Skip to content

C
core
Kaydet (Commit) 642cf9af authored tarafından Caolán McNamara's avatar Caolán McNamara
Dosyalara gözat
Seçenekler

coverity#1209863 Untrusted loop bound 

Change-Id: I3de3601f489db2a4dafb4d80f5ef35d5db38ba76
üst 71c00f4b
Hide whitespace changes
Inline Side-by-side
Showing with 11 additions and 2 deletions
vcl/source/gdi/impfont.cxx
Dosyayı görüntüle @ 642cf9af
...@@ -110,6 +110,8 @@ bool ParseCMAP( const unsigned char* pCmap, int nLength, CmapResult& rResult ) ...@@ -110,6 +110,8 @@ bool ParseCMAP( const unsigned char* pCmap, int nLength, CmapResult& rResult )
if( (nSubTables <= 0) || (nLength < (24 + 8*nSubTables)) ) if( (nSubTables <= 0) || (nLength < (24 + 8*nSubTables)) )
return false; return false;
const unsigned char* pEndValidArea = pCmap + nLength;
// find the most interesting subtable in the CMAP // find the most interesting subtable in the CMAP
rtl_TextEncoding eRecodeFrom = RTL_TEXTENCODING_UNICODE; rtl_TextEncoding eRecodeFrom = RTL_TEXTENCODING_UNICODE;
int nOffset = 0; int nOffset = 0;
...@@ -198,8 +200,6 @@ bool ParseCMAP( const unsigned char* pCmap, int nLength, CmapResult& rResult ) ...@@ -198,8 +200,6 @@ bool ParseCMAP( const unsigned char* pCmap, int nLength, CmapResult& rResult )
SAL_WARN("vcl.gdi", "Format 4 char should not be 0xFFFF"); SAL_WARN("vcl.gdi", "Format 4 char should not be 0xFFFF");
break; break;
} }
*(pCP++) = cMinChar;
*(pCP++) = cMaxChar + 1;
if( !nRangeOffset ) { if( !nRangeOffset ) {
// glyphid can be calculated directly // glyphid can be calculated directly
pStartGlyphs[i] = (cMinChar + nGlyphDelta) & 0xFFFF; pStartGlyphs[i] = (cMinChar + nGlyphDelta) & 0xFFFF;
...@@ -207,11 +207,20 @@ bool ParseCMAP( const unsigned char* pCmap, int nLength, CmapResult& rResult ) ...@@ -207,11 +207,20 @@ bool ParseCMAP( const unsigned char* pCmap, int nLength, CmapResult& rResult )
// update the glyphid-array with the glyphs in this range // update the glyphid-array with the glyphs in this range
pStartGlyphs[i] = -(int)aGlyphIdArray.size(); pStartGlyphs[i] = -(int)aGlyphIdArray.size();
const unsigned char* pGlyphIdPtr = pOffsetBase + 2*i + nRangeOffset; const unsigned char* pGlyphIdPtr = pOffsetBase + 2*i + nRangeOffset;
const size_t nRemainingSize = pEndValidArea - pGlyphIdPtr;
const size_t nMaxPossibleRecords = nRemainingSize/2;
const size_t nRequestedRecords = cMaxChar - cMinChar + 1;
if (nRequestedRecords > nMaxPossibleRecords) { // no sane font should trigger this
SAL_WARN("vcl.gdi", "More indexes claimed that space available in font!");
break;
}
for( sal_UCS4 c = cMinChar; c <= cMaxChar; ++c, pGlyphIdPtr+=2 ) { for( sal_UCS4 c = cMinChar; c <= cMaxChar; ++c, pGlyphIdPtr+=2 ) {
const int nGlyphIndex = Getsal_uInt16( pGlyphIdPtr ) + nGlyphDelta; const int nGlyphIndex = Getsal_uInt16( pGlyphIdPtr ) + nGlyphDelta;
aGlyphIdArray.push_back( static_cast<sal_uInt16>(nGlyphIndex) ); aGlyphIdArray.push_back( static_cast<sal_uInt16>(nGlyphIndex) );
} }
} }
*(pCP++) = cMinChar;
*(pCP++) = cMaxChar + 1;
} }
nRangeCount = (pCP - pCodePairs) / 2; nRangeCount = (pCP - pCodePairs) / 2;
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment