Date: prev next · Thread: first prev next last
2013 Archives by date, by thread · List index 

On 01/08/2013 02:19 PM, julien2412 wrote:

Reading this thread, I took a look at sal/rtl/source/strtmpl.cxx
     969 static IMPL_RTL_STRINGDATA* IMPL_RTL_STRINGNAME( ImplAlloc )(
sal_Int32 nLen )
     970 {
     971     IMPL_RTL_STRINGDATA * pData
     972         = (sal::static_int_cast< sal_uInt32 >(nLen)
     973            <= ((SAL_MAX_UINT32 - sizeof (IMPL_RTL_STRINGDATA))
     974                / sizeof (IMPL_RTL_STRCODE)))
     975         ? (IMPL_RTL_STRINGDATA *) rtl_allocateMemory(
     976             sizeof (IMPL_RTL_STRINGDATA) + nLen * sizeof
(IMPL_RTL_STRCODE))
     977         : NULL;
     978     if (pData != NULL) {
     979         pData->refCount = 1;
     980         pData->length = nLen;
     981         pData->buffer[nLen] = 0;
     982     }
     983     return pData;
     984 }

Since we cast "nLen" parameter in "sal_uInt32", could it help to add an
assert about nLen should be >= 0 ?
Such an assert would surely not hurt, but I suspect that there are call sites that do not catch overflow of computed length values (where such overflow can lead to wrong values that are negative as well as non-negative), so such an assert alone would not help catch all the problematic call sites. 

Stephan

Context

Privacy Policy | Impressum (Legal Info) | Copyright information: Unless otherwise specified, all text and images on this website are licensed under the Creative Commons Attribution-Share Alike 3.0 License. This does not include the source code of LibreOffice, which is licensed under the Mozilla Public License (MPLv2). "LibreOffice" and "The Document Foundation" are registered trademarks of their corresponding registered owners or are in actual use as trademarks in one or more countries. Their respective logos and icons are also subject to international copyright laws. Use thereof is explained in our trademark policy.