New Defects reported by Coverity Scan for LibreOffice
scan-admin at coverity.com
scan-admin at coverity.com
Sat Feb 12 10:30:04 UTC 2022
Hi,
Please find the latest report on new defect(s) introduced to LibreOffice found with Coverity Scan.
4 new defect(s) introduced to LibreOffice found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 4 of 4 defect(s)
** CID 1498148: Integer handling issues (NEGATIVE_RETURNS)
________________________________________________________________________________________________________
*** CID 1498148: Integer handling issues (NEGATIVE_RETURNS)
/sc/source/core/data/fillinfo.cxx: 253 in <unnamed>::initCellInfo(RowInfo *, unsigned long, short, const SvxShadowItem *)()
247 {
248 RowInfo& rThisRowInfo = pRowInfo[nArrRow];
249 rThisRowInfo.allocCellInfo( nRotMax + 1 );
250
251 for (SCCOL nCol = -1; nCol <= nRotMax+1; ++nCol) // Preassign cell info
252 {
>>> CID 1498148: Integer handling issues (NEGATIVE_RETURNS)
>>> "nCol" is passed to a parameter that cannot be negative.
253 CellInfo& rInfo = rThisRowInfo.cellInfo(nCol);
254 rInfo.bEmptyCellText = true;
255 rInfo.pShadowAttr = pDefShadow;
256 }
257 }
258 }
** CID 1498147: Integer handling issues (NEGATIVE_RETURNS)
________________________________________________________________________________________________________
*** CID 1498147: Integer handling issues (NEGATIVE_RETURNS)
/sc/source/core/data/fillinfo.cxx: 621 in ScDocument::FillInfo(ScTableInfo &, short, int, short, int, short, double, double, bool, bool, const ScMarkData *)()
615 pInfo->nWidth = nThisWidth; //TODO: or check only 0 ??
616 }
617 }
618 }
619 }
620 else
>>> CID 1498147: Integer handling issues (NEGATIVE_RETURNS)
>>> "nCol" is passed to a parameter that cannot be negative.
621 pRowInfo[0].cellInfo(nCol).nWidth = STD_COL_WIDTH;
622 // STD_COL_WIDTH farthest to the left and right is needed for DrawExtraShadow
623 }
624
625 if (pCondFormList)
626 pCondFormList->endRendering();
** CID 1498146: (FORWARD_NULL)
/sw/source/uibase/utlui/content.cxx: 546 in SwContentType::FillMemberList(bool *)()
/sw/source/uibase/utlui/content.cxx: 864 in SwContentType::FillMemberList(bool *)()
/sw/source/uibase/utlui/content.cxx: 457 in SwContentType::FillMemberList(bool *)()
/sw/source/uibase/utlui/content.cxx: 449 in SwContentType::FillMemberList(bool *)()
/sw/source/uibase/utlui/content.cxx: 725 in SwContentType::FillMemberList(bool *)()
/sw/source/uibase/utlui/content.cxx: 854 in SwContentType::FillMemberList(bool *)()
/sw/source/uibase/utlui/content.cxx: 789 in SwContentType::FillMemberList(bool *)()
________________________________________________________________________________________________________
*** CID 1498146: (FORWARD_NULL)
/sw/source/uibase/utlui/content.cxx: 546 in SwContentType::FillMemberList(bool *)()
540 if (pOldMember)
541 {
542 // need to check visibility (and equal entry number) after
543 // creation due to a sorted list being used here (before,
544 // entries with same index were compared already at creation
545 // time what worked before a sorted list was used)
>>> CID 1498146: (FORWARD_NULL)
>>> Dereferencing null pointer "pbContentChanged".
546 *pbContentChanged = checkVisibilityChanged(
547 *pOldMember,
548 *m_pMember);
549 }
550 }
551 break;
/sw/source/uibase/utlui/content.cxx: 864 in SwContentType::FillMemberList(bool *)()
858 }
859 }
860 break;
861 default: break;
862 }
863 m_nMemberCount = m_pMember->size();
>>> CID 1498146: (FORWARD_NULL)
>>> Dereferencing null pointer "pbContentChanged".
864 if (pOldMember && !*pbContentChanged && pOldMember->size() != m_nMemberCount)
865 *pbContentChanged = true;
866
867 m_bDataValid = true;
868 }
869
/sw/source/uibase/utlui/content.cxx: 457 in SwContentType::FillMemberList(bool *)()
451 }
452 for (size_t i = 0; i < pOldMember->size(); i++)
453 {
454 if (static_cast<SwOutlineContent*>((*pOldMember)[i].get())->GetOutlineLevel() !=
455 static_cast<SwOutlineContent*>((*m_pMember)[i].get())->GetOutlineLevel())
456 {
>>> CID 1498146: (FORWARD_NULL)
>>> Dereferencing null pointer "pbContentChanged".
457 *pbContentChanged = true;
458 break;
459 }
460 }
461 }
462 }
/sw/source/uibase/utlui/content.cxx: 449 in SwContentType::FillMemberList(bool *)()
443 // need to check level and equal entry number after creation due to possible outline
444 // nodes in frames, headers, footers
445 if (pOldMember)
446 {
447 if (pOldMember->size() != m_pMember->size())
448 {
>>> CID 1498146: (FORWARD_NULL)
>>> Dereferencing null pointer "pbContentChanged".
449 *pbContentChanged = true;
450 break;
451 }
452 for (size_t i = 0; i < pOldMember->size(); i++)
453 {
454 if (static_cast<SwOutlineContent*>((*pOldMember)[i].get())->GetOutlineLevel() !=
/sw/source/uibase/utlui/content.cxx: 725 in SwContentType::FillMemberList(bool *)()
719 if (pOldMember)
720 {
721 // need to check visibility (and equal entry number) after
722 // creation due to a sorted list being used here (before,
723 // entries with same index were compared already at creation
724 // time what worked before a sorted list was used)
>>> CID 1498146: (FORWARD_NULL)
>>> Dereferencing null pointer "pbContentChanged".
725 *pbContentChanged = checkVisibilityChanged(
726 *pOldMember,
727 *m_pMember);
728 }
729 }
730 }
/sw/source/uibase/utlui/content.cxx: 854 in SwContentType::FillMemberList(bool *)()
848 if (pOldMember)
849 {
850 // need to check visibility (and equal entry number) after
851 // creation due to a sorted list being used here (before,
852 // entries with same index were compared already at creation
853 // time what worked before a sorted list was used)
>>> CID 1498146: (FORWARD_NULL)
>>> Dereferencing null pointer "pbContentChanged".
854 *pbContentChanged = checkVisibilityChanged(
855 *pOldMember,
856 *m_pMember);
857 }
858 }
859 }
/sw/source/uibase/utlui/content.cxx: 789 in SwContentType::FillMemberList(bool *)()
783
784 if(pBase && !pBase->IsVisible())
785 pCnt->SetInvisible();
786
787 m_pMember->insert( std::unique_ptr<SwContent>(pCnt) );
788 const size_t nPos = m_pMember->size() - 1;
>>> CID 1498146: (FORWARD_NULL)
>>> Dereferencing null pointer "pbContentChanged".
789 if (pOldMember && !*pbContentChanged && nOldMemberCount > nPos &&
790 (*pOldMember)[nPos]->IsInvisible() != pCnt->IsInvisible())
791 *pbContentChanged = true;
792 }
793 }
794 break;
** CID 1472568: Integer handling issues (DIVIDE_BY_ZERO)
/sc/source/core/data/table2.cxx: 4168 in ScTable::GetRowForHeight(long) const()
________________________________________________________________________________________________________
*** CID 1472568: Integer handling issues (DIVIDE_BY_ZERO)
/sc/source/core/data/table2.cxx: 4168 in ScTable::GetRowForHeight(long) const()
4162 tools::Long nPixelsLeft = nHeight - nSum;
4163 tools::Long nCommonPixels = static_cast<tools::Long>(aRowHeightRange.mnValue) * nCommon;
4164
4165 // are we in the zone ?
4166 if (nCommonPixels > nPixelsLeft)
4167 {
>>> CID 1472568: Integer handling issues (DIVIDE_BY_ZERO)
>>> In expression "(nPixelsLeft + aRowHeightRange.mnValue - 1L) / aRowHeightRange.mnValue", division by expression "aRowHeightRange.mnValue" which may be zero has undefined behavior.
4168 nRow += (nPixelsLeft + aRowHeightRange.mnValue - 1) / aRowHeightRange.mnValue;
4169
4170 // FIXME: finding this next row is far from elegant,
4171 // we have a single caller, which subtracts one as well(!?)
4172 if (nRow >= rDocument.MaxRow())
4173 return rDocument.MaxRow();
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50ypSs1kiFPuCn2xFdlMIFBirii0zZ9j2-2F9F2XPBcBm2BNgi9duPy3v-2FzgFDd2LJ-2BDKI-3DYTKa_OTq2XUZbbipYjyLSo6GRo-2FpVxQ9OzkDINu9UTS-2FQhSdO0F0jQniitrGlNxDIzPJizt6GrB-2F1MW2Qyz-2F5aoIUeZh48A2ezeHlf8NIA6Wf0EPHSvtIELBq4gw2za0WFldixbj6WqhusqpxlVM-2BgEMduiHtXtdY83rWvanC6pFbUA5kYJ-2BSQr-2BkRC9BsmjEUVv30rhbwQDGiYtQeyKKc1m-2BFHSqu9kYX1YW99f3UbY9MsBdkwT4FxAE3ziLgIQTcKQ2
More information about the LibreOffice
mailing list