New Defects reported by Coverity Scan for LibreOffice

scan-admin at coverity.com scan-admin at coverity.com
Sat Dec 30 00:18:09 UTC 2023


Hi,

Please find the latest report on new defect(s) introduced to LibreOffice found with Coverity Scan.

25 new defect(s) introduced to LibreOffice found with Coverity Scan.
10 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 20 of 25 defect(s)


** CID 1559969:  Uninitialized variables  (UNINIT)


________________________________________________________________________________________________________
*** CID 1559969:  Uninitialized variables  (UNINIT)
/sc/source/core/data/poolcach.cxx: 74 in ScItemPoolCache::ApplyTo(const CellAttributeHolder &)()
68         }
69         else
70         {
71             pNewItem->GetItemSet().Put(*pSetToPut);
72         }
73     
>>>     CID 1559969:  Uninitialized variables  (UNINIT)
>>>     Using uninitialized value "pNewItem->pName._M_payload._M_payload" when calling "CellAttributeHolder".
74         m_aCache.emplace_back(rOrigItem, CellAttributeHolder(pNewItem, true));
75         return m_aCache.back().aModified;
76     }
77     
78     

** CID 1559968:  Uninitialized variables  (UNINIT)


________________________________________________________________________________________________________
*** CID 1559968:  Uninitialized variables  (UNINIT)
/sc/source/ui/undo/undocell.cxx: 252 in ScUndoEnterData::Undo()()
246                 rDoc.ApplyAttr(maPos.Col(), maPos.Row(), rVal.mnTab,
247                                 SfxUInt32Item(ATTR_VALUE_FORMAT, rVal.mnFormat));
248             else
249             {
250                 ScPatternAttr* pPattern(new ScPatternAttr(*rDoc.GetPattern(maPos.Col(), maPos.Row(), rVal.mnTab)));
251                 pPattern->GetItemSet().ClearItem( ATTR_VALUE_FORMAT );
>>>     CID 1559968:  Uninitialized variables  (UNINIT)
>>>     Using uninitialized value "pPattern->pName._M_payload._M_payload" when calling "CellAttributeHolder".
252                 rDoc.SetPattern(maPos.Col(), maPos.Row(), rVal.mnTab, CellAttributeHolder(pPattern, true));
253             }
254             pDocShell->PostPaintCell(maPos.Col(), maPos.Row(), rVal.mnTab);
255         }
256     
257         ScChangeTrack* pChangeTrack = rDoc.GetChangeTrack();

** CID 1559967:  Uninitialized variables  (UNINIT)


________________________________________________________________________________________________________
*** CID 1559967:  Uninitialized variables  (UNINIT)
/sc/source/core/data/attarray.cxx: 1624 in ScAttrArray::ApplyFlags(int, int, ScMF)()
1618             if ( (nOldValue | nFlags) != nOldValue )
1619             {
1620                 nRow = mvData[nIndex].nEndRow;
1621                 SCROW nAttrRow = std::min( nRow, nEndRow );
1622                 ScPatternAttr* pNewPattern(new ScPatternAttr(*pOldPattern));
1623                 pNewPattern->GetItemSet().Put( ScMergeFlagAttr( nOldValue | nFlags ) );
>>>     CID 1559967:  Uninitialized variables  (UNINIT)
>>>     Using uninitialized value "pNewPattern->pName._M_payload._M_payload" when calling "CellAttributeHolder".
1624                 SetPatternArea( nThisRow, nAttrRow, CellAttributeHolder(pNewPattern, true) );
1625                 Search( nThisRow, nIndex );  // data changed
1626                 bChanged = true;
1627             }
1628     
1629             ++nIndex;

** CID 1559966:  Uninitialized variables  (UNINIT)


________________________________________________________________________________________________________
*** CID 1559966:  Uninitialized variables  (UNINIT)
/sc/source/core/data/attarray.cxx: 2439 in ScAttrArray::CopyArea(int, int, long, ScAttrArray&, ScMF) const()
2433     
2434                     if (bSameCellAttributeHelper)
2435                         aNewPattern.setScPatternAttr(pTmpPattern, true);
2436                     else
2437                     {
2438                         aNewPattern = pTmpPattern->MigrateToDocument( &rAttrArray.rDocument, &rDocument );
>>>     CID 1559966:  Uninitialized variables  (UNINIT)
>>>     Using uninitialized value "pTmpPattern->pName._M_payload._M_payload" when calling "~ScPatternAttr".
2439                         delete pTmpPattern;
2440                     }
2441                 }
2442                 else
2443                 {
2444                     if (bSameCellAttributeHelper)

** CID 1559965:  Memory - corruptions  (USE_AFTER_FREE)
/sc/inc/fstalgorithm.hxx: 69 in sc::buildSpanWithValue<int, CellAttributeHolder, <unnamed>::PatternSpan>(std::vector<T3, std::allocator<T3>> &, mdds::flat_segment_tree<T1, T2>::const_iterator, mdds::flat_segment_tree<T1, T2>::const_iterator)()


________________________________________________________________________________________________________
*** CID 1559965:  Memory - corruptions  (USE_AFTER_FREE)
/sc/inc/fstalgorithm.hxx: 69 in sc::buildSpanWithValue<int, CellAttributeHolder, <unnamed>::PatternSpan>(std::vector<T3, std::allocator<T3>> &, mdds::flat_segment_tree<T1, T2>::const_iterator, mdds::flat_segment_tree<T1, T2>::const_iterator)()
63                 rSpans.push_back(Span(nIndex1, nIndex2, nLastVal));
64             }
65     
66             nLastPos = nThisPos;
67             nLastVal = nThisVal;
68         }
>>>     CID 1559965:  Memory - corruptions  (USE_AFTER_FREE)
>>>     Calling "~CellAttributeHolder" frees pointer "nLastVal.mpScPatternAttr" which has already been freed.
69     }
70     
71     /**
72      * Convert a flat_segment_tree structure whose value type is boolean, into
73      * an array of ranges that corresponds with the segments that have a 'true'
74      * value.

** CID 1559964:  Uninitialized variables  (UNINIT)


________________________________________________________________________________________________________
*** CID 1559964:  Uninitialized variables  (UNINIT)
/sc/source/core/data/column.cxx: 522 in ScColumn::ApplyStyle(int, const ScStyleSheet *)()
516     
517     void ScColumn::ApplyStyle( SCROW nRow, const ScStyleSheet* rStyle )
518     {
519         const ScPatternAttr* pPattern = pAttrArray->GetPattern(nRow);
520         ScPatternAttr* pNewPattern(new ScPatternAttr(*pPattern));
521         pNewPattern->SetStyleSheet(const_cast<ScStyleSheet*>(rStyle));
>>>     CID 1559964:  Uninitialized variables  (UNINIT)
>>>     Using uninitialized value "pNewPattern->pName._M_payload._M_payload" when calling "CellAttributeHolder".
522         pAttrArray->SetPattern(nRow, CellAttributeHolder(pNewPattern, true));
523     }
524     
525     void ScColumn::ApplySelectionStyle(const ScStyleSheet& rStyle, const ScMarkData& rMark)
526     {
527         SCROW nTop;

** CID 1559963:    (USE_AFTER_FREE)
/sc/source/core/data/column2.cxx: 1071 in ScColumn::GetOptimalHeight(sc::RowHeightContext &, int, int, unsigned short, int)()
/sc/source/core/data/column2.cxx: 1071 in ScColumn::GetOptimalHeight(sc::RowHeightContext &, int, int, unsigned short, int)()


________________________________________________________________________________________________________
*** CID 1559963:    (USE_AFTER_FREE)
/sc/source/core/data/column2.cxx: 1071 in ScColumn::GetOptimalHeight(sc::RowHeightContext &, int, int, unsigned short, int)()
1065                         for (SCROW nRow = rSpan.mnRow1; nRow <= rSpan.mnRow2; ++nRow)
1066                         {
1067                             //  only calculate the cell height when it's used later (#37928#)
1068     
1069                             if (rCxt.isForceAutoSize() || !(rDocument.GetRowFlags(nRow, nTab) & CRFlags::ManualSize) )
1070                             {
>>>     CID 1559963:    (USE_AFTER_FREE)
>>>     Passing freed pointer "pPattern" as an argument to "setScPatternAttr".
1071                                 aOptions.aPattern.setScPatternAttr(pPattern);
1072                                 const CellAttributeHolder aOldPattern(pPattern);
1073                                 sal_uInt16 nHeight = static_cast<sal_uInt16>(
1074                                     std::min(
1075                                         GetNeededSize( nRow, rCxt.getOutputDevice(), rCxt.getPPTX(), rCxt.getPPTY(),
1076                                                        rCxt.getZoomX(), rCxt.getZoomY(), false, aOptions,
/sc/source/core/data/column2.cxx: 1071 in ScColumn::GetOptimalHeight(sc::RowHeightContext &, int, int, unsigned short, int)()
1065                         for (SCROW nRow = rSpan.mnRow1; nRow <= rSpan.mnRow2; ++nRow)
1066                         {
1067                             //  only calculate the cell height when it's used later (#37928#)
1068     
1069                             if (rCxt.isForceAutoSize() || !(rDocument.GetRowFlags(nRow, nTab) & CRFlags::ManualSize) )
1070                             {
>>>     CID 1559963:    (USE_AFTER_FREE)
>>>     Passing freed pointer "pPattern" as an argument to "setScPatternAttr".
1071                                 aOptions.aPattern.setScPatternAttr(pPattern);
1072                                 const CellAttributeHolder aOldPattern(pPattern);
1073                                 sal_uInt16 nHeight = static_cast<sal_uInt16>(
1074                                     std::min(
1075                                         GetNeededSize( nRow, rCxt.getOutputDevice(), rCxt.getPPTX(), rCxt.getPPTY(),
1076                                                        rCxt.getZoomX(), rCxt.getZoomY(), false, aOptions,

** CID 1559962:  Uninitialized variables  (UNINIT)


________________________________________________________________________________________________________
*** CID 1559962:  Uninitialized variables  (UNINIT)
/sc/source/core/data/attarray.cxx: 1661 in ScAttrArray::RemoveFlags(int, int, ScMF)()
1655             if ( (nOldValue & ~nFlags) != nOldValue )
1656             {
1657                 nRow = mvData[nIndex].nEndRow;
1658                 SCROW nAttrRow = std::min( nRow, nEndRow );
1659                 ScPatternAttr* pNewPattern(new ScPatternAttr(*pOldPattern));
1660                 pNewPattern->GetItemSet().Put( ScMergeFlagAttr( nOldValue & ~nFlags ) );
>>>     CID 1559962:  Uninitialized variables  (UNINIT)
>>>     Using uninitialized value "pNewPattern->pName._M_payload._M_payload" when calling "CellAttributeHolder".
1661                 SetPatternArea( nThisRow, nAttrRow, CellAttributeHolder(pNewPattern, true) );
1662                 Search( nThisRow, nIndex );  // data changed
1663                 bChanged = true;
1664             }
1665     
1666             ++nIndex;

** CID 1559961:  Memory - corruptions  (BAD_FREE)


________________________________________________________________________________________________________
*** CID 1559961:  Memory - corruptions  (BAD_FREE)
/sc/source/core/data/table2.cxx: 1113 in ScTable::TransposeColPatterns(ScTable*, short, short, int, int, int, bool, const std::vector<int, std::allocator<int>> &, int)()
1107                                 rNewSet.Put( ScMergeFlagAttr( nNewFlags ) );
1108                             else
1109                                 rNewSet.ClearItem( ATTR_MERGE_FLAG );
1110                         }
1111     
1112                         // Set pattern in cells from nAttrRow1 to nAttrRow2
>>>     CID 1559961:  Memory - corruptions  (BAD_FREE)
>>>     "lcl_SetTransposedPatternInRows" frees address of "aNewPattern".
1113                         lcl_SetTransposedPatternInRows(pTransClip, nAttrRow1, nAttrRow2, nCol1, nRow1,
1114                                                        nCombinedStartRow, nCol, aNewPattern,
1115                                                        bIncludeFiltered, rFilteredRows, nRowDestOffset);
1116                     }
1117                 }
1118         }

** CID 1559960:  Uninitialized variables  (UNINIT)


________________________________________________________________________________________________________
*** CID 1559960:  Uninitialized variables  (UNINIT)
/sc/source/ui/view/spelleng.cxx: 147 in ScConversionEngineBase::FindNextConversionCell()()
141                         if (nullptr != pAttr)
142                             pNewAttr = new ScPatternAttr(*pAttr);
143                         else
144                             pNewAttr = new ScPatternAttr(mrDoc.getCellAttributeHelper());
145     
146                         pNewAttr->GetItemSet().Put(SvxLanguageItem(aLang.nLang, EE_CHAR_LANGUAGE), ATTR_FONT_LANGUAGE);
>>>     CID 1559960:  Uninitialized variables  (UNINIT)
>>>     Using uninitialized value "pNewAttr->pName._M_payload._M_payload" when calling "CellAttributeHolder".
147                         mrDoc.SetPattern(aPos, CellAttributeHolder(pNewAttr, true));
148                     }
149     
150                     if (mpRedoDoc && !bEmptyCell)
151                         mrDoc.CopyCellToDocument(aPos, aPos, *mpRedoDoc);
152     

** CID 1559959:  Uninitialized variables  (UNINIT)


________________________________________________________________________________________________________
*** CID 1559959:  Uninitialized variables  (UNINIT)
/sc/source/core/data/attarray.cxx: 1823 in ScAttrArray::FindStyleSheet(const SfxStyleSheetBase *, ScFlatBoolRowSegments &, bool)()
1817                     ScPatternAttr* pNewPattern(new ScPatternAttr(*mvData[nPos].getScPatternAttr()));
1818                     pNewPattern->SetStyleSheet( static_cast<ScStyleSheet*>(
1819                         rDocument.GetStyleSheetPool()->
1820                             Find( ScResId(STR_STYLENAME_STANDARD),
1821                                   SfxStyleFamily::Para,
1822                                   SfxStyleSearchBits::Auto | SfxStyleSearchBits::ScStandard ) ) );
>>>     CID 1559959:  Uninitialized variables  (UNINIT)
>>>     Using uninitialized value "pNewPattern->pName._M_payload._M_payload" when calling "setScPatternAttr".
1823                     mvData[nPos].setScPatternAttr(pNewPattern, true);
1824     
1825                     if (Concat(nPos))
1826                     {
1827                         Search(nStart, nPos);
1828                         --nPos;   // because ++ at end

** CID 1559958:  Error handling issues  (UNCAUGHT_EXCEPT)
/sc/inc/poolcach.hxx: 31 in ScItemPoolCache::SfxItemModifyImpl::SfxItemModifyImpl(ScItemPoolCache::SfxItemModifyImpl&&)()


________________________________________________________________________________________________________
*** CID 1559958:  Error handling issues  (UNCAUGHT_EXCEPT)
/sc/inc/poolcach.hxx: 31 in ScItemPoolCache::SfxItemModifyImpl::SfxItemModifyImpl(ScItemPoolCache::SfxItemModifyImpl&&)()
25     class CellAttributeHelper;
26     class SfxItemSet;
27     class SfxPoolItem;
28     
29     class ScItemPoolCache
30     {
>>>     CID 1559958:  Error handling issues  (UNCAUGHT_EXCEPT)
>>>     An exception of type "com::sun::star::uno::RuntimeException" is thrown but the exception specification "/*implicit*/noexcept" doesn't allow it to be thrown. This will result in a call to terminate().
31         struct SfxItemModifyImpl
32         {
33             const CellAttributeHolder aOriginal;
34             const CellAttributeHolder aModified;
35             SfxItemModifyImpl(const CellAttributeHolder& a, const CellAttributeHolder &b) : aOriginal(a), aModified(b) {}
36         };

** CID 1559957:  Uninitialized variables  (UNINIT)


________________________________________________________________________________________________________
*** CID 1559957:  Uninitialized variables  (UNINIT)
/sc/source/core/data/attarray.cxx: 1584 in ScAttrArray::SetPatternAreaSafe(int, int, const CellAttributeHolder &)()
1578                     //  default-constructing a ScPatternAttr for DeleteArea doesn't work
1579                     //  because it would have no cell style information.
1580                     //  Instead, the document's getCellAttributeHelper().getDefaultCellAttribute() is copied. Since it is passed as
1581                     //  pWantedPattern, no special treatment of default is needed here anymore.
1582                     ScPatternAttr* pNewPattern(new ScPatternAttr(*rWantedPattern.getScPatternAttr()));
1583                     pNewPattern->GetItemSet().Put( *pItem );
>>>     CID 1559957:  Uninitialized variables  (UNINIT)
>>>     Using uninitialized value "pNewPattern->pName._M_payload._M_payload" when calling "CellAttributeHolder".
1584                     SetPatternArea( nThisRow, nAttrRow, CellAttributeHolder(pNewPattern, true) );
1585                 }
1586                 else
1587                 {
1588                     SetPatternArea(nThisRow, nAttrRow, rWantedPattern);
1589                 }

** CID 1559956:    (UNINIT)


________________________________________________________________________________________________________
*** CID 1559956:    (UNINIT)
/sc/source/core/data/column.cxx: 631 in ScColumn::ApplyAttr(int, const SfxPoolItem &)()
625     
626         const ScPatternAttr* pOldPattern(pAttrArray->GetPattern(nRow));
627         ScPatternAttr* pNewPattern(new ScPatternAttr(*pOldPattern));
628         pNewPattern->GetItemSet().Put(rAttr);
629     
630         if (!ScPatternAttr::areSame( pNewPattern, pOldPattern ))
>>>     CID 1559956:    (UNINIT)
>>>     Using uninitialized value "pNewPattern->pName._M_payload._M_payload" when calling "CellAttributeHolder".
631             pAttrArray->SetPattern( nRow, CellAttributeHolder(pNewPattern, true) );
632         else
633             delete pNewPattern;
634     }
635     
636     ScRefCellValue ScColumn::GetCellValue( SCROW nRow ) const
/sc/source/core/data/column.cxx: 633 in ScColumn::ApplyAttr(int, const SfxPoolItem &)()
627         ScPatternAttr* pNewPattern(new ScPatternAttr(*pOldPattern));
628         pNewPattern->GetItemSet().Put(rAttr);
629     
630         if (!ScPatternAttr::areSame( pNewPattern, pOldPattern ))
631             pAttrArray->SetPattern( nRow, CellAttributeHolder(pNewPattern, true) );
632         else
>>>     CID 1559956:    (UNINIT)
>>>     Using uninitialized value "pNewPattern->pName._M_payload._M_payload" when calling "~ScPatternAttr".
633             delete pNewPattern;
634     }
635     
636     ScRefCellValue ScColumn::GetCellValue( SCROW nRow ) const
637     {
638         std::pair<sc::CellStoreType::const_iterator,size_t> aPos = maCells.position(nRow);

** CID 1559955:    (UNINIT)


________________________________________________________________________________________________________
*** CID 1559955:    (UNINIT)
/sc/source/core/data/attarray.cxx: 371 in ScAttrArray::RemoveCondFormat(int, int, unsigned int)()
365                 {
366                     if (nIndex == 0)
367                     {
368                         ScCondFormatItem aItem;
369                         ScPatternAttr* pTemp(new ScPatternAttr(*pPattern));
370                         pTemp->GetItemSet().Put( aItem );
>>>     CID 1559955:    (UNINIT)
>>>     Using uninitialized value "pTemp->pName._M_payload._M_payload" when calling "CellAttributeHolder".
371                         SetPatternArea( nTempStartRow, nTempEndRow, CellAttributeHolder(pTemp, true) );
372                     }
373                     else
374                     {
375                         ScCondFormatIndexes const & rCondFormatData = pItem->GetCondFormatData();
376                         auto itr = rCondFormatData.find(nIndex);
/sc/source/core/data/attarray.cxx: 384 in ScAttrArray::RemoveCondFormat(int, int, unsigned int)()
378                         {
379                             ScCondFormatIndexes aNewCondFormatData(rCondFormatData);
380                             aNewCondFormatData.erase_at(std::distance(rCondFormatData.begin(), itr));
381                             ScCondFormatItem aItem( std::move(aNewCondFormatData) );
382                             ScPatternAttr* pTemp(new ScPatternAttr(*pPattern));
383                             pTemp->GetItemSet().Put( aItem );
>>>     CID 1559955:    (UNINIT)
>>>     Using uninitialized value "pTemp->pName._M_payload._M_payload" when calling "CellAttributeHolder".
384                             SetPatternArea( nTempStartRow, nTempEndRow, CellAttributeHolder(pTemp, true) );
385                         }
386                     }
387                 }
388             }
389             else

** CID 1559954:    (USE_AFTER_FREE)
/sc/source/core/data/attarray.cxx: 2353 in ScAttrArray::DeleteHardAttr(int, int)()


________________________________________________________________________________________________________
*** CID 1559954:    (USE_AFTER_FREE)
/sc/source/core/data/attarray.cxx: 2353 in ScAttrArray::DeleteHardAttr(int, int)()
2347                 ScPatternAttr* pNewPattern(new ScPatternAttr(*pOldPattern));
2348                 SfxItemSet& rSet = pNewPattern->GetItemSet();
2349                 for (sal_uInt16 nId = ATTR_PATTERN_START; nId <= ATTR_PATTERN_END; nId++)
2350                     if (nId != ATTR_MERGE && nId != ATTR_MERGE_FLAG)
2351                         rSet.ClearItem(nId);
2352     
>>>     CID 1559954:    (USE_AFTER_FREE)
>>>     Passing freed pointer "pDefPattern" as an argument to "operator ==".
2353                 if ( *pNewPattern == *pDefPattern )
2354                 {
2355                     delete pNewPattern;
2356                     SetPatternArea( nThisRow, nAttrRow, pDefPattern );
2357                 }
2358                 else
/sc/source/core/data/attarray.cxx: 2353 in ScAttrArray::DeleteHardAttr(int, int)()
2347                 ScPatternAttr* pNewPattern(new ScPatternAttr(*pOldPattern));
2348                 SfxItemSet& rSet = pNewPattern->GetItemSet();
2349                 for (sal_uInt16 nId = ATTR_PATTERN_START; nId <= ATTR_PATTERN_END; nId++)
2350                     if (nId != ATTR_MERGE && nId != ATTR_MERGE_FLAG)
2351                         rSet.ClearItem(nId);
2352     
>>>     CID 1559954:    (USE_AFTER_FREE)
>>>     Calling "operator ==" dereferences freed pointer "pDefPattern".
2353                 if ( *pNewPattern == *pDefPattern )
2354                 {
2355                     delete pNewPattern;
2356                     SetPatternArea( nThisRow, nAttrRow, pDefPattern );
2357                 }
2358                 else

** CID 1559953:  Uninitialized variables  (UNINIT)


________________________________________________________________________________________________________
*** CID 1559953:  Uninitialized variables  (UNINIT)
/sc/source/core/data/column.cxx: 1626 in ScColumn::CopyToColumn(sc::CopyToDocContext &, int, int, InsertDeleteFlags, bool, ScColumn&, const ScMarkData *, bool, bool) const()
1620                 // e.g. DIF and RTF Clipboard-Import
1621                 for ( SCROW nRow = nRow1; nRow <= nRow2; nRow++ )
1622                 {
1623                     const ScStyleSheet* pStyle(rColumn.pAttrArray->GetPattern( nRow )->GetStyleSheet());
1624                     ScPatternAttr* pNewPattern(new ScPatternAttr(*pAttrArray->GetPattern(nRow)));
1625                     pNewPattern->SetStyleSheet(const_cast<ScStyleSheet*>(pStyle));
>>>     CID 1559953:  Uninitialized variables  (UNINIT)
>>>     Using uninitialized value "pNewPattern->pName._M_payload._M_payload" when calling "CellAttributeHolder".
1626                     rColumn.pAttrArray->SetPattern(nRow, CellAttributeHolder(pNewPattern, true));
1627                 }
1628             }
1629             else
1630                 pAttrArray->CopyArea( nRow1, nRow2, 0, *rColumn.pAttrArray);
1631         }

** CID 1559952:    (UNINIT)


________________________________________________________________________________________________________
*** CID 1559952:    (UNINIT)
/sc/source/core/data/attarray.cxx: 2355 in ScAttrArray::DeleteHardAttr(int, int)()
2349                 for (sal_uInt16 nId = ATTR_PATTERN_START; nId <= ATTR_PATTERN_END; nId++)
2350                     if (nId != ATTR_MERGE && nId != ATTR_MERGE_FLAG)
2351                         rSet.ClearItem(nId);
2352     
2353                 if ( *pNewPattern == *pDefPattern )
2354                 {
>>>     CID 1559952:    (UNINIT)
>>>     Using uninitialized value "pNewPattern->pName._M_payload._M_payload" when calling "~ScPatternAttr".
2355                     delete pNewPattern;
2356                     SetPatternArea( nThisRow, nAttrRow, pDefPattern );
2357                 }
2358                 else
2359                 {
2360                     SetPatternArea( nThisRow, nAttrRow, CellAttributeHolder(pNewPattern, true) );
/sc/source/core/data/attarray.cxx: 2360 in ScAttrArray::DeleteHardAttr(int, int)()
2354                 {
2355                     delete pNewPattern;
2356                     SetPatternArea( nThisRow, nAttrRow, pDefPattern );
2357                 }
2358                 else
2359                 {
>>>     CID 1559952:    (UNINIT)
>>>     Using uninitialized value "pNewPattern->pName._M_payload._M_payload" when calling "CellAttributeHolder".
2360                     SetPatternArea( nThisRow, nAttrRow, CellAttributeHolder(pNewPattern, true) );
2361                 }
2362     
2363                 Search( nThisRow, nIndex );  // data changed
2364             }
2365     

** CID 1559951:  Memory - illegal accesses  (USE_AFTER_FREE)
/sc/source/core/data/column2.cxx: 833 in ScColumn::GetOptimalColWidth(OutputDevice *, double, double, const Fraction &, const Fraction &, bool, unsigned short, const ScMarkData *, const ScColWidthParam *) const()


________________________________________________________________________________________________________
*** CID 1559951:  Memory - illegal accesses  (USE_AFTER_FREE)
/sc/source/core/data/column2.cxx: 833 in ScColumn::GetOptimalColWidth(OutputDevice *, double, double, const Fraction &, const Fraction &, bool, unsigned short, const ScMarkData *, const ScColWidthParam *) const()
827                         SvtScriptType nScript = rDocument.GetScriptType(nCol, nRow, nTab);
828                         if (nScript == SvtScriptType::NONE)
829                             nScript = ScGlobal::GetDefaultScriptType();
830     
831                         const ScPatternAttr* pPattern = GetPattern(nRow);
832                         aOptions.aPattern.setScPatternAttr(pPattern);
>>>     CID 1559951:  Memory - illegal accesses  (USE_AFTER_FREE)
>>>     Passing freed pointer "pOldPattern" as an argument to "areSame".
833                         aOptions.bGetFont = (!ScPatternAttr::areSame(pPattern, pOldPattern) || nScript != SvtScriptType::NONE);
834                         pOldPattern = pPattern;
835                         sal_uInt16 nThis = static_cast<sal_uInt16>(GetNeededSize(
836                             nRow, pDev, nPPTX, nPPTY, rZoomX, rZoomY, true, aOptions, &pOldPattern));
837                         if (nThis && (nThis > nWidth || !bFound))
838                         {

** CID 1559950:  Memory - corruptions  (USE_AFTER_FREE)


________________________________________________________________________________________________________
*** CID 1559950:  Memory - corruptions  (USE_AFTER_FREE)
/sc/source/core/data/column2.cxx: 1071 in ScColumn::GetOptimalHeight(sc::RowHeightContext &, int, int, unsigned short, int)()
1065                         for (SCROW nRow = rSpan.mnRow1; nRow <= rSpan.mnRow2; ++nRow)
1066                         {
1067                             //  only calculate the cell height when it's used later (#37928#)
1068     
1069                             if (rCxt.isForceAutoSize() || !(rDocument.GetRowFlags(nRow, nTab) & CRFlags::ManualSize) )
1070                             {
>>>     CID 1559950:  Memory - corruptions  (USE_AFTER_FREE)
>>>     Calling "setScPatternAttr" frees pointer "aOptions.aPattern.mpScPatternAttr" which has already been freed.
1071                                 aOptions.aPattern.setScPatternAttr(pPattern);
1072                                 const CellAttributeHolder aOldPattern(pPattern);
1073                                 sal_uInt16 nHeight = static_cast<sal_uInt16>(
1074                                     std::min(
1075                                         GetNeededSize( nRow, rCxt.getOutputDevice(), rCxt.getPPTX(), rCxt.getPPTY(),
1076                                                        rCxt.getZoomX(), rCxt.getZoomY(), false, aOptions,


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50ypSs1kiFPuCn2xFdlMIFBirii0zZ9j2-2F9F2XPBcBm2BNnPiSHxWPOELPnIxzXoBNaw-3D7rH1_OTq2XUZbbipYjyLSo6GRo-2FpVxQ9OzkDINu9UTS-2FQhSdO0F0jQniitrGlNxDIzPJiAwZiGo2uNUGOh-2FZwTiBJxE8CpSWcmlUC2C1GpaU-2FeRMT2gM3Caudo1iQkST-2Bh3Mzc4B0FCipx1g6sLD5mbXLzX8l4JIQlplV-2F2xQXRElu-2B2FL-2BeI-2B1CuDOA6uMwQ6ggwFoX8Yj6py9GN-2BtOXuhytsJ-2BU8QLiLIUhBaaw4cpWSZM-3D



More information about the LibreOffice mailing list