diff options
| author | Caolán McNamara <caolanm@redhat.com> | 2014-11-11 10:33:10 +0000 |
|---|---|---|
| committer | Caolán McNamara <caolanm@redhat.com> | 2014-11-11 15:22:09 +0000 |
| commit | 94ef826e67b3dcb02f690901b67ed51c93a9cfca (patch) | |
| tree | 8f58fec020fde052ce65963ffe8533685115e607 /vcl/unx | |
| parent | 0cdfb1a2bb25d0e4b376875affed1d0621111d6b (diff) | |
coverity#1209861 untaint image data
Change-Id: Icc3fd75533a6173f1cb051f3cd7a47d63e523652
Diffstat (limited to 'vcl/unx')
| -rw-r--r-- | vcl/unx/generic/dtrans/bmp.cxx | 22 |
1 files changed, 16 insertions, 6 deletions
diff --git a/vcl/unx/generic/dtrans/bmp.cxx b/vcl/unx/generic/dtrans/bmp.cxx index 9109f45cc567..130c7f2b3ba7 100644 --- a/vcl/unx/generic/dtrans/bmp.cxx +++ b/vcl/unx/generic/dtrans/bmp.cxx @@ -54,16 +54,26 @@ inline void writeLE( sal_uInt32 nNumber, sal_uInt8* pBuffer ) inline sal_uInt16 readLE16( const sal_uInt8* pBuffer ) { - return (((sal_uInt16)pBuffer[1]) << 8 ) | pBuffer[0]; + //This is untainted data which comes from a controlled source + //so, using a byte-swapping pattern which coverity doesn't + //detect as such + //http://security.coverity.com/blog/2014/Apr/on-detecting-heartbleed-with-static-analysis.html + sal_uInt16 v = pBuffer[1]; v <<= 8; + v |= pBuffer[0]; + return v; } inline sal_uInt32 readLE32( const sal_uInt8* pBuffer ) { - return - (((sal_uInt32)pBuffer[3]) << 24 ) | - (((sal_uInt32)pBuffer[2]) << 16 ) | - (((sal_uInt32)pBuffer[1]) << 8 ) | - pBuffer[0]; + //This is untainted data which comes from a controlled source + //so, using a byte-swapping pattern which coverity doesn't + //detect as such + //http://security.coverity.com/blog/2014/Apr/on-detecting-heartbleed-with-static-analysis.html + sal_uInt32 v = pBuffer[3]; v <<= 8; + v |= pBuffer[2]; v <<= 8; + v |= pBuffer[1]; v <<= 8; + v |= pBuffer[0]; + return v; } /* |