diff options
| author | Caolán McNamara <caolanm@redhat.com> | 2014-08-18 12:07:27 +0100 |
|---|---|---|
| committer | Caolán McNamara <caolanm@redhat.com> | 2014-08-18 12:59:48 +0100 |
| commit | d4e64d030092984077021a9af9d281cd64c476bf (patch) | |
| tree | deda3d99f4e5a576949d79aa673b6912cd2e40c9 /connectivity | |
| parent | 21470afc81cd7d4c0bd165ff2877ae69f1bfc89a (diff) | |
check len before memcpying into it
valgrind + bff on sf_3e0068c9b19bb548826bed0599f65745-CrdWMI-minimized.gif
Change-Id: I74cc21609f1c97a27e13615593f678cbbc8463e3
Diffstat (limited to 'connectivity')
| -rw-r--r-- | connectivity/source/drivers/dbase/DTable.cxx | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/connectivity/source/drivers/dbase/DTable.cxx b/connectivity/source/drivers/dbase/DTable.cxx index b205958da3bc..a9f74b9494e9 100644 --- a/connectivity/source/drivers/dbase/DTable.cxx +++ b/connectivity/source/drivers/dbase/DTable.cxx @@ -806,6 +806,7 @@ bool ODbaseTable::fetchRow(OValueRefRow& _rRow, const OSQLColumns & _rCols, bool (*aIter)->getPropertyValue(OMetaConnection::getPropMap().getNameByIndex(PROPERTY_ID_PRECISION)) >>= nLen; (*aIter)->getPropertyValue(OMetaConnection::getPropMap().getNameByIndex(PROPERTY_ID_TYPE)) >>= nType; } + switch(nType) { case DataType::INTEGER: @@ -882,6 +883,8 @@ bool ODbaseTable::fetchRow(OValueRefRow& _rRow, const OSQLColumns & _rCols, bool else if ( DataType::INTEGER == nType ) { sal_Int32 nValue = 0; + if (static_cast<size_t>(nLen) > sizeof(nValue)) + return false; memcpy(&nValue, pData, nLen); *(_rRow->get())[i] = nValue; } @@ -891,6 +894,8 @@ bool ODbaseTable::fetchRow(OValueRefRow& _rRow, const OSQLColumns & _rCols, bool if (getBOOL((*aIter)->getPropertyValue(OMetaConnection::getPropMap().getNameByIndex(PROPERTY_ID_ISCURRENCY)))) // Currency is treated separately { sal_Int64 nValue = 0; + if (static_cast<size_t>(nLen) > sizeof(nValue)) + return false; memcpy(&nValue, pData, nLen); if ( m_aScales[i-1] ) @@ -900,6 +905,8 @@ bool ODbaseTable::fetchRow(OValueRefRow& _rRow, const OSQLColumns & _rCols, bool } else { + if (static_cast<size_t>(nLen) > sizeof(d)) + return false; memcpy(&d, pData, nLen); } @@ -1873,6 +1880,8 @@ bool ODbaseTable::UpdateBuffer(OValueRefVector& rRow, OValueRefRow pOrgRow, cons case DataType::INTEGER: { sal_Int32 nValue = thisColVal; + if (static_cast<size_t>(nLen) > sizeof(nValue)) + return false; memcpy(pData,&nValue,nLen); } break; @@ -1888,10 +1897,16 @@ bool ODbaseTable::UpdateBuffer(OValueRefVector& rRow, OValueRefRow pOrgRow, cons nValue = (sal_Int64)(d * pow(10.0,(int)m_aScales[i])); else nValue = (sal_Int64)(d); + if (static_cast<size_t>(nLen) > sizeof(nValue)) + return false; memcpy(pData,&nValue,nLen); } // if (getBOOL(xCol->getPropertyValue(OMetaConnection::getPropMap().getNameByIndex(PROPERTY_ID_ISCURRENCY)))) // Currency is treated separately else + { + if (static_cast<size_t>(nLen) > sizeof(d)) + return false; memcpy(pData,&d,nLen); + } } break; case DataType::DECIMAL: |