coverity#736181 Out-of-bounds read

it should be fine, as we rely on there being at least one password char, this is the same as, commit 2d3ed7eb Author: Michael Meeks <michael.meeks@collabora.com> Date: Tue Feb 25 22:48:48 2014 +0000 cid#736173 - increase default fill chars buffer size. which is another impl of this Change-Id: I5e1e07af37bea0398153ede300beed67d37d5e12

coverity#736181 Out-of-bounds read
it should be fine, as we rely on there being at least one password char, this is the same as, commit 2d3ed7eb Author: Michael Meeks <michael.meeks@collabora.com> Date: Tue Feb 25 22:48:48 2014 +0000 cid#736173 - increase default fill chars buffer size. which is another impl of this Change-Id: I5e1e07af37bea0398153ede300beed67d37d5e12
fc81a580 · Caolán McNamara · ae755d90 · fc81a580 · fc81a580
Kaydet (Commit) fc81a580 authored Şub 10, 2017 tarafından Caolán McNamara
Hide whitespace changes
Inline Side-by-side

Showing with 6 additions and 8 deletions

mscodec.cxx filter/source/msfilter/mscodec.cxx +2 -3

binarycodec.cxx oox/source/core/binarycodec.cxx +4 -5

No files found.
--- a/filter/source/msfilter/mscodec.cxx
+++ b/filter/source/msfilter/mscodec.cxx
@@ -145,16 +145,15 @@ void MSCodec_Xor95::InitKey( const sal_uInt8 pnPassData[ 16 ] )
        0xBF, 0x0F, 0x00, 0x00
    };
-    std::size_t nIndex;
    std::size_t nLen = lclGetLen( pnPassData, 16 );
    const sal_uInt8* pnFillChar = spnFillChars;
-    for( nIndex = nLen; nIndex < sizeof( mpnKey ); ++nIndex, ++pnFillChar )
+    for (std::size_t nIndex = nLen; nIndex < sizeof(mpnKey); ++nIndex, ++pnFillChar)
        mpnKey[ nIndex ] = *pnFillChar;
    SVBT16 pnOrigKey;
    ShortToSVBT16( mnKey, pnOrigKey );
    sal_uInt8* pnKeyChar = mpnKey;
-    for( nIndex = 0; nIndex < sizeof( mpnKey ); ++nIndex, ++pnKeyChar )
+    for (std::size_t nIndex = 0; nIndex < sizeof(mpnKey); ++nIndex, ++pnKeyChar)
    {
        *pnKeyChar ^= pnOrigKey[ nIndex & 0x01 ];
        lclRotateLeft( *pnKeyChar, mnRotateDistance );

--- a/oox/source/core/binarycodec.cxx
+++ b/oox/source/core/binarycodec.cxx
@@ -133,19 +133,18 @@ void BinaryCodec_XOR::initKey( const sal_uInt8 pnPassData[ 16 ] )
    mnBaseKey = lclGetKey( pnPassData, 16 );
    mnHash = lclGetHash( pnPassData, 16 );
-     static const sal_uInt8 spnFillChars[] =
+    static const sal_uInt8 spnFillChars[] =
    {
        0xBB, 0xFF, 0xFF, 0xBA,
        0xFF, 0xFF, 0xB9, 0x80,
        0x00, 0xBE, 0x0F, 0x00,
-        0xBF, 0x0F, 0x00
+        0xBF, 0x0F, 0x00, 0x00
    };
    (void)memcpy( mpnKey, pnPassData, 16 );
-    sal_Int32 nIndex;
    sal_Int32 nLen = lclGetLen( pnPassData, 16 );
    const sal_uInt8* pnFillChar = spnFillChars;
-    for( nIndex = nLen; nIndex < static_cast< sal_Int32 >( sizeof( mpnKey ) ); ++nIndex, ++pnFillChar )
+    for (sal_Int32 nIndex = nLen; nIndex < static_cast<sal_Int32>(sizeof(mpnKey)); ++nIndex, ++pnFillChar )
        mpnKey[ nIndex ] = *pnFillChar;
    // rotation of key values is application dependent
@@ -162,7 +161,7 @@ void BinaryCodec_XOR::initKey( const sal_uInt8 pnPassData[ 16 ] )
    pnBaseKeyLE[ 0 ] = static_cast< sal_uInt8 >( mnBaseKey );
    pnBaseKeyLE[ 1 ] = static_cast< sal_uInt8 >( mnBaseKey >> 8 );
    sal_uInt8* pnKeyChar = mpnKey;
-    for( nIndex = 0; nIndex < static_cast< sal_Int32 >( sizeof( mpnKey ) ); ++nIndex, ++pnKeyChar )
+    for (sal_Int32 nIndex = 0; nIndex < static_cast<sal_Int32>(sizeof(mpnKey)); ++nIndex, ++pnKeyChar )
    {
        *pnKeyChar ^= pnBaseKeyLE[ nIndex & 1 ];
        lclRotateLeft( *pnKeyChar, nRotateSize );