[Libreoffice-commits] core.git: 44 commits - filter/source rsc/source sc/inc sc/source sfx2/source starmath/source svtools/source svx/source sw/source tools/source vcl/source
Caolán McNamara
caolanm at redhat.com
Mon Jan 26 04:15:26 PST 2015
filter/source/msfilter/svdfppt.cxx | 8 +++++
rsc/source/rsc/rsc.cxx | 6 ----
sc/inc/document.hxx | 2 -
sc/inc/table.hxx | 2 -
sc/source/core/data/document.cxx | 13 +++++----
sc/source/core/data/table2.cxx | 11 +++++---
sc/source/core/tool/interpr1.cxx | 5 +++
sc/source/core/tool/interpr4.cxx | 3 --
sc/source/filter/excel/xeformula.cxx | 13 +++++----
sc/source/filter/excel/xiescher.cxx | 12 +++++++-
sc/source/ui/dbgui/pvfundlg.cxx | 3 +-
sc/source/ui/view/viewfun4.cxx | 4 +-
sfx2/source/dialog/templdlg.cxx | 3 +-
starmath/source/cursor.cxx | 2 +
starmath/source/mathtype.cxx | 16 +++++------
starmath/source/mathtype.hxx | 2 -
svtools/source/dialogs/roadmapwizard.cxx | 6 ++--
svx/source/tbxctrls/Palette.cxx | 2 -
svx/source/xml/xmlgrhlp.cxx | 6 ++--
sw/source/core/crsr/trvltbl.cxx | 4 +-
sw/source/core/doc/doctxm.cxx | 6 ++--
sw/source/core/doc/tblafmt.cxx | 28 ++++++++++++++------
sw/source/core/doc/tblrwcl.cxx | 2 -
sw/source/core/layout/frmtool.cxx | 29 ++++++++++++++-------
sw/source/core/layout/trvlfrm.cxx | 2 -
sw/source/core/undo/unattr.cxx | 2 -
sw/source/filter/ww8/rtfattributeoutput.cxx | 10 ++++---
sw/source/filter/ww8/wrtw8nds.cxx | 4 +-
sw/source/filter/ww8/ww8par3.cxx | 17 +++++++++++-
sw/source/uibase/docvw/edtwin.cxx | 1
sw/source/uibase/shells/basesh.cxx | 38 +++++++++++++++++-----------
sw/source/uibase/shells/drawsh.cxx | 5 ++-
sw/source/uibase/uiview/view2.cxx | 7 +++--
sw/source/uibase/uiview/viewmdi.cxx | 2 -
tools/source/generic/poly2.cxx | 18 +++++++++++++
vcl/source/control/longcurr.cxx | 2 +
vcl/source/gdi/cvtsvm.cxx | 9 ++++++
vcl/source/gdi/jobset.cxx | 10 +++++--
vcl/source/gdi/metaact.cxx | 10 ++++++-
vcl/source/gdi/regionband.cxx | 3 --
40 files changed, 225 insertions(+), 103 deletions(-)
New commits:
commit 22fe039000e57c156e5a4317f899987a9a043974
Author: Caolán McNamara <caolanm at redhat.com>
Date: Mon Jan 26 11:53:55 2015 +0000
coverity#1266484 rework to scrutinze mnLen
Change-Id: I8fb6d555a7f7afe02b4c0297d3fe4e456ba41dd0
diff --git a/vcl/source/gdi/metaact.cxx b/vcl/source/gdi/metaact.cxx
index a60e8fd..9dbcce0 100644
--- a/vcl/source/gdi/metaact.cxx
+++ b/vcl/source/gdi/metaact.cxx
@@ -1289,7 +1289,7 @@ void MetaTextArrayAction::Read( SvStream& rIStm, ImplMetaReadData* pData )
sal_Int32 nAryLen(0);
rIStm.ReadInt32(nAryLen);
- if ( mnIndex + mnLen > maStr.getLength() )
+ if (mnLen > maStr.getLength() - mnIndex)
{
mnIndex = 0;
mpDXAry = 0;
commit bbc17bc8ac9132379d1348de761793bf2961d96b
Author: Caolán McNamara <caolanm at redhat.com>
Date: Mon Jan 26 11:42:22 2015 +0000
coverity#704347 Logically dead code
const bool bSelectUp = ( bVert && !bRow );
...
if ( bSelectUp )
...
else
bVert ? (bRow ? 0 : 3) : (bRow ? 2 : 1)
the bRow is only queried on the non-bSelectUp path
if bVert is true then bRow must be also true, because
if bVert is true and bRow is false we would be in
the other branch
Change-Id: I784b41dbfda1afaf574fd8259eff3ab5cc5550fe
diff --git a/sw/source/core/crsr/trvltbl.cxx b/sw/source/core/crsr/trvltbl.cxx
index 2eabdde..fd0d20c 100644
--- a/sw/source/core/crsr/trvltbl.cxx
+++ b/sw/source/core/crsr/trvltbl.cxx
@@ -218,9 +218,9 @@ bool SwCrsrShell::_SelTblRowOrCol( bool bRow, bool bRowSimple )
else
{
// will become point of table cursor
- pStt = aCells[ bVert ? (bRow ? 0 : 3) : (bRow ? 2 : 1) ]->GetTabBox();
+ pStt = aCells[bVert ? 0 : (bRow ? 2 : 1)]->GetTabBox();
// will become mark of table cursor
- pEnd = aCells[ bVert ? (bRow ? 3 : 0) : (bRow ? 1 : 2) ]->GetTabBox();
+ pEnd = aCells[bVert ? 3 : (bRow ? 1 : 2)]->GetTabBox();
}
}
commit 1d687e81769a42540b1fe4206dd58a2d3236f47e
Author: Caolán McNamara <caolanm at redhat.com>
Date: Mon Jan 26 11:40:58 2015 +0000
coverity#708424 Uninitialized scalar field
Change-Id: I96d4c457f8eb64de7d2009b6d6b78fda4a15a4d8
diff --git a/sw/source/core/layout/frmtool.cxx b/sw/source/core/layout/frmtool.cxx
index 352dadd..7145ef7 100644
--- a/sw/source/core/layout/frmtool.cxx
+++ b/sw/source/core/layout/frmtool.cxx
@@ -1817,18 +1817,29 @@ void MakeFrms( SwDoc *pDoc, const SwNodeIndex &rSttIdx,
bObjsDirect = true;
}
-SwBorderAttrs::SwBorderAttrs( const SwModify *pMod, const SwFrm *pConstructor ) :
- SwCacheObj( pMod ),
- rAttrSet( pConstructor->IsCntntFrm()
+SwBorderAttrs::SwBorderAttrs(const SwModify *pMod, const SwFrm *pConstructor)
+ : SwCacheObj(pMod)
+ , rAttrSet(pConstructor->IsCntntFrm()
? static_cast<const SwCntntFrm*>(pConstructor)->GetNode()->GetSwAttrSet()
- : static_cast<const SwLayoutFrm*>(pConstructor)->GetFmt()->GetAttrSet() ),
- rUL ( rAttrSet.GetULSpace() ),
+ : static_cast<const SwLayoutFrm*>(pConstructor)->GetFmt()->GetAttrSet())
+ , rUL(rAttrSet.GetULSpace())
// #i96772#
// LRSpaceItem is copied due to the possibility that it is adjusted - see below
- rLR ( rAttrSet.GetLRSpace() ),
- rBox ( rAttrSet.GetBox() ),
- rShadow ( rAttrSet.GetShadow() ),
- aFrmSize( rAttrSet.GetFrmSize().GetSize() )
+ , rLR(rAttrSet.GetLRSpace())
+ , rBox(rAttrSet.GetBox())
+ , rShadow(rAttrSet.GetShadow())
+ , aFrmSize(rAttrSet.GetFrmSize().GetSize())
+ , bIsLine(false)
+ , bJoinedWithPrev(false)
+ , bJoinedWithNext(false)
+ , nTopLine(0)
+ , nBottomLine(0)
+ , nLeftLine(0)
+ , nRightLine(0)
+ , nTop(0)
+ , nBottom(0)
+ , nGetTopLine(0)
+ , nGetBottomLine(0)
{
// #i96772#
const SwTxtFrm* pTxtFrm = dynamic_cast<const SwTxtFrm*>(pConstructor);
commit 0934ed1a40c59c169354b177d7dab4228de66171
Author: Caolán McNamara <caolanm at redhat.com>
Date: Mon Jan 26 11:26:41 2015 +0000
coverity#1266485 Untrusted value as argument
Change-Id: I7708ecaf5412535055584ed6c71beaa9cd71c10c
diff --git a/vcl/source/gdi/jobset.cxx b/vcl/source/gdi/jobset.cxx
index b37b970..8066718 100644
--- a/vcl/source/gdi/jobset.cxx
+++ b/vcl/source/gdi/jobset.cxx
@@ -227,9 +227,15 @@ SvStream& ReadJobSetup( SvStream& rIStream, JobSetup& rJobSetup )
sal_uInt16 nSystem = 0;
rIStream.ReadUInt16( nSystem );
-
+ const size_t nRead = nLen - sizeof(nLen) - sizeof(nSystem);
+ if (nRead > rIStream.remainingSize())
+ {
+ SAL_WARN("vcl", "Parsing error: " << rIStream.remainingSize() <<
+ " max possible entries, but " << nRead << " claimed, truncating");
+ return rIStream;
+ }
boost::scoped_array<char> pTempBuf(new char[nLen]);
- rIStream.Read( pTempBuf.get(), nLen - sizeof( nLen ) - sizeof( nSystem ) );
+ rIStream.Read(pTempBuf.get(), nRead);
if ( nLen >= sizeof(ImplOldJobSetupData)+4 )
{
ImplOldJobSetupData* pData = reinterpret_cast<ImplOldJobSetupData*>(pTempBuf.get());
commit 83e3abf7e41ebdbd0924227075eb861195638074
Author: Caolán McNamara <caolanm at redhat.com>
Date: Mon Jan 26 11:23:31 2015 +0000
coverity#1266480 silence Pointer to local outside scope
Change-Id: I2b4b0704afbf750aae0ef59f058c6000a06dc185
diff --git a/sc/source/ui/dbgui/pvfundlg.cxx b/sc/source/ui/dbgui/pvfundlg.cxx
index 935e02a..8f5c24b 100644
--- a/sc/source/ui/dbgui/pvfundlg.cxx
+++ b/sc/source/ui/dbgui/pvfundlg.cxx
@@ -331,7 +331,8 @@ sal_Int32 ScDPFunctionDlg::FindBaseItemPos( const OUString& rEntry, sal_Int32 nS
while (nPos < mpLbBaseItem->GetEntryCount())
{
// translate the displayed field name back to its original field name.
- const OUString& rName = GetBaseItemName(mpLbBaseItem->GetEntry(nPos));
+ const OUString& rInName = mpLbBaseItem->GetEntry(nPos);
+ const OUString& rName = GetBaseItemName(rInName);
if (rName.equals(rEntry))
{
bFound = true;
commit 958bcfc9f8366d459befb61ec7ace35a36079a08
Author: Caolán McNamara <caolanm at redhat.com>
Date: Mon Jan 26 11:20:41 2015 +0000
coverity#1266489 Untrusted loop bound
Change-Id: I5903dafb4bb29657a5b6e239cb918e656c381315
diff --git a/sw/source/core/doc/tblafmt.cxx b/sw/source/core/doc/tblafmt.cxx
index 74423c0..e4eea4a 100644
--- a/sw/source/core/doc/tblafmt.cxx
+++ b/sw/source/core/doc/tblafmt.cxx
@@ -1165,19 +1165,29 @@ bool SwTableAutoFmtTbl::Load( SvStream& rStream )
rStream.ReadUInt16( nAnz );
bRet = 0 == rStream.GetError();
-
- for( sal_uInt16 i = 0; i < nAnz; ++i )
+ if (bRet)
{
- pNew = new SwTableAutoFmt( OUString() );
- bRet = pNew->Load( rStream, aVersions );
- if( bRet )
+ const size_t nMinRecordSize = sizeof(sal_uInt16);
+ const size_t nMaxRecords = rStream.remainingSize() / nMinRecordSize;
+ if (nAnz > nMaxRecords)
{
- m_pImpl->m_AutoFormats.push_back(pNew);
+ SAL_WARN("vcl.gdi", "Parsing error: " << nMaxRecords <<
+ " max possible entries, but " << nAnz << " claimed, truncating");
+ nAnz = nMaxRecords;
}
- else
+ for (sal_uInt16 i = 0; i < nAnz; ++i)
{
- delete pNew;
- break;
+ pNew = new SwTableAutoFmt( OUString() );
+ bRet = pNew->Load( rStream, aVersions );
+ if( bRet )
+ {
+ m_pImpl->m_AutoFormats.push_back(pNew);
+ }
+ else
+ {
+ delete pNew;
+ break;
+ }
}
}
}
commit dada981a72e47b03d77e8643a8cbeb6b219ecfac
Author: Caolán McNamara <caolanm at redhat.com>
Date: Mon Jan 26 11:17:16 2015 +0000
coverity#1242859 Untrusted loop bound
Change-Id: I60d68ef1e0f4035a650248047816cb8328fcfce0
diff --git a/vcl/source/gdi/regionband.cxx b/vcl/source/gdi/regionband.cxx
index 56c0d66..d1386cc 100644
--- a/vcl/source/gdi/regionband.cxx
+++ b/vcl/source/gdi/regionband.cxx
@@ -265,8 +265,7 @@ void RegionBand::load(SvStream& rIStrm)
// get next header
rIStrm.ReadUInt16( nTmp16 );
}
- while(STREAMENTRY_END != (StreamEntryType)nTmp16);
-
+ while (STREAMENTRY_END != (StreamEntryType)nTmp16 && rIStrm.good());
}
void RegionBand::save(SvStream& rOStrm) const
commit 754cc6c18967f687c6151d34f3fe14a38f9ad4f9
Author: Caolán McNamara <caolanm at redhat.com>
Date: Mon Jan 26 11:12:29 2015 +0000
coverity#1266476 silence Dereference null return value
Change-Id: I1085d6df3af1198e0fc087da4058f705f13e2f61
diff --git a/svx/source/xml/xmlgrhlp.cxx b/svx/source/xml/xmlgrhlp.cxx
index 07d475a..37bbcc3 100644
--- a/svx/source/xml/xmlgrhlp.cxx
+++ b/svx/source/xml/xmlgrhlp.cxx
@@ -63,9 +63,9 @@ const MetaCommentAction* ImplCheckForEPS( GDIMetaFile& rMtf )
{
const MetaCommentAction* pComment = NULL;
- if ( ( rMtf.GetActionSize() >= 2 )
- && ( rMtf.FirstAction()->GetType() == META_EPS_ACTION )
- && ( ((const MetaAction*)rMtf.GetAction( 1 ))->GetType() == META_COMMENT_ACTION )
+ if ( rMtf.GetActionSize() >= 2
+ && rMtf.GetAction(0)->GetType() == META_EPS_ACTION
+ && rMtf.GetAction(1)->GetType() == META_COMMENT_ACTION
&& ( static_cast<const MetaCommentAction*>(rMtf.GetAction( 1 ))->GetComment() == "EPSReplacementGraphic" ) )
pComment = static_cast<const MetaCommentAction*>(rMtf.GetAction( 1 ));
commit f848e9cc28d5a26f1f706ea35db16a9f5ad9376a
Author: Caolán McNamara <caolanm at redhat.com>
Date: Mon Jan 26 11:07:28 2015 +0000
coverity#1266518 Use after free
Change-Id: Ic50ace9d1421c9207ac95c54f363072c69b9ad00
diff --git a/sfx2/source/dialog/templdlg.cxx b/sfx2/source/dialog/templdlg.cxx
index 3313c1d..3650edc 100644
--- a/sfx2/source/dialog/templdlg.cxx
+++ b/sfx2/source/dialog/templdlg.cxx
@@ -814,7 +814,8 @@ void SfxCommonTemplateDialog_Impl::ClearResource()
void SfxCommonTemplateDialog_Impl::impl_clear()
{
- DELETEX(SfxStyleFamilies, pStyleFamilies);
+ delete pStyleFamilies;
+ pStyleFamilies = NULL;
sal_uInt16 i;
for ( i = 0; i < MAX_FAMILIES; ++i )
DELETEX(SfxTemplateItem, pFamilyState[i]);
commit 83de961e0d5fcdcf2ca096736a03887e1cdf2ed8
Author: Caolán McNamara <caolanm at redhat.com>
Date: Mon Jan 26 11:04:35 2015 +0000
coverity#1244945 Untrusted value as argument
Change-Id: Ic969ea78a53d0a67591dd476bc01fbdce18c7eab
diff --git a/tools/source/generic/poly2.cxx b/tools/source/generic/poly2.cxx
index f6b6f3e..a800f1f 100644
--- a/tools/source/generic/poly2.cxx
+++ b/tools/source/generic/poly2.cxx
@@ -582,7 +582,7 @@ SvStream& ReadPolyPolygon( SvStream& rIStream, tools::PolyPolygon& rPolyPoly )
const size_t nMaxRecords = rIStream.remainingSize() / nMinRecordSize;
if (nPolyCount > nMaxRecords)
{
- SAL_WARN("vcl.gdi", "Parsing error: " << nMaxRecords <<
+ SAL_WARN("tools", "Parsing error: " << nMaxRecords <<
" max possible entries, but " << nPolyCount << " claimed, truncating");
nPolyCount = nMaxRecords;
}
@@ -636,6 +636,15 @@ void PolyPolygon::Read( SvStream& rIStream )
// Read number of polygons
rIStream.ReadUInt16( nPolyCount );
+ const size_t nMinRecordSize = sizeof(sal_uInt16);
+ const size_t nMaxRecords = rIStream.remainingSize() / nMinRecordSize;
+ if (nPolyCount > nMaxRecords)
+ {
+ SAL_WARN("tools", "Parsing error: " << nMaxRecords <<
+ " max possible entries, but " << nPolyCount << " claimed, truncating");
+ nPolyCount = nMaxRecords;
+ }
+
if( nPolyCount )
{
if ( mpImplPolyPolygon->mnRefCount > 1 )
commit 381ea04355deae554aeb84f373f012e28518a5f2
Author: Caolán McNamara <caolanm at redhat.com>
Date: Mon Jan 26 11:03:08 2015 +0000
coverity#1244946 Untrusted value as argument
Change-Id: Id7ad0f2060afb2f12d3111400f45d3d63e6abf8f
diff --git a/tools/source/generic/poly2.cxx b/tools/source/generic/poly2.cxx
index 9ed24b1..f6b6f3e 100644
--- a/tools/source/generic/poly2.cxx
+++ b/tools/source/generic/poly2.cxx
@@ -578,6 +578,15 @@ SvStream& ReadPolyPolygon( SvStream& rIStream, tools::PolyPolygon& rPolyPoly )
// Read number of polygons
rIStream.ReadUInt16( nPolyCount );
+ const size_t nMinRecordSize = sizeof(sal_uInt16);
+ const size_t nMaxRecords = rIStream.remainingSize() / nMinRecordSize;
+ if (nPolyCount > nMaxRecords)
+ {
+ SAL_WARN("vcl.gdi", "Parsing error: " << nMaxRecords <<
+ " max possible entries, but " << nPolyCount << " claimed, truncating");
+ nPolyCount = nMaxRecords;
+ }
+
if( nPolyCount )
{
if ( rPolyPoly.mpImplPolyPolygon->mnRefCount > 1 )
commit b700de5417742c2c1c3f01692313d25d610dedc0
Author: Caolán McNamara <caolanm at redhat.com>
Date: Mon Jan 26 10:59:32 2015 +0000
coverity#1244944 Untrusted loop bound
Change-Id: I8687e4ac621470f8f5f870c079d5740369bb4555
diff --git a/vcl/source/gdi/cvtsvm.cxx b/vcl/source/gdi/cvtsvm.cxx
index 9cc2543..7ba28e5 100644
--- a/vcl/source/gdi/cvtsvm.cxx
+++ b/vcl/source/gdi/cvtsvm.cxx
@@ -401,6 +401,15 @@ void ImplReadExtendedPolyPolygonAction(SvStream& rIStm, tools::PolyPolygon& rPol
if (!nPolygonCount)
return;
+ const size_t nMinRecordSize = sizeof(sal_uInt16);
+ const size_t nMaxRecords = rIStm.remainingSize() / nMinRecordSize;
+ if (nPolygonCount > nMaxRecords)
+ {
+ SAL_WARN("vcl.gdi", "Parsing error: " << nMaxRecords <<
+ " max possible entries, but " << nPolygonCount << " claimed, truncating");
+ nPolygonCount = nMaxRecords;
+ }
+
for(sal_uInt16 a(0); a < nPolygonCount; a++)
{
sal_uInt16 nPointCount(0);
commit 74fe2a1500ac3dfbc95c9fcb42e4044fee0ee766
Author: Caolán McNamara <caolanm at redhat.com>
Date: Mon Jan 26 10:50:05 2015 +0000
coverity#1266491 Untrusted loop bound
Change-Id: Iecca52277a2aea438c277da24afffcaeaf1119f1
diff --git a/vcl/source/gdi/metaact.cxx b/vcl/source/gdi/metaact.cxx
index 8632588..a60e8fd 100644
--- a/vcl/source/gdi/metaact.cxx
+++ b/vcl/source/gdi/metaact.cxx
@@ -1065,6 +1065,14 @@ void MetaPolyPolygonAction::Read( SvStream& rIStm, ImplMetaReadData* )
{
sal_uInt16 nNumberOfComplexPolygons(0);
rIStm.ReadUInt16( nNumberOfComplexPolygons );
+ const size_t nMinRecordSize = sizeof(sal_uInt16);
+ const size_t nMaxRecords = rIStm.remainingSize() / nMinRecordSize;
+ if (nNumberOfComplexPolygons > nMaxRecords)
+ {
+ SAL_WARN("vcl.gdi", "Parsing error: " << nMaxRecords <<
+ " max possible entries, but " << nNumberOfComplexPolygons << " claimed, truncating");
+ nNumberOfComplexPolygons = nMaxRecords;
+ }
for (sal_uInt16 i = 0; i < nNumberOfComplexPolygons; ++i)
{
sal_uInt16 nIndex(0);
commit ec7d0a45cc1c6db0d5b0dce8c4d2a03d3156c45b
Author: Caolán McNamara <caolanm at redhat.com>
Date: Mon Jan 26 10:47:01 2015 +0000
coverity#1266465 Improper use of negative value
Change-Id: I21ca714a701f58aa413bc508eb1ad128ebb39e58
diff --git a/vcl/source/control/longcurr.cxx b/vcl/source/control/longcurr.cxx
index 1393de0..027fb39 100644
--- a/vcl/source/control/longcurr.cxx
+++ b/vcl/source/control/longcurr.cxx
@@ -85,6 +85,8 @@ static OUString ImplGetCurr( const LocaleDataWrapper& rLocaleDataWrapper, const
OUString aFractionStr = rLocaleDataWrapper.getNum( (long)aFraction, 0 );
sal_Int32 nSPos = aTemplate.indexOf( '1' );
+ if (nSPos == -1)
+ break;
if ( aFractionStr.getLength() == 1 )
aTemplate[ nSPos ] = aFractionStr[0];
else
commit c58d4919f27e54a554a86439ae995dd758fe24c6
Author: Caolán McNamara <caolanm at redhat.com>
Date: Mon Jan 26 10:44:34 2015 +0000
coverity#1266438 Unintended comparison to logical negation
Change-Id: I96732e57c4e40b1e9e7ff6b18fa7250b80af31bd
diff --git a/sw/source/uibase/uiview/viewmdi.cxx b/sw/source/uibase/uiview/viewmdi.cxx
index c49c831..2422e31 100644
--- a/sw/source/uibase/uiview/viewmdi.cxx
+++ b/sw/source/uibase/uiview/viewmdi.cxx
@@ -439,7 +439,7 @@ IMPL_STATIC_LINK( SwView, MoveNavigationHdl, bool *, pbNext )
if(m_pSrchItem)
{
bool bBackward = m_pSrchItem->GetBackward();
- if(rSh.HasSelection() && !bNext == rSh.IsCrsrPtAtEnd())
+ if (rSh.HasSelection() && bNext != rSh.IsCrsrPtAtEnd())
rSh.SwapPam();
m_pSrchItem->SetBackward(!bNext);
SfxRequest aReq(FN_REPEAT_SEARCH, SfxCallMode::SLOT, pThis->GetPool());
commit 10d728b63fe3c9885f54c4c6576fa798294533b0
Author: Caolán McNamara <caolanm at redhat.com>
Date: Mon Jan 26 10:43:47 2015 +0000
coverity#1266468 Dereference null return value
Change-Id: I5ea0e972eeb585870f309e7e73ba4b1ece5dfa6a
diff --git a/sw/source/uibase/uiview/view2.cxx b/sw/source/uibase/uiview/view2.cxx
index f74f217..40925db 100644
--- a/sw/source/uibase/uiview/view2.cxx
+++ b/sw/source/uibase/uiview/view2.cxx
@@ -1072,8 +1072,11 @@ void SwView::Execute(SfxRequest &rReq)
pVFrame->ToggleChildWindow( SID_NAVIGATOR );
pCh = pVFrame->GetChildWindow( SID_NAVIGATOR );
}
- static_cast<SwNavigationPI*>( pCh->GetContextWindow(SW_MOD()))->CreateNavigationTool(
- GetVisArea(), true, &pVFrame->GetWindow());
+ if (pCh)
+ {
+ static_cast<SwNavigationPI*>( pCh->GetContextWindow(SW_MOD()))->CreateNavigationTool(
+ GetVisArea(), true, &pVFrame->GetWindow());
+ }
}
break;
case SID_JUMPTOMARK:
commit 6ede99c8ed7b1e4546ddfbac6f1cdb4cba34d7e5
Author: Caolán McNamara <caolanm at redhat.com>
Date: Mon Jan 26 10:42:45 2015 +0000
coverity#1266471 Dereference null return value
Change-Id: I8ef36169011b1ef9d4b163e1b019a44b2d5add03
diff --git a/sw/source/uibase/shells/drawsh.cxx b/sw/source/uibase/shells/drawsh.cxx
index 7ea637e..1b98e7b 100644
--- a/sw/source/uibase/shells/drawsh.cxx
+++ b/sw/source/uibase/shells/drawsh.cxx
@@ -613,7 +613,10 @@ void SwDrawShell::GetFormTextState(SfxItemSet& rSet)
SfxViewFrame* pVFrame = GetView().GetViewFrame();
if ( pVFrame->HasChildWindow(nId) )
- pDlg = static_cast<SvxFontWorkDialog*>(pVFrame->GetChildWindow(nId)->GetWindow());
+ {
+ SfxChildWindow *pChildWindow = pVFrame->GetChildWindow(nId);
+ pDlg = pChildWindow ? static_cast<SvxFontWorkDialog*>(pChildWindow->GetWindow()) : NULL;
+ }
if ( rMarkList.GetMarkCount() == 1 )
pObj = rMarkList.GetMark(0)->GetMarkedSdrObj();
commit 2a721220c6886a729cab8aab1f14926f5bf18981
Author: Caolán McNamara <caolanm at redhat.com>
Date: Mon Jan 26 10:40:47 2015 +0000
coverity#1266469 Dereference null return value
Change-Id: Ia274259186e78848638a4c828c6acded1fcc86a9
diff --git a/sw/source/uibase/shells/basesh.cxx b/sw/source/uibase/shells/basesh.cxx
index 5b966e8..dc418f9 100644
--- a/sw/source/uibase/shells/basesh.cxx
+++ b/sw/source/uibase/shells/basesh.cxx
@@ -1241,9 +1241,10 @@ IMPL_LINK_NOARG(SwBaseShell, GraphicArrivedHdl)
case SID_IMAP_EXEC:
{
sal_uInt16 nId = SvxIMapDlgChildWindow::GetChildWindowId();
- SvxIMapDlg *pDlg = pVFrame->HasChildWindow( nId ) ?
- static_cast<SvxIMapDlg*>( pVFrame->GetChildWindow( nId )
- ->GetWindow()) : 0;
+ SfxChildWindow *pChildWindow = pVFrame->HasChildWindow(nId) ?
+ pVFrame->GetChildWindow(nId) : 0;
+ SvxIMapDlg *pDlg = pChildWindow ?
+ static_cast<SvxIMapDlg*>(pChildWindow->GetWindow()) : 0;
if( pDlg && ( SID_IMAP_EXEC == nSlot ||
( SID_IMAP == nSlot && !bProtect)) &&
commit 681ee4b6af732378ec684890efec1729f29c3732
Author: Caolán McNamara <caolanm at redhat.com>
Date: Mon Jan 26 10:39:13 2015 +0000
coverity#1266467 Dereference null return value
Change-Id: Ifc6aa75417e9b43afd103079a6cd986e79f0c069
diff --git a/sw/source/uibase/shells/basesh.cxx b/sw/source/uibase/shells/basesh.cxx
index c18d5f3..5b966e8 100644
--- a/sw/source/uibase/shells/basesh.cxx
+++ b/sw/source/uibase/shells/basesh.cxx
@@ -131,14 +131,20 @@ static sal_uInt8 nFooterPos;
#include <sfx2/msg.hxx>
#include "swslots.hxx"
-#define SWCONTOURDLG(rView) ( static_cast<SvxContourDlg*>( rView.GetViewFrame()->GetChildWindow( \
- SvxContourDlgChildWindow::GetChildWindowId() )-> \
- GetWindow() ) )
+namespace
+{
+ SvxContourDlg* GetContourDlg(SwView &rView)
+ {
+ SfxChildWindow *pChildWindow = rView.GetViewFrame()->GetChildWindow(
+ SvxContourDlgChildWindow::GetChildWindowId());
+
+ return pChildWindow ? static_cast<SvxContourDlg*>(pChildWindow->GetWindow()) : NULL;
+ }
+}
#define SWIMAPDLG(rView) ( static_cast<SvxIMapDlg*>( rView.GetViewFrame()->GetChildWindow( \
SvxIMapDlgChildWindow::GetChildWindowId() )-> \
GetWindow() ) )
-
using namespace ::com::sun::star;
using namespace ::com::sun::star::uno;
using namespace ::com::sun::star::frame;
@@ -181,9 +187,12 @@ static bool lcl_UpdateContourDlg( SwWrtShell &rSh, int nSel )
if ( nSel & nsSelectionType::SEL_GRF )
rSh.GetGrfNms( &aGrfName, 0 );
- SvxContourDlg *pDlg = SWCONTOURDLG(rSh.GetView());
- pDlg->Update( aGraf, !aGrfName.isEmpty(),
- rSh.GetGraphicPolygon(), rSh.GetIMapInventor() );
+ SvxContourDlg *pDlg = GetContourDlg(rSh.GetView());
+ if (pDlg)
+ {
+ pDlg->Update(aGraf, !aGrfName.isEmpty(),
+ rSh.GetGraphicPolygon(), rSh.GetIMapInventor());
+ }
}
return bRet;
}
@@ -943,12 +952,12 @@ void SwBaseShell::Execute(SfxRequest &rReq)
break;
case SID_CONTOUR_EXEC:
{
- SvxContourDlg *pDlg = SWCONTOURDLG(GetView());
+ SvxContourDlg *pDlg = GetContourDlg(GetView());
// Check, if the allocation is useful or allowed at all.
int nSel = rSh.GetSelectionType();
if ( nSel & (nsSelectionType::SEL_GRF|nsSelectionType::SEL_OLE) )
{
- if ( pDlg->GetEditingObject() == rSh.GetIMapInventor() )
+ if (pDlg && pDlg->GetEditingObject() == rSh.GetIMapInventor())
{
rSh.StartAction();
SfxItemSet aSet( rSh.GetAttrPool(), RES_SURROUND, RES_SURROUND);
@@ -1527,8 +1536,8 @@ void SwBaseShell::GetState( SfxItemSet &rSet )
sal_uInt16 nId = SvxContourDlgChildWindow::GetChildWindowId();
if( !bDisable && GetView().GetViewFrame()->HasChildWindow( nId ))
{
- SvxContourDlg *pDlg = SWCONTOURDLG(GetView());
- if( pDlg->GetEditingObject() != rSh.GetIMapInventor() )
+ SvxContourDlg *pDlg = GetContourDlg(GetView());
+ if (pDlg && pDlg->GetEditingObject() != rSh.GetIMapInventor())
bDisable = true;
}
rSet.Put(SfxBoolItem(nWhich, bDisable));
commit 7cf0b06bd99af3fcf1cb8622c24def173798bb1a
Author: Caolán McNamara <caolanm at redhat.com>
Date: Mon Jan 26 10:34:35 2015 +0000
coverity#1266442 Dereference after null check
Change-Id: Ib1c2ba3546ed3a8fb60484257c0c8995be160908
diff --git a/sw/source/uibase/docvw/edtwin.cxx b/sw/source/uibase/docvw/edtwin.cxx
index 61e99cf..3554d97 100644
--- a/sw/source/uibase/docvw/edtwin.cxx
+++ b/sw/source/uibase/docvw/edtwin.cxx
@@ -3095,6 +3095,7 @@ void SwEditWin::MouseButtonDown(const MouseEvent& _rMEvt)
SdrHdl* pHdl;
if( !bIsDocReadOnly &&
!m_pAnchorMarker &&
+ pSdrView &&
0 != ( pHdl = pSdrView->PickHandle(aDocPos) ) &&
( pHdl->GetKind() == HDL_ANCHOR ||
pHdl->GetKind() == HDL_ANCHOR_TR ) )
commit a00df5c384dea542fbb47d7d0d4ae3ca14cc8bd1
Author: Caolán McNamara <caolanm at redhat.com>
Date: Mon Jan 26 10:33:27 2015 +0000
coverity#1266488 Untrusted loop bound
Change-Id: I41592965590d53fbaa632cf01abed430427a9698
diff --git a/sw/source/filter/ww8/ww8par3.cxx b/sw/source/filter/ww8/ww8par3.cxx
index a301046..5c03e15 100644
--- a/sw/source/filter/ww8/ww8par3.cxx
+++ b/sw/source/filter/ww8/ww8par3.cxx
@@ -2232,6 +2232,14 @@ void WW8FormulaControl::FormulaRead(SwWw8ControlType nWhich,
"Unknown formfield dropdown list structure. Report to cmc");
if (!bAllOk) //Not as expected, don't risk it at all.
nNoStrings = 0;
+ const size_t nMinRecordSize = sizeof(sal_uInt16);
+ const size_t nMaxRecords = pDataStream->remainingSize() / nMinRecordSize;
+ if (nNoStrings > nMaxRecords)
+ {
+ SAL_WARN("sw.ww8", "Parsing error: " << nMaxRecords <<
+ " max possible entries, but " << nNoStrings << " claimed, truncating");
+ nNoStrings = nMaxRecords;
+ }
maListEntries.reserve(nNoStrings);
for (sal_uInt32 nI = 0; nI < nNoStrings; ++nI)
{
commit 4223914a61c73b2167881c599f5feab7e1254f76
Author: Caolán McNamara <caolanm at redhat.com>
Date: Mon Jan 26 10:31:03 2015 +0000
coverity#1266486 Untrusted loop bound
Change-Id: I3c2ad66dd181c33073f8393dc81d1f56a80d5a87
diff --git a/sw/source/filter/ww8/ww8par3.cxx b/sw/source/filter/ww8/ww8par3.cxx
index b5918c0..a301046 100644
--- a/sw/source/filter/ww8/ww8par3.cxx
+++ b/sw/source/filter/ww8/ww8par3.cxx
@@ -1148,7 +1148,14 @@ WW8ListManager::WW8ListManager(SvStream& rSt_, SwWW8ImplReader& rReader_)
return;
// 1.1 alle LST einlesen
-
+ const size_t nMinRecordSize = 10 + 2*nMaxLevel;
+ const size_t nMaxRecords = rSt.remainingSize() / nMinRecordSize;
+ if (nListCount > nMaxRecords)
+ {
+ SAL_WARN("sw.ww8", "Parsing error: " << nMaxRecords <<
+ " max possible entries, but " << nListCount << " claimed, truncating");
+ nListCount = nMaxRecords;
+ }
for (sal_uInt16 nList=0; nList < nListCount; ++nList)
{
if (nRemainingPlcfLst < cbLSTF)
commit 9cc20c9f0080270aff096f4e7e7aecbb01aa9a5f
Author: Caolán McNamara <caolanm at redhat.com>
Date: Mon Jan 26 10:28:52 2015 +0000
fix coverity#1266487
Change-Id: I414dae9b5de83d0e0f9c3195262995cf0f4fd3e2
diff --git a/starmath/source/mathtype.cxx b/starmath/source/mathtype.cxx
index f38791c..19c4deb 100644
--- a/starmath/source/mathtype.cxx
+++ b/starmath/source/mathtype.cxx
@@ -25,13 +25,13 @@
void MathType::Init()
{
//These are the default MathType sizes
- aSizeTable[0]=12;
- aSizeTable[1]=8;
- aSizeTable[2]=6;
- aSizeTable[3]=24;
- aSizeTable[4]=10;
- aSizeTable[5]=12;
- aSizeTable[6]=12;
+ aSizeTable.push_back(12);
+ aSizeTable.push_back(8);
+ aSizeTable.push_back(6);
+ aSizeTable.push_back(24);
+ aSizeTable.push_back(10);
+ aSizeTable.push_back(12);
+ aSizeTable.push_back(12);
/*
These are the default MathType italic/bold settings If mathtype is changed
diff --git a/starmath/source/mathtype.hxx b/starmath/source/mathtype.hxx
index 9876710..4e08cd5 100644
--- a/starmath/source/mathtype.hxx
+++ b/starmath/source/mathtype.hxx
@@ -177,7 +177,7 @@ private:
int nPendingAttributes;
sal_uLong nInsertion;
- sal_Int16 aSizeTable[7];
+ std::vector<sal_Int16> aSizeTable;
sal_Int16 nDefaultSize;
sal_Int16 nLSize;
sal_Int16 nDSize;
commit 417bd8ad9018337f5177270a03c50b444461a628
Author: Caolán McNamara <caolanm at redhat.com>
Date: Mon Jan 26 10:24:35 2015 +0000
coverity#1266447 Explicit null dereferenced
Change-Id: I4fc92ef828d549d968692a5a33f8dbcded27f7bb
diff --git a/sw/source/filter/ww8/wrtw8nds.cxx b/sw/source/filter/ww8/wrtw8nds.cxx
index 91e9042..bc7185f 100644
--- a/sw/source/filter/ww8/wrtw8nds.cxx
+++ b/sw/source/filter/ww8/wrtw8nds.cxx
@@ -1506,7 +1506,7 @@ const SvxBrushItem* WW8Export::GetCurrentPageBgBrush() const
SfxItemState eState = rFmt.GetItemState(RES_BACKGROUND, true, &pItem);
const SvxBrushItem* pRet = static_cast<const SvxBrushItem*>(pItem);
- if (SfxItemState::SET != eState || (!pRet->GetGraphic() &&
+ if (SfxItemState::SET != eState || !pRet || (!pRet->GetGraphic() &&
pRet->GetColor() == COL_TRANSPARENT))
{
pRet = &(DefaultItemGet<SvxBrushItem>(*pDoc,RES_BACKGROUND));
commit caeb3dead010f6add6b4ea3f57ff0f3f7991ab18
Author: Caolán McNamara <caolanm at redhat.com>
Date: Mon Jan 26 10:23:52 2015 +0000
coverity#1266444 Explicit null dereferenced
Change-Id: I7b7beddf7769d92152c483eacd957348717b4a22
diff --git a/sw/source/filter/ww8/wrtw8nds.cxx b/sw/source/filter/ww8/wrtw8nds.cxx
index 8a05642..91e9042 100644
--- a/sw/source/filter/ww8/wrtw8nds.cxx
+++ b/sw/source/filter/ww8/wrtw8nds.cxx
@@ -1526,7 +1526,7 @@ SvxBrushItem WW8Export::TrueFrameBgBrush(const SwFrmFmt &rFlyFmt) const
SfxItemState eState =
pFlyFmt->GetItemState(RES_BACKGROUND, true, &pItem);
pRet = static_cast<const SvxBrushItem*>(pItem);
- if (SfxItemState::SET != eState || (!pRet->GetGraphic() &&
+ if (SfxItemState::SET != eState || !pRet || (!pRet->GetGraphic() &&
pRet->GetColor() == COL_TRANSPARENT))
{
pRet = 0;
commit bb12434f9fd9766598955a2257c62b4e3c3090f2
Author: Caolán McNamara <caolanm at redhat.com>
Date: Mon Jan 26 10:22:45 2015 +0000
coverity#1266441 Unchecked return value
Change-Id: Ifa0ebd05ed22a5c32b75b7c86e1910eab291fa55
diff --git a/sw/source/filter/ww8/rtfattributeoutput.cxx b/sw/source/filter/ww8/rtfattributeoutput.cxx
index 3ae033e..beca882 100644
--- a/sw/source/filter/ww8/rtfattributeoutput.cxx
+++ b/sw/source/filter/ww8/rtfattributeoutput.cxx
@@ -3624,7 +3624,7 @@ void RtfAttributeOutput::FlyFrameOLEReplacement(const SwFlyFrmFmt* pFlyFrmFmt, S
const sal_uInt8* pGraphicAry = 0;
SvMemoryStream aStream;
if (GraphicConverter::Export(aStream, *pGraphic, CVT_PNG) != ERRCODE_NONE)
- OSL_FAIL("failed to export the graphic");
+ SAL_WARN("sw.rtf", "failed to export the graphic");
aStream.Seek(STREAM_SEEK_TO_END);
sal_uInt32 nSize = aStream.Tell();
pGraphicAry = (sal_uInt8*)aStream.GetData();
@@ -3634,7 +3634,7 @@ void RtfAttributeOutput::FlyFrameOLEReplacement(const SwFlyFrmFmt* pFlyFrmFmt, S
pBLIPType = OOO_STRING_SVTOOLS_RTF_WMETAFILE;
SvMemoryStream aWmfStream;
if (GraphicConverter::Export(aWmfStream, *pGraphic, CVT_WMF) != ERRCODE_NONE)
- OSL_FAIL("failed to export the graphic");
+ SAL_WARN("sw.rtf", "failed to export the graphic");
aWmfStream.Seek(STREAM_SEEK_TO_END);
nSize = aWmfStream.Tell();
pGraphicAry = (sal_uInt8*)aWmfStream.GetData();
@@ -3834,7 +3834,8 @@ void RtfAttributeOutput::FlyFrameGraphic(const SwFlyFrmFmt* pFlyFrmFmt, const Sw
else
{
aStream.Seek(0);
- GraphicConverter::Export(aStream, rGraphic, CVT_WMF);
+ if (GraphicConverter::Export(aStream, rGraphic, CVT_WMF) != ERRCODE_NONE)
+ SAL_WARN("sw.rtf", "failed to export the graphic");
pBLIPType = OOO_STRING_SVTOOLS_RTF_WMETAFILE;
aStream.Seek(STREAM_SEEK_TO_END);
nSize = aStream.Tell();
@@ -3850,7 +3851,8 @@ void RtfAttributeOutput::FlyFrameGraphic(const SwFlyFrmFmt* pFlyFrmFmt, const Sw
m_rExport.Strm().WriteCharPtr("}" "{" OOO_STRING_SVTOOLS_RTF_NONSHPPICT);
aStream.Seek(0);
- GraphicConverter::Export(aStream, rGraphic, CVT_WMF);
+ if (GraphicConverter::Export(aStream, rGraphic, CVT_WMF) != ERRCODE_NONE)
+ SAL_WARN("sw.rtf", "failed to export the graphic");
pBLIPType = OOO_STRING_SVTOOLS_RTF_WMETAFILE;
aStream.Seek(STREAM_SEEK_TO_END);
nSize = aStream.Tell();
commit 9cb0833c07f0ab0d4b619bfe08cdaf5877afd1ab
Author: Caolán McNamara <caolanm at redhat.com>
Date: Mon Jan 26 10:20:14 2015 +0000
coverity#1266446 Explicit null dereferenced
Change-Id: I1ed3bee339855383c56e05bd3cb0031472ce6f55
diff --git a/sw/source/core/undo/unattr.cxx b/sw/source/core/undo/unattr.cxx
index 9069ffd..3c0467c 100644
--- a/sw/source/core/undo/unattr.cxx
+++ b/sw/source/core/undo/unattr.cxx
@@ -589,7 +589,7 @@ SwUndoFmtResetAttr::SwUndoFmtResetAttr( SwFmt& rChangedFormat,
, m_nWhichId( nWhichId )
{
const SfxPoolItem* pItem = 0;
- if (rChangedFormat.GetItemState( nWhichId, false, &pItem ) == SfxItemState::SET)
+ if (rChangedFormat.GetItemState(nWhichId, false, &pItem ) == SfxItemState::SET && pItem)
{
m_pOldItem.reset( pItem->Clone() );
}
commit 0d6a7a56625f7bdd63d87455b7a34cecbb4bf7d2
Author: Caolán McNamara <caolanm at redhat.com>
Date: Mon Jan 26 10:19:14 2015 +0000
coverity#1266443 Dereference after null check
Change-Id: Ia267546994c34cd6dc8e65cbb7e701c9b300816a
diff --git a/sw/source/core/layout/trvlfrm.cxx b/sw/source/core/layout/trvlfrm.cxx
index b4820e0..d2f9418 100644
--- a/sw/source/core/layout/trvlfrm.cxx
+++ b/sw/source/core/layout/trvlfrm.cxx
@@ -771,7 +771,7 @@ static bool lcl_UpDown( SwPaM *pPam, const SwCntntFrm *pStart,
// Restrict nX to the left and right borders of pTab:
// (is this really necessary?)
- if ( !pTable->GetUpper()->IsInTab() )
+ if (pTable && !pTable->GetUpper()->IsInTab())
{
const bool bRTL = pTable->IsRightToLeft();
const long nPrtLeft = bRTL ?
commit b4daae0f4da8c5c7770dc6d8fb8da49ac95fcf56
Author: Caolán McNamara <caolanm at redhat.com>
Date: Mon Jan 26 10:18:20 2015 +0000
coverity#1266449 Explicit null dereferenced
Change-Id: I33655eac7973b1824179b376417d6a402f922944
diff --git a/sw/source/core/doc/tblrwcl.cxx b/sw/source/core/doc/tblrwcl.cxx
index 8ff9262..9dbbec0 100644
--- a/sw/source/core/doc/tblrwcl.cxx
+++ b/sw/source/core/doc/tblrwcl.cxx
@@ -4334,7 +4334,7 @@ bool SwTable::SetRowHeight( SwTableBox& rAktBox, sal_uInt16 eType,
xFndBox.reset();
- if( ppUndo && *ppUndo )
+ if (ppUndo && *ppUndo && aParam.pUndo)
{
aParam.pUndo->SetColWidthParam( nBoxIdx, static_cast<sal_uInt16>(eTblChgMode), eType,
nAbsDiff, nRelDiff );
commit 5c8c7aacc9eb1250d36a5d8e966be68a90f7e5c0
Author: Caolán McNamara <caolanm at redhat.com>
Date: Mon Jan 26 10:14:02 2015 +0000
coverity#1266473 Dereference null return value
Change-Id: I3f6bd3687d8546f4ad24043294b3e6dd5eb8b294
diff --git a/sw/source/core/doc/doctxm.cxx b/sw/source/core/doc/doctxm.cxx
index 46ff607..35fb4c5 100644
--- a/sw/source/core/doc/doctxm.cxx
+++ b/sw/source/core/doc/doctxm.cxx
@@ -502,12 +502,12 @@ bool SwDoc::DeleteTOX( const SwTOXBase& rTOXBase, bool bDelNodes )
const SwTOXBaseSection& rTOXSect = static_cast<const SwTOXBaseSection&>(rTOXBase);
SwSectionFmt const * pFmt = rTOXSect.GetFmt();
- if( pFmt )
+ /* Save the start node of the TOX' section. */
+ SwSectionNode const * pMyNode = pFmt ? pFmt->GetSectionNode() : NULL;
+ if (pMyNode)
{
GetIDocumentUndoRedo().StartUndo( UNDO_CLEARTOXRANGE, NULL );
- /* Save the start node of the TOX' section. */
- SwSectionNode const * pMyNode = pFmt->GetSectionNode();
/* Save start node of section's surrounding. */
SwNode const * pStartNd = pMyNode->StartOfSectionNode();
commit 0efc6db2dd460e53f4eec5a26e1b65287b82d2cf
Author: Caolán McNamara <caolanm at redhat.com>
Date: Mon Jan 26 10:12:19 2015 +0000
coverity#1266440 Unchecked return value
Change-Id: I84a9c08e539c98408d49b2f4276fb547d2deefd7
diff --git a/svx/source/tbxctrls/Palette.cxx b/svx/source/tbxctrls/Palette.cxx
index 125dd47..e03bed2 100644
--- a/svx/source/tbxctrls/Palette.cxx
+++ b/svx/source/tbxctrls/Palette.cxx
@@ -193,7 +193,7 @@ void PaletteSOC::LoadColorSet( SvxColorValueSet& rColorSet )
{
mbLoadedPalette = true;
mpColorList = XPropertyList::AsColorList(XPropertyList::CreatePropertyListFromURL(XCOLOR_LIST, maFPath));
- mpColorList->Load();
+ (void)mpColorList->Load();
}
rColorSet.Clear();
if( mpColorList.is() )
commit 60bac4a8e47c87ec30e70d2c0120072aba931d5f
Author: Caolán McNamara <caolanm at redhat.com>
Date: Mon Jan 26 10:08:45 2015 +0000
coverity#1266460 Argument cannot be negative
and
coverity#1266463 Argument cannot be negative
coverity#1266466 Argument cannot be negative
Change-Id: I4e910fa189be3b6cb8e9a6163a0d24dfcc1ef7d8
diff --git a/svtools/source/dialogs/roadmapwizard.cxx b/svtools/source/dialogs/roadmapwizard.cxx
index 649f970..8a6587e 100644
--- a/svtools/source/dialogs/roadmapwizard.cxx
+++ b/svtools/source/dialogs/roadmapwizard.cxx
@@ -332,7 +332,7 @@ namespace svt
// there is an item with this index in the roadmap - does it match what is requested by
// the respective state in the active path?
RoadmapTypes::ItemId nPresentItemId = m_pImpl->pRoadmap->GetItemID( nItemIndex );
- WizardState nRequiredState = rActivePath[ nItemIndex ];
+ WizardState nRequiredState = rActivePath.at(nItemIndex);
if ( nPresentItemId != nRequiredState )
{
m_pImpl->pRoadmap->DeleteRoadmapItem( nItemIndex );
@@ -346,7 +346,7 @@ namespace svt
bInsertItem = bNeedItem;
}
- WizardState nState( rActivePath[ nItemIndex ] );
+ WizardState nState(rActivePath.at(nItemIndex));
if ( bInsertItem )
{
m_pImpl->pRoadmap->InsertRoadmapItem(
@@ -603,7 +603,7 @@ namespace svt
// there is an item with this index in the roadmap - does it match what is requested by
// the respective state in the active path?
RoadmapTypes::ItemId nPresentItemId = m_pImpl->pRoadmap->GetItemID( nItemIndex );
- WizardState nRequiredState = rActivePath[ nItemIndex ];
+ WizardState nRequiredState = rActivePath.at(nItemIndex);
if ( _nState == nRequiredState )
{
m_pImpl->pRoadmap->ChangeRoadmapItemLabel( nPresentItemId, getStateDisplayName( nRequiredState ) );
commit f191139bcec033102ca209c43b4f542abf100f70
Author: Caolán McNamara <caolanm at redhat.com>
Date: Mon Jan 26 10:06:17 2015 +0000
coverity#1266461 Improper use of negative value
Change-Id: I4f78617129de21f7088d6f0d8b781674faa6b45a
diff --git a/starmath/source/cursor.cxx b/starmath/source/cursor.cxx
index daf16dd..9a45577 100644
--- a/starmath/source/cursor.cxx
+++ b/starmath/source/cursor.cxx
@@ -676,6 +676,8 @@ void SmCursor::InsertBrackets(SmBracketType eBracketType) {
SmStructureNode *pLineParent = pLine->GetParent();
int nParentIndex = pLineParent->IndexOfSubNode(pLine);
OSL_ENSURE( nParentIndex != -1, "pLine must be a subnode of pLineParent!");
+ if (nParentIndex < 0)
+ return;
//Convert line to list
SmNodeList *pLineList = NodeToList(pLine);
commit 7be08f650d0d78e2f812b4161c579e84f7e86e1b
Author: Caolán McNamara <caolanm at redhat.com>
Date: Mon Jan 26 10:04:12 2015 +0000
coverity#1266487 Use of untrusted scalar value
Change-Id: I6de5b1e4d363063ec5d9e471c40cf1f943468634
diff --git a/starmath/source/mathtype.cxx b/starmath/source/mathtype.cxx
index 68b83c9..f38791c 100644
--- a/starmath/source/mathtype.cxx
+++ b/starmath/source/mathtype.cxx
@@ -1862,7 +1862,7 @@ bool MathType::HandleSize(sal_Int16 nLstSize,sal_Int16 nDefSize, int &rSetSize)
in aTypeFaces, and a test would be done to see if the new font
size would be the same as what starmath would have chosen for
itself anyway in which case the size setting could be ignored*/
- nLstSize = aSizeTable[nLstSize];
+ nLstSize = aSizeTable.at(nLstSize);
nLstSize = nLstSize + nDefSize;
if (nLstSize != nCurSize)
{
commit cc8d68d6f23fd2cde8a47c8aced9fbecfb48ec94
Author: Caolán McNamara <caolanm at redhat.com>
Date: Mon Jan 26 09:51:55 2015 +0000
coverity#1266519 Use after free
Change-Id: Ib6b3b33f4b45e3bb0ff35d9e82db46bf59c60916
diff --git a/sc/inc/document.hxx b/sc/inc/document.hxx
index e992b0f..dd5175a 100644
--- a/sc/inc/document.hxx
+++ b/sc/inc/document.hxx
@@ -826,7 +826,7 @@ public:
* SfxItemPool instance returned from ScDocument::GetEditPool()</i>.
* This is very important.</p>
*/
- SC_DLLPUBLIC void SetEditText( const ScAddress& rPos, EditTextObject* pEditText );
+ SC_DLLPUBLIC bool SetEditText( const ScAddress& rPos, EditTextObject* pEditText );
void SetEditText( const ScAddress& rPos, const EditTextObject& rEditText, const SfxItemPool* pEditPool );
diff --git a/sc/inc/table.hxx b/sc/inc/table.hxx
index 3ad7162..a05f5da 100644
--- a/sc/inc/table.hxx
+++ b/sc/inc/table.hxx
@@ -330,7 +330,7 @@ public:
bool SetString( SCCOL nCol, SCROW nRow, SCTAB nTab, const OUString& rString,
ScSetStringParam* pParam = NULL );
- void SetEditText( SCCOL nCol, SCROW nRow, EditTextObject* pEditText );
+ bool SetEditText( SCCOL nCol, SCROW nRow, EditTextObject* pEditText );
void SetEditText( SCCOL nCol, SCROW nRow, const EditTextObject& rEditText, const SfxItemPool* pEditPool );
SCROW GetFirstEditTextRow( SCCOL nCol1, SCROW nRow1, SCCOL nCol2, SCROW nRow2 ) const;
diff --git a/sc/source/core/data/document.cxx b/sc/source/core/data/document.cxx
index f1b0320..f85f109 100644
--- a/sc/source/core/data/document.cxx
+++ b/sc/source/core/data/document.cxx
@@ -3240,15 +3240,15 @@ bool ScDocument::SetString(
return SetString(rPos.Col(), rPos.Row(), rPos.Tab(), rString, pParam);
}
-void ScDocument::SetEditText( const ScAddress& rPos, EditTextObject* pEditText )
+bool ScDocument::SetEditText( const ScAddress& rPos, EditTextObject* pEditText )
{
if (!TableExists(rPos.Tab()))
{
delete pEditText;
- return;
+ return false;
}
- maTabs[rPos.Tab()]->SetEditText(rPos.Col(), rPos.Row(), pEditText);
+ return maTabs[rPos.Tab()]->SetEditText(rPos.Col(), rPos.Row(), pEditText);
}
void ScDocument::SetEditText( const ScAddress& rPos, const EditTextObject& rEditText, const SfxItemPool* pEditPool )
diff --git a/sc/source/core/data/table2.cxx b/sc/source/core/data/table2.cxx
index d7a208b..6b4663c 100644
--- a/sc/source/core/data/table2.cxx
+++ b/sc/source/core/data/table2.cxx
@@ -1344,15 +1344,16 @@ bool ScTable::SetString( SCCOL nCol, SCROW nRow, SCTAB nTabP, const OUString& rS
return false;
}
-void ScTable::SetEditText( SCCOL nCol, SCROW nRow, EditTextObject* pEditText )
+bool ScTable::SetEditText( SCCOL nCol, SCROW nRow, EditTextObject* pEditText )
{
if (!ValidColRow(nCol, nRow))
{
delete pEditText;
- return;
+ return false;
}
aCol[nCol].SetEditText(nRow, pEditText);
+ return true;
}
void ScTable::SetEditText( SCCOL nCol, SCROW nRow, const EditTextObject& rEditText, const SfxItemPool* pEditPool )
diff --git a/sc/source/ui/view/viewfun4.cxx b/sc/source/ui/view/viewfun4.cxx
index 8f0ed95..f4ad744 100644
--- a/sc/source/ui/view/viewfun4.cxx
+++ b/sc/source/ui/view/viewfun4.cxx
@@ -398,8 +398,8 @@ void ScViewFunc::DoThesaurus( bool bRecord )
{
// The cell will own the text object instance.
EditTextObject* pText = pThesaurusEngine->CreateTextObject();
- rDoc.SetEditText(ScAddress(nCol,nRow,nTab), pText);
- aNewText.set(*pText);
+ if (rDoc.SetEditText(ScAddress(nCol,nRow,nTab), pText))
+ aNewText.set(*pText);
}
else
{
commit afd87354a89093f172d6949d00f735f4e1e24523
Author: Caolán McNamara <caolanm at redhat.com>
Date: Mon Jan 26 09:40:10 2015 +0000
coverity#1266451 Explicit null dereferenced
Change-Id: I66beecf2e1bb721f6bd2b563cc04c02570a0a306
diff --git a/sc/source/filter/excel/xiescher.cxx b/sc/source/filter/excel/xiescher.cxx
index 7dda12a..76d6545 100644
--- a/sc/source/filter/excel/xiescher.cxx
+++ b/sc/source/filter/excel/xiescher.cxx
@@ -203,10 +203,14 @@ XclImpDrawObjRef XclImpDrawObjBase::ReadObj3( const XclImpRoot& rRoot, XclImpStr
default:
OSL_TRACE( "XclImpDrawObjBase::ReadObj3 - unknown object type 0x%04hX", nObjType );
rRoot.GetTracer().TraceUnsupportedObjects();
- xDrawObj.reset( new XclImpPhObj( rRoot ) );
}
}
+ if (!xDrawObj)
+ {
+ xDrawObj.reset(new XclImpPhObj(rRoot));
+ }
+
xDrawObj->mnTab = rRoot.GetCurrScTab();
xDrawObj->ImplReadObj3( rStrm );
return xDrawObj;
commit fe71d9e9f12929c845c53c384a3b2dba53a6194e
Author: Caolán McNamara <caolanm at redhat.com>
Date: Mon Jan 26 09:39:19 2015 +0000
coverity#1266448 Explicit null dereferenced
Change-Id: If16ef982e7d9ae85ee73fa21ef97b328714bf9b8
diff --git a/sc/source/filter/excel/xiescher.cxx b/sc/source/filter/excel/xiescher.cxx
index 8bca3fb..7dda12a 100644
--- a/sc/source/filter/excel/xiescher.cxx
+++ b/sc/source/filter/excel/xiescher.cxx
@@ -236,10 +236,14 @@ XclImpDrawObjRef XclImpDrawObjBase::ReadObj4( const XclImpRoot& rRoot, XclImpStr
default:
OSL_TRACE( "XclImpDrawObjBase::ReadObj4 - unknown object type 0x%04hX", nObjType );
rRoot.GetTracer().TraceUnsupportedObjects();
- xDrawObj.reset( new XclImpPhObj( rRoot ) );
}
}
+ if (!xDrawObj)
+ {
+ xDrawObj.reset(new XclImpPhObj(rRoot));
+ }
+
xDrawObj->mnTab = rRoot.GetCurrScTab();
xDrawObj->ImplReadObj4( rStrm );
return xDrawObj;
commit d57d8eb4c4fa7845bf67bd0c5b931c38b42841b2
Author: Caolán McNamara <caolanm at redhat.com>
Date: Mon Jan 26 09:36:59 2015 +0000
coverity#704680 Dereference after null check
Change-Id: I50a6067b828cb5277f91aba697b419b8d0167efe
diff --git a/sc/source/filter/excel/xeformula.cxx b/sc/source/filter/excel/xeformula.cxx
index 752c6a9..5fcfbe4 100644
--- a/sc/source/filter/excel/xeformula.cxx
+++ b/sc/source/filter/excel/xeformula.cxx
@@ -589,11 +589,14 @@ void XclExpFmlaCompImpl::Init( XclFormulaType eType, const ScTokenArray& rScTokA
break;
case EXC_FMLATYPE_SHARED:
mxData->mbOk = pScBasePos != 0;
- OSL_ENSURE( mxData->mbOk, "XclExpFmlaCompImpl::Init - missing cell address" );
- // clone the passed token array, convert references relative to current cell position
- mxData->mxOwnScTokArr.reset( rScTokArr.Clone() );
- ScCompiler::MoveRelWrap( *mxData->mxOwnScTokArr, GetDocPtr(), *pScBasePos, MAXCOL, MAXROW );
- // don't remember pScBasePos in mxData->mpScBasePos, shared formulas use real relative refs
+ assert(mxData->mbOk && "XclExpFmlaCompImpl::Init - missing cell address");
+ if (mxData->mbOk)
+ {
+ // clone the passed token array, convert references relative to current cell position
+ mxData->mxOwnScTokArr.reset( rScTokArr.Clone() );
+ ScCompiler::MoveRelWrap( *mxData->mxOwnScTokArr, GetDocPtr(), *pScBasePos, MAXCOL, MAXROW );
+ // don't remember pScBasePos in mxData->mpScBasePos, shared formulas use real relative refs
+ }
break;
default:;
}
commit 1b919a83e7d6723ee2c2b8c42d55059e3c3dda5f
Author: Caolán McNamara <caolanm at redhat.com>
Date: Mon Jan 26 09:34:31 2015 +0000
coverity#1266459 Improper use of negative value
Change-Id: I9b924f7a6e5f216e1429259239ac598a10d1d5dd
diff --git a/sc/source/core/data/document.cxx b/sc/source/core/data/document.cxx
index ccbaf00..f1b0320 100644
--- a/sc/source/core/data/document.cxx
+++ b/sc/source/core/data/document.cxx
@@ -192,21 +192,22 @@ bool ScDocument::HasTable( SCTAB nTab ) const
bool ScDocument::GetName( SCTAB nTab, OUString& rName ) const
{
if (ValidTab(nTab) && nTab < static_cast<SCTAB>(maTabs.size()))
+ {
if (maTabs[nTab])
{
maTabs[nTab]->GetName( rName );
return true;
}
+ }
rName.clear();
return false;
}
OUString ScDocument::GetCopyTabName( SCTAB nTab ) const
{
- if (nTab < static_cast<SCTAB>(maTabNames.size()))
+ if (ValidTab(nTab) && nTab < static_cast<SCTAB>(maTabNames.size()))
return maTabNames[nTab];
- else
- return OUString();
+ return OUString();
}
bool ScDocument::SetCodeName( SCTAB nTab, const OUString& rName )
commit 5b70a95affa29119bbb0c934bf99ee6755de336e
Author: Caolán McNamara <caolanm at redhat.com>
Date: Mon Jan 26 09:30:36 2015 +0000
coverity#1266452 Explicit null dereferenced
Change-Id: I2cc0edfdc432f35233edef4d8fb2a60c34e1fc7f
diff --git a/sc/source/core/tool/interpr4.cxx b/sc/source/core/tool/interpr4.cxx
index 0f09edb..28f8e03 100644
--- a/sc/source/core/tool/interpr4.cxx
+++ b/sc/source/core/tool/interpr4.cxx
@@ -1696,9 +1696,8 @@ bool ScInterpreter::ConvertMatrixParameters()
const ScComplexRefData& rRef = *p->GetDoubleRef();
ScExternalRefCache::TokenArrayRef pArray;
GetExternalDoubleRef(nFileId, aTabName, rRef, pArray);
- if (nGlobalError)
+ if (nGlobalError || !pArray)
break;
-
formula::FormulaToken* pTemp = pArray->First();
if (!pTemp)
break;
commit c38a384cddfbdf8c20f01bdb87b170133bc30e59
Author: Caolán McNamara <caolanm at redhat.com>
Date: Mon Jan 26 09:29:40 2015 +0000
coverity#1266450 Explicit null dereferenced
Change-Id: Ia9a2ef623eeeed1d31bf62a18086b540dc394810
diff --git a/sc/source/core/tool/interpr1.cxx b/sc/source/core/tool/interpr1.cxx
index 16d0052..765a113 100644
--- a/sc/source/core/tool/interpr1.cxx
+++ b/sc/source/core/tool/interpr1.cxx
@@ -174,6 +174,11 @@ void ScInterpreter::ScIfJump()
xNew = new ScJumpMatrixToken( pJumpMat );
GetTokenMatrixMap().insert( ScTokenMatrixMap::value_type(pCur, xNew));
}
+ if (!xNew.get())
+ {
+ PushIllegalArgument();
+ return;
+ }
PushTempToken( xNew.get());
// set endpoint of path for main code line
aCode.Jump( pJump[ nJumpCount ], pJump[ nJumpCount ] );
commit c3666f94792777f856a794b205c07191ff33b39b
Author: Caolán McNamara <caolanm at redhat.com>
Date: Mon Jan 26 09:16:44 2015 +0000
coverity#703982 Unchecked return value
Change-Id: Ibcea87db4fcb9d8cd9d1370ea314ffbc7a8acc64
diff --git a/sc/source/core/data/table2.cxx b/sc/source/core/data/table2.cxx
index 082ea90..d7a208b 100644
--- a/sc/source/core/data/table2.cxx
+++ b/sc/source/core/data/table2.cxx
@@ -2755,9 +2755,11 @@ bool ScTable::SetRowHeightRange( SCROW nStartRow, SCROW nEndRow, sal_uInt16 nNew
if (bSingle)
{
ScFlatUInt16RowSegments::RangeData aData;
- mpRowHeights->getRangeData(nStartRow, aData);
- if (nNewHeight == aData.mnValue && nEndRow <= aData.mnRow2)
+ if (mpRowHeights->getRangeData(nStartRow, aData) &&
+ nNewHeight == aData.mnValue && nEndRow <= aData.mnRow2)
+ {
bSingle = false; // no difference in this range
+ }
}
if (bSingle)
{
commit a1b37b675e512aebf5a8b9d610cd39ebedb1c1dc
Author: Caolán McNamara <caolanm at redhat.com>
Date: Mon Jan 26 09:12:35 2015 +0000
coverity#1266502 Useless call
Change-Id: I443cc28b81508b32c49ba795583ed304729d3fa0
diff --git a/rsc/source/rsc/rsc.cxx b/rsc/source/rsc/rsc.cxx
index 5abce91..ed4b447 100644
--- a/rsc/source/rsc/rsc.cxx
+++ b/rsc/source/rsc/rsc.cxx
@@ -442,12 +442,6 @@ ERRTYPE RscCompiler :: IncludeParser( sal_uLong lFileKey )
for ( size_t i = 0, n = pFName->aDepLst.size(); i < n; ++i )
{
RscDepend * pDep = pFName->aDepLst[ i ];
- pTC->aFileTab.GetFile( pDep->GetFileKey() );
- }
-
- for ( size_t i = 0, n = pFName->aDepLst.size(); i < n; ++i )
- {
- RscDepend * pDep = pFName->aDepLst[ i ];
RscFile * pFNTmp = pTC->aFileTab.GetFile( pDep->GetFileKey() );
// Kein Pfad und Include Datei
if( pFNTmp && !pFNTmp->bLoaded )
commit 91a3976aa88039d48b71242c8b8d01341d154b09
Author: Caolán McNamara <caolanm at redhat.com>
Date: Mon Jan 26 09:10:08 2015 +0000
coverity#1266495 Untrusted loop bound
Change-Id: Ia96b29f291cf4dc97d2a4998850d641f16cb2a01
diff --git a/filter/source/msfilter/svdfppt.cxx b/filter/source/msfilter/svdfppt.cxx
index ab1731d..fab6c67 100644
--- a/filter/source/msfilter/svdfppt.cxx
+++ b/filter/source/msfilter/svdfppt.cxx
@@ -4927,6 +4927,14 @@ void PPTStyleTextPropReader::ReadParaProps( SvStream& rIn, SdrPowerPointImport&
{
sal_uInt16 i, nDistance, nAlignment, nNumberOfTabStops = 0;
rIn.ReadUInt16( nNumberOfTabStops );
+ const size_t nMinRecordSize = 4;
+ const size_t nMaxRecords = rIn.remainingSize() / nMinRecordSize;
+ if (nNumberOfTabStops > nMaxRecords)
+ {
+ SAL_WARN("filter.ms", "Parsing error: " << nMaxRecords <<
+ " max possible entries, but " << nNumberOfTabStops << " claimed, truncating");
+ nNumberOfTabStops = nMaxRecords;
+ }
for ( i = 0; i < nNumberOfTabStops; i++ )
{
rIn.ReadUInt16( nDistance )
More information about the Libreoffice-commits
mailing list