coverity#1209861 untaint image data

Change-Id: Icc3fd75533a6173f1cb051f3cd7a47d63e523652

coverity#1209861 untaint image data
Change-Id: Icc3fd75533a6173f1cb051f3cd7a47d63e523652
94ef826e · Caolán McNamara · 0cdfb1a2 · 94ef826e
Kaydet (Commit) 94ef826e authored Kas 11, 2014 tarafından Caolán McNamara
Show whitespace changes
Inline Side-by-side

Showing with 16 additions and 6 deletions

bmp.cxx vcl/unx/generic/dtrans/bmp.cxx +16 -6

No files found.
--- a/vcl/unx/generic/dtrans/bmp.cxx
+++ b/vcl/unx/generic/dtrans/bmp.cxx
@@ -54,16 +54,26 @@ inline void writeLE( sal_uInt32 nNumber, sal_uInt8* pBuffer )
 inline sal_uInt16 readLE16( const sal_uInt8* pBuffer )
 {
-    return (((sal_uInt16)pBuffer[1]) << 8 ) | pBuffer[0];
+    //This is untainted data which comes from a controlled source
+    //so, using a byte-swapping pattern which coverity doesn't
+    //detect as such
+    //http://security.coverity.com/blog/2014/Apr/on-detecting-heartbleed-with-static-analysis.html
+    sal_uInt16 v = pBuffer[1]; v <<= 8;
+    v |= pBuffer[0];
+    return v;
 }
 inline sal_uInt32 readLE32( const sal_uInt8* pBuffer )
 {
-    return
+    //This is untainted data which comes from a controlled source
-        (((sal_uInt32)pBuffer[3]) << 24 ) |
+    //so, using a byte-swapping pattern which coverity doesn't
-        (((sal_uInt32)pBuffer[2]) << 16 ) |
+    //detect as such
-        (((sal_uInt32)pBuffer[1]) <<  8 ) |
+    //http://security.coverity.com/blog/2014/Apr/on-detecting-heartbleed-with-static-analysis.html
-        pBuffer[0];
+    sal_uInt32 v = pBuffer[3]; v <<= 8;
+    v |= pBuffer[2]; v <<= 8;
+    v |= pBuffer[1]; v <<= 8;
+    v |= pBuffer[0];
+    return v;
 }
 /*