basic/source/runtime/methods.cxx | 5 ++--
filter/source/graphicfilter/ipict/ipict.cxx | 27 +++++++++++++++++++++++++
package/source/zipapi/ZipFile.cxx | 2 +
rsc/source/rscpp/cpp3.c | 1
sd/inc/sdmod.hxx | 2 -
sd/source/ui/app/sdmod1.cxx | 4 +--
svtools/qa/unit/GraphicObjectTest.cxx | 1
vcl/opengl/gdiimpl.cxx | 3 ++
vcl/source/fontsubset/sft.cxx | 30 +++++++++++++++++-----------
vcl/source/gdi/impfont.cxx | 8 +++++--
10 files changed, 65 insertions(+), 18 deletions(-)
New commits:
commit fcf43d7e8a908a303ccae274dcd6668aa93d4d50
Author: Caolán McNamara <caol...@redhat.com>
Date: Fri Nov 21 10:40:40 2014 +0000
coverity#1213367 rework to make comparison to len more clear
Change-Id: I9cb09bfc35f2b04567e52247f8bd1378910aeeb5
diff --git a/vcl/source/fontsubset/sft.cxx b/vcl/source/fontsubset/sft.cxx
index 1e0aa29..2a33640 100644
--- a/vcl/source/fontsubset/sft.cxx
+++ b/vcl/source/fontsubset/sft.cxx
@@ -844,7 +844,9 @@ static char *nameExtract( const sal_uInt8* name, int
nTableSize, int n, int dbFl
int len = GetUInt16(name+6, 12 * n + 8, 1);
// sanity check
- if( (len <= 0) || ((ptr+len) > (name+nTableSize)) )
+ const sal_uInt8* end_table = name+nTableSize;
+ const int available_space = ptr > end_table ? 0 : (end_table - ptr);
+ if( (len <= 0) || len > available_space)
{
if( ucs2result )
*ucs2result = NULL;
commit 46bdfa98c107e0aba92e42b46c0c5a287251017b
Author: Caolán McNamara <caol...@redhat.com>
Date: Fri Nov 21 10:34:48 2014 +0000
coverity#1213368 Untrusted value as argument
Change-Id: Ia1bd6464e6d4c6054ca8f2fce792de365984c02e
diff --git a/vcl/source/fontsubset/sft.cxx b/vcl/source/fontsubset/sft.cxx
index 390777e..1e0aa29 100644
--- a/vcl/source/fontsubset/sft.cxx
+++ b/vcl/source/fontsubset/sft.cxx
@@ -920,9 +920,9 @@ static int findname( const sal_uInt8 *name, sal_uInt16 n,
sal_uInt16 platformID,
static void GetNames(TrueTypeFont *t)
{
const sal_uInt8* table = getTable( t, O_name );
- int nTableSize = getTableSize(t, O_name);
+ const sal_uInt32 nTableSize = getTableSize(t, O_name);
- if (nTableSize < 4)
+ if (nTableSize < 6)
{
#if OSL_DEBUG_LEVEL > 1
fprintf(stderr, "O_name table too small\n");
@@ -931,13 +931,17 @@ static void GetNames(TrueTypeFont *t)
}
sal_uInt16 n = GetUInt16(table, 2, 1);
- int i, r;
- bool bPSNameOK = true;
- /* #129743# simple sanity check for name table entry count */
- if( nTableSize <= n * 12 + 6 )
+ /* simple sanity check for name table entry count */
+ const size_t nMinRecordSize = 12;
+ const size_t nSpaceAvailable = nTableSize - 6;
+ const size_t nMaxRecords = nSpaceAvailable/nMinRecordSize;
+ if (n >= nMaxRecords)
n = 0;
+ int i, r;
+ bool bPSNameOK = true;
+
/* PostScript name: preferred Microsoft */
t->psname = NULL;
if ((r = findname(table, n, 3, 1, 0x0409, 6)) != -1)
commit b3c282f12931b7e1cf152cb39664e3139012d7d0
Author: Caolán McNamara <caol...@redhat.com>
Date: Fri Nov 21 10:26:51 2014 +0000
move error patch test to start
Change-Id: Icd6a8b301eb7cc53aac9b84d2208bcde94218470
diff --git a/vcl/source/fontsubset/sft.cxx b/vcl/source/fontsubset/sft.cxx
index 2d52a19..390777e 100644
--- a/vcl/source/fontsubset/sft.cxx
+++ b/vcl/source/fontsubset/sft.cxx
@@ -879,12 +879,12 @@ static char *nameExtract( const sal_uInt8* name, int
nTableSize, int n, int dbFl
static int findname( const sal_uInt8 *name, sal_uInt16 n, sal_uInt16
platformID,
sal_uInt16 encodingID, sal_uInt16 languageID, sal_uInt16 nameID )
{
+ if (n == 0) return -1;
+
int l = 0, r = n-1, i;
sal_uInt32 t1, t2;
sal_uInt32 m1, m2;
- if (n == 0) return -1;
-
m1 = (platformID << 16) | encodingID;
m2 = (languageID << 16) | nameID;
commit 6027c7575bc7b8821a60bad3b70c237cae69ed72
Author: Caolán McNamara <caol...@redhat.com>
Date: Fri Nov 21 10:19:53 2014 +0000
coverity#1213370 rework to make comparison to rec[i].slen more clear
Change-Id: I13ff12f0023b2752ea40cbf941350ca4c7dc7f78
diff --git a/vcl/source/fontsubset/sft.cxx b/vcl/source/fontsubset/sft.cxx
index 4cdb95c..2d52a19 100644
--- a/vcl/source/fontsubset/sft.cxx
+++ b/vcl/source/fontsubset/sft.cxx
@@ -2716,9 +2716,11 @@ int GetTTNameRecords(TrueTypeFont *ttf, NameRecord **nr)
continue;
}
- const sal_uInt8* rec_string = table + nStrBase + nStrOffset;
+ const sal_uInt8* rec_string = table + nStrBase + nStrOffset;
// sanity check
- if( rec_string > (sal_uInt8*)ttf->ptr && rec_string <
((sal_uInt8*)ttf->ptr + ttf->fsize - rec[i].slen ) )
+ const sal_uInt8* end_table = ttf->ptr + ttf->fsize;
+ const size_t available_space = rec_string > end_table ? 0 :
(end_table - rec_string);
+ if (rec[i].slen <= available_space)
{
rec[i].sptr = (sal_uInt8 *) malloc(rec[i].slen);
assert(rec[i].sptr != 0);
memcpy(rec[i].sptr, rec_string, rec[i].slen);
commit 2abcb6cba9b5cd98d76d70418f6222f481fcd878
Author: Caolán McNamara <caol...@redhat.com>
Date: Fri Nov 21 10:10:09 2014 +0000
coverity#1209863 rework to explicitly compare cMaxChar
Change-Id: I739cf10c5031fd7abeb0c58569d65c03e225f5e4
diff --git a/vcl/source/gdi/impfont.cxx b/vcl/source/gdi/impfont.cxx
index d36005a..327b0d7 100644
--- a/vcl/source/gdi/impfont.cxx
+++ b/vcl/source/gdi/impfont.cxx
@@ -209,8 +209,12 @@ bool ParseCMAP( const unsigned char* pCmap, int nLength,
CmapResult& rResult )
const unsigned char* pGlyphIdPtr = pOffsetBase + 2*i +
nRangeOffset;
const size_t nRemainingSize = pEndValidArea - pGlyphIdPtr;
const size_t nMaxPossibleRecords = nRemainingSize/2;
- const size_t nRequestedRecords = cMaxChar - cMinChar + 1;
- if (nRequestedRecords > nMaxPossibleRecords) { // no sane
font should trigger this
+ if (nMaxPossibleRecords == 0) { // no sane font should
trigger this
+ SAL_WARN("vcl.gdi", "More indexes claimed that space
available in font!");
+ break;
+ }
+ const size_t nMaxLegalChar = cMinChar + nMaxPossibleRecords-1;
+ if (cMaxChar > nMaxLegalChar) { // no sane font should
trigger this
SAL_WARN("vcl.gdi", "More indexes claimed that space
available in font!");
break;
}
commit 0674dd36b6a344acc3f22676d8aa09158e17062f
Author: Caolán McNamara <caol...@redhat.com>
Date: Fri Nov 21 09:49:27 2014 +0000
coverity#1242675 Untrusted value as argument
Change-Id: Id1f1ff8de23b041742d2a8286b78312529f6566e
diff --git a/package/source/zipapi/ZipFile.cxx
b/package/source/zipapi/ZipFile.cxx
index bb178f5..f2dc709 100644
--- a/package/source/zipapi/ZipFile.cxx
+++ b/package/source/zipapi/ZipFile.cxx
@@ -664,6 +664,8 @@ bool ZipFile::readLOC( ZipEntry &rEntry )
const sal_Int64 nBytesAvailable = aGrabber.getLength() -
aGrabber.getPosition();
if (nPathLenToRead > nBytesAvailable)
nPathLenToRead = nBytesAvailable;
+ else if (nPathLenToRead < 0)
+ nPathLenToRead = 0;
// read always in UTF8, some tools seem not to set UTF8 bit
uno::Sequence<sal_Int8> aNameBuffer(nPathLenToRead);
commit af4700d70a807857ecb118c2bd23c023cfe387e7
Author: Caolán McNamara <caol...@redhat.com>
Date: Fri Nov 21 09:47:33 2014 +0000
document coverity#983096 Resource leak
Change-Id: If5a60dac2329432b30a7b5528e0fca05d4369b1a
diff --git a/rsc/source/rscpp/cpp3.c b/rsc/source/rscpp/cpp3.c
index f663a9f..1ab8816 100644
--- a/rsc/source/rscpp/cpp3.c
+++ b/rsc/source/rscpp/cpp3.c
@@ -148,6 +148,7 @@ int AddInclude( char* pIncStr )
*incend++ = pIncPos;
pIncPos = strtok( NULL, ";" );
}
+ /* coverity[leaked_storage] - we know this leaks, but it doesn't matter in
this short lived utility */
return( 1 );
}
commit b5c51b706850f4fd86f26b17169a272ae02c3da8
Author: Caolán McNamara <caol...@redhat.com>
Date: Fri Nov 21 09:40:09 2014 +0000
coverity#1242658 Untrusted loop bound
Change-Id: Ib3bb7f28b051c2886b470a77bdc6daf683a03f84
diff --git a/filter/source/graphicfilter/ipict/ipict.cxx
b/filter/source/graphicfilter/ipict/ipict.cxx
index 852e69b..acef0b7 100644
--- a/filter/source/graphicfilter/ipict/ipict.cxx
+++ b/filter/source/graphicfilter/ipict/ipict.cxx
@@ -909,6 +909,19 @@ sal_uLong PictReader::ReadPixMapEtc( Bitmap &rBitmap, bool
bBaseAddr, bool bColo
if ( nRowBytes < 2 * nWidth )
BITMAPERROR;
+ size_t nMinRecordSize;
+ if ( nRowBytes < 8 || nPackType == 1 )
+ nMinRecordSize = sizeof(sal_uInt16);
+ else if ( nRowBytes > 250 )
+ nMinRecordSize = sizeof(sal_uInt16);
+ else
+ nMinRecordSize = 1;
+
+ const size_t nMinRowWidth = nWidth * nMinRecordSize;
+ const size_t nMaxRows = pPict->remainingSize() / nMinRowWidth;
+ if (nHeight > nMaxRows)
+ BITMAPERROR;
+
for ( ny = 0; ny < nHeight; ny++ )
{
nx = 0;
@@ -1031,6 +1044,20 @@ sal_uLong PictReader::ReadPixMapEtc( Bitmap &rBitmap,
bool bBaseAddr, bool bColo
{
if ( ( nCmpCount == 3 ) || ( nCmpCount == 4 ) )
{
+ size_t nMinRecordSize;
+ if (nRowBytes > 250)
+ nMinRecordSize = sizeof(sal_uInt16);
+ else
+ nMinRecordSize = 1;
+
+ const size_t nMinRowWidth = nWidth * nMinRecordSize;
+ const size_t nMaxRows = pPict->remainingSize() / nMinRowWidth;
+ if (nHeight > nMaxRows)
+ BITMAPERROR;
+ const size_t nMaxWidth = pPict->remainingSize() / nHeight;
+ if (nWidth > nMaxWidth)
+ BITMAPERROR;
+
boost::scoped_array<sal_uInt8> pScanline(new
sal_uInt8[static_cast<size_t>(nWidth) * nCmpCount]);
for ( ny = 0; ny < nHeight; ny++ )
{
commit af26bb77d2dd63fd6d5473c234f746b3b38dc3f6
Author: Caolán McNamara <caol...@redhat.com>
Date: Fri Nov 21 09:24:11 2014 +0000
coverity#1255388 Division or modulo by float zero
and
coverity#1255387 Division or modulo by float zero
Change-Id: I86c6d5874a7a2c2eecefe7f786edff89ff50ffbf
diff --git a/vcl/opengl/gdiimpl.cxx b/vcl/opengl/gdiimpl.cxx
index 3929d63..1abc86e 100644
--- a/vcl/opengl/gdiimpl.cxx
+++ b/vcl/opengl/gdiimpl.cxx
@@ -727,6 +727,9 @@ void OpenGLSalGraphicsImpl::DrawTransformedTexture(
const basegfx::B2DPoint& rX,
const basegfx::B2DPoint& rY )
{
+ if (!rTexture.GetWidth() || !rTexture.GetHeight())
+ return;
+
const basegfx::B2DVector aXRel = rX - rNull;
const basegfx::B2DVector aYRel = rY - rNull;
const float aValues[] = {
commit ecc56da366960b642d0a7da1b4a47245243252f8
Author: Caolán McNamara <caol...@redhat.com>
Date: Fri Nov 21 09:22:38 2014 +0000
busted loop condition
regression from
commit 119873328acd70ca3569c21a0b1fe36277e8bf4c
Date: Thu Oct 21 15:34:02 2010 -0500
convert vos/process.hxx and related API
Change-Id: I36527a4f0109105b9853a79773b4c92f9bc4e902
diff --git a/basic/source/runtime/methods.cxx b/basic/source/runtime/methods.cxx
index 662dcc3..f27e771 100644
--- a/basic/source/runtime/methods.cxx
+++ b/basic/source/runtime/methods.cxx
@@ -3716,10 +3716,9 @@ RTLFUNC(Shell)
osl_freeProcessHandle( pApp );
}
- for(int j = 0; i < nParamCount; i++)
+ for(int j = 0; j < nParamCount; ++j)
{
rtl_uString_release(pParamList[j]);
- pParamList[j] = NULL;
}
delete [] pParamList;
commit ef076fa1c1aa15d42969c701803564bbc75a0cb0
Author: Caolán McNamara <caol...@redhat.com>
Date: Fri Nov 21 09:20:31 2014 +0000
coverity#1255390 Resource leak
Change-Id: I3631d6bbcf45986deb1e911fcdb0e6606a0c6d91
diff --git a/basic/source/runtime/methods.cxx b/basic/source/runtime/methods.cxx
index c1b6889..662dcc3 100644
--- a/basic/source/runtime/methods.cxx
+++ b/basic/source/runtime/methods.cxx
@@ -3722,6 +3722,8 @@ RTLFUNC(Shell)
pParamList[j] = NULL;
}
+ delete [] pParamList;
+
if( !bSucc )
{
StarBASIC::Error( SbERR_FILE_NOT_FOUND );
commit 4ea173180609df25a765c5a10889fc25863c659f
Author: Caolán McNamara <caol...@redhat.com>
Date: Fri Nov 21 09:16:50 2014 +0000
coverity#1255389 Dereference null return value
Change-Id: I3b2a4e69a1c86d9b9ce9f51d6f321bda9e18f8b5
diff --git a/svtools/qa/unit/GraphicObjectTest.cxx
b/svtools/qa/unit/GraphicObjectTest.cxx
index 0c96f15..3c4645b 100644
--- a/svtools/qa/unit/GraphicObjectTest.cxx
+++ b/svtools/qa/unit/GraphicObjectTest.cxx
@@ -168,6 +168,7 @@ void GraphicObjectTest::testSizeBasedAutoSwap()
if( aNodes[nIndex]->IsGrfNode() )
{
SwGrfNode* pGrfNode = aNodes[nIndex]->GetGrfNode();
+ CPPUNIT_ASSERT(pGrfNode);
if( !pGrafObj1 )
{
pGrafObj1 = &pGrfNode->GetGrfObj();
commit cdf7572996c553348deae7698f9b1170f5a105f2
Author: Caolán McNamara <caol...@redhat.com>
Date: Fri Nov 21 09:16:46 2014 +0000
coverity#1209008 Unchecked return value
Change-Id: I7204f02253ff970a6b6f25b83268372d914d7f13
diff --git a/sd/inc/sdmod.hxx b/sd/inc/sdmod.hxx
index b1b4291..d339c09 100644
--- a/sd/inc/sdmod.hxx
+++ b/sd/inc/sdmod.hxx
@@ -168,7 +168,7 @@ private:
This typically is the unmodified request from a execute()
function from where this function is called.
*/
- void OutlineToImpress (SfxRequest& rRequest);
+ bool OutlineToImpress(SfxRequest& rRequest);
/** Add an eventlistener as soon as possible in sd, allows to use
remote devices to start the slideshow elegantly, and respecting
diff --git a/sd/source/ui/app/sdmod1.cxx b/sd/source/ui/app/sdmod1.cxx
index a4aff4d..672ccdd 100644
--- a/sd/source/ui/app/sdmod1.cxx
+++ b/sd/source/ui/app/sdmod1.cxx
@@ -252,7 +252,7 @@ void SdModule::Execute(SfxRequest& rReq)
}
}
-void SdModule::OutlineToImpress (SfxRequest& rRequest)
+bool SdModule::OutlineToImpress(SfxRequest& rRequest)
{
const SfxItemSet* pSet = rRequest.GetArgs();
@@ -312,7 +312,7 @@ void SdModule::OutlineToImpress (SfxRequest& rRequest)
}
}
- rRequest.IsDone();
+ return rRequest.IsDone();
}
static bool bOnce = false;
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
