New Defects reported by Coverity Scan for LibreOffice
scan-admin at coverity.com
scan-admin at coverity.com
Sun Oct 24 09:54:50 UTC 2021
Hi,
Please find the latest report on new defect(s) introduced to LibreOffice found with Coverity Scan.
6 new defect(s) introduced to LibreOffice found with Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 6 of 6 defect(s)
** CID 1493243: Incorrect expression (COPY_PASTE_ERROR)
/sw/source/core/undo/undel.cxx: 81 in FindFirstAndNextNode(SwDoc &, const SwUndRng &, const SwRedlineSaveDatas &, SwTextNode *&)()
________________________________________________________________________________________________________
*** CID 1493243: Incorrect expression (COPY_PASTE_ERROR)
/sw/source/core/undo/undel.cxx: 81 in FindFirstAndNextNode(SwDoc &, const SwUndRng &, const SwRedlineSaveDatas &, SwTextNode *&)()
75 assert(rRange.m_nEndContent == 0);
76 SwNodeOffset nEndOfRedline(0);
77 for (size_t i = 0; i < rRedlineSaveData.size(); ++i)
78 {
79 auto const& rRedline(rRedlineSaveData[i]);
80 if (rRedline.m_nSttNode <= rRange.m_nSttNode
>>> CID 1493243: Incorrect expression (COPY_PASTE_ERROR)
>>> "m_nSttNode" in "rRedline.m_nSttNode < rRange.m_nEndNode" looks like a copy-paste error.
81 && rRedline.m_nSttNode < rRange.m_nEndNode
82 && rRange.m_nEndNode <= rRedline.m_nEndNode
83 && rRedline.GetType() == RedlineType::Delete)
84 {
85 nEndOfRedline = rRedline.m_nEndNode;
86 o_rpFirstMergedDeletedTextNode = rDoc.GetNodes()[rRedline.m_nSttNode]->GetTextNode();
** CID 1493242: Incorrect expression (COPY_PASTE_ERROR)
/sw/source/core/doc/docnum.cxx: 1957 in SwDoc::MoveParagraphImpl(SwPaM &, o3tl::strong_int<int, Tag_SwNodeOffset>, bool, const SwRootFrame *)()
________________________________________________________________________________________________________
*** CID 1493242: Incorrect expression (COPY_PASTE_ERROR)
/sw/source/core/doc/docnum.cxx: 1957 in SwDoc::MoveParagraphImpl(SwPaM &, o3tl::strong_int<int, Tag_SwNodeOffset>, bool, const SwRootFrame *)()
1951 // range, too (e.g. as last node).
1952 // If an end node is the last node of the moved range, its start node has to be a part of
1953 // the moved section, too.
1954 pTmp1 = GetNodes()[ nStIdx ];
1955 if( pTmp1->IsStartNode() )
1956 { // First is a start node
>>> CID 1493242: Incorrect expression (COPY_PASTE_ERROR)
>>> "pTmp1" in "pTmp1->EndOfSectionNode()" looks like a copy-paste error.
1957 pTmp2 = pTmp1->EndOfSectionNode();
1958 if( pTmp2->GetIndex() > nEndIdx )
1959 return false; // Its end node is behind the moved range
1960 }
1961 pTmp1 = pTmp1->StartOfSectionNode()->EndOfSectionNode();
1962 if( pTmp1->GetIndex() <= nEndIdx )
** CID 1493241: Memory - illegal accesses (WRAPPER_ESCAPE)
/svx/source/svdraw/svdedxv.cxx: 1668 in SdrObjEditView::SdrEndTextEdit(bool)()
________________________________________________________________________________________________________
*** CID 1493241: Memory - illegal accesses (WRAPPER_ESCAPE)
/svx/source/svdraw/svdedxv.cxx: 1668 in SdrObjEditView::SdrEndTextEdit(bool)()
1662 if (pTEObj && !pTEObj->getSdrModelFromSdrObject().isLocked() && pTEObj->GetBroadcaster())
1663 {
1664 SdrHint aHint(SdrHintKind::EndEdit, *pTEObj);
1665 const_cast<SfxBroadcaster*>(pTEObj->GetBroadcaster())->Broadcast(aHint);
1666 }
1667
>>> CID 1493241: Memory - illegal accesses (WRAPPER_ESCAPE)
>>> Using invalidated internal representation of "this->mpLocalTextEditUndoManager".
1668 if (pUndoEditUndoManager)
1669 {
1670 if (bNeedToUndoSavedRedoTextEdit)
1671 {
1672 // undo the text edit action since it was created as part of an EndTextEdit
1673 // callback from undo itself. This needs to be done after the call to
** CID 1493240: (CHECKED_RETURN)
/vcl/workben/mtfdemo.cxx: 158 in <unnamed>::DemoMtfApp::Init()()
/vcl/workben/mtfdemo.cxx: 175 in <unnamed>::DemoMtfApp::Init()()
________________________________________________________________________________________________________
*** CID 1493240: (CHECKED_RETURN)
/vcl/workben/mtfdemo.cxx: 158 in <unnamed>::DemoMtfApp::Init()()
152 aFilename = aArg;
153 }
154
155 OUString sWorkingDir, sFileUrl;
156 osl_getProcessWorkingDir(&sWorkingDir.pData);
157 osl::FileBase::getFileURLFromSystemPath(aFilename, sFileUrl);
>>> CID 1493240: (CHECKED_RETURN)
>>> Calling "getAbsoluteFileURL" without checking return value (as is done elsewhere 19 out of 21 times).
158 osl::FileBase::getAbsoluteFileURL(sWorkingDir, sFileUrl, maFileName);
159
160 uno::Reference<uno::XComponentContext> xComponentContext
161 = ::cppu::defaultBootstrap_InitialComponentContext();
162 xMSF.set(xComponentContext->getServiceManager(), uno::UNO_QUERY);
163 if(!xMSF.is())
/vcl/workben/mtfdemo.cxx: 175 in <unnamed>::DemoMtfApp::Init()()
169 {
170 GDIMetaFile aMtf;
171 SvFileStream aFileStream(maFileName, StreamMode::READ);
172 ReadWindowMetafile(aFileStream, aMtf);
173 OUString sAbsoluteDumpUrl, sDumpUrl;
174 osl::FileBase::getFileURLFromSystemPath("metadump.xml", sDumpUrl);
>>> CID 1493240: (CHECKED_RETURN)
>>> Calling "getAbsoluteFileURL" without checking return value (as is done elsewhere 19 out of 21 times).
175 osl::FileBase::getAbsoluteFileURL(sWorkingDir, sDumpUrl, sAbsoluteDumpUrl);
176
177 aMtf.dumpAsXml(rtl::OUStringToOString(sAbsoluteDumpUrl, RTL_TEXTENCODING_UTF8).getStr());
178 std::cout << "Dumped metaactions as metadump.xml" << std::endl;
179 std::exit(0);
180 }
** CID 1493239: Memory - illegal accesses (USE_AFTER_FREE)
/sw/source/core/docnode/nodes.cxx: 2275 in SwNodes::RemoveNode(o3tl::strong_int<int, Tag_SwNodeOffset>, o3tl::strong_int<int, Tag_SwNodeOffset>, bool)()
________________________________________________________________________________________________________
*** CID 1493239: Memory - illegal accesses (USE_AFTER_FREE)
/sw/source/core/docnode/nodes.cxx: 2275 in SwNodes::RemoveNode(o3tl::strong_int<int, Tag_SwNodeOffset>, o3tl::strong_int<int, Tag_SwNodeOffset>, bool)()
2269 // inserted that will be deleted in Remove again (see Bug 55406)
2270 aTempEntries.resize(sal_Int32(nCnt));
2271
2272 while( nCnt-- )
2273 {
2274 delete pDel;
>>> CID 1493239: Memory - illegal accesses (USE_AFTER_FREE)
>>> Using freed pointer "pPrev".
2275 pDel = pPrev;
2276 sal_uLong nPrevNdIdx = pPrev->GetPos();
2277 BigPtrEntry* pTempEntry = &aTempEntries[sal_Int32(nCnt)];
2278 BigPtrArray::Replace( nPrevNdIdx+1, pTempEntry );
2279 if( nCnt )
2280 pPrev = BigPtrArray::operator []( nPrevNdIdx - 1 );
** CID 1460971: Error handling issues (CHECKED_RETURN)
/sw/source/uibase/utlui/content.cxx: 2769 in SwContentTree::HasContentChanged()()
________________________________________________________________________________________________________
*** CID 1460971: Error handling issues (CHECKED_RETURN)
/sw/source/uibase/utlui/content.cxx: 2769 in SwContentTree::HasContentChanged()()
2763 bContentChanged = true;
2764 else
2765 {
2766 std::unique_ptr<weld::TreeIter> xEntry(m_xTreeView->make_iterator(xRootEntry.get()));
2767 for (size_t j = 0; j < nChildCount; ++j)
2768 {
>>> CID 1460971: Error handling issues (CHECKED_RETURN)
>>> Calling "iter_next" without checking return value (as is done elsewhere 84 out of 85 times).
2769 m_xTreeView->iter_next(*xEntry);
2770 const SwContent* pCnt = pArrType->GetMember(j);
2771 OUString sSubId(OUString::number(reinterpret_cast<sal_Int64>(pCnt)));
2772 m_xTreeView->set_id(*xEntry, sSubId);
2773 OUString sEntryText = m_xTreeView->get_text(*xEntry);
2774 if( sEntryText != pCnt->GetName() &&
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50ypSs1kiFPuCn2xFdlMIFBirii0zZ9j2-2F9F2XPBcBm2BNgi9duPy3v-2FzgFDd2LJ-2BDKI-3Db19S_OTq2XUZbbipYjyLSo6GRo-2FpVxQ9OzkDINu9UTS-2FQhSdO0F0jQniitrGlNxDIzPJiGLl4EeI-2BomQsx-2BvErR5juWPsIjSKwvXRV261xz2APp-2BUAcAhUyriAjkRpQEU8HiMx5hZWwmAStEhD-2F8luGSKw1djtSGCFgBS6CUofJqhIf3jpzry8aCCSxaZsnSlUpylrzsdFH3-2Bay14glMCjd43N3O1yzFOUB9pRqpp0IrHmAY-3D
More information about the LibreOffice
mailing list