New Defects reported by Coverity Scan for LibreOffice
scan-admin at coverity.com
scan-admin at coverity.com
Wed Feb 2 20:31:48 UTC 2022
Hi,
Please find the latest report on new defect(s) introduced to LibreOffice found with Coverity Scan.
10 new defect(s) introduced to LibreOffice found with Coverity Scan.
5 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 10 of 10 defect(s)
** CID 1497939: Integer handling issues (DIVIDE_BY_ZERO)
/tools/source/generic/fract.cxx: 186 in <unnamed>::checked_multiply_by(boost::rational<int> &, const boost::rational<int> &)()
________________________________________________________________________________________________________
*** CID 1497939: Integer handling issues (DIVIDE_BY_ZERO)
/tools/source/generic/fract.cxx: 186 in <unnamed>::checked_multiply_by(boost::rational<int> &, const boost::rational<int> &)()
180
181 // Avoid overflow and preserve normalization
182 sal_Int32 gcd1 = std::gcd(i.numerator(), den);
183 sal_Int32 gcd2 = std::gcd(num, i.denominator());
184
185 bool fail = false;
>>> CID 1497939: Integer handling issues (DIVIDE_BY_ZERO)
>>> In expression "i->numerator() / gcd1", division by expression "gcd1" which may be zero has undefined behavior.
186 fail |= o3tl::checked_multiply(i.numerator() / gcd1, num / gcd2, num);
187 fail |= o3tl::checked_multiply(i.denominator() / gcd2, den / gcd1, den);
188
189 if (!fail)
190 i.assign(num, den);
191
** CID 1497938: Uninitialized members (UNINIT_CTOR)
/vcl/source/gdi/print3.cxx: 208 in vcl::ImplPrinterControllerData::ImplPrinterControllerData()()
________________________________________________________________________________________________________
*** CID 1497938: Uninitialized members (UNINIT_CTOR)
/vcl/source/gdi/print3.cxx: 208 in vcl::ImplPrinterControllerData::ImplPrinterControllerData()()
202 mbPapersizeFromUser( false ),
203 mbOrientationFromUser( false ),
204 mbPrinterModified( false ),
205 meJobState( css::view::PrintableState_JOB_STARTED ),
206 mnDefaultPaperBin( -1 ),
207 mnFixedPaperBin( -1 )
>>> CID 1497938: Uninitialized members (UNINIT_CTOR)
>>> Non-static class member "meUserOrientation" is not initialized in this constructor nor in any functions that it calls.
208 {}
209
210 ~ImplPrinterControllerData()
211 {
212 if (mxProgress)
213 {
** CID 1497937: Integer handling issues (DIVIDE_BY_ZERO)
/tools/source/generic/fract.cxx: 186 in <unnamed>::checked_multiply_by(boost::rational<int> &, const boost::rational<int> &)()
________________________________________________________________________________________________________
*** CID 1497937: Integer handling issues (DIVIDE_BY_ZERO)
/tools/source/generic/fract.cxx: 186 in <unnamed>::checked_multiply_by(boost::rational<int> &, const boost::rational<int> &)()
180
181 // Avoid overflow and preserve normalization
182 sal_Int32 gcd1 = std::gcd(i.numerator(), den);
183 sal_Int32 gcd2 = std::gcd(num, i.denominator());
184
185 bool fail = false;
>>> CID 1497937: Integer handling issues (DIVIDE_BY_ZERO)
>>> In expression "num / gcd2", division by expression "gcd2" which may be zero has undefined behavior.
186 fail |= o3tl::checked_multiply(i.numerator() / gcd1, num / gcd2, num);
187 fail |= o3tl::checked_multiply(i.denominator() / gcd2, den / gcd1, den);
188
189 if (!fail)
190 i.assign(num, den);
191
** CID 1497936: API usage errors (SWAPPED_ARGUMENTS)
________________________________________________________________________________________________________
*** CID 1497936: API usage errors (SWAPPED_ARGUMENTS)
/vcl/source/gdi/print3.cxx: 236 in vcl::ImplPrinterControllerData::getRealPaperSize(const Size &, bool) const()
230 if(mbOrientationFromUser)
231 {
232 if ( (meUserOrientation == Orientation::Portrait && size.Width() > size.Height()) ||
233 (meUserOrientation == Orientation::Landscape && size.Width() < size.Height()) )
234 {
235 // coverity[swapped-arguments : FALSE] - this is in the correct order
>>> CID 1497936: API usage errors (SWAPPED_ARGUMENTS)
>>> The positions of arguments in the constructor for "Size" do not match the ordering of the parameters:
* "size.Height()" is passed to "nWidth".
* "size.Width()" is passed to "nHeight".
236 size = Size( size.Height(), size.Width() );
237 }
238 }
239 return size;
240 }
241 PrinterController::PageSize modifyJobSetup( const css::uno::Sequence< css::beans::PropertyValue >& i_rProps );
** CID 1497935: Integer handling issues (DIVIDE_BY_ZERO)
/include/o3tl/unit_conversion.hxx: 138 in o3tl::detail::prepareMDArray<(int)20>(const o3tl::detail::m_and_d (&)[T1])()
________________________________________________________________________________________________________
*** CID 1497935: Integer handling issues (DIVIDE_BY_ZERO)
/include/o3tl/unit_conversion.hxx: 138 in o3tl::detail::prepareMDArray<(int)20>(const o3tl::detail::m_and_d (&)[T1])()
132 for (int j = 0; j < i; ++j)
133 {
134 assert(mdBase[i].m < SAL_MAX_INT64 / mdBase[j].d);
135 assert(mdBase[i].d < SAL_MAX_INT64 / mdBase[j].m);
136 const sal_Int64 m = mdBase[i].m * mdBase[j].d, d = mdBase[i].d * mdBase[j].m;
137 const sal_Int64 g = std::gcd(m, d);
>>> CID 1497935: Integer handling issues (DIVIDE_BY_ZERO)
>>> In expression "m / g", division by expression "g" which may be zero has undefined behavior.
138 a[i][j] = m / g;
139 a[j][i] = d / g;
140 }
141 }
142 return a;
143 }
** CID 1497934: Integer handling issues (DIVIDE_BY_ZERO)
/include/o3tl/unit_conversion.hxx: 116 in o3tl::detail::m_and_d::m_and_d(long, long)()
________________________________________________________________________________________________________
*** CID 1497934: Integer handling issues (DIVIDE_BY_ZERO)
/include/o3tl/unit_conversion.hxx: 116 in o3tl::detail::m_and_d::m_and_d(long, long)()
110 // Packs integral multiplier and divisor for conversion from one unit to another
111 struct m_and_d
112 {
113 sal_Int64 m; // multiplier
114 sal_Int64 d; // divisor
115 constexpr m_and_d(sal_Int64 _m, sal_Int64 _d)
>>> CID 1497934: Integer handling issues (DIVIDE_BY_ZERO)
>>> In expression "_m / std::gcd(_m, _d)", division by expression "std::gcd(_m, _d)" which may be zero has undefined behavior.
116 : m(_m / std::gcd(_m, _d)) // make sure to use smallest quotients here because
117 , d(_d / std::gcd(_m, _d)) // they will be multiplied when building final table
118 {
119 assert(_m > 0 && _d > 0);
120 }
121 };
** CID 1497933: Integer handling issues (NO_EFFECT)
/workdir/YaccTarget/connectivity/source/parse/sqlbison.cxx: 10238 in connectivity::OSQLParser::TokenIDToStr(unsigned int, const connectivity::IParseContext *)()
________________________________________________________________________________________________________
*** CID 1497933: Integer handling issues (NO_EFFECT)
/workdir/YaccTarget/connectivity/source/parse/sqlbison.cxx: 10238 in connectivity::OSQLParser::TokenIDToStr(unsigned int, const connectivity::IParseContext *)()
10232 if ( eKeyCode != IParseContext::InternationalKeyCode::None )
10233 aStr = pContext->getIntlKeywordAscii(eKeyCode);
10234 }
10235
10236 if (aStr.isEmpty())
10237 {
>>> CID 1497933: Integer handling issues (NO_EFFECT)
>>> This greater-than-or-equal-to-zero comparison of an unsigned value is always true. "0U <= nTokenID".
10238 aStr = yytname[YYTRANSLATE(nTokenID)];
10239 if(aStr.startsWith("SQL_TOKEN_"))
10240 aStr = aStr.copy(10);
10241 switch( nTokenID )
10242 {
10243 case SQL_TOKEN_OJ:
** CID 1497932: Null pointer dereferences (FORWARD_NULL)
________________________________________________________________________________________________________
*** CID 1497932: Null pointer dereferences (FORWARD_NULL)
/sw/source/core/layout/paintfrm.cxx: 6580 in SwFrame::PaintSwFrameBackground(const SwRect &, const SwPageFrame *, const SwBorderAttrs &, bool, bool, bool) const()
6574 if( !aRegion[i].HasArea() )
6575 continue;
6576 }
6577 // add 6th parameter to indicate, if background transparency have to be considered
6578 // Set missing 5th parameter to the default value GRFNUM_NO
6579 // - see declaration in /core/inc/frmtool.hxx.
>>> CID 1497932: Null pointer dereferences (FORWARD_NULL)
>>> Passing null pointer "pOut" to "DrawGraphic", which dereferences it.
6580 ::DrawGraphic(
6581 pItem,
6582 *pOut,
6583 aOrigBackRect,
6584 aRegion[i],
6585 GRFNUM_NO,
** CID 1458078: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
/workdir/YaccTarget/idlc/source/parser.cxx: 1698 in yysyntax_error(long *, char **, short *, int)()
________________________________________________________________________________________________________
*** CID 1458078: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
/workdir/YaccTarget/idlc/source/parser.cxx: 1698 in yysyntax_error(long *, char **, short *, int)()
1692 }
1693
1694 if (*yymsg_alloc < yysize)
1695 {
1696 *yymsg_alloc = 2 * yysize;
1697 if (! (yysize <= *yymsg_alloc
>>> CID 1458078: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
>>> "*yymsg_alloc <= 9223372036854775807L /* static_cast<long>((9223372036854775807L < static_cast<unsigned long>(-1)) ? 9223372036854775807L : static_cast<unsigned long>(-1)) */" is always true regardless of the values of its operands. This occurs as the logical second operand of "&&".
1698 && *yymsg_alloc <= YYSTACK_ALLOC_MAXIMUM))
1699 *yymsg_alloc = YYSTACK_ALLOC_MAXIMUM;
1700 return 1;
1701 }
1702
1703 /* Avoid sprintf, as that infringes on the user's name space.
** CID 1458075: (CONSTANT_EXPRESSION_RESULT)
/workdir/YaccTarget/idlc/source/parser.cxx: 1688 in yysyntax_error(long *, char **, short *, int)()
/workdir/YaccTarget/idlc/source/parser.cxx: 1659 in yysyntax_error(long *, char **, short *, int)()
________________________________________________________________________________________________________
*** CID 1458075: (CONSTANT_EXPRESSION_RESULT)
/workdir/YaccTarget/idlc/source/parser.cxx: 1688 in yysyntax_error(long *, char **, short *, int)()
1682 }
1683
1684 {
1685 /* Don't count the "%s"s in the final size, but reserve room for
1686 the terminator. */
1687 YYPTRDIFF_T yysize1 = yysize + (yystrlen (yyformat) - 2 * yycount) + 1;
>>> CID 1458075: (CONSTANT_EXPRESSION_RESULT)
>>> "yysize1 <= 9223372036854775807L /* static_cast<long>((9223372036854775807L < static_cast<unsigned long>(-1)) ? 9223372036854775807L : static_cast<unsigned long>(-1)) */" is always true regardless of the values of its operands. This occurs as the logical second operand of "&&".
1688 if (yysize <= yysize1 && yysize1 <= YYSTACK_ALLOC_MAXIMUM)
1689 yysize = yysize1;
1690 else
1691 return 2;
1692 }
1693
/workdir/YaccTarget/idlc/source/parser.cxx: 1659 in yysyntax_error(long *, char **, short *, int)()
1653 break;
1654 }
1655 yyarg[yycount++] = yytname[yyx];
1656 {
1657 YYPTRDIFF_T yysize1
1658 = yysize + yytnamerr (YY_NULLPTR, yytname[yyx]);
>>> CID 1458075: (CONSTANT_EXPRESSION_RESULT)
>>> "yysize1 <= 9223372036854775807L /* static_cast<long>((9223372036854775807L < static_cast<unsigned long>(-1)) ? 9223372036854775807L : static_cast<unsigned long>(-1)) */" is always true regardless of the values of its operands. This occurs as the logical second operand of "&&".
1659 if (yysize <= yysize1 && yysize1 <= YYSTACK_ALLOC_MAXIMUM)
1660 yysize = yysize1;
1661 else
1662 return 2;
1663 }
1664 }
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50ypSs1kiFPuCn2xFdlMIFBirii0zZ9j2-2F9F2XPBcBm2BNgi9duPy3v-2FzgFDd2LJ-2BDKI-3D8JBB_OTq2XUZbbipYjyLSo6GRo-2FpVxQ9OzkDINu9UTS-2FQhSdO0F0jQniitrGlNxDIzPJiX3XfnuEg9gWCN6o4B4DRi-2B1sDNXKyznWHiYtrICRlztWuszacelNpdmKRIqpNawK7lJQZuZzkta67u635pafhPF1SWiFQ3It-2Bfe9V2iw7Y-2F2ADQZwJ1kBGFNg7kn7toniDdAKM7EoJSS5IEWkC1VPa3JZRgdZjnNhVn0L1FtE30-3D
More information about the LibreOffice
mailing list