coverity#1373663 Untrusted loop bound

Change-Id: Iabad14f8fc35656015b98693dd327a41aeaf63c7

coverity#1373663 Untrusted loop bound
Change-Id: Iabad14f8fc35656015b98693dd327a41aeaf63c7
724f2b20 · Caolán McNamara · 0ae76ce8 · 724f2b20
Kaydet (Commit) 724f2b20 authored Eki 19, 2016 tarafından Caolán McNamara
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 8 deletions

backupfilehelper.cxx comphelper/source/misc/backupfilehelper.cxx +8 -8

No files found.
--- a/comphelper/source/misc/backupfilehelper.cxx
+++ b/comphelper/source/misc/backupfilehelper.cxx
@@ -105,14 +105,7 @@ namespace
        // read rTarget
        if (osl::File::E_None == rFile->read(static_cast<void*>(aArray), 4, nBaseRead) && 4 == nBaseRead)
        {
-            //This is untainted data which comes from a controlled source
-            //so, using a byte-swapping pattern which coverity doesn't
-            //detect as such
-            //http://security.coverity.com/blog/2014/Apr/on-detecting-heartbleed-with-static-analysis.html
-            rTarget = aArray[0]; rTarget <<= 8;
-            rTarget |= aArray[1]; rTarget <<= 8;
-            rTarget |= aArray[2]; rTarget <<= 8;
-            rTarget |= aArray[3];
+            rTarget = (sal_uInt32(aArray[0]) << 24) + (sal_uInt32(aArray[1]) << 16) + (sal_uInt32(aArray[2]) << 8) + sal_uInt32(aArray[3]);
            return true;
        }

@@ -674,6 +667,13 @@ namespace
                return false;
            }

+            // coverity#1373663 Untrusted loop bound, check file size
+            // isn't utterly broken
+            sal_uInt64 nFileSize(0);
+            rFile->getSize(nFileSize);
+            if (nFileSize < nExtEntries)
+                return false;
+
            for (sal_uInt32 a(0); a < nExtEntries; a++)
            {
                ExtensionInfoEntry aNewEntry;