New Defects reported by Coverity Scan for LibreOffice
scan-admin at coverity.com
scan-admin at coverity.com
Wed Apr 29 09:36:24 PDT 2015
Hi,
Please find the latest report on new defect(s) introduced to LibreOffice found with Coverity Scan.
11 new defect(s) introduced to LibreOffice found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 11 of 11 defect(s)
** CID 1296217: Memory - illegal accesses (USE_AFTER_FREE)
________________________________________________________________________________________________________
*** CID 1296217: Memory - illegal accesses (USE_AFTER_FREE)
/sw/source/core/layout/sectfrm.cxx: 356 in SwSectionFrm::Paste(SwFrm *, SwFrm *)()
350 pSect->SetFollow( static_cast<SwSectionFrm*>(pParent)->GetFollow() );
351 static_cast<SwSectionFrm*>(pParent)->SetFollow( NULL );
352 if( pSect->GetFollow() )
353 pParent->_InvalidateSize();
354
355 InsertGroupBefore( pParent, pSibling, pSect );
>>> CID 1296217: Memory - illegal accesses (USE_AFTER_FREE)
>>> Calling "Init" dereferences freed pointer "pSect".
356 pSect->Init();
357 (pSect->*fnRect->fnMakePos)( pSect->GetUpper(), pSect->GetPrev(), true);
358 if( !static_cast<SwLayoutFrm*>(pParent)->Lower() )
359 {
360 SwSectionFrm::MoveCntntAndDelete( static_cast<SwSectionFrm*>(pParent), false );
361 pParent = this;
** CID 1296216: Error handling issues (UNCAUGHT_EXCEPT)
/chart2/source/controller/chartapiwrapper/DataSeriesPointWrapper.cxx: 639 in chart::wrapper::DataSeriesPointWrapper::getPropertyState(const rtl::OUString &)()
________________________________________________________________________________________________________
*** CID 1296216: Error handling issues (UNCAUGHT_EXCEPT)
/chart2/source/controller/chartapiwrapper/DataSeriesPointWrapper.cxx: 639 in chart::wrapper::DataSeriesPointWrapper::getPropertyState(const rtl::OUString &)()
633 return m_spChart2ModelContact->GetPageSize();
634 }
635
636 // WrappedPropertySet
637
638 //XPropertyState
>>> CID 1296216: Error handling issues (UNCAUGHT_EXCEPT)
>>> An exception of type "com::sun::star::lang::WrappedTargetException" is thrown but the throw list "throw(com::sun::star::uno::RuntimeException, com::sun::star::beans::UnknownPropertyException, std::exception)" doesn't allow it to be thrown. This will cause a call to unexpected() which usually calls terminate().
639 beans::PropertyState SAL_CALL DataSeriesPointWrapper::getPropertyState( const OUString& rPropertyName )
640 throw (beans::UnknownPropertyException, uno::RuntimeException, std::exception)
641 {
642 beans::PropertyState aState( beans::PropertyState_DIRECT_VALUE );
643 if (rPropertyName == "SymbolBitmapURL")
644 {
** CID 1296215: Null pointer dereferences (REVERSE_INULL)
/vcl/source/window/mouse.cxx: 286 in vcl::Window::ImplGrabFocus(unsigned short)()
________________________________________________________________________________________________________
*** CID 1296215: Null pointer dereferences (REVERSE_INULL)
/vcl/source/window/mouse.cxx: 286 in vcl::Window::ImplGrabFocus(unsigned short)()
280 bMustNotGrabFocus = true;
281 break;
282 }
283 pParent = pParent->mpWindowImpl->mpParent;
284 }
285
>>> CID 1296215: Null pointer dereferences (REVERSE_INULL)
>>> Null-checking "this->mpWindowImpl" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
286 if ( ( pSVData->maWinData.mpFocusWin.get() != this &&
287 mpWindowImpl && !mpWindowImpl->mbInDispose ) ||
288 ( bAsyncFocusWaiting && !bHasFocus && !bMustNotGrabFocus ) )
289 {
290 // EndExtTextInput if it is not the same window
291 if ( pSVData->maWinData.mpExtTextInputWin &&
** CID 1296214: Null pointer dereferences (NULL_RETURNS)
/formula/source/core/api/FormulaCompiler.cxx: 1878 in formula::FormulaCompiler::CreateStringFromToken(rtl::OUStringBuffer &, const formula::FormulaToken *, bool)()
________________________________________________________________________________________________________
*** CID 1296214: Null pointer dereferences (NULL_RETURNS)
/formula/source/core/api/FormulaCompiler.cxx: 1878 in formula::FormulaCompiler::CreateStringFromToken(rtl::OUStringBuffer &, const formula::FormulaToken *, bool)()
1872 {
1873 // Suppress all TableRef related tokens, the resulting
1874 // range was written by CreateStringFromIndex().
1875 const FormulaToken* const p = pArr->PeekNext();
1876 if (p && p->GetOpCode() == ocTableRefOpen)
1877 {
>>> CID 1296214: Null pointer dereferences (NULL_RETURNS)
>>> Assigning: "t" = null return value from "Next".
1878 t = pArr->Next();
1879 int nLevel = 0;
1880 do
1881 {
1882 // Switch cases correspond with those in
1883 // ScCompiler::HandleTableRef()
** CID 1296213: (NO_EFFECT)
/extensions/source/dbpilots/unoautopilot.inl: 70 in dbp::OUnoAutoPilot<dbp::OGridWizard, dbp::OGridSI>::getSupportedServiceNames_Static()()
/extensions/source/dbpilots/unoautopilot.inl: 70 in dbp::OUnoAutoPilot<dbp::OGroupBoxWizard, dbp::OGroupBoxSI>::getSupportedServiceNames_Static()()
/extensions/source/dbpilots/unoautopilot.inl: 70 in dbp::OUnoAutoPilot<dbp::OListComboWizard, dbp::OListComboSI>::getSupportedServiceNames_Static()()
________________________________________________________________________________________________________
*** CID 1296213: (NO_EFFECT)
/extensions/source/dbpilots/unoautopilot.inl: 70 in dbp::OUnoAutoPilot<dbp::OGridWizard, dbp::OGridSI>::getSupportedServiceNames_Static()()
64 }
65
66
67 template <class TYPE, class SERVICEINFO>
68 ::comphelper::StringSequence OUnoAutoPilot<TYPE, SERVICEINFO>::getSupportedServiceNames_Static() throw(::com::sun::star::uno::RuntimeException)
69 {
>>> CID 1296213: (NO_EFFECT)
>>> Part "dbp::OGridSI({})" of statement "(dbp::OGridSI({})) , getServiceNames" has no effect due to the comma.
70 return SERVICEINFO().getServiceNames();
71 }
72
73
74 template <class TYPE, class SERVICEINFO>
75 ::com::sun::star::uno::Reference< ::com::sun::star::beans::XPropertySetInfo > SAL_CALL OUnoAutoPilot<TYPE, SERVICEINFO>::getPropertySetInfo() throw(::com::sun::star::uno::RuntimeException, std::exception)
/extensions/source/dbpilots/unoautopilot.inl: 70 in dbp::OUnoAutoPilot<dbp::OGroupBoxWizard, dbp::OGroupBoxSI>::getSupportedServiceNames_Static()()
64 }
65
66
67 template <class TYPE, class SERVICEINFO>
68 ::comphelper::StringSequence OUnoAutoPilot<TYPE, SERVICEINFO>::getSupportedServiceNames_Static() throw(::com::sun::star::uno::RuntimeException)
69 {
>>> CID 1296213: (NO_EFFECT)
>>> Part "dbp::OGroupBoxSI({})" of statement "(dbp::OGroupBoxSI({})) , getServiceNames" has no effect due to the comma.
70 return SERVICEINFO().getServiceNames();
71 }
72
73
74 template <class TYPE, class SERVICEINFO>
75 ::com::sun::star::uno::Reference< ::com::sun::star::beans::XPropertySetInfo > SAL_CALL OUnoAutoPilot<TYPE, SERVICEINFO>::getPropertySetInfo() throw(::com::sun::star::uno::RuntimeException, std::exception)
/extensions/source/dbpilots/unoautopilot.inl: 70 in dbp::OUnoAutoPilot<dbp::OListComboWizard, dbp::OListComboSI>::getSupportedServiceNames_Static()()
64 }
65
66
67 template <class TYPE, class SERVICEINFO>
68 ::comphelper::StringSequence OUnoAutoPilot<TYPE, SERVICEINFO>::getSupportedServiceNames_Static() throw(::com::sun::star::uno::RuntimeException)
69 {
>>> CID 1296213: (NO_EFFECT)
>>> Part "dbp::OListComboSI({})" of statement "(dbp::OListComboSI({})) , getServiceNames" has no effect due to the comma.
70 return SERVICEINFO().getServiceNames();
71 }
72
73
74 template <class TYPE, class SERVICEINFO>
75 ::com::sun::star::uno::Reference< ::com::sun::star::beans::XPropertySetInfo > SAL_CALL OUnoAutoPilot<TYPE, SERVICEINFO>::getPropertySetInfo() throw(::com::sun::star::uno::RuntimeException, std::exception)
** CID 1296212: (NO_EFFECT)
/extensions/source/dbpilots/unoautopilot.inl: 56 in dbp::OUnoAutoPilot<dbp::OGridWizard, dbp::OGridSI>::getImplementationName_Static()()
/extensions/source/dbpilots/unoautopilot.inl: 56 in dbp::OUnoAutoPilot<dbp::OGroupBoxWizard, dbp::OGroupBoxSI>::getImplementationName_Static()()
/extensions/source/dbpilots/unoautopilot.inl: 56 in dbp::OUnoAutoPilot<dbp::OListComboWizard, dbp::OListComboSI>::getImplementationName_Static()()
________________________________________________________________________________________________________
*** CID 1296212: (NO_EFFECT)
/extensions/source/dbpilots/unoautopilot.inl: 56 in dbp::OUnoAutoPilot<dbp::OGridWizard, dbp::OGridSI>::getImplementationName_Static()()
50 }
51
52
53 template <class TYPE, class SERVICEINFO>
54 ::rtl::OUString OUnoAutoPilot<TYPE, SERVICEINFO>::getImplementationName_Static() throw(::com::sun::star::uno::RuntimeException)
55 {
>>> CID 1296212: (NO_EFFECT)
>>> Part "dbp::OGridSI({})" of statement "(dbp::OGridSI({})) , getImplementationName" has no effect due to the comma.
56 return SERVICEINFO().getImplementationName();
57 }
58
59
60 template <class TYPE, class SERVICEINFO>
61 ::comphelper::StringSequence SAL_CALL OUnoAutoPilot<TYPE, SERVICEINFO>::getSupportedServiceNames() throw(::com::sun::star::uno::RuntimeException, std::exception)
/extensions/source/dbpilots/unoautopilot.inl: 56 in dbp::OUnoAutoPilot<dbp::OGroupBoxWizard, dbp::OGroupBoxSI>::getImplementationName_Static()()
50 }
51
52
53 template <class TYPE, class SERVICEINFO>
54 ::rtl::OUString OUnoAutoPilot<TYPE, SERVICEINFO>::getImplementationName_Static() throw(::com::sun::star::uno::RuntimeException)
55 {
>>> CID 1296212: (NO_EFFECT)
>>> Part "dbp::OGroupBoxSI({})" of statement "(dbp::OGroupBoxSI({})) , getImplementationName" has no effect due to the comma.
56 return SERVICEINFO().getImplementationName();
57 }
58
59
60 template <class TYPE, class SERVICEINFO>
61 ::comphelper::StringSequence SAL_CALL OUnoAutoPilot<TYPE, SERVICEINFO>::getSupportedServiceNames() throw(::com::sun::star::uno::RuntimeException, std::exception)
/extensions/source/dbpilots/unoautopilot.inl: 56 in dbp::OUnoAutoPilot<dbp::OListComboWizard, dbp::OListComboSI>::getImplementationName_Static()()
50 }
51
52
53 template <class TYPE, class SERVICEINFO>
54 ::rtl::OUString OUnoAutoPilot<TYPE, SERVICEINFO>::getImplementationName_Static() throw(::com::sun::star::uno::RuntimeException)
55 {
>>> CID 1296212: (NO_EFFECT)
>>> Part "dbp::OListComboSI({})" of statement "(dbp::OListComboSI({})) , getImplementationName" has no effect due to the comma.
56 return SERVICEINFO().getImplementationName();
57 }
58
59
60 template <class TYPE, class SERVICEINFO>
61 ::comphelper::StringSequence SAL_CALL OUnoAutoPilot<TYPE, SERVICEINFO>::getSupportedServiceNames() throw(::com::sun::star::uno::RuntimeException, std::exception)
** CID 1296211: Null pointer dereferences (FORWARD_NULL)
/basctl/source/basicide/basides1.cxx: 539 in basctl::Shell::ExecuteGlobal(SfxRequest &)()
________________________________________________________________________________________________________
*** CID 1296211: Null pointer dereferences (FORWARD_NULL)
/basctl/source/basicide/basides1.cxx: 539 in basctl::Shell::ExecuteGlobal(SfxRequest &)()
533 DBG_ASSERT( rReq.GetArgs(), "arguments expected" );
534 const SbxItem& rSbxItem = static_cast<const SbxItem&>(rReq.GetArgs()->Get(SID_BASICIDE_ARG_SBX ));
535 ScriptDocument aDocument( rSbxItem.GetDocument() );
536 OUString aLibName( rSbxItem.GetLibName() );
537 OUString aName( rSbxItem.GetName() );
538 SetCurLib( aDocument, aLibName );
>>> CID 1296211: Null pointer dereferences (FORWARD_NULL)
>>> Assigning: "pWin" = "NULL".
539 BaseWindow* pWin = 0;
540 if ( rSbxItem.GetType() == TYPE_DIALOG )
541 {
542 pWin = FindDlgWin( aDocument, aLibName, aName, true );
543 }
544 else if ( rSbxItem.GetType() == TYPE_MODULE )
** CID 1296210: Null pointer dereferences (FORWARD_NULL)
/sd/source/ui/dlg/dlgass.cxx: 322 in AssistentDlgImpl::AssistentDlgImpl(vcl::Window *, const Link &, bool)()
________________________________________________________________________________________________________
*** CID 1296210: Null pointer dereferences (FORWARD_NULL)
/sd/source/ui/dlg/dlgass.cxx: 322 in AssistentDlgImpl::AssistentDlgImpl(vcl::Window *, const Link &, bool)()
316 VclPtr<SdPageListControl> mpPage5PageListCT;
317 VclPtr<CheckBox> mpPage5SummaryCB;
318
319 };
320
321 AssistentDlgImpl::AssistentDlgImpl( vcl::Window* pWindow, const Link& rFinishLink, bool bAutoPilot ) :
>>> CID 1296210: Null pointer dereferences (FORWARD_NULL)
>>> Assigning: "this->mpTemplateRegion" = "NULL".
322 mpTemplateRegion(NULL),
323 mpLayoutRegion(NULL),
324 mbUserDataDirty(false),
325 xDocShell (NULL),
326 mpWindowUpdater (new WindowUpdater()),
327 mbPreview(true),
** CID 1296209: (DEADCODE)
/sw/source/core/unocore/swunohelper.cxx: 297 in SWUnoHelper::needToMapFillItemsToSvxBrushItemTypes(const SfxItemSet &, unsigned short)()
/sw/source/core/unocore/swunohelper.cxx: 303 in SWUnoHelper::needToMapFillItemsToSvxBrushItemTypes(const SfxItemSet &, unsigned short)()
________________________________________________________________________________________________________
*** CID 1296209: (DEADCODE)
/sw/source/core/unocore/swunohelper.cxx: 297 in SWUnoHelper::needToMapFillItemsToSvxBrushItemTypes(const SfxItemSet &, unsigned short)()
291 case drawing::FillStyle_GRADIENT: // gradient and hatch don't exist in
292 case drawing::FillStyle_HATCH: // SvxBrushItem so average color is emulated
293 switch (nMID)
294 {
295 case MID_BACK_COLOR:
296 // Gradient/Hatch always have emulated color
>>> CID 1296209: (DEADCODE)
>>> Execution cannot reach the expression "SfxItemState::SET == rSet->GetItemState(1015, true, NULL)" inside this statement: "return com::sun::star::draw...".
297 return (drawing::FillStyle_SOLID != nMID)
298 || SfxItemState::SET == rSet.GetItemState(XATTR_FILLCOLOR)
299 || SfxItemState::SET == rSet.GetItemState(XATTR_FILLTRANSPARENCE)
300 || SfxItemState::SET == rSet.GetItemState(XATTR_FILLFLOATTRANSPARENCE);
301 case MID_BACK_COLOR_R_G_B:
302 // Gradient/Hatch always have emulated color
/sw/source/core/unocore/swunohelper.cxx: 303 in SWUnoHelper::needToMapFillItemsToSvxBrushItemTypes(const SfxItemSet &, unsigned short)()
297 return (drawing::FillStyle_SOLID != nMID)
298 || SfxItemState::SET == rSet.GetItemState(XATTR_FILLCOLOR)
299 || SfxItemState::SET == rSet.GetItemState(XATTR_FILLTRANSPARENCE)
300 || SfxItemState::SET == rSet.GetItemState(XATTR_FILLFLOATTRANSPARENCE);
301 case MID_BACK_COLOR_R_G_B:
302 // Gradient/Hatch always have emulated color
>>> CID 1296209: (DEADCODE)
>>> Execution cannot reach the expression "SfxItemState::SET == rSet->GetItemState(1015, true, NULL)" inside this statement: "return com::sun::star::draw...".
303 return (drawing::FillStyle_SOLID != nMID)
304 || SfxItemState::SET == rSet.GetItemState(XATTR_FILLCOLOR);
305 case MID_BACK_COLOR_TRANSPARENCY:
306 return SfxItemState::SET == rSet.GetItemState(XATTR_FILLTRANSPARENCE)
307 || SfxItemState::SET == rSet.GetItemState(XATTR_FILLFLOATTRANSPARENCE);
308 }
** CID 1296208: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
/vcl/source/window/window.cxx: 144 in vcl::Window::dispose()()
________________________________________________________________________________________________________
*** CID 1296208: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
/vcl/source/window/window.cxx: 144 in vcl::Window::dispose()()
138 }
139
140 void Window::dispose()
141 {
142 assert( mpWindowImpl );
143 assert( !mpWindowImpl->mbInDispose ); // should only be called from disposeOnce()
>>> CID 1296208: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
>>> "!this->mpWindowImpl->mpParent.operator bool() || !this->mpWindowImpl->mpParent->IsDisposed() || true /* "vcl::Window child should have its parent disposed first" */" is always true regardless of the values of its operands. This occurs as the logical first operand of '?:'.
144 assert( !mpWindowImpl->mpParent ||
145 !mpWindowImpl->mpParent->IsDisposed() ||
146 "vcl::Window child should have its parent disposed first" );
147
148 // remove Key and Mouse events issued by Application::PostKey/MouseEvent
149 Application::RemoveMouseAndKeyEvents( this );
** CID 1296207: Error handling issues (CHECKED_RETURN)
/oox/source/ole/olestorage.cxx: 272 in oox::ole::OleStorage::implIsStorage() const()
________________________________________________________________________________________________________
*** CID 1296207: Error handling issues (CHECKED_RETURN)
/oox/source/ole/olestorage.cxx: 272 in oox::ole::OleStorage::implIsStorage() const()
266 {
267 if( mxStorage.is() ) try
268 {
269 /* If this is not an OLE storage, hasElements() of the OLESimpleStorage
270 implementation throws an exception. But we do not return the result
271 of hasElements(), because an empty storage is a valid storage too. */
>>> CID 1296207: Error handling issues (CHECKED_RETURN)
>>> Calling "hasElements" without checking return value (as is done elsewhere 72 out of 90 times).
272 mxStorage->hasElements();
273 return true;
274 }
275 catch(const Exception& )
276 {
277 }
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/211?tab=overview
To manage Coverity Scan email notifications for "libreoffice at lists.freedesktop.org", click https://scan.coverity.com/subscriptions/edit?email=libreoffice%40lists.freedesktop.org&token=d6481d718a775246b2340f282ebe5939 .
More information about the LibreOffice
mailing list