Hi,
Please find the latest report on new defect(s) introduced to LibreOffice found
with Coverity Scan.
1 new defect(s) introduced to LibreOffice found with Coverity Scan.
18 defect(s), reported by Coverity Scan earlier, were marked fixed in the
recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)
** CID 1667257: Miscellaneous (UNSAFE_XML_PARSE_CONFIG)
/test/source/xmltesttools.cxx: 60 in
XmlTestTools::parseXmlStream(SvStream *)()
_____________________________________________________________________________________________
*** CID 1667257: Miscellaneous (UNSAFE_XML_PARSE_CONFIG)
/test/source/xmltesttools.cxx: 60 in
XmlTestTools::parseXmlStream(SvStream *)()
54 std::size_t nSize = pStream->remainingSize();
55 std::unique_ptr<sal_uInt8[]> pBuffer(new sal_uInt8[nSize + 1]);
56 pStream->ReadBytes(pBuffer.get(), nSize);
57 pBuffer[nSize] = 0;
58 auto pCharBuffer = reinterpret_cast<xmlChar*>(pBuffer.get());
59 SAL_INFO("test", "XmlTestTools::parseXmlStream: pBuffer is '" <<
pCharBuffer << "'");
>>> CID 1667257: Miscellaneous (UNSAFE_XML_PARSE_CONFIG)
>>> XML parse option should not have flag "XML_PARSE_HUGE" set, which is
>>> vulnerable to billion laughs attack.
60 return xmlDocUniquePtr(xmlReadDoc(pCharBuffer, nullptr, nullptr,
XML_PARSE_NODICT | XML_PARSE_HUGE));
61 }
62
63 xmlDocUniquePtr XmlTestTools::dumpAndParse(MetafileXmlDump& rDumper,
const GDIMetaFile& rGDIMetaFile)
64 {
65 SvMemoryStream aStream;
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit,
https://scan.coverity.com/projects/libreoffice?tab=overview
