New Defects reported by Coverity Scan for LibreOffice
scan-admin at coverity.com
scan-admin at coverity.com
Thu Aug 6 20:33:02 UTC 2020
Hi,
Please find the latest report on new defect(s) introduced to LibreOffice found with Coverity Scan.
17 new defect(s) introduced to LibreOffice found with Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 17 of 17 defect(s)
** CID 1465676: Error handling issues (CHECKED_RETURN)
/sw/source/uibase/docvw/OutlineContentVisibilityWin.cxx: 68 in SwOutlineContentVisibilityWin::Set()()
________________________________________________________________________________________________________
*** CID 1465676: Error handling issues (CHECKED_RETURN)
/sw/source/uibase/docvw/OutlineContentVisibilityWin.cxx: 68 in SwOutlineContentVisibilityWin::Set()()
62 Hide();
63 return;
64 }
65 const SwTextNode* pTextNode = pTextFrame->GetTextNodeFirst();
66 SwWrtShell& rSh = GetEditWin()->GetView().GetWrtShell();
67 const SwOutlineNodes& rOutlineNodes = rSh.GetNodes().GetOutLineNds();
>>> CID 1465676: Error handling issues (CHECKED_RETURN)
>>> Calling "Seek_Entry" without checking return value (as is done elsewhere 23 out of 26 times).
68 rOutlineNodes.Seek_Entry(static_cast<SwNode*>(const_cast<SwTextNode*>(pTextNode)),
69 &m_nOutlinePos);
70 assert(m_nOutlinePos != SwOutlineNodes::npos);
71
72 // don't set if no content and no subs with content
73 auto nPos = m_nOutlinePos;
** CID 1465675: Uninitialized members (UNINIT_CTOR)
/sw/source/uibase/docvw/OutlineContentVisibilityWin.cxx: 41 in SwOutlineContentVisibilityWin::SwOutlineContentVisibilityWin(SwEditWin *, const SwFrame *)()
________________________________________________________________________________________________________
*** CID 1465675: Uninitialized members (UNINIT_CTOR)
/sw/source/uibase/docvw/OutlineContentVisibilityWin.cxx: 41 in SwOutlineContentVisibilityWin::SwOutlineContentVisibilityWin(SwEditWin *, const SwFrame *)()
35 , m_bDestroyed(false)
36 {
37 SetSizePixel(Size(BUTTON_WIDTH, BUTTON_HEIGHT));
38
39 m_aDelayTimer.SetTimeout(50);
40 m_aDelayTimer.SetInvokeHandler(LINK(this, SwOutlineContentVisibilityWin, DelayHandler));
>>> CID 1465675: Uninitialized members (UNINIT_CTOR)
>>> Non-static class member "m_nOutlinePos" is not initialized in this constructor nor in any functions that it calls.
41 }
42
43 void SwOutlineContentVisibilityWin::dispose()
44 {
45 m_bDestroyed = true;
46 m_aDelayTimer.Stop();
** CID 1465674: Incorrect expression (COPY_PASTE_ERROR)
/vcl/opengl/RenderList.cxx: 243 in RenderList::addDrawRectangle(long, long, long, long, double, Color, Color)()
________________________________________________________________________________________________________
*** CID 1465674: Incorrect expression (COPY_PASTE_ERROR)
/vcl/opengl/RenderList.cxx: 243 in RenderList::addDrawRectangle(long, long, long, long, double, Color, Color)()
237 fX1 - 0.5f, fY2 - 0.5f, fX2 + 0.5f, fY2 + 0.5f, nLineColor, fTransparency);
238 }
239
240 if (nFillColor == SALCOLOR_NONE)
241 return;
242
>>> CID 1465674: Incorrect expression (COPY_PASTE_ERROR)
>>> "nLineColor" looks like a copy-paste error.
243 if (nLineColor == SALCOLOR_NONE)
244 {
245 appendRectangle(rRenderParameter.maVertices, rRenderParameter.maIndices,
246 fX1 - 0.5f, fY1 - 0.5f, fX1 + 0.5f, fY2 + 0.5f, nFillColor, fTransparency);
247 appendRectangle(rRenderParameter.maVertices, rRenderParameter.maIndices,
248 fX1 - 0.5f, fY1 - 0.5f, fX2 + 0.5f, fY1 + 0.5f, nFillColor, fTransparency);
** CID 1465673: Error handling issues (CHECKED_RETURN)
/dbaccess/source/ui/querydesign/ConnectionLine.cxx: 90 in <unnamed>::calcPointsYValue(const dbaui::OTableWindow *, int, Point &, Point &)()
________________________________________________________________________________________________________
*** CID 1465673: Error handling issues (CHECKED_RETURN)
/dbaccess/source/ui/querydesign/ConnectionLine.cxx: 90 in <unnamed>::calcPointsYValue(const dbaui::OTableWindow *, int, Point &, Point &)()
84 _rNewConPos.setY( _pWin->GetPosPixel().Y() );
85 if (_nEntry != -1)
86 {
87 _rNewConPos.AdjustY(pListBox->GetPosPixel().Y() );
88 const weld::TreeView& rTreeView = pListBox->get_widget();
89 std::unique_ptr<weld::TreeIter> xEntry = rTreeView.make_iterator();
>>> CID 1465673: Error handling issues (CHECKED_RETURN)
>>> Calling "get_iter_first" without checking return value (as is done elsewhere 88 out of 94 times).
90 rTreeView.get_iter_first(*xEntry);
91 rTreeView.iter_nth_sibling(*xEntry, _nEntry);
92 auto nEntryPos = rTreeView.get_row_area(*xEntry).Center().Y();
93
94 if( nEntryPos >= 0 )
95 {
** CID 1465672: Uninitialized members (UNINIT_CTOR)
/xmloff/source/style/xmlstyle.cxx: 221 in <unnamed>::SvXMLStyleIndex_Impl::SvXMLStyleIndex_Impl(XmlStyleFamily, const rtl::OUString &)()
________________________________________________________________________________________________________
*** CID 1465672: Uninitialized members (UNINIT_CTOR)
/xmloff/source/style/xmlstyle.cxx: 221 in <unnamed>::SvXMLStyleIndex_Impl::SvXMLStyleIndex_Impl(XmlStyleFamily, const rtl::OUString &)()
215 public:
216
217 SvXMLStyleIndex_Impl( XmlStyleFamily nFam, const OUString& rName ) :
218 sName( rName ),
219 nFamily( nFam )
220 {
>>> CID 1465672: Uninitialized members (UNINIT_CTOR)
>>> Non-static class member "mpStyle" is not initialized in this constructor nor in any functions that it calls.
221 }
222
223 SvXMLStyleIndex_Impl( const rtl::Reference<SvXMLStyleContext> &rStl ) :
224 sName( rStl->GetName() ),
225 nFamily( rStl->GetFamily() ),
226 mpStyle ( rStl.get() )
** CID 1465671: Error handling issues (CHECKED_RETURN)
/xmloff/source/text/txtparai.cxx: 1941 in XMLParaContext::XMLParaContext(SvXMLImport &, unsigned short, const rtl::OUString &, const com::sun::star::uno::Reference<com::sun::star::xml::sax::XAttributeList> &, bool)()
________________________________________________________________________________________________________
*** CID 1465671: Error handling issues (CHECKED_RETURN)
/xmloff/source/text/txtparai.cxx: 1941 in XMLParaContext::XMLParaContext(SvXMLImport &, unsigned short, const rtl::OUString &, const com::sun::star::uno::Reference<com::sun::star::xml::sax::XAttributeList> &, bool)()
1935 mbOutlineLevelAttrFound = true;
1936 }
1937 break;
1938 case XML_TOK_TEXT_P_OUTLINE_CONTENT_VISIBLE:
1939 {
1940 mbOutlineContentVisible = true;
>>> CID 1465671: Error handling issues (CHECKED_RETURN)
>>> Calling "convertBool" without checking return value (as is done elsewhere 73 out of 79 times).
1941 ::sax::Converter::convertBool(mbOutlineContentVisible, rValue);
1942 }
1943 break;
1944 case XML_TOK_TEXT_P_IS_LIST_HEADER:
1945 {
1946 bool bBool(false);
** CID 1465670: Control flow issues (DEADCODE)
/sc/source/ui/cctrl/checklistmenu.cxx: 336 in ScCheckListMenuControl::selectMenuItem(unsigned long, bool)()
________________________________________________________________________________________________________
*** CID 1465670: Control flow issues (DEADCODE)
/sc/source/ui/cctrl/checklistmenu.cxx: 336 in ScCheckListMenuControl::selectMenuItem(unsigned long, bool)()
330 queueCloseSubMenu();
331 return;
332 }
333
334
335 if (nPos == MENU_NOT_SELECTED)
>>> CID 1465670: Control flow issues (DEADCODE)
>>> Execution cannot reach this statement: "return;".
336 return;
337
338 ScCheckListMenuWindow* pParentMenu = mxFrame->GetParentMenu();
339 if (pParentMenu)
340 pParentMenu->get_widget().setSubMenuFocused(this);
341
** CID 1465669: Null pointer dereferences (FORWARD_NULL)
________________________________________________________________________________________________________
*** CID 1465669: Null pointer dereferences (FORWARD_NULL)
/sw/source/uibase/uno/unotxdoc.cxx: 2951 in SwXTextDocument::render(int, const com::sun::star::uno::Any &, const com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> &)()
2945 if (!m_pPrintUIOptions)
2946 m_pPrintUIOptions = lcl_GetPrintUIOptions( pDocShell, pView );
2947 m_pPrintUIOptions->processProperties( rxOptions );
2948 const bool bPrintProspect = m_pPrintUIOptions->getBoolValue( "PrintProspect" );
2949 const bool bLastPage = m_pPrintUIOptions->getBoolValue( "IsLastPage" );
2950
>>> CID 1465669: Null pointer dereferences (FORWARD_NULL)
>>> "GetRenderDoc" dereferences null "this->pDocShell".
2951 SwDoc *pDoc = GetRenderDoc( pView, rSelection, bIsPDFExport );
2952 OSL_ENSURE( pDoc && pView, "doc or view shell missing!" );
2953 if (pDoc && pView)
2954 {
2955 sal_Int32 nMaxRenderer = 0;
2956 if (!bIsSwSrcView)
** CID 1462318: Memory - illegal accesses (USE_AFTER_FREE)
________________________________________________________________________________________________________
*** CID 1462318: Memory - illegal accesses (USE_AFTER_FREE)
/bridges/source/jni_uno/jni_java2uno.cxx: 218 in jni_uno::Bridge::call_uno(const jni_uno::JNI_context &, _uno_Interface *, _typelib_TypeDescription *, _typelib_TypeDescriptionReference *, int, const _typelib_MethodParameter *, _jobjectArray *) const()
212 {
213 JLocalAutoRef jo_arg(
214 jni, jni->GetObjectArrayElement( jo_args, nPos ) );
215 jni.ensure_no_exception();
216 jvalue java_arg;
217 java_arg.l = jo_arg.get();
>>> CID 1462318: Memory - illegal accesses (USE_AFTER_FREE)
>>> Calling "map_to_uno" dereferences freed pointer "type".
218 map_to_uno(
219 jni, uno_args[ nPos ], java_arg, type, nullptr,
220 false /* no assign */, param.bOut,
221 true /* special wrapped integral types */ );
222 }
223 catch (...)
** CID 1462316: (USE_AFTER_FREE)
/cppu/source/helper/purpenv/helper_purpenv_Proxy.cxx: 491 in Proxy::dispatch(_typelib_TypeDescriptionReference *, _typelib_MethodParameter *, int, const _typelib_TypeDescription *, void *, void **, _uno_Any **)()
________________________________________________________________________________________________________
*** CID 1462316: (USE_AFTER_FREE)
/cppu/source/helper/purpenv/helper_purpenv_Proxy.cxx: 457 in Proxy::dispatch(_typelib_TypeDescriptionReference *, _typelib_MethodParameter *, int, const _typelib_TypeDescription *, void *, void **, _uno_Any **)()
451 }
452 uno_Environment_invoke(m_to.get(), s_type_destructData_v, args[nPos], param.pTypeRef, 0);
453 }
454 }
455 if (ret != pReturn)
456 {
>>> CID 1462316: (USE_AFTER_FREE)
>>> Calling "uno_type_copyAndConvertData" dereferences freed pointer "pReturnTypeRef".
457 uno_type_copyAndConvertData(pReturn,
458 ret,
459 pReturnTypeRef,
460 m_to_from.get());
461
462 uno_Environment_invoke(m_to.get(), s_type_destructData_v, ret, pReturnTypeRef, 0);
/cppu/source/helper/purpenv/helper_purpenv_Proxy.cxx: 491 in Proxy::dispatch(_typelib_TypeDescriptionReference *, _typelib_MethodParameter *, int, const _typelib_TypeDescription *, void *, void **, _uno_Any **)()
485
486 // FIXME: need to destruct in m_to
487 uno_any_destruct(exc, nullptr);
488 }
489
490 if (m_probeFun)
>>> CID 1462316: (USE_AFTER_FREE)
>>> Passing freed pointer "pReturnTypeRef" as an argument to "*this->m_probeFun".
491 m_probeFun(false,
492 this,
493 m_pProbeContext,
494 pReturnTypeRef,
495 pParams,
496 nParams,
** CID 1462314: Memory - illegal accesses (USE_AFTER_FREE)
________________________________________________________________________________________________________
*** CID 1462314: Memory - illegal accesses (USE_AFTER_FREE)
/bridges/source/cpp_uno/gcc3_linux_x86-64/cpp2uno.cxx: 78 in cpp2uno_call(bridges::cpp_uno::shared::CppInterfaceProxy *, const _typelib_TypeDescription *, _typelib_TypeDescriptionReference *, int, _typelib_MethodParameter *, void **, void **, void **, unsigned long *)()
72
73 void * pUnoReturn = nullptr;
74 void * pCppReturn = nullptr; // complex return ptr: if != 0 && != pUnoReturn, reconversion need
75
76 if ( pReturnTypeDescr )
77 {
>>> CID 1462314: Memory - illegal accesses (USE_AFTER_FREE)
>>> Calling "return_in_hidden_param" dereferences freed pointer "pReturnTypeRef".
78 if ( x86_64::return_in_hidden_param( pReturnTypeRef ) )
79 {
80 pCppReturn = *gpreg++;
81 nr_gpr++;
82
83 pUnoReturn = ( bridges::cpp_uno::shared::relatesToInterfaceType( pReturnTypeDescr )
** CID 1462313: Memory - illegal accesses (USE_AFTER_FREE)
/bridges/source/jni_uno/jni_data.cxx: 1047 in jni_uno::Bridge::map_to_uno(const jni_uno::JNI_context &, void *, jvalue, _typelib_TypeDescriptionReference *, const jni_uno::JNI_type_info *, bool, bool, bool) const()
________________________________________________________________________________________________________
*** CID 1462313: Memory - illegal accesses (USE_AFTER_FREE)
/bridges/source/jni_uno/jni_data.cxx: 1047 in jni_uno::Bridge::map_to_uno(const jni_uno::JNI_context &, void *, jvalue, _typelib_TypeDescriptionReference *, const jni_uno::JNI_type_info *, bool, bool, bool) const()
1041 case typelib_TypeClass_INTERFACE:
1042 {
1043 TypeDescr element_td( element_type );
1044 seq = seq_allocate( nElements, element_td.get()->nSize );
1045
1046 JNI_type_info const * element_info;
>>> CID 1462313: Memory - illegal accesses (USE_AFTER_FREE)
>>> Dereferencing freed pointer "element_type".
1047 if (element_type->eTypeClass == typelib_TypeClass_STRUCT ||
1048 element_type->eTypeClass == typelib_TypeClass_EXCEPTION ||
1049 element_type->eTypeClass == typelib_TypeClass_INTERFACE)
1050 {
1051 element_info =
1052 getJniInfo()->get_type_info( jni, element_td.get() );
** CID 1462312: Memory - illegal accesses (USE_AFTER_FREE)
/bridges/source/jni_uno/jni_data.cxx: 2388 in jni_uno::Bridge::map_to_java(const jni_uno::JNI_context &, jvalue *, const void *, _typelib_TypeDescriptionReference *, const jni_uno::JNI_type_info *, bool, bool, bool) const()
________________________________________________________________________________________________________
*** CID 1462312: Memory - illegal accesses (USE_AFTER_FREE)
/bridges/source/jni_uno/jni_data.cxx: 2388 in jni_uno::Bridge::map_to_java(const jni_uno::JNI_context &, jvalue *, const void *, _typelib_TypeDescriptionReference *, const jni_uno::JNI_type_info *, bool, bool, bool) const()
2382 }
2383 }
2384 break;
2385 }
2386 default:
2387 {
>>> CID 1462312: Memory - illegal accesses (USE_AFTER_FREE)
>>> Dereferencing freed pointer "type".
2388 throw BridgeRuntimeError(
2389 "[map_to_java():" + OUString::unacquired( &type->pTypeName )
2390 + "] unsupported element type: "
2391 + OUString::unacquired( &element_type->pTypeName )
2392 + jni.get_stack_trace() );
2393 }
** CID 1462311: Memory - illegal accesses (USE_AFTER_FREE)
/cppu/source/uno/sequence.cxx: 805 in uno_type_sequence_reference2One()
________________________________________________________________________________________________________
*** CID 1462311: Memory - illegal accesses (USE_AFTER_FREE)
/cppu/source/uno/sequence.cxx: 805 in uno_type_sequence_reference2One()
799 &pNew, pSequence->elements,
800 reinterpret_cast<typelib_IndirectTypeDescription *>(pTypeDescr)->pType,
801 pSequence->nElements, acquire,
802 pSequence->nElements ); // alloc nElements
803 if (ret)
804 {
>>> CID 1462311: Memory - illegal accesses (USE_AFTER_FREE)
>>> Passing freed pointer "pType" as an argument to "idestructSequence".
805 idestructSequence( *ppSequence, pType, pTypeDescr, release );
806 *ppSequence = pNew;
807 }
808
809 TYPELIB_DANGER_RELEASE( pTypeDescr );
810 }
** CID 1462310: Memory - illegal accesses (USE_AFTER_FREE)
/bridges/source/jni_uno/jni_data.cxx: 1094 in jni_uno::Bridge::map_to_uno(const jni_uno::JNI_context &, void *, jvalue, _typelib_TypeDescriptionReference *, const jni_uno::JNI_type_info *, bool, bool, bool) const()
________________________________________________________________________________________________________
*** CID 1462310: Memory - illegal accesses (USE_AFTER_FREE)
/bridges/source/jni_uno/jni_data.cxx: 1094 in jni_uno::Bridge::map_to_uno(const jni_uno::JNI_context &, void *, jvalue, _typelib_TypeDescriptionReference *, const jni_uno::JNI_type_info *, bool, bool, bool) const()
1088 }
1089 }
1090 break;
1091 }
1092 default:
1093 {
>>> CID 1462310: Memory - illegal accesses (USE_AFTER_FREE)
>>> Dereferencing freed pointer "type".
1094 throw BridgeRuntimeError(
1095 "[map_to_uno():" + OUString::unacquired( &type->pTypeName )
1096 + "] unsupported sequence element type: "
1097 + OUString::unacquired( &element_type->pTypeName )
1098 + jni.get_stack_trace() );
1099 }
** CID 1462309: Memory - illegal accesses (USE_AFTER_FREE)
________________________________________________________________________________________________________
*** CID 1462309: Memory - illegal accesses (USE_AFTER_FREE)
/cppu/source/uno/destr.hxx: 139 in cppu::_destructAny(_uno_Any *, void (*)(void *))()
133 break;
134 }
135 #if OSL_DEBUG_LEVEL > 0
136 pAny->pData = reinterpret_cast<void *>(uintptr_t(0xdeadbeef));
137 #endif
138
>>> CID 1462309: Memory - illegal accesses (USE_AFTER_FREE)
>>> Calling "typelib_typedescriptionreference_release" dereferences freed pointer "pType".
139 ::typelib_typedescriptionreference_release( pType );
140 }
141
142 inline sal_Int32 idestructElements(
143 void * pElements, typelib_TypeDescriptionReference * pElementType,
144 sal_Int32 nStartIndex, sal_Int32 nStopIndex,
** CID 1462308: Memory - illegal accesses (USE_AFTER_FREE)
/bridges/source/jni_uno/jni_java2uno.cxx: 286 in jni_uno::Bridge::call_uno(const jni_uno::JNI_context &, _uno_Interface *, _typelib_TypeDescription *, _typelib_TypeDescriptionReference *, int, const _typelib_MethodParameter *, _jobjectArray *) const()
________________________________________________________________________________________________________
*** CID 1462308: Memory - illegal accesses (USE_AFTER_FREE)
/bridges/source/jni_uno/jni_java2uno.cxx: 286 in jni_uno::Bridge::call_uno(const jni_uno::JNI_context &, _uno_Interface *, _typelib_TypeDescription *, _typelib_TypeDescriptionReference *, int, const _typelib_MethodParameter *, _jobjectArray *) const()
280 type->eTypeClass != typelib_TypeClass_ENUM) // opt
281 {
282 uno_type_destructData( uno_args[ nPos ], type, nullptr );
283 }
284 }
285
>>> CID 1462308: Memory - illegal accesses (USE_AFTER_FREE)
>>> Dereferencing freed pointer "return_type".
286 if (return_type->eTypeClass != typelib_TypeClass_VOID)
287 {
288 // convert uno return value
289 jvalue java_ret;
290 try
291 {
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50ypSs1kiFPuCn2xFdlMIFBirii0zZ9j2-2F9F2XPBcBm2BNgi9duPy3v-2FzgFDd2LJ-2BDKI-3DPtsO_OTq2XUZbbipYjyLSo6GRo-2FpVxQ9OzkDINu9UTS-2FQhSdO0F0jQniitrGlNxDIzPJiiXPZi4mOPHWPLpuiRofcUvRfRJq4-2BGfNgELYxKs2jfk9Za1i14VsFm3DmBFhqKLg1B4Cp0AZIX5o1YV6-2B-2Fc3HGbrLNcmNsvZtqkfq3hBZ8rlDFLv5u0YpvnJKMW3aJ9WJZM5PwHSKnBcU9TSZyE-2FoDqBoBhaWDfP9FdtKMDZCtk-2FLFeOuCcJi-2BGpYDM5MZUh
More information about the LibreOffice
mailing list