connectivity/source/drivers/dbase/DTable.cxx | 15 +++++++++++++++
1 file changed, 15 insertions(+)
New commits:
commit 038c0ce3583a659b57ff3365589907683e29e0a1
Author: Caolán McNamara <caol...@redhat.com>
Date: Mon Aug 18 12:07:27 2014 +0100
check len before memcpying into it
valgrind + bff on sf_3e0068c9b19bb548826bed0599f65745-CrdWMI-minimized.gif
Change-Id: I74cc21609f1c97a27e13615593f678cbbc8463e3
(cherry picked from commit d4e64d030092984077021a9af9d281cd64c476bf)
Reviewed-on: https://gerrit.libreoffice.org/10992
Reviewed-by: Markus Mohrhard <markus.mohrh...@googlemail.com>
Tested-by: Markus Mohrhard <markus.mohrh...@googlemail.com>
diff --git a/connectivity/source/drivers/dbase/DTable.cxx
b/connectivity/source/drivers/dbase/DTable.cxx
index 06e0bcc..db6cad7 100644
--- a/connectivity/source/drivers/dbase/DTable.cxx
+++ b/connectivity/source/drivers/dbase/DTable.cxx
@@ -816,6 +816,7 @@ sal_Bool ODbaseTable::fetchRow(OValueRefRow& _rRow,const
OSQLColumns & _rCols, s
(*aIter)->getPropertyValue(OMetaConnection::getPropMap().getNameByIndex(PROPERTY_ID_PRECISION))
>>= nLen;
(*aIter)->getPropertyValue(OMetaConnection::getPropMap().getNameByIndex(PROPERTY_ID_TYPE))
>>= nType;
}
+
switch(nType)
{
case DataType::INTEGER:
@@ -892,6 +893,8 @@ sal_Bool ODbaseTable::fetchRow(OValueRefRow& _rRow,const
OSQLColumns & _rCols, s
else if ( DataType::INTEGER == nType )
{
sal_Int32 nValue = 0;
+ if (static_cast<size_t>(nLen) > sizeof(nValue))
+ return false;
memcpy(&nValue, pData, nLen);
*(_rRow->get())[i] = nValue;
}
@@ -901,6 +904,8 @@ sal_Bool ODbaseTable::fetchRow(OValueRefRow& _rRow,const
OSQLColumns & _rCols, s
if
(getBOOL((*aIter)->getPropertyValue(OMetaConnection::getPropMap().getNameByIndex(PROPERTY_ID_ISCURRENCY))))
// Currency is treated separately
{
sal_Int64 nValue = 0;
+ if (static_cast<size_t>(nLen) > sizeof(nValue))
+ return false;
memcpy(&nValue, pData, nLen);
if ( m_aScales[i-1] )
@@ -910,6 +915,8 @@ sal_Bool ODbaseTable::fetchRow(OValueRefRow& _rRow,const
OSQLColumns & _rCols, s
}
else
{
+ if (static_cast<size_t>(nLen) > sizeof(d))
+ return false;
memcpy(&d, pData, nLen);
}
@@ -1881,6 +1888,8 @@ sal_Bool ODbaseTable::UpdateBuffer(OValueRefVector& rRow,
OValueRefRow pOrgRow,
case DataType::INTEGER:
{
sal_Int32 nValue = thisColVal;
+ if (static_cast<size_t>(nLen) > sizeof(nValue))
+ return false;
memcpy(pData,&nValue,nLen);
}
break;
@@ -1896,10 +1905,16 @@ sal_Bool ODbaseTable::UpdateBuffer(OValueRefVector&
rRow, OValueRefRow pOrgRow,
nValue = (sal_Int64)(d *
pow(10.0,(int)m_aScales[i]));
else
nValue = (sal_Int64)(d);
+ if (static_cast<size_t>(nLen) > sizeof(nValue))
+ return false;
memcpy(pData,&nValue,nLen);
} // if
(getBOOL(xCol->getPropertyValue(OMetaConnection::getPropMap().getNameByIndex(PROPERTY_ID_ISCURRENCY))))
// Currency is treated separately
else
+ {
+ if (static_cast<size_t>(nLen) > sizeof(d))
+ return false;
memcpy(pData,&d,nLen);
+ }
}
break;
case DataType::DECIMAL:
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
