About coverity 738980 (ssfrm.cxx from sw module)

julien2412 serval2412 at yahoo.fr
Fri Mar 15 16:31:43 PDT 2013 

Hello,

Scan coverity detected this: 
22. pass_freed_arg: Passing freed pointer "pAnchoredObj" as an argument to
function "SwSortedObjs::Remove(SwAnchoredObject &)".

This problem appears twice in the file:
    576                 SwAnchoredObject* pAnchoredObj =
(*pFrm->GetDrawObjs())[0];
    577                 if ( pAnchoredObj->ISA(SwFlyFrm) )
    578                     delete pAnchoredObj;
    579                 else
    580                 {
    581                     SdrObject* pSdrObj = pAnchoredObj->DrawObj();
    582                     SwDrawContact* pContact =
    583                            
static_cast<SwDrawContact*>(pSdrObj->GetUserCall());
    584                     OSL_ENSURE( pContact,
    585                             "<SwFrm::~SwFrm> - missing contact for
drawing object" );
    586                     if ( pContact )
    587                     {
    588                         pContact->DisconnectObjFromLayout( pSdrObj
);
    589                     }
    590                 }
    591                 if ( pFrm->GetDrawObjs() &&
    592                      nCnt == pFrm->GetDrawObjs()->Count() )
    593                 {
    594                     pFrm->GetDrawObjs()->Remove( *pAnchoredObj ); 
//// pAnchoredObj has been deleted!
    595                 }


and here (same logic):
    608             SwAnchoredObject* pAnchoredObj = (*GetDrawObjs())[0];
    609             if ( pAnchoredObj->ISA(SwFlyFrm) )
    610                 delete pAnchoredObj;
    611             else
    612             {
    613                 SdrObject* pSdrObj = pAnchoredObj->DrawObj();
    614                 SwDrawContact* pContact =
    615                        
static_cast<SwDrawContact*>(pSdrObj->GetUserCall());
    616                 OSL_ENSURE( pContact,
    617                         "<SwFrm::~SwFrm> - missing contact for
drawing object" );
    618                 if ( pContact )
    619                 {
    620                     pContact->DisconnectObjFromLayout( pSdrObj );
    621                 }
    622             }
    623             if ( GetDrawObjs() && nCnt == GetDrawObjs()->Count() )
    624             {
    625                 GetDrawObjs()->Remove( *pAnchoredObj );  ////
pAnchoredObj has been deleted!
    626             }

Should "delete pAnchoredObj;" be followed by pAnchoredObj = null; in the if
part
then  if ( GetDrawObjs() && nCnt == GetDrawObjs()->Count() ) should be
replaced by:
 if ( GetDrawObjs() && nCnt == GetDrawObjs()->Count()  && pAnchoredObj) ?

Or:
 if ( GetDrawObjs() && nCnt == GetDrawObjs()->Count() ) part included in
else block?

Or should it be otherwise?

Julien 



--
View this message in context: http://nabble.documentfoundation.org/About-coverity-738980-ssfrm-cxx-from-sw-module-tp4044145.html
Sent from the Dev mailing list archive at Nabble.com.

More information about the LibreOffice mailing list