New Defects reported by Coverity Scan for LibreOffice
scan-admin at coverity.com
scan-admin at coverity.com
Sun Jan 25 05:23:41 PST 2015
Hi,
Please find the latest report on new defect(s) introduced to LibreOffice found with Coverity Scan.
70 new defect(s) introduced to LibreOffice found with Coverity Scan.
503 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 20 of 70 defect(s)
** CID 440858: Argument cannot be negative (NEGATIVE_RETURNS)
/svtools/source/brwbox/brwbox1.cxx: 310 in BrowseBox::ToggleSelectedColumn()()
** CID 703982: Unchecked return value (CHECKED_RETURN)
/sc/source/core/data/table2.cxx: 2758 in ScTable::SetRowHeightRange(int, int, unsigned short, double, double)()
** CID 704680: Dereference after null check (FORWARD_NULL)
/sc/source/filter/excel/xeformula.cxx: 591 in XclExpFmlaCompImpl::Init(XclFormulaType, const ScTokenArray &, const ScAddress *, std::vector<XclExpRefLogEntry, std::allocator<XclExpRefLogEntry>> *)()
** CID 735323: Unchecked return value (CHECKED_RETURN)
/sd/source/filter/eppt/eppt.cxx: 394 in PPTWriter::ImplWriteSlideMaster(unsigned int, com::sun::star::uno::Reference<com::sun::star::beans::XPropertySet>)()
** CID 982431: Division or modulo by float zero (DIVIDE_BY_ZERO)
/vcl/source/filter/wmf/winwmf.cxx: 233 in WMFReader::ReadRecordParams(unsigned short)()
/vcl/source/filter/wmf/winwmf.cxx: 253 in WMFReader::ReadRecordParams(unsigned short)()
** CID 982432: Division or modulo by float zero (DIVIDE_BY_ZERO)
/vcl/source/filter/wmf/winwmf.cxx: 233 in WMFReader::ReadRecordParams(unsigned short)()
/vcl/source/filter/wmf/winwmf.cxx: 253 in WMFReader::ReadRecordParams(unsigned short)()
** CID 984091: Uninitialized scalar field (UNINIT_CTOR)
/filter/source/msfilter/msdffimp.cxx: 5562 in SvxMSDffManager::SvxMSDffManager(SvStream &, const rtl::OUString &, unsigned int, SvStream *, SdrModel *, long, unsigned int, unsigned long, SvStream *)()
** CID 1242859: Untrusted loop bound (TAINTED_SCALAR)
/vcl/source/gdi/regionband.cxx: 268 in RegionBand::load(SvStream &)()
** CID 1244944: Use of untrusted scalar value (TAINTED_SCALAR)
/vcl/source/gdi/cvtsvm.cxx: 404 in ImplReadExtendedPolyPolygonAction(SvStream &, tools::PolyPolygon &)()
** CID 1244945: Untrusted value as argument (TAINTED_SCALAR)
** CID 1244946: Untrusted value as argument (TAINTED_SCALAR)
** CID 1266440: Unchecked return value (CHECKED_RETURN)
/svx/source/tbxctrls/Palette.cxx: 196 in PaletteSOC::LoadColorSet(SvxColorValueSet &)()
** CID 1266441: Unchecked return value (CHECKED_RETURN)
/sw/source/filter/ww8/rtfattributeoutput.cxx: 3837 in RtfAttributeOutput::FlyFrameGraphic(const SwFlyFrmFmt *, const SwGrfNode *)()
/sw/source/filter/ww8/rtfattributeoutput.cxx: 3853 in RtfAttributeOutput::FlyFrameGraphic(const SwFlyFrmFmt *, const SwGrfNode *)()
** CID 1266442: Dereference after null check (FORWARD_NULL)
/sw/source/uibase/docvw/edtwin.cxx: 2976 in SwEditWin::MouseButtonDown(const MouseEvent &)()
** CID 1266443: Dereference after null check (FORWARD_NULL)
/sw/source/core/layout/trvlfrm.cxx: 749 in lcl_UpDown(SwPaM *, const SwCntntFrm *, const SwCntntFrm *(*)(const SwCntntFrm *), bool)()
** CID 1266444: Explicit null dereferenced (FORWARD_NULL)
/sw/source/filter/ww8/wrtw8nds.cxx: 1528 in WW8Export::TrueFrameBgBrush(const SwFrmFmt &) const()
** CID 1266445: Explicit null dereferenced (FORWARD_NULL)
/cppuhelper/source/component_context.cxx: 747 in cppu::ComponentContext::disposing()()
** CID 1266446: Explicit null dereferenced (FORWARD_NULL)
/sw/source/core/undo/unattr.cxx: 594 in SwUndoFmtResetAttr::SwUndoFmtResetAttr(SwFmt &, unsigned short)()
** CID 1266447: Explicit null dereferenced (FORWARD_NULL)
/sw/source/filter/ww8/wrtw8nds.cxx: 1508 in WW8Export::GetCurrentPageBgBrush() const()
** CID 1266448: Explicit null dereferenced (FORWARD_NULL)
/sc/source/filter/excel/xiescher.cxx: 243 in XclImpDrawObjBase::ReadObj4(const XclImpRoot &, XclImpStream &)()
________________________________________________________________________________________________________
*** CID 440858: Argument cannot be negative (NEGATIVE_RETURNS)
/svtools/source/brwbox/brwbox1.cxx: 310 in BrowseBox::ToggleSelectedColumn()()
304 {
305 sal_uInt16 nSelectedColId = BROWSER_INVALIDID;
306 if ( pColSel && pColSel->GetSelectCount() )
307 {
308 DoHideCursor( "ToggleSelectedColumn" );
309 ToggleSelection();
>>> CID 440858: Argument cannot be negative (NEGATIVE_RETURNS)
>>> "this->pColSel->FirstSelected(false)" is passed to a parameter that cannot be negative. [Note: The source code implementation of the function has been overridden by a builtin model.]
310 nSelectedColId = (*pCols)[ pColSel->FirstSelected() ]->GetId();
311 pColSel->SelectAll(false);
312 }
313 return nSelectedColId;
314 }
315
________________________________________________________________________________________________________
*** CID 703982: Unchecked return value (CHECKED_RETURN)
/sc/source/core/data/table2.cxx: 2758 in ScTable::SetRowHeightRange(int, int, unsigned short, double, double)()
2752 if (pDrawLayer->HasObjectsInRows( nTab, nStartRow, nEndRow ))
2753 bSingle = true;
2754
2755 if (bSingle)
2756 {
2757 ScFlatUInt16RowSegments::RangeData aData;
>>> CID 703982: Unchecked return value (CHECKED_RETURN)
>>> Calling "getRangeData" without checking return value (as is done elsewhere 5 out of 6 times).
2758 mpRowHeights->getRangeData(nStartRow, aData);
2759 if (nNewHeight == aData.mnValue && nEndRow <= aData.mnRow2)
2760 bSingle = false; // no difference in this range
2761 }
2762 if (bSingle)
2763 {
________________________________________________________________________________________________________
*** CID 704680: Dereference after null check (FORWARD_NULL)
/sc/source/filter/excel/xeformula.cxx: 591 in XclExpFmlaCompImpl::Init(XclFormulaType, const ScTokenArray &, const ScAddress *, std::vector<XclExpRefLogEntry, std::allocator<XclExpRefLogEntry>> *)()
585 case EXC_FMLATYPE_CHART:
586 mxData->mbOk = pScBasePos != 0;
587 OSL_ENSURE( mxData->mbOk, "XclExpFmlaCompImpl::Init - missing cell address" );
588 mxData->mpScBasePos = pScBasePos;
589 break;
590 case EXC_FMLATYPE_SHARED:
>>> CID 704680: Dereference after null check (FORWARD_NULL)
>>> Comparing "pScBasePos" to null implies that "pScBasePos" might be null.
591 mxData->mbOk = pScBasePos != 0;
592 OSL_ENSURE( mxData->mbOk, "XclExpFmlaCompImpl::Init - missing cell address" );
593 // clone the passed token array, convert references relative to current cell position
594 mxData->mxOwnScTokArr.reset( rScTokArr.Clone() );
595 ScCompiler::MoveRelWrap( *mxData->mxOwnScTokArr, GetDocPtr(), *pScBasePos, MAXCOL, MAXROW );
596 // don't remember pScBasePos in mxData->mpScBasePos, shared formulas use real relative refs
________________________________________________________________________________________________________
*** CID 735323: Unchecked return value (CHECKED_RETURN)
/sd/source/filter/eppt/eppt.cxx: 394 in PPTWriter::ImplWriteSlideMaster(unsigned int, com::sun::star::uno::Reference<com::sun::star::beans::XPropertySet>)()
388 {
389 if ( nInstance == EPP_TEXTTYPE_notUsed )
390 continue;
391
392 // the auto color is dependent to the page background,so we have to set a page that is in the right context
393 if ( nInstance == EPP_TEXTTYPE_Notes )
>>> CID 735323: Unchecked return value (CHECKED_RETURN)
>>> Calling "GetPageByIndex" without checking return value (as is done elsewhere 5 out of 6 times).
394 GetPageByIndex( 0, NOTICE );
395 else
396 GetPageByIndex( 0, MASTER );
397
398 mpPptEscherEx->BeginAtom();
399
________________________________________________________________________________________________________
*** CID 982431: Division or modulo by float zero (DIVIDE_BY_ZERO)
/vcl/source/filter/wmf/winwmf.cxx: 233 in WMFReader::ReadRecordParams(unsigned short)()
227 break;
228
229 case W_META_SCALEWINDOWEXT:
230 {
231 short nXNum = 0, nXDenom = 0, nYNum = 0, nYDenom = 0;
232 pWMF->ReadInt16( nYDenom ).ReadInt16( nYNum ).ReadInt16( nXDenom ).ReadInt16( nXNum );
>>> CID 982431: Division or modulo by float zero (DIVIDE_BY_ZERO)
>>> In expression "(double)nXNum / nXDenom", division by expression "nXDenom" which may be zero has undefined behavior.
233 pOut->ScaleWinExt( (double)nXNum / nXDenom, (double)nYNum / nYDenom );
234 }
235 break;
236
237 case W_META_SETVIEWPORTORG:
238 case W_META_SETVIEWPORTEXT:
/vcl/source/filter/wmf/winwmf.cxx: 253 in WMFReader::ReadRecordParams(unsigned short)()
247 break;
248
249 case W_META_SCALEVIEWPORTEXT:
250 {
251 short nXNum = 0, nXDenom = 0, nYNum = 0, nYDenom = 0;
252 pWMF->ReadInt16( nYDenom ).ReadInt16( nYNum ).ReadInt16( nXDenom ).ReadInt16( nXNum );
>>> CID 982431: Division or modulo by float zero (DIVIDE_BY_ZERO)
>>> In expression "(double)nXNum / nXDenom", division by expression "nXDenom" which may be zero has undefined behavior.
253 pOut->ScaleDevExt( (double)nXNum / nXDenom, (double)nYNum / nYDenom );
254 }
255 break;
256
257 case W_META_LINETO:
258 {
________________________________________________________________________________________________________
*** CID 982432: Division or modulo by float zero (DIVIDE_BY_ZERO)
/vcl/source/filter/wmf/winwmf.cxx: 233 in WMFReader::ReadRecordParams(unsigned short)()
227 break;
228
229 case W_META_SCALEWINDOWEXT:
230 {
231 short nXNum = 0, nXDenom = 0, nYNum = 0, nYDenom = 0;
232 pWMF->ReadInt16( nYDenom ).ReadInt16( nYNum ).ReadInt16( nXDenom ).ReadInt16( nXNum );
>>> CID 982432: Division or modulo by float zero (DIVIDE_BY_ZERO)
>>> In expression "(double)nYNum / nYDenom", division by expression "nYDenom" which may be zero has undefined behavior.
233 pOut->ScaleWinExt( (double)nXNum / nXDenom, (double)nYNum / nYDenom );
234 }
235 break;
236
237 case W_META_SETVIEWPORTORG:
238 case W_META_SETVIEWPORTEXT:
/vcl/source/filter/wmf/winwmf.cxx: 253 in WMFReader::ReadRecordParams(unsigned short)()
247 break;
248
249 case W_META_SCALEVIEWPORTEXT:
250 {
251 short nXNum = 0, nXDenom = 0, nYNum = 0, nYDenom = 0;
252 pWMF->ReadInt16( nYDenom ).ReadInt16( nYNum ).ReadInt16( nXDenom ).ReadInt16( nXNum );
>>> CID 982432: Division or modulo by float zero (DIVIDE_BY_ZERO)
>>> In expression "(double)nYNum / nYDenom", division by expression "nYDenom" which may be zero has undefined behavior.
253 pOut->ScaleDevExt( (double)nXNum / nXDenom, (double)nYNum / nYDenom );
254 }
255 break;
256
257 case W_META_LINETO:
258 {
________________________________________________________________________________________________________
*** CID 984091: Uninitialized scalar field (UNINIT_CTOR)
/filter/source/msfilter/msdffimp.cxx: 5562 in SvxMSDffManager::SvxMSDffManager(SvStream &, const rtl::OUString &, unsigned int, SvStream *, SdrModel *, long, unsigned int, unsigned long, SvStream *)()
5556 CheckTxBxStoryChain();
5557
5558 // restore old FilePos of the stream(s)
5559 rStCtrl.Seek( nOldPosCtrl );
5560 if( &rStCtrl != pStData )
5561 pStData->Seek( nOldPosData );
>>> CID 984091: Uninitialized scalar field (UNINIT_CTOR)
>>> Non-static class member "mnIdClusters" is not initialized in this constructor nor in any functions that it calls.
5562 }
5563
5564 SvxMSDffManager::SvxMSDffManager( SvStream& rStCtrl_, const OUString& rBaseURL )
5565 :DffPropertyReader( *this ),
5566 pFormModel( NULL ),
5567 pBLIPInfos( new SvxMSDffBLIPInfos ),
________________________________________________________________________________________________________
*** CID 1242859: Untrusted loop bound (TAINTED_SCALAR)
/vcl/source/gdi/regionband.cxx: 268 in RegionBand::load(SvStream &)()
262 return;
263 }
264
265 // get next header
266 rIStrm.ReadUInt16( nTmp16 );
267 }
>>> CID 1242859: Untrusted loop bound (TAINTED_SCALAR)
>>> Using tainted variable "(StreamEntryType)nTmp16" as a loop boundary.
268 while(STREAMENTRY_END != (StreamEntryType)nTmp16);
269
270 }
271
272 void RegionBand::save(SvStream& rOStrm) const
273 {
________________________________________________________________________________________________________
*** CID 1244944: Use of untrusted scalar value (TAINTED_SCALAR)
/vcl/source/gdi/cvtsvm.cxx: 408 in ImplReadExtendedPolyPolygonAction(SvStream &, tools::PolyPolygon &)()
402 return;
403
404 for(sal_uInt16 a(0); a < nPolygonCount; a++)
405 {
406 sal_uInt16 nPointCount(0);
407 rIStm.ReadUInt16( nPointCount );
>>> CID 1244944: Use of untrusted scalar value (TAINTED_SCALAR)
>>> Passing tainted variable "nPointCount" to a tainted sink.
408 Polygon aCandidate(nPointCount);
409
410 if(nPointCount)
411 {
412 for(sal_uInt16 b(0); b < nPointCount; b++)
413 {
/vcl/source/gdi/cvtsvm.cxx: 404 in ImplReadExtendedPolyPolygonAction(SvStream &, tools::PolyPolygon &)()
398 sal_uInt16 nPolygonCount(0);
399 rIStm.ReadUInt16( nPolygonCount );
400
401 if (!nPolygonCount)
402 return;
403
>>> CID 1244944: Use of untrusted scalar value (TAINTED_SCALAR)
>>> Using tainted variable "nPolygonCount" as a loop boundary.
404 for(sal_uInt16 a(0); a < nPolygonCount; a++)
405 {
406 sal_uInt16 nPointCount(0);
407 rIStm.ReadUInt16( nPointCount );
408 Polygon aCandidate(nPointCount);
409
________________________________________________________________________________________________________
*** CID 1244945: Untrusted value as argument (TAINTED_SCALAR)
/tools/source/generic/poly2.cxx: 637 in tools::PolyPolygon::Read(SvStream &)()
631 {
632 if ( mpImplPolyPolygon->mnRefCount > 1 )
633 mpImplPolyPolygon->mnRefCount--;
634 else
635 delete mpImplPolyPolygon;
636
>>> CID 1244945: Untrusted value as argument (TAINTED_SCALAR)
>>> Passing tainted variable "nPolyCount" to a tainted sink.
637 mpImplPolyPolygon = new ImplPolyPolygon( nPolyCount );
638
639 for ( sal_uInt16 i = 0; i < nPolyCount; i++ )
640 {
641 pPoly = new Polygon;
642 pPoly->ImplRead( rIStream );
________________________________________________________________________________________________________
*** CID 1244946: Untrusted value as argument (TAINTED_SCALAR)
/tools/source/generic/poly2.cxx: 588 in tools::ReadPolyPolygon(SvStream &, tools::PolyPolygon &)()
582 {
583 if ( rPolyPoly.mpImplPolyPolygon->mnRefCount > 1 )
584 rPolyPoly.mpImplPolyPolygon->mnRefCount--;
585 else
586 delete rPolyPoly.mpImplPolyPolygon;
587
>>> CID 1244946: Untrusted value as argument (TAINTED_SCALAR)
>>> Passing tainted variable "nPolyCount" to a tainted sink.
588 rPolyPoly.mpImplPolyPolygon = new ImplPolyPolygon( nPolyCount );
589
590 for ( sal_uInt16 i = 0; i < nPolyCount; i++ )
591 {
592 pPoly = new Polygon;
593 ReadPolygon( rIStream, *pPoly );
________________________________________________________________________________________________________
*** CID 1266440: Unchecked return value (CHECKED_RETURN)
/svx/source/tbxctrls/Palette.cxx: 196 in PaletteSOC::LoadColorSet(SvxColorValueSet &)()
190 void PaletteSOC::LoadColorSet( SvxColorValueSet& rColorSet )
191 {
192 if( !mbLoadedPalette )
193 {
194 mbLoadedPalette = true;
195 mpColorList = XPropertyList::AsColorList(XPropertyList::CreatePropertyListFromURL(XCOLOR_LIST, maFPath));
>>> CID 1266440: Unchecked return value (CHECKED_RETURN)
>>> Calling "Load" without checking return value (as is done elsewhere 9 out of 10 times).
196 mpColorList->Load();
197 }
198 rColorSet.Clear();
199 if( mpColorList.is() )
200 rColorSet.addEntriesForXColorList( *mpColorList );
201 }
________________________________________________________________________________________________________
*** CID 1266441: Unchecked return value (CHECKED_RETURN)
/sw/source/filter/ww8/rtfattributeoutput.cxx: 3837 in RtfAttributeOutput::FlyFrameGraphic(const SwFlyFrmFmt *, const SwGrfNode *)()
3831 bool bWritePicProp = !pFrame || pFrame->IsInline();
3832 if (pBLIPType)
3833 ExportPICT(pFlyFrmFmt, aSize, aRendered, aMapped, rCr, pBLIPType, pGraphicAry, nSize, m_rExport, &m_rExport.Strm(), bWritePicProp);
3834 else
3835 {
3836 aStream.Seek(0);
>>> CID 1266441: Unchecked return value (CHECKED_RETURN)
>>> Calling "Export" without checking return value (as is done elsewhere 12 out of 15 times).
3837 GraphicConverter::Export(aStream, rGraphic, CVT_WMF);
3838 pBLIPType = OOO_STRING_SVTOOLS_RTF_WMETAFILE;
3839 aStream.Seek(STREAM_SEEK_TO_END);
3840 nSize = aStream.Tell();
3841 pGraphicAry = (sal_uInt8*)aStream.GetData();
3842
/sw/source/filter/ww8/rtfattributeoutput.cxx: 3853 in RtfAttributeOutput::FlyFrameGraphic(const SwFlyFrmFmt *, const SwGrfNode *)()
3847 {
3848 if (!bIsWMF)
3849 {
3850 m_rExport.Strm().WriteCharPtr("}" "{" OOO_STRING_SVTOOLS_RTF_NONSHPPICT);
3851
3852 aStream.Seek(0);
>>> CID 1266441: Unchecked return value (CHECKED_RETURN)
>>> Calling "Export" without checking return value (as is done elsewhere 12 out of 15 times).
3853 GraphicConverter::Export(aStream, rGraphic, CVT_WMF);
3854 pBLIPType = OOO_STRING_SVTOOLS_RTF_WMETAFILE;
3855 aStream.Seek(STREAM_SEEK_TO_END);
3856 nSize = aStream.Tell();
3857 pGraphicAry = (sal_uInt8*)aStream.GetData();
3858
________________________________________________________________________________________________________
*** CID 1266442: Dereference after null check (FORWARD_NULL)
/sw/source/uibase/docvw/edtwin.cxx: 2976 in SwEditWin::MouseButtonDown(const MouseEvent &)()
2970 if( rSh.FinishOLEObj() )
2971 return; // end InPlace and the click doesn't count anymore
2972
2973 SET_CURR_SHELL( &rSh );
2974
2975 SdrView *pSdrView = rSh.GetDrawView();
>>> CID 1266442: Dereference after null check (FORWARD_NULL)
>>> Comparing "pSdrView" to null implies that "pSdrView" might be null.
2976 if ( pSdrView )
2977 {
2978 if (pSdrView->MouseButtonDown( rMEvt, this ) )
2979 {
2980 rSh.GetView().GetViewFrame()->GetBindings().InvalidateAll(false);
2981 return; // SdrView's event evaluated
________________________________________________________________________________________________________
*** CID 1266443: Dereference after null check (FORWARD_NULL)
/sw/source/core/layout/trvlfrm.cxx: 749 in lcl_UpDown(SwPaM *, const SwCntntFrm *, const SwCntntFrm *(*)(const SwCntntFrm *), bool)()
743 pStart->GetCharRect( aRect, *pPam->GetPoint() );
744 Point aCenter = aRect.Center();
745 nX = bVert ? aCenter.Y() : aCenter.X();
746
747 pTable = pCnt ? pCnt->FindTabFrm() : 0;
748 if ( !pTable )
>>> CID 1266443: Dereference after null check (FORWARD_NULL)
>>> Assigning: "pTable" = "pStTab".
749 pTable = pStTab;
750
751 if ( pStTab &&
752 !pStTab->GetUpper()->IsInTab() &&
753 !pTable->GetUpper()->IsInTab() )
754 {
________________________________________________________________________________________________________
*** CID 1266444: Explicit null dereferenced (FORWARD_NULL)
/sw/source/filter/ww8/wrtw8nds.cxx: 1528 in WW8Export::TrueFrameBgBrush(const SwFrmFmt &) const()
1522 while (pFlyFmt)
1523 {
1524 //If not set, or "no fill", get real bg
1525 const SfxPoolItem* pItem = 0;
1526 SfxItemState eState =
1527 pFlyFmt->GetItemState(RES_BACKGROUND, true, &pItem);
>>> CID 1266444: Explicit null dereferenced (FORWARD_NULL)
>>> Assigning: "pRet" = "pItem".
1528 pRet = static_cast<const SvxBrushItem*>(pItem);
1529 if (SfxItemState::SET != eState || (!pRet->GetGraphic() &&
1530 pRet->GetColor() == COL_TRANSPARENT))
1531 {
1532 pRet = 0;
1533 const SwFmtAnchor* pAnchor = &pFlyFmt->GetAnchor();
________________________________________________________________________________________________________
*** CID 1266445: Explicit null dereferenced (FORWARD_NULL)
/cppuhelper/source/component_context.cxx: 747 in cppu::ComponentContext::disposing()()
741 &envs, &envCount, &rtl_allocateMemory, OUString("java").pData);
742 assert(envCount >= 0);
743 assert(envCount == 0 || envs != nullptr);
744 for (sal_Int32 i = 0; i != envCount; ++i) {
745 assert(envs[i] != nullptr);
746 assert(envs[i]->dispose != nullptr);
>>> CID 1266445: Explicit null dereferenced (FORWARD_NULL)
>>> Dereferencing null pointer "envs".
747 (*envs[i]->dispose)(envs[i]);
748 }
749 rtl_freeMemory(envs);
750 }
751
752 ComponentContext::ComponentContext(
________________________________________________________________________________________________________
*** CID 1266446: Explicit null dereferenced (FORWARD_NULL)
/sw/source/core/undo/unattr.cxx: 594 in SwUndoFmtResetAttr::SwUndoFmtResetAttr(SwFmt &, unsigned short)()
588 , m_pChangedFormat( &rChangedFormat )
589 , m_nWhichId( nWhichId )
590 {
591 const SfxPoolItem* pItem = 0;
592 if (rChangedFormat.GetItemState( nWhichId, false, &pItem ) == SfxItemState::SET)
593 {
>>> CID 1266446: Explicit null dereferenced (FORWARD_NULL)
>>> Passing null pointer "pItem" to "Clone", which dereferences it. (The dereference happens because this is a virtual function call.)
594 m_pOldItem.reset( pItem->Clone() );
595 }
596 }
597
598 SwUndoFmtResetAttr::~SwUndoFmtResetAttr()
599 {
________________________________________________________________________________________________________
*** CID 1266447: Explicit null dereferenced (FORWARD_NULL)
/sw/source/filter/ww8/wrtw8nds.cxx: 1508 in WW8Export::GetCurrentPageBgBrush() const()
1502 : pDoc->GetPageDesc(0).GetMaster();
1503
1504 const SfxPoolItem* pItem = 0;
1505 //If not set, or "no fill", get real bg
1506 SfxItemState eState = rFmt.GetItemState(RES_BACKGROUND, true, &pItem);
1507
>>> CID 1266447: Explicit null dereferenced (FORWARD_NULL)
>>> Assigning: "pRet" = "pItem".
1508 const SvxBrushItem* pRet = static_cast<const SvxBrushItem*>(pItem);
1509 if (SfxItemState::SET != eState || (!pRet->GetGraphic() &&
1510 pRet->GetColor() == COL_TRANSPARENT))
1511 {
1512 pRet = &(DefaultItemGet<SvxBrushItem>(*pDoc,RES_BACKGROUND));
1513 }
________________________________________________________________________________________________________
*** CID 1266448: Explicit null dereferenced (FORWARD_NULL)
/sc/source/filter/excel/xiescher.cxx: 243 in XclImpDrawObjBase::ReadObj4(const XclImpRoot &, XclImpStream &)()
237 OSL_TRACE( "XclImpDrawObjBase::ReadObj4 - unknown object type 0x%04hX", nObjType );
238 rRoot.GetTracer().TraceUnsupportedObjects();
239 xDrawObj.reset( new XclImpPhObj( rRoot ) );
240 }
241 }
242
>>> CID 1266448: Explicit null dereferenced (FORWARD_NULL)
>>> Dereferencing null pointer "xDrawObj".
243 xDrawObj->mnTab = rRoot.GetCurrScTab();
244 xDrawObj->ImplReadObj4( rStrm );
245 return xDrawObj;
246 }
247
248 XclImpDrawObjRef XclImpDrawObjBase::ReadObj5( const XclImpRoot& rRoot, XclImpStream& rStrm )
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/211?tab=overview
To manage Coverity Scan email notifications for "libreoffice at lists.freedesktop.org", click https://scan.coverity.com/subscriptions/edit?email=libreoffice%40lists.freedesktop.org&token=d6481d718a775246b2340f282ebe5939 .
More information about the LibreOffice
mailing list