[Libreoffice-commits] core.git: 10 commits - basic/source chart2/source framework/source i18npool/source sc/source sw/source
Caolán McNamara
caolanm at redhat.com
Thu May 15 02:21:59 PDT 2014
basic/source/comp/codegen.cxx | 6 ++
chart2/source/view/main/GL3DRenderer.cxx | 2
framework/source/uielement/popuptoolbarcontroller.cxx | 3 -
framework/source/uielement/toolbarsmenucontroller.cxx | 13 +++--
i18npool/source/search/levdis.cxx | 41 ++----------------
i18npool/source/search/levdis.hxx | 33 ++++++++++++++
sc/source/core/data/formulacell.cxx | 3 -
sw/source/core/access/acccontext.cxx | 6 +-
sw/source/core/crsr/swcrsr.cxx | 2
sw/source/core/frmedt/tblsel.cxx | 5 +-
10 files changed, 66 insertions(+), 48 deletions(-)
New commits:
commit 6f019bea96e93c127ccd695d381647b48d06d710
Author: Caolán McNamara <caolanm at redhat.com>
Date: Tue May 13 21:07:39 2014 +0100
coverity#1213254 Out-of-bounds read
surely this was the intent
Change-Id: I78002adebf78674259e6c63e0e3449882accdb5d
diff --git a/chart2/source/view/main/GL3DRenderer.cxx b/chart2/source/view/main/GL3DRenderer.cxx
index 686413d..abb41b0 100644
--- a/chart2/source/view/main/GL3DRenderer.cxx
+++ b/chart2/source/view/main/GL3DRenderer.cxx
@@ -823,7 +823,7 @@ void OpenGL3DRenderer::Set3DSenceInfo(sal_uInt32 nColor, bool twoSidesLighting)
void OpenGL3DRenderer::SetLightInfo(bool lightOn, sal_uInt32 nColor, const glm::vec4& direction)
{
- if (m_LightsInfo.lightNum > MAX_LIGHT_NUM)
+ if (m_LightsInfo.lightNum >= MAX_LIGHT_NUM)
{
return;
}
commit bb7dad11e1701c295f6fe9f768f267d094d11ece
Author: Caolán McNamara <caolanm at redhat.com>
Date: Tue May 13 21:03:18 2014 +0100
coverity#1213242 Dereference null return value
Change-Id: I23ce35dbeadca1eea4c67d7d70acbf5ce3a82ac8
diff --git a/framework/source/uielement/popuptoolbarcontroller.cxx b/framework/source/uielement/popuptoolbarcontroller.cxx
index b324557..4f0c75c 100644
--- a/framework/source/uielement/popuptoolbarcontroller.cxx
+++ b/framework/source/uielement/popuptoolbarcontroller.cxx
@@ -436,7 +436,8 @@ throw ( css::uno::RuntimeException, std::exception )
( VCLXPopupMenu * ) VCLXMenu::GetImplementation( m_xPopupMenu );
SolarMutexGuard aSolarMutexGuard;
- PopupMenu* pVCLPopupMenu = dynamic_cast< PopupMenu * >( pTkPopupMenu->GetMenu() );
+ PopupMenu* pVCLPopupMenu = pTkPopupMenu ?
+ dynamic_cast< PopupMenu * >( pTkPopupMenu->GetMenu() ) : NULL;
if ( pVCLPopupMenu )
pMenuAttributes = reinterpret_cast< MenuConfiguration::Attributes* >(
pVCLPopupMenu->GetUserValue( pVCLPopupMenu->GetCurItemId() ) );
commit 6903b8480956e50a155b42fa42807fb32452bed4
Author: Caolán McNamara <caolanm at redhat.com>
Date: Tue May 13 21:02:03 2014 +0100
coverity#1213244 Dereference null return value
Change-Id: I729baf2bec5849a4323550aacb9b789db78e72b3
diff --git a/sc/source/core/data/formulacell.cxx b/sc/source/core/data/formulacell.cxx
index 78c847e..ec07bde 100644
--- a/sc/source/core/data/formulacell.cxx
+++ b/sc/source/core/data/formulacell.cxx
@@ -3754,10 +3754,11 @@ bool ScFormulaCell::InterpretInvariantFormulaGroup()
aTmpPos.SetRow(mxGroup->mpTopCell->aPos.Row() + i);
ScFormulaCell* pCell = pDocument->GetFormulaCell(aTmpPos);
assert( pCell != NULL );
+ if (!pCell)
+ continue;
// FIXME: this set of horrors is unclear to me ... certainly
// the above GetCell is profoundly nasty & slow ...
-
// Ensure the cell truly has a result:
pCell->aResult = aResult;
pCell->ResetDirty();
commit 5c3eaed8acdd9d9677833547b2ab206574ee45b8
Author: Caolán McNamara <caolanm at redhat.com>
Date: Tue May 13 20:58:59 2014 +0100
coverity#705490 Dereference null return value
Change-Id: Iac4178e7f751cba0b4a135dc9d840234d96ccfa2
diff --git a/sw/source/core/frmedt/tblsel.cxx b/sw/source/core/frmedt/tblsel.cxx
index ce5ad30..b4ae800 100644
--- a/sw/source/core/frmedt/tblsel.cxx
+++ b/sw/source/core/frmedt/tblsel.cxx
@@ -1712,7 +1712,8 @@ static void lcl_FindStartEndCol( const SwLayoutFrm *&rpStart,
{
pTmpTab = pTmpTab->GetFollow();
rpStart = pTmpTab->FirstCell();
- while ( (rpStart->Frm().*fnRect->fnGetLeft)() < nSX &&
+ while ( rpStart &&
+ (rpStart->Frm().*fnRect->fnGetLeft)() < nSX &&
(rpStart->Frm().*fnRect->fnGetRight)()< nSX2 )
rpStart = rpStart->GetNextLayoutLeaf();
}
@@ -1801,7 +1802,7 @@ void MakeSelUnions( SwSelUnions& rUnions, const SwLayoutFrm *pStart,
else if( nsSwTblSearchType::TBLSEARCH_COL == ((~nsSwTblSearchType::TBLSEARCH_PROTECT ) & eSearchType ) )
::lcl_FindStartEndCol( pStart, pEnd, nsSwTblSearchType::TBLSEARCH_PROTECT & eSearchType );
- if ( !pEnd ) return; // Made code robust.
+ if ( !pEnd || !pStart ) return; // Made code robust.
// retrieve again, as they have been moved
pTable = pStart->FindTabFrm();
commit 6093787ceb22456f90cf6585cf24a57c67d019fb
Author: Caolán McNamara <caolanm at redhat.com>
Date: Tue May 13 20:56:02 2014 +0100
coverity#705484 Dereference null return value
Change-Id: I8ba236e64994c6e37e1a782cc911df57cb902f86
diff --git a/sw/source/core/crsr/swcrsr.cxx b/sw/source/core/crsr/swcrsr.cxx
index cfd5cb1..3233cd0 100644
--- a/sw/source/core/crsr/swcrsr.cxx
+++ b/sw/source/core/crsr/swcrsr.cxx
@@ -2218,7 +2218,7 @@ SwCursor* SwTableCursor::MakeBoxSels( SwCursor* pAktCrsr )
if( !( pNd = &pPos->nNode.GetNode())->IsCntntNode() )
pNd = rNds.GoPrevSection( &pPos->nNode, true, false );
- pPos->nContent.Assign( (SwCntntNode*)pNd, ((SwCntntNode*)pNd)->Len() );
+ pPos->nContent.Assign((SwCntntNode*)pNd, pNd ? ((SwCntntNode*)pNd)->Len() : 0);
}
}
return pAktCrsr;
commit 035d62ef915ac8bd0b93fac45f7cb228ade25c19
Author: Caolán McNamara <caolanm at redhat.com>
Date: Tue May 13 20:46:20 2014 +0100
coverity#705482 Dereference null return value
Change-Id: Id50d79c2dddc3105821703fb9773128c0cc6f2f3
diff --git a/sw/source/core/access/acccontext.cxx b/sw/source/core/access/acccontext.cxx
index e12f4ae..1e84758 100644
--- a/sw/source/core/access/acccontext.cxx
+++ b/sw/source/core/access/acccontext.cxx
@@ -906,8 +906,10 @@ awt::Point SAL_CALL SwAccessibleContext::getLocationOnScreen()
Point aPixPos(aRect.X, aRect.Y);
- /* getBoundsImpl already checked that GetWindow returns valid pointer. */
- aPixPos = GetWindow()->OutputToAbsoluteScreenPixel(aPixPos);
+ Window *pWin = GetWindow();
+ CHECK_FOR_WINDOW( XAccessibleComponent, pWin )
+
+ aPixPos = pWin->OutputToAbsoluteScreenPixel(aPixPos);
awt::Point aPoint(aPixPos.getX(), aPixPos.getY());
return aPoint;
commit 9f09218d4e9f931e8d2d519872a5fe72f06f529b
Author: Caolán McNamara <caolanm at redhat.com>
Date: Tue May 13 20:41:00 2014 +0100
coverity#441006 Dereference null return value
Change-Id: I6c00db53ce507dacbf6032dbe4d41d806740be62
diff --git a/framework/source/uielement/toolbarsmenucontroller.cxx b/framework/source/uielement/toolbarsmenucontroller.cxx
index cca476f..5321064 100644
--- a/framework/source/uielement/toolbarsmenucontroller.cxx
+++ b/framework/source/uielement/toolbarsmenucontroller.cxx
@@ -445,9 +445,10 @@ void ToolbarsMenuController::fillPopupMenu( Reference< css::awt::XPopupMenu >& r
{
SolarMutexGuard aGuard;
VCLXPopupMenu* pXPopupMenu = (VCLXPopupMenu *)VCLXMenu::GetImplementation( m_xPopupMenu );
- PopupMenu* pVCLPopupMenu = (PopupMenu *)pXPopupMenu->GetMenu();
-
- pVCLPopupMenu->SetUserValue( nIndex, sal_uIntPtr( aSortedTbs[i].bContextSensitive ? 1L : 0L ));
+ PopupMenu* pVCLPopupMenu = pXPopupMenu ? (PopupMenu *)pXPopupMenu->GetMenu() : NULL;
+ assert(pVCLPopupMenu);
+ if (pVCLPopupMenu)
+ pVCLPopupMenu->SetUserValue( nIndex, sal_uIntPtr( aSortedTbs[i].bContextSensitive ? 1L : 0L ));
}
// use VCL popup menu pointer to set vital information that are not part of the awt implementation
commit 0ac3a94c9f7bffe27ec1e07c4cc73cf2425b3898
Author: Caolán McNamara <caolanm at redhat.com>
Date: Tue May 13 20:39:53 2014 +0100
coverity#440876 Dereference null return value
Change-Id: I7d00c3a3c1a12176e4b1ab74712aabeb2f1cf90e
diff --git a/framework/source/uielement/toolbarsmenucontroller.cxx b/framework/source/uielement/toolbarsmenucontroller.cxx
index a90b597..cca476f 100644
--- a/framework/source/uielement/toolbarsmenucontroller.cxx
+++ b/framework/source/uielement/toolbarsmenucontroller.cxx
@@ -556,7 +556,11 @@ void SAL_CALL ToolbarsMenuController::statusChanged( const FeatureStateEvent& Ev
{
SolarMutexGuard aGuard;
VCLXPopupMenu* pXPopupMenu = (VCLXPopupMenu *)VCLXMenu::GetImplementation( xPopupMenu );
- PopupMenu* pVCLPopupMenu = (PopupMenu *)pXPopupMenu->GetMenu();
+ PopupMenu* pVCLPopupMenu = pXPopupMenu ? (PopupMenu *)pXPopupMenu->GetMenu() : NULL;
+
+ assert(pVCLPopupMenu);
+ if (!pVCLPopupMenu)
+ return;
for ( sal_uInt16 i = 0; i < pVCLPopupMenu->GetItemCount(); i++ )
{
commit 9831dc20ab35bfe962f35d9033a3812be745a958
Author: Caolán McNamara <caolanm at redhat.com>
Date: Tue May 13 20:38:21 2014 +0100
coverity#441607 Dereference null return value
Change-Id: Ibec5bb74a708786e71f9e9a53be71e9cc50c5b69
diff --git a/basic/source/comp/codegen.cxx b/basic/source/comp/codegen.cxx
index 70fdc55..d71c843 100644
--- a/basic/source/comp/codegen.cxx
+++ b/basic/source/comp/codegen.cxx
@@ -334,9 +334,13 @@ void SbiCodeGen::Save()
{
nUserData |= PARAM_INFO_WITHBRACKETS;
}
+ SbxParamInfo* pParam = NULL;
if( nUserData )
{
- SbxParamInfo* pParam = (SbxParamInfo*)pInfo->GetParam( i );
+ pParam = (SbxParamInfo*)pInfo->GetParam( i );
+ }
+ if( pParam )
+ {
pParam->nUserData = nUserData;
}
}
commit 6d1ee0f6fb40cbdac48abde99d4d41b50c4f0fcf
Author: Caolán McNamara <caolanm at redhat.com>
Date: Wed May 14 20:54:43 2014 +0100
coverity#1209074 Same on both sides
Change-Id: I2c02ca45ed12ed571a175fb82bc2478eeb02f31f
diff --git a/i18npool/source/search/levdis.cxx b/i18npool/source/search/levdis.cxx
index 12ba7a1..9af4430 100644
--- a/i18npool/source/search/levdis.cxx
+++ b/i18npool/source/search/levdis.cxx
@@ -70,35 +70,6 @@
#define LEVDISBIG (nLimit + 1) // Return value if distance > nLimit
#define LEVDISDOUBLEBUF 2048 // dadrueber wird nicht mehr gedoppelt
-// Balance, aus Geschwindigkeitsgruenden ist dieses keine Funktion
-// c == cpPattern[jj] == cString[ii]
-// erst wird bis Fundstelle gesucht, wenn dort die Balance gleich ist, wird
-// auch nach der Fundstelle verglichen
-#define LEVDISBALANCE(jj,ii) \
-{ \
- if ( jj != ii ) \
- { \
- sal_Int32 k; \
- if ( jj > 0 ) \
- for ( k=0; k < jj; k++ ) \
- if ( cpPattern[k] == c ) \
- nBalance++; \
- if ( ii > 0 ) \
- for ( k=0; k < ii; k++ ) \
- if ( cString[k] == c ) \
- nBalance--; \
- if ( !nBalance ) \
- { \
- for ( k=jj+1; k < nPatternLen; k++ ) \
- if ( cpPattern[k] == c ) \
- nBalance++; \
- for ( k=ii+1; k < nStringLen; k++ ) \
- if ( cString[k] == c ) \
- nBalance--; \
- } \
- } \
-}
-
static sal_Int32 Impl_WLD_StringLen( const sal_Unicode* pStr )
{
const sal_Unicode* pTempStr = pStr;
@@ -178,8 +149,8 @@ int WLevDistance::WLD( const sal_Unicode* cString, sal_Int32 nStringLen )
}
else if ( nReplacePos > 0 && !nP )
{
- int nBalance = 0; // gleiche Anzahl c
- LEVDISBALANCE( 0, i-1 );
+ // gleiche Anzahl c
+ int nBalance = levdisbalance( 0, i-1, c, cString, nStringLen );
if ( !nBalance )
{ // einer wurde ersetzt, der ein Insert war
nRepS--;
@@ -230,8 +201,8 @@ int WLevDistance::WLD( const sal_Unicode* cString, sal_Int32 nStringLen )
nPij = 0; // p(i,j)
if ( nReplacePos < 0 )
{
- int nBalance = 0; // same quantity c
- LEVDISBALANCE( j, i-1 );
+ // same quantity c
+ int nBalance = levdisbalance( j, i-1, c, cString, nStringLen );
if ( !nBalance )
nReplacePos = 0; // keine Ersetzung mehr
}
@@ -259,8 +230,8 @@ int WLevDistance::WLD( const sal_Unicode* cString, sal_Int32 nStringLen )
// Replace keins. Buchstabendreher werden hier erfasst
// und der ReplaceS zurueckgenommen, wodurch das doppelte
// Limit zum Tragen kommt.
- int nBalance = 0; // same quantity c
- LEVDISBALANCE( j, i-1 );
+ // same quantity c
+ int nBalance = levdisbalance( j, i-1, c, cString, nStringLen );
if ( !nBalance )
{ // einer wurde ersetzt, der ein Insert war
nRepS--;
diff --git a/i18npool/source/search/levdis.hxx b/i18npool/source/search/levdis.hxx
index f27e2fc..a9f7407 100644
--- a/i18npool/source/search/levdis.hxx
+++ b/i18npool/source/search/levdis.hxx
@@ -165,6 +165,39 @@ public:
// SetSplit( TRUE ) macht nur mit Werten nach CalcLPQR() Sinn!
inline bool IsNormal( sal_Int32 nPos ) const { return( !bpPatIsWild[nPos] ); }
+
+ // Balance, aus Geschwindigkeitsgruenden ist dieses keine Funktion
+ // c == cpPattern[jj] == cString[ii]
+ // erst wird bis Fundstelle gesucht, wenn dort die Balance gleich ist, wird
+ // auch nach der Fundstelle verglichen
+ int levdisbalance(sal_Int32 jj, sal_Int32 ii, sal_Unicode c, const sal_Unicode* cString, sal_Int32 nStringLen)
+ {
+ int nBalance = 0;
+
+ if ( jj != ii )
+ {
+ sal_Int32 k;
+ if ( jj > 0 )
+ for ( k=0; k < jj; k++ )
+ if ( cpPattern[k] == c )
+ nBalance++;
+ if ( ii > 0 )
+ for ( k=0; k < ii; k++ )
+ if ( cString[k] == c )
+ nBalance--;
+ if ( !nBalance )
+ {
+ for ( k=jj+1; k < nPatternLen; k++ )
+ if ( cpPattern[k] == c )
+ nBalance++;
+ for ( k=ii+1; k < nStringLen; k++ )
+ if ( cString[k] == c )
+ nBalance--;
+ }
+ }
+
+ return nBalance;
+ }
};
inline int WLevDistance::SetLimit( int nNewLimit )
More information about the Libreoffice-commits
mailing list