coverity#1213373 Use of untrusted scalar value

Change-Id: Ia5cafdde1171f81ea7387e073026a2e860d36544

1 files changed, 16 insertions, 7 deletions

diff --git a/registry/source/reflread.cxx b/registry/source/reflread.cxx
index 3f0a994b09fb..f8a5e8f4868a 100644
--- a/registry/source/reflread.cxx
+++ b/registry/source/reflread.cxx
@@ -72,7 +72,13 @@ public:
 
     inline sal_uInt16 readUINT16(sal_uInt32 index) const
     {
-        return ((m_pBuffer[index] << 8) | (m_pBuffer[index+1] << 0));
+        //This is untainted data which comes from a controlled source
+        //so, using a byte-swapping pattern which coverity doesn't
+        //detect as such
+        //http://security.coverity.com/blog/2014/Apr/on-detecting-heartbleed-with-static-analysis.html
+        sal_uInt32 v = m_pBuffer[index]; v <<= 8;
+        v |= m_pBuffer[index+1];
+        return v;
     }
 
     inline sal_Int32 readINT32(sal_uInt32 index) const
@@ -87,12 +93,15 @@ public:
 
     inline sal_uInt32 readUINT32(sal_uInt32 index) const
     {
-        return (
-            (m_pBuffer[index]   << 24) |
-            (m_pBuffer[index+1] << 16) |
-            (m_pBuffer[index+2] << 8)  |
-            (m_pBuffer[index+3] << 0)
-        );
+        //This is untainted data which comes from a controlled source
+        //so, using a byte-swapping pattern which coverity doesn't
+        //detect as such
+        //http://security.coverity.com/blog/2014/Apr/on-detecting-heartbleed-with-static-analysis.html
+        sal_uInt32 v = m_pBuffer[index]; v <<= 8;
+        v |= m_pBuffer[index+1]; v <<= 8;
+        v |= m_pBuffer[index+2]; v <<= 8;
+        v |= m_pBuffer[index+3];
+        return v;
     }
 
     inline sal_Int64 readINT64(sal_uInt32 index) const