summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--include/o3tl/safeint.hxx18
-rw-r--r--tools/source/stream/stream.cxx2
2 files changed, 16 insertions, 4 deletions
diff --git a/include/o3tl/safeint.hxx b/include/o3tl/safeint.hxx
index 9df92ea1a9d1..71239d59c718 100644
--- a/include/o3tl/safeint.hxx
+++ b/include/o3tl/safeint.hxx
@@ -7,11 +7,11 @@
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/
-#ifndef INCLUDED_O3TL_SAFEINT_HXX
-#define INCLUDED_O3TL_SAFEINT_HXX
+#pragma once
#include <sal/config.h>
+#include <algorithm>
#include <cassert>
#include <limits>
#include <type_traits>
@@ -239,8 +239,20 @@ make_unsigned(T value)
// tools like -fsanitize=implicit-conversion should still be able to detect truncation:
template<typename T1, typename T2> constexpr T1 narrowing(T2 value) { return value; }
-}
+// std::min wrapped to inform coverity that the result is now sanitized
+#if defined(__COVERITY__)
+extern "C" void __coverity_tainted_data_sanitize__(void *);
+#endif
+template<typename T> inline T sanitizing_min(T a, T b)
+{
+ T ret = std::min(a, b);
+#if defined(__COVERITY__)
+ __coverity_tainted_data_sanitize__(&ret);
#endif
+ return ret;
+}
+
+}
/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
diff --git a/tools/source/stream/stream.cxx b/tools/source/stream/stream.cxx
index f807a56cf52f..2b7f8b08b1a3 100644
--- a/tools/source/stream/stream.cxx
+++ b/tools/source/stream/stream.cxx
@@ -1962,7 +1962,7 @@ OUString read_uInt16s_ToOUString(SvStream& rStrm, std::size_t nLen)
{
nLen = std::min<std::size_t>(nLen, SAL_MAX_INT32);
//limit allocation to size of file, but + 1 to set eof state
- nLen = std::min<sal_uInt64>(nLen, (rStrm.remainingSize() + 2) / 2);
+ nLen = o3tl::sanitizing_min<sal_uInt64>(nLen, (rStrm.remainingSize() + 2) / 2);
//alloc a (ref-count 1) rtl_uString of the desired length.
//rtl_String's buffer is uninitialized, except for null termination
pStr = rtl_uString_alloc(sal::static_int_cast<sal_Int32>(nLen));