diff options
Diffstat (limited to 'registry/source/reflread.cxx')
-rw-r--r-- | registry/source/reflread.cxx | 23 |
1 files changed, 16 insertions, 7 deletions
diff --git a/registry/source/reflread.cxx b/registry/source/reflread.cxx index 3f0a994b09fb..f8a5e8f4868a 100644 --- a/registry/source/reflread.cxx +++ b/registry/source/reflread.cxx @@ -72,7 +72,13 @@ public: inline sal_uInt16 readUINT16(sal_uInt32 index) const { - return ((m_pBuffer[index] << 8) | (m_pBuffer[index+1] << 0)); + //This is untainted data which comes from a controlled source + //so, using a byte-swapping pattern which coverity doesn't + //detect as such + //http://security.coverity.com/blog/2014/Apr/on-detecting-heartbleed-with-static-analysis.html + sal_uInt32 v = m_pBuffer[index]; v <<= 8; + v |= m_pBuffer[index+1]; + return v; } inline sal_Int32 readINT32(sal_uInt32 index) const @@ -87,12 +93,15 @@ public: inline sal_uInt32 readUINT32(sal_uInt32 index) const { - return ( - (m_pBuffer[index] << 24) | - (m_pBuffer[index+1] << 16) | - (m_pBuffer[index+2] << 8) | - (m_pBuffer[index+3] << 0) - ); + //This is untainted data which comes from a controlled source + //so, using a byte-swapping pattern which coverity doesn't + //detect as such + //http://security.coverity.com/blog/2014/Apr/on-detecting-heartbleed-with-static-analysis.html + sal_uInt32 v = m_pBuffer[index]; v <<= 8; + v |= m_pBuffer[index+1]; v <<= 8; + v |= m_pBuffer[index+2]; v <<= 8; + v |= m_pBuffer[index+3]; + return v; } inline sal_Int64 readINT64(sal_uInt32 index) const |