1
sc/source/core/tool/subtotal.cxx | 1
sc/source/filter/excel/impop.cxx | 2
sc/source/filter/excel/xistream.cxx | 2
sc/source/filter/excel/xlformula.cxx | 1
sc/source/filter/excel/xltoolbar.cxx | 2
scaddins/source/analysis/analysishelper.cxx | 1
scaddins/source/analysis/financial.cxx | 1
svl/source/numbers/zforscan.cxx | 1
svx/source/customshapes/EnhancedCustomShapeFunctionParser.cxx | 2
sw/source/core/table/swtable.cxx | 1
sw/source/filter/ww8/ww8scan.cxx | 2
sw/source/ui/index/cnttab.cxx | 2
tools/source/stream/stream.cxx | 1
25 files changed, 115 insertions(+), 68 deletions(-)
New commits:
commit be6015e3c4e3fcbb2a7c08d30156be71cfca768b
Author: Caolán McNamara <caolan.mcnam...@collabora.com>
AuthorDate: Tue Aug 19 15:39:25 2025 +0100
Commit: Caolán McNamara <caolan.mcnam...@collabora.com>
CommitDate: Wed Aug 20 15:08:44 2025 +0200
cid#1659971 silence Overflowed return value
and
cid#1659699 Overflowed return value
cid#1659759 Overflowed return value
cid#1659922 Overflowed return value
cid#1660190 Overflowed return value
cid#1660286 Overflowed return value
cid#1660457 Overflowed return value
Change-Id: Ie9fffe4994b10ed3d4feb14eaf7950e3f01714ef
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/189927
Reviewed-by: Caolán McNamara <caolan.mcnam...@collabora.com>
Tested-by: Jenkins
diff --git a/chart2/source/tools/PolynomialRegressionCurveCalculator.cxx
b/chart2/source/tools/PolynomialRegressionCurveCalculator.cxx
index 1f2ea3e3e965..074ddd23e1dc 100644
--- a/chart2/source/tools/PolynomialRegressionCurveCalculator.cxx
+++ b/chart2/source/tools/PolynomialRegressionCurveCalculator.cxx
@@ -22,6 +22,7 @@
#include <cmath>
#include <limits>
+#include <o3tl/untaint.hxx>
#include <rtl/math.hxx>
#include <rtl/ustrbuf.hxx>
diff --git a/chart2/source/view/charttypes/PieChart.cxx
b/chart2/source/view/charttypes/PieChart.cxx
index 812cfb66babe..fdf49388044a 100644
--- a/chart2/source/view/charttypes/PieChart.cxx
+++ b/chart2/source/view/charttypes/PieChart.cxx
@@ -36,6 +36,7 @@
#include <sal/log.hxx>
#include <osl/diagnose.h>
#include <comphelper/diagnose_ex.hxx>
+#include <o3tl/untaint.hxx>
#include <tools/helpers.hxx>
#include <limits>
diff --git a/compilerplugins/clang/test/writeonlyvars.cxx
b/compilerplugins/clang/test/writeonlyvars.cxx
index fc521fa7d417..0fc141f62dd2 100644
--- a/compilerplugins/clang/test/writeonlyvars.cxx
+++ b/compilerplugins/clang/test/writeonlyvars.cxx
@@ -24,7 +24,6 @@
#if defined LIBO_USE_SOURCE_LOCATION
// expected-error@o3tl/runtimetooustring.hxx:* {{read s
[loplugin:writeonlyvars]}}
// expected-error@o3tl/runtimetooustring.hxx:* {{write s
[loplugin:writeonlyvars]}}
-// expected-error@o3tl/safeint.hxx:* {{read res [loplugin:writeonlyvars]}}
#if !defined NDEBUG
// expected-error@o3tl/runtimetooustring.hxx:* {{read ok
[loplugin:writeonlyvars]}}
#endif
diff --git a/connectivity/source/drivers/dbase/DIndexIter.cxx
b/connectivity/source/drivers/dbase/DIndexIter.cxx
index 35f5862b1bc2..7f1c97451fc4 100644
--- a/connectivity/source/drivers/dbase/DIndexIter.cxx
+++ b/connectivity/source/drivers/dbase/DIndexIter.cxx
@@ -18,6 +18,7 @@
*/
#include <dbase/DIndexIter.hxx>
+#include <o3tl/untaint.hxx>
#include <com/sun/star/sdb/SQLFilterOperator.hpp>
using namespace ::com::sun::star::sdb;
diff --git a/connectivity/source/drivers/dbase/dindexnode.cxx
b/connectivity/source/drivers/dbase/dindexnode.cxx
index 0e4746a0b9a6..1b070b1aace1 100644
--- a/connectivity/source/drivers/dbase/dindexnode.cxx
+++ b/connectivity/source/drivers/dbase/dindexnode.cxx
@@ -19,7 +19,7 @@
#include <dbase/dindexnode.hxx>
#include <dbase/DIndex.hxx>
-#include <o3tl/safeint.hxx>
+#include <o3tl/untaint.hxx>
#include <tools/debug.hxx>
#include <tools/stream.hxx>
#include <sal/log.hxx>
diff --git a/include/o3tl/safeint.hxx b/include/o3tl/safeint.hxx
index 18a50c86694a..fa963e15ab24 100644
--- a/include/o3tl/safeint.hxx
+++ b/include/o3tl/safeint.hxx
@@ -227,62 +227,6 @@ clamp_to_unsigned(T2 value) {
// tools like -fsanitize=implicit-conversion should still be able to detect
truncation:
template<typename T1, typename T2> constexpr T1 narrowing(T2 value) { return
value; }
-// std::min wrapped to inform coverity that the result is now deemed sanitized
-// coverity[ -taint_source ]
-template<typename T> [[nodiscard]] inline T sanitizing_min(T a, T b)
-{
- return std::min(a, b);
-}
-
-// For use when std::inf is an acceptable result
-[[nodiscard]]
-#if defined __clang__ || defined __GNUC__
-__attribute__((no_sanitize("float-divide-by-zero")))
-#endif
-inline double div_allow_zero(double a, double b)
-{
-#if defined(__COVERITY__) && __COVERITY_MAJOR__ <= 2024
- assert(b != 0 && "suppress floating point divide_by_zero");
-#endif
- return a / b;
-}
-
-// To sanitize in/de-crementing value where the result is known by the caller
to be guaranteed to fit in
-// the source type range without over/under-flow
-[[nodiscard]] inline unsigned short sanitizing_inc(unsigned short value)
-{
- int res = value + 1;
- assert(res <= std::numeric_limits<unsigned short>::max() &&
- "nValue was supposed to be incrementable without overflow");
- return static_cast<unsigned short>(res);
-}
-
-[[nodiscard]] inline unsigned short sanitizing_dec(unsigned short value)
-{
- int res = value - 1;
- assert(res >= 0 &&
- "nValue was supposed to be decrementable without underflow");
- return static_cast<unsigned short>(res);
-}
-
-[[nodiscard]] inline short sanitizing_inc(short value)
-{
- int res = value + 1;
- assert(res >= std::numeric_limits<short>::min() &&
- res <= std::numeric_limits<short>::max() &&
- "nValue was supposed to be incrementable without overflow");
- return static_cast<short>(res);
-}
-
-[[nodiscard]] inline short sanitizing_dec(short value)
-{
- int res = value - 1;
- assert(res >= std::numeric_limits<short>::min() &&
- res <= std::numeric_limits<short>::max() &&
- "nValue was supposed to be decrementable without underflow");
- return static_cast<short>(res);
-}
-
// A helper for taking care of signed/unsigned comparisons in constant bounds
case
// Should avoid Coverity warnings like "cid#1618764 Operands don't affect
result"
template <typename I, I Min = std::template numeric_limits<I>::min(),
diff --git a/include/o3tl/untaint.hxx b/include/o3tl/untaint.hxx
new file mode 100644
index 000000000000..37632847039e
--- /dev/null
+++ b/include/o3tl/untaint.hxx
@@ -0,0 +1,81 @@
+/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
+/*
+ * This file is part of the LibreOffice project.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ */
+
+#pragma once
+
+#include <sal/config.h>
+
+#include <algorithm>
+#include <cassert>
+#include <limits>
+
+namespace o3tl
+{
+// For use when std::inf is an acceptable result
+[[nodiscard]]
+#if defined __clang__ || defined __GNUC__
+ __attribute__((no_sanitize("float-divide-by-zero")))
+#endif
+ inline double
+ div_allow_zero(double a, double b)
+{
+#if defined(__COVERITY__) && __COVERITY_MAJOR__ <= 2024
+ assert(b != 0 && "suppress floating point divide_by_zero");
+#endif
+ return a / b;
+}
+
+// std::min wrapped to inform coverity that the result is now deemed sanitized
+// coverity[ -taint_source ]
+template <typename T>[[nodiscard]] inline T sanitizing_min(T a, T b) { return
std::min(a, b); }
+
+// To sanitize in/de-crementing value where the result is known by the caller
to be guaranteed to fit in
+// the source type range without over/under-flow
+[[nodiscard]] inline unsigned short sanitizing_inc(unsigned short value)
+{
+ int res = value + 1;
+ assert(res <= std::numeric_limits<unsigned short>::max()
+ && "nValue was supposed to be incrementable without overflow");
+ return static_cast<unsigned short>(res);
+}
+
+[[nodiscard]] inline unsigned short sanitizing_dec(unsigned short value)
+{
+ int res = value - 1;
+ assert(res >= 0 && "nValue was supposed to be decrementable without
underflow");
+ return static_cast<unsigned short>(res);
+}
+
+[[nodiscard]] inline short sanitizing_inc(short value)
+{
+ int res = value + 1;
+ assert(res >= std::numeric_limits<short>::min() && res <=
std::numeric_limits<short>::max()
+ && "nValue was supposed to be incrementable without overflow");
+ return static_cast<short>(res);
+}
+
+[[nodiscard]] inline short sanitizing_dec(short value)
+{
+ int res = value - 1;
+ assert(res >= std::numeric_limits<short>::min() && res <=
std::numeric_limits<short>::max()
+ && "nValue was supposed to be decrementable without underflow");
+ return static_cast<short>(res);
+}
+
+// A hammer that can be used when coverity refuses to accept that code is safe
+// from overflow.
+template <typename T> inline void untaint_for_overrun([[maybe_unused]] T& a)
+{
+#if defined(__COVERITY__) && __COVERITY_MAJOR__ <= 2024
+ __coverity_mark_pointee_as_sanitized__(&a, OVERRUN);
+#endif
+}
+}
+
+/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
diff --git a/lotuswordpro/source/filter/lwptablelayout.cxx
b/lotuswordpro/source/filter/lwptablelayout.cxx
index f940b8c7d672..e04e664f0740 100644
--- a/lotuswordpro/source/filter/lwptablelayout.cxx
+++ b/lotuswordpro/source/filter/lwptablelayout.cxx
@@ -80,6 +80,7 @@
#include <xfilter/xfnumberstyle.hxx>
#include <xfilter/xfparastyle.hxx>
#include <o3tl/sorted_vector.hxx>
+#include <o3tl/untaint.hxx>
#include <sal/log.hxx>
#include <comphelper/configuration.hxx>
diff --git a/sal/rtl/string.cxx b/sal/rtl/string.cxx
index 33d7f8d076f2..cf53f84bac9a 100644
--- a/sal/rtl/string.cxx
+++ b/sal/rtl/string.cxx
@@ -22,6 +22,7 @@
#include <cassert>
#include <cstdlib>
+#include <o3tl/untaint.hxx>
#include <osl/diagnose.h>
#include <rtl/tencinfo.h>
@@ -380,7 +381,9 @@ sal_Int32 SAL_CALL rtl_str_indexOfChar(const char* pStr,
char c) noexcept
sal_Int32 SAL_CALL rtl_str_indexOfChar_WithLength(const char* pStr, sal_Int32
nLen, char c) noexcept
{
- return rtl::str::indexOfChar_WithLength(pStr, nLen, c);
+ sal_Int32 ret = rtl::str::indexOfChar_WithLength(pStr, nLen, c);
+ o3tl::untaint_for_overrun(ret);
+ return ret;
}
sal_Int32 SAL_CALL rtl_str_lastIndexOfChar(const char* pStr, char c) noexcept
@@ -401,7 +404,9 @@ sal_Int32 SAL_CALL rtl_str_indexOfStr(const char* pStr,
const char* pSubStr) noe
sal_Int32 SAL_CALL rtl_str_indexOfStr_WithLength(const char* pStr, sal_Int32
nStrLen,
const char* pSubStr,
sal_Int32 nSubLen) noexcept
{
- return rtl::str::indexOfStr_WithLength(pStr, nStrLen, pSubStr, nSubLen);
+ sal_Int32 ret = rtl::str::indexOfStr_WithLength(pStr, nStrLen, pSubStr,
nSubLen);
+ o3tl::untaint_for_overrun(ret);
+ return ret;
}
sal_Int32 SAL_CALL rtl_str_lastIndexOfStr(const char* pStr, const char*
pSubStr) noexcept
diff --git a/sal/rtl/ustring.cxx b/sal/rtl/ustring.cxx
index e05ed08c3ddc..ad71026a9c2a 100644
--- a/sal/rtl/ustring.cxx
+++ b/sal/rtl/ustring.cxx
@@ -26,6 +26,7 @@
#include <config_options.h>
#include <o3tl/string_view.hxx>
+#include <o3tl/untaint.hxx>
#include <osl/diagnose.h>
#include <osl/interlck.h>
#include <osl/mutex.h>
@@ -966,7 +967,9 @@ sal_Int32 SAL_CALL rtl_ustr_indexOfChar(const sal_Unicode*
pStr, sal_Unicode c)
sal_Int32 SAL_CALL rtl_ustr_indexOfChar_WithLength(const sal_Unicode* pStr,
sal_Int32 nLen,
sal_Unicode c) noexcept
{
- return rtl::str::indexOfChar_WithLength(pStr, nLen, c);
+ sal_Int32 nRet = rtl::str::indexOfChar_WithLength(pStr, nLen, c);
+ o3tl::untaint_for_overrun(nRet);
+ return nRet;
}
sal_Int32 SAL_CALL rtl_ustr_lastIndexOfChar(const sal_Unicode* pStr,
sal_Unicode c) noexcept
@@ -988,7 +991,9 @@ sal_Int32 SAL_CALL rtl_ustr_indexOfStr(const sal_Unicode*
pStr, const sal_Unicod
sal_Int32 SAL_CALL rtl_ustr_indexOfStr_WithLength(const sal_Unicode* pStr,
sal_Int32 nStrLen,
const sal_Unicode* pSubStr,
sal_Int32 nSubLen) noexcept
{
- return rtl::str::indexOfStr_WithLength(pStr, nStrLen, pSubStr, nSubLen);
+ sal_Int32 nRet = rtl::str::indexOfStr_WithLength(pStr, nStrLen, pSubStr,
nSubLen);
+ o3tl::untaint_for_overrun(nRet);
+ return nRet;
}
sal_Int32 SAL_CALL rtl_ustr_lastIndexOfStr(const sal_Unicode* pStr, const
sal_Unicode* pSubStr) noexcept
diff --git a/sc/inc/kahan.hxx b/sc/inc/kahan.hxx
index de3014b42ed9..9616a6e9e76b 100644
--- a/sc/inc/kahan.hxx
+++ b/sc/inc/kahan.hxx
@@ -9,6 +9,7 @@
#pragma once
+#include <o3tl/untaint.hxx>
#include <rtl/math.hxx>
#include <cmath>
diff --git a/sc/source/core/data/document.cxx b/sc/source/core/data/document.cxx
index e179081ce6df..f76c534dfdd9 100644
--- a/sc/source/core/data/document.cxx
+++ b/sc/source/core/data/document.cxx
@@ -21,6 +21,7 @@
#include <editeng/boxitem.hxx>
#include <editeng/editobj.hxx>
+#include <o3tl/untaint.hxx>
#include <svx/svditer.hxx>
#include <sfx2/docfile.hxx>
#include <svl/numformat.hxx>
diff --git a/sc/source/core/tool/subtotal.cxx b/sc/source/core/tool/subtotal.cxx
index ed9c6c478127..498e94f4f0f6 100644
--- a/sc/source/core/tool/subtotal.cxx
+++ b/sc/source/core/tool/subtotal.cxx
@@ -18,6 +18,7 @@
*/
#include <subtotal.hxx>
+#include <o3tl/untaint.hxx>
#include <sal/mathconf.h>
#include <cfloat>
diff --git a/sc/source/filter/excel/impop.cxx b/sc/source/filter/excel/impop.cxx
index 173049091223..d6faaa731f35 100644
--- a/sc/source/filter/excel/impop.cxx
+++ b/sc/source/filter/excel/impop.cxx
@@ -24,7 +24,7 @@
#include <scitems.hxx>
-#include <o3tl/safeint.hxx>
+#include <o3tl/untaint.hxx>
#include <sfx2/docfile.hxx>
#include <svx/svxids.hrc>
#include <svl/numformat.hxx>
diff --git a/sc/source/filter/excel/xistream.cxx
b/sc/source/filter/excel/xistream.cxx
index c4aa3c2b502f..ebb927ae8137 100644
--- a/sc/source/filter/excel/xistream.cxx
+++ b/sc/source/filter/excel/xistream.cxx
@@ -19,7 +19,7 @@
#include <comphelper/docpasswordhelper.hxx>
#include <comphelper/sequenceashashmap.hxx>
-#include <o3tl/safeint.hxx>
+#include <o3tl/untaint.hxx>
#include <osl/thread.h>
#include <osl/diagnose.h>
#include <sal/log.hxx>
diff --git a/sc/source/filter/excel/xlformula.cxx
b/sc/source/filter/excel/xlformula.cxx
index 2f8b2756d6c9..742557f0f822 100644
--- a/sc/source/filter/excel/xlformula.cxx
+++ b/sc/source/filter/excel/xlformula.cxx
@@ -26,6 +26,7 @@
#include <xlroot.hxx>
#include <comphelper/string.hxx>
+#include <o3tl/untaint.hxx>
#include <svl/sharedstringpool.hxx>
using namespace ::formula;
diff --git a/sc/source/filter/excel/xltoolbar.cxx
b/sc/source/filter/excel/xltoolbar.cxx
index eb030f155654..1e81a94df0cd 100644
--- a/sc/source/filter/excel/xltoolbar.cxx
+++ b/sc/source/filter/excel/xltoolbar.cxx
@@ -8,7 +8,7 @@
*/
#include "xltoolbar.hxx"
#include <sal/log.hxx>
-#include <o3tl/safeint.hxx>
+#include <o3tl/untaint.hxx>
#include <com/sun/star/beans/XPropertySet.hpp>
#include <com/sun/star/ui/XUIConfigurationPersistence.hpp>
#include <com/sun/star/ui/theModuleUIConfigurationManagerSupplier.hpp>
diff --git a/scaddins/source/analysis/analysishelper.cxx
b/scaddins/source/analysis/analysishelper.cxx
index d228667e25b9..7443dc2cc4ac 100644
--- a/scaddins/source/analysis/analysishelper.cxx
+++ b/scaddins/source/analysis/analysishelper.cxx
@@ -24,6 +24,7 @@
#include <string.h>
#include <stdio.h>
#include <o3tl/any.hxx>
+#include <o3tl/untaint.hxx>
#include <rtl/math.hxx>
#include <algorithm>
#include <cmath>
diff --git a/scaddins/source/analysis/financial.cxx
b/scaddins/source/analysis/financial.cxx
index dcc7f0554e9f..2128ea68d09f 100644
--- a/scaddins/source/analysis/financial.cxx
+++ b/scaddins/source/analysis/financial.cxx
@@ -21,6 +21,7 @@
#include "analysis.hxx"
#include "analysishelper.hxx"
#include <o3tl/temporary.hxx>
+#include <o3tl/untaint.hxx>
using namespace sca::analysis;
diff --git a/svl/source/numbers/zforscan.cxx b/svl/source/numbers/zforscan.cxx
index a63c91ee7716..430e7b6e3306 100644
--- a/svl/source/numbers/zforscan.cxx
+++ b/svl/source/numbers/zforscan.cxx
@@ -20,6 +20,7 @@
#include <stdlib.h>
#include <comphelper/string.hxx>
+#include <o3tl/untaint.hxx>
#include <sal/log.hxx>
#include <tools/debug.hxx>
#include <i18nlangtag/mslangid.hxx>
diff --git a/svx/source/customshapes/EnhancedCustomShapeFunctionParser.cxx
b/svx/source/customshapes/EnhancedCustomShapeFunctionParser.cxx
index f3ef252849bd..b7c45af71a86 100644
--- a/svx/source/customshapes/EnhancedCustomShapeFunctionParser.cxx
+++ b/svx/source/customshapes/EnhancedCustomShapeFunctionParser.cxx
@@ -19,7 +19,7 @@
#include <sal/config.h>
-#include <o3tl/safeint.hxx>
+#include <o3tl/untaint.hxx>
#include <svx/EnhancedCustomShape2d.hxx>
#include <rtl/ustring.hxx>
#include <sal/log.hxx>
diff --git a/sw/source/core/table/swtable.cxx b/sw/source/core/table/swtable.cxx
index c013e3164c8b..0d737127b621 100644
--- a/sw/source/core/table/swtable.cxx
+++ b/sw/source/core/table/swtable.cxx
@@ -60,6 +60,7 @@
#include <vector>
#include <calbck.hxx>
#include <o3tl/string_view.hxx>
+#include <o3tl/untaint.hxx>
#include <svl/numformat.hxx>
#include <txtfld.hxx>
#include <rolbck.hxx>
diff --git a/sw/source/filter/ww8/ww8scan.cxx b/sw/source/filter/ww8/ww8scan.cxx
index 31a8e6804b35..0c74d3ecc7aa 100644
--- a/sw/source/filter/ww8/ww8scan.cxx
+++ b/sw/source/filter/ww8/ww8scan.cxx
@@ -38,7 +38,7 @@
#include <comphelper/string.hxx>
#include <unotools/localedatawrapper.hxx>
#include <i18nlangtag/lang.h>
-#include <o3tl/safeint.hxx>
+#include <o3tl/untaint.hxx>
#include <tools/stream.hxx>
#include <vcl/settings.hxx>
diff --git a/sw/source/ui/index/cnttab.cxx b/sw/source/ui/index/cnttab.cxx
index 591858fa88f5..39c48b81a17b 100644
--- a/sw/source/ui/index/cnttab.cxx
+++ b/sw/source/ui/index/cnttab.cxx
@@ -20,7 +20,7 @@
#include <sal/config.h>
#include <osl/diagnose.h>
-#include <o3tl/safeint.hxx>
+#include <o3tl/untaint.hxx>
#include <sal/log.hxx>
#include <svl/style.hxx>
#include <utility>
diff --git a/tools/source/stream/stream.cxx b/tools/source/stream/stream.cxx
index 74926734138d..16e5e0fbb703 100644
--- a/tools/source/stream/stream.cxx
+++ b/tools/source/stream/stream.cxx
@@ -28,6 +28,7 @@
#include <string.h>
#include <o3tl/safeint.hxx>
+#include <o3tl/untaint.hxx>
#include <osl/endian.h>
#include <osl/diagnose.h>
#include <rtl/strbuf.hxx>
