New Defects reported by Coverity Scan for LibreOffice
scan-admin at coverity.com
scan-admin at coverity.com
Thu Nov 20 15:00:12 PST 2014
Hi,
Please find the latest report on new defect(s) introduced to LibreOffice found with Coverity Scan.
8 new defect(s) introduced to LibreOffice found with Coverity Scan.
38 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 8 of 8 defect(s)
** CID 1255386: Unchecked return value (CHECKED_RETURN)
/sal/osl/unx/profile.cxx: 140 in osl_openProfile()
** CID 1255387: Division or modulo by float zero (DIVIDE_BY_ZERO)
/vcl/opengl/gdiimpl.cxx: 732 in OpenGLSalGraphicsImpl::DrawTransformedTexture(OpenGLTexture &, OpenGLTexture &, const basegfx::B2DPoint &, const basegfx::B2DPoint &, const basegfx::B2DPoint &)()
/vcl/opengl/gdiimpl.cxx: 732 in OpenGLSalGraphicsImpl::DrawTransformedTexture(OpenGLTexture &, OpenGLTexture &, const basegfx::B2DPoint &, const basegfx::B2DPoint &, const basegfx::B2DPoint &)()
** CID 1255388: Division or modulo by float zero (DIVIDE_BY_ZERO)
/vcl/opengl/gdiimpl.cxx: 732 in OpenGLSalGraphicsImpl::DrawTransformedTexture(OpenGLTexture &, OpenGLTexture &, const basegfx::B2DPoint &, const basegfx::B2DPoint &, const basegfx::B2DPoint &)()
/vcl/opengl/gdiimpl.cxx: 732 in OpenGLSalGraphicsImpl::DrawTransformedTexture(OpenGLTexture &, OpenGLTexture &, const basegfx::B2DPoint &, const basegfx::B2DPoint &, const basegfx::B2DPoint &)()
** CID 1255389: Dereference null return value (NULL_RETURNS)
/svtools/qa/unit/GraphicObjectTest.cxx: 170 in <unnamed>::GraphicObjectTest::testSizeBasedAutoSwap()()
/svtools/qa/unit/GraphicObjectTest.cxx: 170 in <unnamed>::GraphicObjectTest::testSizeBasedAutoSwap()()
** CID 1255390: Resource leak (RESOURCE_LEAK)
/basic/source/runtime/methods.cxx: 3733 in SbRtl_Shell(StarBASIC *, SbxArray &, bool)()
** CID 1255391: Time of check time of use (TOCTOU)
/sal/osl/unx/pipe.cxx: 291 in osl_psz_createPipe(const char *, unsigned int, void *)()
/sal/osl/unx/pipe.cxx: 314 in osl_psz_createPipe(const char *, unsigned int, void *)()
** CID 1209008: Unchecked return value (CHECKED_RETURN)
/sd/source/ui/app/sdmod1.cxx: 315 in SdModule::OutlineToImpress(SfxRequest &)()
** CID 1209049: Unchecked return value (CHECKED_RETURN)
/sal/osl/unx/process.cxx: 475 in osl_executeProcess_WithRedirectedIO()
________________________________________________________________________________________________________
*** CID 1255386: Unchecked return value (CHECKED_RETURN)
/sal/osl/unx/profile.cxx: 140 in osl_openProfile()
134
135 oslProfile SAL_CALL osl_openProfile(rtl_uString *ustrProfileName, oslProfileOption Options)
136 {
137 char profilePath[PATH_MAX] = "";
138
139 if ( ustrProfileName != 0 && ustrProfileName->buffer[0] != 0 )
>>> CID 1255386: Unchecked return value (CHECKED_RETURN)
>>> Calling "FileURLToPath" without checking return value (as is done elsewhere 11 out of 13 times).
140 FileURLToPath( profilePath, PATH_MAX, ustrProfileName );
141
142 return osl_psz_openProfile( profilePath,Options );
143 }
144
145 static oslProfile SAL_CALL osl_psz_openProfile(const sal_Char *pszProfileName, oslProfileOption Flags)
________________________________________________________________________________________________________
*** CID 1255387: Division or modulo by float zero (DIVIDE_BY_ZERO)
/vcl/opengl/gdiimpl.cxx: 732 in OpenGLSalGraphicsImpl::DrawTransformedTexture(OpenGLTexture &, OpenGLTexture &, const basegfx::B2DPoint &, const basegfx::B2DPoint &, const basegfx::B2DPoint &)()
726 const basegfx::B2DPoint& rNull,
727 const basegfx::B2DPoint& rX,
728 const basegfx::B2DPoint& rY )
729 {
730 const basegfx::B2DVector aXRel = rX - rNull;
731 const basegfx::B2DVector aYRel = rY - rNull;
>>> CID 1255387: Division or modulo by float zero (DIVIDE_BY_ZERO)
>>> In expression "(float)aYRel.getY() / rTexture->GetHeight()", division by expression "rTexture->GetHeight()" which may be zero has undefined behavior.
732 const float aValues[] = {
733 (float) aXRel.getX()/rTexture.GetWidth(), (float) aXRel.getY()/rTexture.GetWidth(), 0, 0,
734 (float) aYRel.getX()/rTexture.GetHeight(), (float) aYRel.getY()/rTexture.GetHeight(), 0, 0,
735 0, 0, 1, 0,
736 (float) rNull.getX(), (float) rNull.getY(), 0, 1 };
737 glm::mat4 mMatrix = glm::make_mat4( aValues );
/vcl/opengl/gdiimpl.cxx: 732 in OpenGLSalGraphicsImpl::DrawTransformedTexture(OpenGLTexture &, OpenGLTexture &, const basegfx::B2DPoint &, const basegfx::B2DPoint &, const basegfx::B2DPoint &)()
726 const basegfx::B2DPoint& rNull,
727 const basegfx::B2DPoint& rX,
728 const basegfx::B2DPoint& rY )
729 {
730 const basegfx::B2DVector aXRel = rX - rNull;
731 const basegfx::B2DVector aYRel = rY - rNull;
>>> CID 1255387: Division or modulo by float zero (DIVIDE_BY_ZERO)
>>> In expression "(float)aYRel.getX() / rTexture->GetHeight()", division by expression "rTexture->GetHeight()" which may be zero has undefined behavior.
732 const float aValues[] = {
733 (float) aXRel.getX()/rTexture.GetWidth(), (float) aXRel.getY()/rTexture.GetWidth(), 0, 0,
734 (float) aYRel.getX()/rTexture.GetHeight(), (float) aYRel.getY()/rTexture.GetHeight(), 0, 0,
735 0, 0, 1, 0,
736 (float) rNull.getX(), (float) rNull.getY(), 0, 1 };
737 glm::mat4 mMatrix = glm::make_mat4( aValues );
________________________________________________________________________________________________________
*** CID 1255388: Division or modulo by float zero (DIVIDE_BY_ZERO)
/vcl/opengl/gdiimpl.cxx: 732 in OpenGLSalGraphicsImpl::DrawTransformedTexture(OpenGLTexture &, OpenGLTexture &, const basegfx::B2DPoint &, const basegfx::B2DPoint &, const basegfx::B2DPoint &)()
726 const basegfx::B2DPoint& rNull,
727 const basegfx::B2DPoint& rX,
728 const basegfx::B2DPoint& rY )
729 {
730 const basegfx::B2DVector aXRel = rX - rNull;
731 const basegfx::B2DVector aYRel = rY - rNull;
>>> CID 1255388: Division or modulo by float zero (DIVIDE_BY_ZERO)
>>> In expression "(float)aXRel.getY() / rTexture->GetWidth()", division by expression "rTexture->GetWidth()" which may be zero has undefined behavior.
732 const float aValues[] = {
733 (float) aXRel.getX()/rTexture.GetWidth(), (float) aXRel.getY()/rTexture.GetWidth(), 0, 0,
734 (float) aYRel.getX()/rTexture.GetHeight(), (float) aYRel.getY()/rTexture.GetHeight(), 0, 0,
735 0, 0, 1, 0,
736 (float) rNull.getX(), (float) rNull.getY(), 0, 1 };
737 glm::mat4 mMatrix = glm::make_mat4( aValues );
/vcl/opengl/gdiimpl.cxx: 732 in OpenGLSalGraphicsImpl::DrawTransformedTexture(OpenGLTexture &, OpenGLTexture &, const basegfx::B2DPoint &, const basegfx::B2DPoint &, const basegfx::B2DPoint &)()
726 const basegfx::B2DPoint& rNull,
727 const basegfx::B2DPoint& rX,
728 const basegfx::B2DPoint& rY )
729 {
730 const basegfx::B2DVector aXRel = rX - rNull;
731 const basegfx::B2DVector aYRel = rY - rNull;
>>> CID 1255388: Division or modulo by float zero (DIVIDE_BY_ZERO)
>>> In expression "(float)aXRel.getX() / rTexture->GetWidth()", division by expression "rTexture->GetWidth()" which may be zero has undefined behavior.
732 const float aValues[] = {
733 (float) aXRel.getX()/rTexture.GetWidth(), (float) aXRel.getY()/rTexture.GetWidth(), 0, 0,
734 (float) aYRel.getX()/rTexture.GetHeight(), (float) aYRel.getY()/rTexture.GetHeight(), 0, 0,
735 0, 0, 1, 0,
736 (float) rNull.getX(), (float) rNull.getY(), 0, 1 };
737 glm::mat4 mMatrix = glm::make_mat4( aValues );
________________________________________________________________________________________________________
*** CID 1255389: Dereference null return value (NULL_RETURNS)
/svtools/qa/unit/GraphicObjectTest.cxx: 170 in <unnamed>::GraphicObjectTest::testSizeBasedAutoSwap()()
164 const GraphicObject* pGrafObj1 = 0;
165 const GraphicObject* pGrafObj2 = 0;
166 for( sal_uLong nIndex = 0; nIndex < aNodes.Count(); ++nIndex)
167 {
168 if( aNodes[nIndex]->IsGrfNode() )
169 {
>>> CID 1255389: Dereference null return value (NULL_RETURNS)
>>> Assigning: "pGrfNode" = null return value from "GetGrfNode".
170 SwGrfNode* pGrfNode = aNodes[nIndex]->GetGrfNode();
171 if( !pGrafObj1 )
172 {
173 pGrafObj1 = &pGrfNode->GetGrfObj();
174 }
175 else
/svtools/qa/unit/GraphicObjectTest.cxx: 170 in <unnamed>::GraphicObjectTest::testSizeBasedAutoSwap()()
164 const GraphicObject* pGrafObj1 = 0;
165 const GraphicObject* pGrafObj2 = 0;
166 for( sal_uLong nIndex = 0; nIndex < aNodes.Count(); ++nIndex)
167 {
168 if( aNodes[nIndex]->IsGrfNode() )
169 {
>>> CID 1255389: Dereference null return value (NULL_RETURNS)
>>> Assigning: "pGrfNode" = null return value from "GetGrfNode".
170 SwGrfNode* pGrfNode = aNodes[nIndex]->GetGrfNode();
171 if( !pGrafObj1 )
172 {
173 pGrafObj1 = &pGrfNode->GetGrfObj();
174 }
175 else
________________________________________________________________________________________________________
*** CID 1255390: Resource leak (RESOURCE_LEAK)
/basic/source/runtime/methods.cxx: 3733 in SbRtl_Shell(StarBASIC *, SbxArray &, bool)()
3727 StarBASIC::Error( SbERR_FILE_NOT_FOUND );
3728 }
3729 else
3730 {
3731 rPar.Get(0)->PutLong( 0 );
3732 }
>>> CID 1255390: Resource leak (RESOURCE_LEAK)
>>> Variable "pParamList" going out of scope leaks the storage it points to.
3733 }
3734 }
3735
3736 RTLFUNC(VarType)
3737 {
3738 (void)pBasic;
________________________________________________________________________________________________________
*** CID 1255391: Time of check time of use (TOCTOU)
/sal/osl/unx/pipe.cxx: 291 in osl_psz_createPipe(const char *, unsigned int, void *)()
285 OSL_TRACE("osl_createPipe : Pipe already in use. Errno: %d; %s",errno,strerror(errno));
286 close (pPipe->m_Socket);
287 __osl_destroyPipeImpl(pPipe);
288 return NULL;
289 }
290
>>> CID 1255391: Time of check time of use (TOCTOU)
>>> Calling function "unlink" that uses "name" after a check function. This can cause a time-of-check, time-of-use race condition.
291 unlink(name);
292 }
293
294 /* ok, fs clean */
295 if ( bind(pPipe->m_Socket, (struct sockaddr *)&addr, len) < 0 )
296 {
/sal/osl/unx/pipe.cxx: 314 in osl_psz_createPipe(const char *, unsigned int, void *)()
308
309 strncpy(pPipe->m_Name, name, sizeof(pPipe->m_Name) - 1);
310
311 if ( listen(pPipe->m_Socket, 5) < 0 )
312 {
313 OSL_TRACE("osl_createPipe failed to listen. Errno: %d; %s",errno,strerror(errno));
>>> CID 1255391: Time of check time of use (TOCTOU)
>>> Calling function "unlink" that uses "name" after a check function. This can cause a time-of-check, time-of-use race condition.
314 unlink(name); /* remove filesystem entry */
315 close (pPipe->m_Socket);
316 __osl_destroyPipeImpl(pPipe);
317 return NULL;
318 }
319
________________________________________________________________________________________________________
*** CID 1209008: Unchecked return value (CHECKED_RETURN)
/sd/source/ui/app/sdmod1.cxx: 315 in SdModule::OutlineToImpress(SfxRequest &)()
309 }
310 }
311 }
312 }
313 }
314
>>> CID 1209008: Unchecked return value (CHECKED_RETURN)
>>> Calling "IsDone" without checking return value (as is done elsewhere 7 out of 8 times).
315 rRequest.IsDone();
316 }
317
318 static bool bOnce = false;
319
320 void SdModule::GetState(SfxItemSet& rItemSet)
________________________________________________________________________________________________________
*** CID 1209049: Unchecked return value (CHECKED_RETURN)
/sal/osl/unx/process.cxx: 475 in osl_executeProcess_WithRedirectedIO()
469 return osl_Process_E_Unknown;
470 }
471
472 char szWorkDir[PATH_MAX] = "";
473 if ( ustrWorkDir != 0 && ustrWorkDir->length )
474 {
>>> CID 1209049: Unchecked return value (CHECKED_RETURN)
>>> Calling "FileURLToPath" without checking return value (as is done elsewhere 11 out of 13 times).
475 FileURLToPath( szWorkDir, PATH_MAX, ustrWorkDir );
476 pszWorkDir = szWorkDir;
477 }
478
479 if ( pArguments == 0 && nArguments > 0 )
480 {
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, http://scan.coverity.com/projects/211?tab=overview
To unsubscribe from the email notification for new defects, http://scan5.coverity.com/cgi-bin/unsubscribe.py
More information about the LibreOffice
mailing list