New Defects reported by Coverity Scan for LibreOffice
scan-admin at coverity.com
scan-admin at coverity.com
Fri Jun 26 22:59:05 UTC 2020
Hi,
Please find the latest report on new defect(s) introduced to LibreOffice found with Coverity Scan.
13 new defect(s) introduced to LibreOffice found with Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 13 of 13 defect(s)
** CID 1464975: (RESOURCE_LEAK)
/sd/source/filter/sdpptwrp.cxx: 347 in SdPPTFilter::Export()()
/sd/source/filter/sdpptwrp.cxx: 349 in SdPPTFilter::Export()()
/sd/source/filter/sdpptwrp.cxx: 324 in SdPPTFilter::Export()()
________________________________________________________________________________________________________
*** CID 1464975: (RESOURCE_LEAK)
/sd/source/filter/sdpptwrp.cxx: 347 in SdPPTFilter::Export()()
341 Sequence<sal_Int8> aStreamContent;
342 aStreamData.Value >>= aStreamContent;
343 size_t nBytesWritten = pStream->WriteBytes(aStreamContent.getArray(), aStreamContent.getLength());
344 if (nBytesWritten != static_cast<size_t>(aStreamContent.getLength()))
345 {
346 bRet = false;
>>> CID 1464975: (RESOURCE_LEAK)
>>> Variable "pStorage" going out of scope leaks the storage it points to.
347 break;
348 }
349 }
350 xEncryptedRootStrg->Commit();
351
352 // Restore encryption data
/sd/source/filter/sdpptwrp.cxx: 349 in SdPPTFilter::Export()()
343 size_t nBytesWritten = pStream->WriteBytes(aStreamContent.getArray(), aStreamContent.getLength());
344 if (nBytesWritten != static_cast<size_t>(aStreamContent.getLength()))
345 {
346 bRet = false;
347 break;
348 }
>>> CID 1464975: (RESOURCE_LEAK)
>>> Variable "pStorage" going out of scope leaks the storage it points to.
349 }
350 xEncryptedRootStrg->Commit();
351
352 // Restore encryption data
353 mrMedium.GetItemSet()->Put(SfxUnoAnyItem(SID_ENCRYPTIONDATA, makeAny(aEncryptionData)));
354 }
/sd/source/filter/sdpptwrp.cxx: 324 in SdPPTFilter::Export()()
318 if (idx < 0)
319 {
320 sFileName = sPathElem;
321 }
322 else
323 {
>>> CID 1464975: (RESOURCE_LEAK)
>>> Overwriting "pStorage" in "pStorage = pStorage->OpenSotStorage(sPathElem, StreamMode::STD_READWRITE, true)" leaks the storage that "pStorage" points to.
324 pStorage = pStorage->OpenSotStorage(sPathElem);
325 }
326 }
327 } while (pStorage && idx >= 0);
328
329 if (!pStorage)
** CID 1464974: Null pointer dereferences (FORWARD_NULL)
________________________________________________________________________________________________________
*** CID 1464974: Null pointer dereferences (FORWARD_NULL)
/sw/source/core/unocore/unosett.cxx: 1774 in SwXNumberingRules::SetPropertiesToNumFormat(SwNumFormat &, rtl::OUString &, rtl::OUString *, rtl::OUString *, rtl::OUString *, SwDoc *, const com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> &)()
1768 bWrongArg = true;
1769 }
1770 else if (rProp.Name == UNO_NAME_BULLET_FONT_NAME)
1771 {
1772 OUString sBulletFontName;
1773 rProp.Value >>= sBulletFontName;
>>> CID 1464974: Null pointer dereferences (FORWARD_NULL)
>>> Passing null pointer "pDoc" to "GetDocShell", which dereferences it.
1774 SwDocShell* pLclDocShell = pDoc->GetDocShell();
1775 if( !sBulletFontName.isEmpty() && pLclDocShell )
1776 {
1777 const SvxFontListItem* pFontListItem =
1778 static_cast<const SvxFontListItem* >(pLclDocShell
1779 ->GetItem( SID_ATTR_CHAR_FONTLIST ));
** CID 1464973: (RESOURCE_LEAK)
/sc/source/filter/excel/excel.cxx: 363 in lcl_ExportExcelBiff(SfxMedium &, ScDocument *, SvStream *, bool, unsigned short)()
/sc/source/filter/excel/excel.cxx: 388 in lcl_ExportExcelBiff(SfxMedium &, ScDocument *, SvStream *, bool, unsigned short)()
/sc/source/filter/excel/excel.cxx: 386 in lcl_ExportExcelBiff(SfxMedium &, ScDocument *, SvStream *, bool, unsigned short)()
________________________________________________________________________________________________________
*** CID 1464973: (RESOURCE_LEAK)
/sc/source/filter/excel/excel.cxx: 363 in lcl_ExportExcelBiff(SfxMedium &, ScDocument *, SvStream *, bool, unsigned short)()
357 if (idx < 0)
358 {
359 sFileName = sPathElem;
360 }
361 else
362 {
>>> CID 1464973: (RESOURCE_LEAK)
>>> Overwriting "pStorage" in "pStorage = pStorage->OpenSotStorage(sPathElem, StreamMode::STD_READWRITE, true)" leaks the storage that "pStorage" points to.
363 pStorage = pStorage->OpenSotStorage(sPathElem);
364 }
365 }
366 } while (pStorage && idx >= 0);
367
368 if (!pStorage)
/sc/source/filter/excel/excel.cxx: 388 in lcl_ExportExcelBiff(SfxMedium &, ScDocument *, SvStream *, bool, unsigned short)()
382 size_t nBytesWritten = pStream->WriteBytes(aStreamContent.getArray(), aStreamContent.getLength());
383 if (nBytesWritten != static_cast<size_t>(aStreamContent.getLength()))
384 {
385 eRet = ERRCODE_IO_CANTWRITE;
386 break;
387 }
>>> CID 1464973: (RESOURCE_LEAK)
>>> Variable "pStorage" going out of scope leaks the storage it points to.
388 }
389 xEncryptedRootStrg->Commit();
390
391 // Restore encryption data
392 rMedium.GetItemSet()->Put(SfxUnoAnyItem(SID_ENCRYPTIONDATA, uno::makeAny(aEncryptionData)));
393 }
/sc/source/filter/excel/excel.cxx: 386 in lcl_ExportExcelBiff(SfxMedium &, ScDocument *, SvStream *, bool, unsigned short)()
380 uno::Sequence<sal_Int8> aStreamContent;
381 aStreamData.Value >>= aStreamContent;
382 size_t nBytesWritten = pStream->WriteBytes(aStreamContent.getArray(), aStreamContent.getLength());
383 if (nBytesWritten != static_cast<size_t>(aStreamContent.getLength()))
384 {
385 eRet = ERRCODE_IO_CANTWRITE;
>>> CID 1464973: (RESOURCE_LEAK)
>>> Variable "pStorage" going out of scope leaks the storage it points to.
386 break;
387 }
388 }
389 xEncryptedRootStrg->Commit();
390
391 // Restore encryption data
** CID 1464972: Null pointer dereferences (FORWARD_NULL)
________________________________________________________________________________________________________
*** CID 1464972: Null pointer dereferences (FORWARD_NULL)
/vcl/jsdialog/jsdialogbuilder.cxx: 28 in JSInstanceBuilder::JSInstanceBuilder(weld::Widget *, const rtl::OUString &, const rtl::OUString &)()
22 pNotifier->libreOfficeKitViewCallback(LOK_CALLBACK_JSDIALOG, message.c_str());
23 }
24 }
25
26 JSInstanceBuilder::JSInstanceBuilder(weld::Widget* pParent, const OUString& rUIRoot,
27 const OUString& rUIFile)
>>> CID 1464972: Null pointer dereferences (FORWARD_NULL)
>>> Passing null pointer "dynamic_cast <SalInstanceWidget *>(pParent)" to "getWidget", which dereferences it.
28 : SalInstanceBuilder(dynamic_cast<SalInstanceWidget*>(pParent)
29 ? dynamic_cast<SalInstanceWidget*>(pParent)->getWidget()
30 : nullptr,
31 rUIRoot, rUIFile)
32 {
33 }
** CID 1464971: Null pointer dereferences (NULL_RETURNS)
________________________________________________________________________________________________________
*** CID 1464971: Null pointer dereferences (NULL_RETURNS)
/sw/source/core/text/xmldump.cxx: 471 in SwFrame::dumpAsXmlAttributes(_xmlTextWriter *) const()
465 xmlTextWriterWriteFormatAttribute( writer, BAD_CAST("follow"), "%" SAL_PRIuUINT32, pFF->GetFollow()->GetFrameId() );
466 }
467 if (IsSctFrame())
468 {
469 SwSectionFrame const*const pFrame(static_cast<SwSectionFrame const*>(this));
470 SwSectionNode const*const pNode(pFrame->GetSection()->GetFormat()->GetSectionNode());
>>> CID 1464971: Null pointer dereferences (NULL_RETURNS)
>>> Dereferencing a pointer that might be "nullptr" "pNode" when calling "GetIndex".
471 xmlTextWriterWriteFormatAttribute(writer, BAD_CAST("sectionNodeIndex"), TMP_FORMAT, pNode->GetIndex());
472 }
473 if ( IsTextFrame( ) )
474 {
475 const SwTextFrame *pTextFrame = static_cast<const SwTextFrame *>(this);
476 const SwTextNode *pTextNode = pTextFrame->GetTextNodeFirst();
** CID 1464970: Null pointer dereferences (FORWARD_NULL)
________________________________________________________________________________________________________
*** CID 1464970: Null pointer dereferences (FORWARD_NULL)
/sc/source/ui/app/inputwin.cxx: 198 in ScInputWindow::ScInputWindow(vcl::Window *, const SfxBindings *)()
192 InsertWindow (1, aWndPos.get(), ToolBoxItemBits::NONE, 0);
193 InsertSeparator (1);
194 InsertItem (SID_INPUT_FUNCTION, Image(StockImage::Yes, RID_BMP_INPUT_FUNCTION), ToolBoxItemBits::NONE, 2);
195 }
196
197 // sigma and equal buttons
>>> CID 1464970: Null pointer dereferences (FORWARD_NULL)
>>> Passing null pointer "this->mpViewShell" to "isLOKMobilePhone", which dereferences it.
198 if (!mpViewShell->isLOKMobilePhone())
199 {
200 InsertItem (SID_INPUT_SUM, Image(StockImage::Yes, RID_BMP_INPUT_SUM), ToolBoxItemBits::DROPDOWNONLY, 3);
201 InsertItem (SID_INPUT_EQUAL, Image(StockImage::Yes, RID_BMP_INPUT_EQUAL), ToolBoxItemBits::NONE, 4);
202 InsertItem (SID_INPUT_CANCEL, Image(StockImage::Yes, RID_BMP_INPUT_CANCEL), ToolBoxItemBits::NONE, 5);
203 InsertItem (SID_INPUT_OK, Image(StockImage::Yes, RID_BMP_INPUT_OK), ToolBoxItemBits::NONE, 6);
** CID 1464969: Error handling issues (CHECKED_RETURN)
/vcl/source/treelist/iconviewimpl.cxx: 608 in IconViewImpl::KeyInput(const KeyEvent &)()
________________________________________________________________________________________________________
*** CID 1464969: Error handling issues (CHECKED_RETURN)
/vcl/source/treelist/iconviewimpl.cxx: 608 in IconViewImpl::KeyInput(const KeyEvent &)()
602 // allow scrolling
603 break;
604 }
605
606 case KEY_RETURN:
607 {
>>> CID 1464969: Error handling issues (CHECKED_RETURN)
>>> Calling "Call" without checking return value (as is done elsewhere 4 out of 5 times).
608 m_pView->aDoubleClickHdl.Call( m_pView );
609 bHandled = true;
610
611 break;
612 }
613
** CID 1464968: Control flow issues (DEADCODE)
/sw/source/filter/ww8/wrtww8.cxx: 2601 in WW8AttributeOutput::TableCellBorders(const std::shared_ptr<ww8::WW8TableNodeInfoInner> &)()
________________________________________________________________________________________________________
*** CID 1464968: Control flow issues (DEADCODE)
/sw/source/filter/ww8/wrtww8.cxx: 2601 in WW8AttributeOutput::TableCellBorders(const std::shared_ptr<ww8::WW8TableNodeInfoInner> &)()
2595 &rTabBoxes[n]->GetFrameFormat()->GetBox();
2596 if( !pLastBox )
2597 pLastBox = pBox;
2598 else if( !pBox || *pLastBox != *pBox )
2599 {
2600 if ( !pLastBox )
>>> CID 1464968: Control flow issues (DEADCODE)
>>> Execution cannot reach this statement: "break;".
2601 break;
2602
2603 // This cell has different borders than the previous cell,
2604 // so output the borders for the preceding cell range.
2605 m_rWW8Export.Out_CellRangeBorders(pLastBox, nSeqStart, n);
2606
** CID 1464967: (RESOURCE_LEAK)
/sw/source/filter/ww8/wrtww8.cxx: 3768 in SwWW8Writer::WriteStorage()()
/sw/source/filter/ww8/wrtww8.cxx: 3741 in SwWW8Writer::WriteStorage()()
/sw/source/filter/ww8/wrtww8.cxx: 3766 in SwWW8Writer::WriteStorage()()
________________________________________________________________________________________________________
*** CID 1464967: (RESOURCE_LEAK)
/sw/source/filter/ww8/wrtww8.cxx: 3768 in SwWW8Writer::WriteStorage()()
3762 size_t nBytesWritten = pStream->WriteBytes(aStreamContent.getArray(), aStreamContent.getLength());
3763 if (nBytesWritten != static_cast<size_t>(aStreamContent.getLength()))
3764 {
3765 nErrorCode = ERRCODE_IO_CANTWRITE;
3766 break;
3767 }
>>> CID 1464967: (RESOURCE_LEAK)
>>> Variable "pStorage" going out of scope leaks the storage it points to.
3768 }
3769 }
3770
3771 return nErrorCode;
3772 }
3773 ErrCode SwWW8Writer::WriteStorageImpl()
/sw/source/filter/ww8/wrtww8.cxx: 3741 in SwWW8Writer::WriteStorage()()
3735 if (idx < 0)
3736 {
3737 sFileName = sPathElem;
3738 }
3739 else
3740 {
>>> CID 1464967: (RESOURCE_LEAK)
>>> Overwriting "pStorage" in "pStorage = pStorage->OpenSotStorage(sPathElem, StreamMode::STD_READWRITE, true)" leaks the storage that "pStorage" points to.
3741 pStorage = pStorage->OpenSotStorage(sPathElem);
3742 if (!pStorage)
3743 break;
3744 }
3745 }
3746 } while (pStorage && idx >= 0);
/sw/source/filter/ww8/wrtww8.cxx: 3766 in SwWW8Writer::WriteStorage()()
3760 uno::Sequence<sal_Int8> aStreamContent;
3761 aStreamData.Value >>= aStreamContent;
3762 size_t nBytesWritten = pStream->WriteBytes(aStreamContent.getArray(), aStreamContent.getLength());
3763 if (nBytesWritten != static_cast<size_t>(aStreamContent.getLength()))
3764 {
3765 nErrorCode = ERRCODE_IO_CANTWRITE;
>>> CID 1464967: (RESOURCE_LEAK)
>>> Variable "pStorage" going out of scope leaks the storage it points to.
3766 break;
3767 }
3768 }
3769 }
3770
3771 return nErrorCode;
** CID 1464966: Control flow issues (DEADCODE)
/xmloff/source/draw/shapeexport.cxx: 2924 in XMLShapeExport::ImpExportOLE2Shape(const com::sun::star::uno::Reference<com::sun::star::drawing::XShape> &, XmlShapeType, XMLShapeExportFlags, com::sun::star::awt::Point *, SvXMLAttributeList *)()
________________________________________________________________________________________________________
*** CID 1464966: Control flow issues (DEADCODE)
/xmloff/source/draw/shapeexport.cxx: 2924 in XMLShapeExport::ImpExportOLE2Shape(const com::sun::star::uno::Reference<com::sun::star::drawing::XShape> &, XmlShapeType, XMLShapeExportFlags, com::sun::star::awt::Point *, SvXMLAttributeList *)()
2918 }
2919 }
2920 }
2921 else
2922 {
2923 // export empty href for empty placeholders to be valid ODF
>>> CID 1464966: Control flow issues (DEADCODE)
>>> Execution cannot reach the expression "this->mrExport->AddAttribute(6, xmloff::token::XML_HREF, rtl::OUString const("", rtl::libreoffice_internal::Dummy()))" inside this statement: "this->mrExport->AddAttribut...".
2924 mrExport.AddAttribute(XML_NAMESPACE_XLINK, XML_HREF, "" );
2925 mrExport.AddAttribute( XML_NAMESPACE_XLINK, XML_TYPE, XML_SIMPLE );
2926 mrExport.AddAttribute( XML_NAMESPACE_XLINK, XML_SHOW, XML_EMBED );
2927 mrExport.AddAttribute( XML_NAMESPACE_XLINK, XML_ACTUATE, XML_ONLOAD );
2928 }
2929
** CID 1464965: Control flow issues (DEADCODE)
/xmloff/source/draw/shapeexport.cxx: 2402 in XMLShapeExport::ImpExportGraphicObjectShape(const com::sun::star::uno::Reference<com::sun::star::drawing::XShape> &, XmlShapeType, XMLShapeExportFlags, com::sun::star::awt::Point *)()
________________________________________________________________________________________________________
*** CID 1464965: Control flow issues (DEADCODE)
/xmloff/source/draw/shapeexport.cxx: 2402 in XMLShapeExport::ImpExportGraphicObjectShape(const com::sun::star::uno::Reference<com::sun::star::drawing::XShape> &, XmlShapeType, XMLShapeExportFlags, com::sun::star::awt::Point *)()
2396 mrExport.AddAttribute(XML_NAMESPACE_XLINK, XML_SHOW, XML_EMBED);
2397 mrExport.AddAttribute(XML_NAMESPACE_XLINK, XML_ACTUATE, XML_ONLOAD);
2398 }
2399 }
2400 else
2401 {
>>> CID 1464965: Control flow issues (DEADCODE)
>>> Execution cannot reach the expression "this->mrExport->AddAttribute(6, xmloff::token::XML_HREF, rtl::OUString())" inside this statement: "this->mrExport->AddAttribut...".
2402 mrExport.AddAttribute(XML_NAMESPACE_XLINK, XML_HREF, OUString());
2403 mrExport.AddAttribute(XML_NAMESPACE_XLINK, XML_TYPE, XML_SIMPLE);
2404 mrExport.AddAttribute(XML_NAMESPACE_XLINK, XML_SHOW, XML_EMBED);
2405 mrExport.AddAttribute(XML_NAMESPACE_XLINK, XML_ACTUATE, XML_ONLOAD);
2406 }
2407
** CID 1464964: API usage errors (INVALIDATE_ITERATOR)
/writerfilter/source/dmapper/DomainMapper_Impl.cxx: 1657 in writerfilter::dmapper::DomainMapper_Impl::finishParagraph(const tools::SvRef<writerfilter::dmapper::PropertyMap> &, bool)()
________________________________________________________________________________________________________
*** CID 1464964: API usage errors (INVALIDATE_ITERATOR)
/writerfilter/source/dmapper/DomainMapper_Impl.cxx: 1657 in writerfilter::dmapper::DomainMapper_Impl::finishParagraph(const tools::SvRef<writerfilter::dmapper::PropertyMap> &, bool)()
1651 {
1652 // This textnode has numbering. Look up the numbering style name of the current and previous paragraph.
1653 OUString aCurrentNumberingName;
1654 OUString aPreviousNumberingName;
1655 if (isNumberingViaRule)
1656 {
>>> CID 1464964: API usage errors (INVALIDATE_ITERATOR)
>>> Dereferencing iterator "itNumberingRules" though it is already past the end of its container.
1657 uno::Reference<container::XNamed> xCurrentNumberingRules(itNumberingRules->Value, uno::UNO_QUERY);
1658 if (xCurrentNumberingRules.is())
1659 aCurrentNumberingName = xCurrentNumberingRules->getName();
1660 if (m_xPreviousParagraph.is())
1661 {
1662 uno::Reference<container::XNamed> xPreviousNumberingRules(m_xPreviousParagraph->getPropertyValue("NumberingRules"), uno::UNO_QUERY);
** CID 1464963: Null pointer dereferences (FORWARD_NULL)
________________________________________________________________________________________________________
*** CID 1464963: Null pointer dereferences (FORWARD_NULL)
/sw/source/filter/ww8/wrtww8.cxx: 3741 in SwWW8Writer::WriteStorage()()
3735 if (idx < 0)
3736 {
3737 sFileName = sPathElem;
3738 }
3739 else
3740 {
>>> CID 1464963: Null pointer dereferences (FORWARD_NULL)
>>> Passing null pointer "pStorage" to "OpenSotStorage", which dereferences it.
3741 pStorage = pStorage->OpenSotStorage(sPathElem);
3742 if (!pStorage)
3743 break;
3744 }
3745 }
3746 } while (pStorage && idx >= 0);
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/ls/click?upn=nJaKvJSIH-2FPAfmty-2BK5tYpPklAc1eEA-2F1zfUjH6teExViPHTTReBArhCRZ3BE4kCjKjDqn2Dq3ZyEbAvAs31gRpU3vMPHDnoSx68vDAWjNU-3DNRdp_OTq2XUZbbipYjyLSo6GRo-2FpVxQ9OzkDINu9UTS-2FQhSdO0F0jQniitrGlNxDIzPJiNIv57A1D1K2Gn6W2cjMm-2F-2FSk6Axy1HU8H5dzx5z1zf4l3HG7K5aNNC1MLkmp-2BzCf1XU4Uzugm-2FFpHC2YsWZvlt1T-2FLUNe2Xv81jJgVLdGj0KELdWk1iDAgvtcrdMyEoyWGZY-2FNbt8osW3yWDFK9uhFc1Y4-2FLbZWEhu4dNGVRky7lHttwJTYNbWgyO8wBk96P
More information about the LibreOffice
mailing list