include/o3tl/safeint.hxx | 18 +++++++++++++++---
tools/source/stream/stream.cxx | 2 +-
2 files changed, 16 insertions(+), 4 deletions(-)
New commits:
commit 69a32bec9b7121bd56560896828e76059bb49012
Author: Caolán McNamara <caol...@redhat.com>
AuthorDate: Wed Mar 24 10:15:28 2021 +0000
Commit: Caolán McNamara <caol...@redhat.com>
CommitDate: Wed Mar 24 21:32:10 2021 +0100
cid#1474353 experiment to silence Untrusted loop bound
the value *is* surely sanity checked here despite coverity's
bleating that it has passed through std::min unchanged when
it is the min value
Change-Id: Ic4f2b718832f88528f842280b4c0e04c4b3a9444
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/113031
Tested-by: Caolán McNamara <caol...@redhat.com>
Reviewed-by: Caolán McNamara <caol...@redhat.com>
diff --git a/include/o3tl/safeint.hxx b/include/o3tl/safeint.hxx
index 9df92ea1a9d1..71239d59c718 100644
--- a/include/o3tl/safeint.hxx
+++ b/include/o3tl/safeint.hxx
@@ -7,11 +7,11 @@
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*/
-#ifndef INCLUDED_O3TL_SAFEINT_HXX
-#define INCLUDED_O3TL_SAFEINT_HXX
+#pragma once
#include <sal/config.h>
+#include <algorithm>
#include <cassert>
#include <limits>
#include <type_traits>
@@ -239,8 +239,20 @@ make_unsigned(T value)
// tools like -fsanitize=implicit-conversion should still be able to detect
truncation:
template<typename T1, typename T2> constexpr T1 narrowing(T2 value) { return
value; }
-}
+// std::min wrapped to inform coverity that the result is now sanitized
+#if defined(__COVERITY__)
+extern "C" void __coverity_tainted_data_sanitize__(void *);
+#endif
+template<typename T> inline T sanitizing_min(T a, T b)
+{
+ T ret = std::min(a, b);
+#if defined(__COVERITY__)
+ __coverity_tainted_data_sanitize__(&ret);
#endif
+ return ret;
+}
+
+}
/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
diff --git a/tools/source/stream/stream.cxx b/tools/source/stream/stream.cxx
index f807a56cf52f..2b7f8b08b1a3 100644
--- a/tools/source/stream/stream.cxx
+++ b/tools/source/stream/stream.cxx
@@ -1962,7 +1962,7 @@ OUString read_uInt16s_ToOUString(SvStream& rStrm,
std::size_t nLen)
{
nLen = std::min<std::size_t>(nLen, SAL_MAX_INT32);
//limit allocation to size of file, but + 1 to set eof state
- nLen = std::min<sal_uInt64>(nLen, (rStrm.remainingSize() + 2) / 2);
+ nLen = o3tl::sanitizing_min<sal_uInt64>(nLen, (rStrm.remainingSize() +
2) / 2);
//alloc a (ref-count 1) rtl_uString of the desired length.
//rtl_String's buffer is uninitialized, except for null termination
pStr = rtl_uString_alloc(sal::static_int_cast<sal_Int32>(nLen));
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
