untaint registry data

Desktop / LibreOffice - Caolán McNamara [redhat.com] - 29 October 2014 11:02 UTC

by using a byte-swapping pattern that coverity doesn't detect as such

tested as a scratch coverity attempt with a smaller project which has a far higher allocation of coverity attempts per week :-)

unsigned int readTaintedUINT32(const char* buffer) { unsigned int v = ( (buffer[0] << 24) | (buffer[1] << 16) | (buffer[2] << 8) | (buffer[3] << 0) );

return v; }

unsigned int readUntaintedUINT32(const char* p) { unsigned int v = *p++; v <<= 8;
v |= *p++; v <<= 8;
v |= *p++; v <<= 8; return v | *p; }

void foo(char *buffer) { char *pOne = new char[readTaintedUINT32(buffer)]; // ^ coverity only reports this delete [] pOne;

char *pTwo = new char[readUntaintedUINT32(buffer)]; // ^ and not this delete [] pTwo; }

should silence

coverity#1213371 Untrusted value as argument coverity#1213372 Untrusted value as argument coverity#1213373 Use of untrusted scalar value coverity#1213374 Use of untrusted scalar value coverity#1213376 Untrusted loop bound coverity#1213388 Use of untrusted scalar value coverity#1213389 Use of untrusted scalar value coverity#1213390 Use of untrusted scalar value coverity#1213423 Untrusted value as argument coverity#1213424 Untrusted value as argument coverity#1213425 Untrusted value as argument coverity#1213432 Untrusted value as argument coverity#1215304 Untrusted loop bound

6484bf5 untaint registry data
registry/source/reflcnst.hxx | 23 ++++++++++++++---------
1 file changed, 14 insertions(+), 9 deletions(-)

Upstream: cgit.freedesktop.org

  • Share