New Defects reported by Coverity Scan for LibreOffice

scan-admin at coverity.com scan-admin at coverity.com
Sun Jan 25 05:23:41 PST 2015


Hi,

Please find the latest report on new defect(s) introduced to LibreOffice found with Coverity Scan.

70 new defect(s) introduced to LibreOffice found with Coverity Scan.
503 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 20 of 70 defect(s)


** CID 440858:  Argument cannot be negative  (NEGATIVE_RETURNS)
/svtools/source/brwbox/brwbox1.cxx: 310 in BrowseBox::ToggleSelectedColumn()()

** CID 703982:  Unchecked return value  (CHECKED_RETURN)
/sc/source/core/data/table2.cxx: 2758 in ScTable::SetRowHeightRange(int, int, unsigned short, double, double)()

** CID 704680:  Dereference after null check  (FORWARD_NULL)
/sc/source/filter/excel/xeformula.cxx: 591 in XclExpFmlaCompImpl::Init(XclFormulaType, const ScTokenArray &, const ScAddress *, std::vector<XclExpRefLogEntry, std::allocator<XclExpRefLogEntry>> *)()

** CID 735323:  Unchecked return value  (CHECKED_RETURN)
/sd/source/filter/eppt/eppt.cxx: 394 in PPTWriter::ImplWriteSlideMaster(unsigned int, com::sun::star::uno::Reference<com::sun::star::beans::XPropertySet>)()

** CID 982431:  Division or modulo by float zero  (DIVIDE_BY_ZERO)
/vcl/source/filter/wmf/winwmf.cxx: 233 in WMFReader::ReadRecordParams(unsigned short)()
/vcl/source/filter/wmf/winwmf.cxx: 253 in WMFReader::ReadRecordParams(unsigned short)()

** CID 982432:  Division or modulo by float zero  (DIVIDE_BY_ZERO)
/vcl/source/filter/wmf/winwmf.cxx: 233 in WMFReader::ReadRecordParams(unsigned short)()
/vcl/source/filter/wmf/winwmf.cxx: 253 in WMFReader::ReadRecordParams(unsigned short)()

** CID 984091:  Uninitialized scalar field  (UNINIT_CTOR)
/filter/source/msfilter/msdffimp.cxx: 5562 in SvxMSDffManager::SvxMSDffManager(SvStream &, const rtl::OUString &, unsigned int, SvStream *, SdrModel *, long, unsigned int, unsigned long, SvStream *)()

** CID 1242859:  Untrusted loop bound  (TAINTED_SCALAR)
/vcl/source/gdi/regionband.cxx: 268 in RegionBand::load(SvStream &)()

** CID 1244944:  Use of untrusted scalar value  (TAINTED_SCALAR)
/vcl/source/gdi/cvtsvm.cxx: 404 in ImplReadExtendedPolyPolygonAction(SvStream &, tools::PolyPolygon &)()

** CID 1244945:  Untrusted value as argument  (TAINTED_SCALAR)

** CID 1244946:  Untrusted value as argument  (TAINTED_SCALAR)

** CID 1266440:  Unchecked return value  (CHECKED_RETURN)
/svx/source/tbxctrls/Palette.cxx: 196 in PaletteSOC::LoadColorSet(SvxColorValueSet &)()

** CID 1266441:  Unchecked return value  (CHECKED_RETURN)
/sw/source/filter/ww8/rtfattributeoutput.cxx: 3837 in RtfAttributeOutput::FlyFrameGraphic(const SwFlyFrmFmt *, const SwGrfNode *)()
/sw/source/filter/ww8/rtfattributeoutput.cxx: 3853 in RtfAttributeOutput::FlyFrameGraphic(const SwFlyFrmFmt *, const SwGrfNode *)()

** CID 1266442:  Dereference after null check  (FORWARD_NULL)
/sw/source/uibase/docvw/edtwin.cxx: 2976 in SwEditWin::MouseButtonDown(const MouseEvent &)()

** CID 1266443:  Dereference after null check  (FORWARD_NULL)
/sw/source/core/layout/trvlfrm.cxx: 749 in lcl_UpDown(SwPaM *, const SwCntntFrm *, const SwCntntFrm *(*)(const SwCntntFrm *), bool)()

** CID 1266444:  Explicit null dereferenced  (FORWARD_NULL)
/sw/source/filter/ww8/wrtw8nds.cxx: 1528 in WW8Export::TrueFrameBgBrush(const SwFrmFmt &) const()

** CID 1266445:  Explicit null dereferenced  (FORWARD_NULL)
/cppuhelper/source/component_context.cxx: 747 in cppu::ComponentContext::disposing()()

** CID 1266446:  Explicit null dereferenced  (FORWARD_NULL)
/sw/source/core/undo/unattr.cxx: 594 in SwUndoFmtResetAttr::SwUndoFmtResetAttr(SwFmt &, unsigned short)()

** CID 1266447:  Explicit null dereferenced  (FORWARD_NULL)
/sw/source/filter/ww8/wrtw8nds.cxx: 1508 in WW8Export::GetCurrentPageBgBrush() const()

** CID 1266448:  Explicit null dereferenced  (FORWARD_NULL)
/sc/source/filter/excel/xiescher.cxx: 243 in XclImpDrawObjBase::ReadObj4(const XclImpRoot &, XclImpStream &)()


________________________________________________________________________________________________________
*** CID 440858:  Argument cannot be negative  (NEGATIVE_RETURNS)
/svtools/source/brwbox/brwbox1.cxx: 310 in BrowseBox::ToggleSelectedColumn()()
304     {
305         sal_uInt16 nSelectedColId = BROWSER_INVALIDID;
306         if ( pColSel && pColSel->GetSelectCount() )
307         {
308             DoHideCursor( "ToggleSelectedColumn" );
309             ToggleSelection();
>>>     CID 440858:  Argument cannot be negative  (NEGATIVE_RETURNS)
>>>     "this->pColSel->FirstSelected(false)" is passed to a parameter that cannot be negative. [Note: The source code implementation of the function has been overridden by a builtin model.]
310             nSelectedColId = (*pCols)[ pColSel->FirstSelected() ]->GetId();
311             pColSel->SelectAll(false);
312         }
313         return nSelectedColId;
314     }
315     

________________________________________________________________________________________________________
*** CID 703982:  Unchecked return value  (CHECKED_RETURN)
/sc/source/core/data/table2.cxx: 2758 in ScTable::SetRowHeightRange(int, int, unsigned short, double, double)()
2752                 if (pDrawLayer->HasObjectsInRows( nTab, nStartRow, nEndRow ))
2753                     bSingle = true;
2754     
2755             if (bSingle)
2756             {
2757                 ScFlatUInt16RowSegments::RangeData aData;
>>>     CID 703982:  Unchecked return value  (CHECKED_RETURN)
>>>     Calling "getRangeData" without checking return value (as is done elsewhere 5 out of 6 times).
2758                 mpRowHeights->getRangeData(nStartRow, aData);
2759                 if (nNewHeight == aData.mnValue && nEndRow <= aData.mnRow2)
2760                     bSingle = false;    // no difference in this range
2761             }
2762             if (bSingle)
2763             {

________________________________________________________________________________________________________
*** CID 704680:  Dereference after null check  (FORWARD_NULL)
/sc/source/filter/excel/xeformula.cxx: 591 in XclExpFmlaCompImpl::Init(XclFormulaType, const ScTokenArray &, const ScAddress *, std::vector<XclExpRefLogEntry, std::allocator<XclExpRefLogEntry>> *)()
585             case EXC_FMLATYPE_CHART:
586                 mxData->mbOk = pScBasePos != 0;
587                 OSL_ENSURE( mxData->mbOk, "XclExpFmlaCompImpl::Init - missing cell address" );
588                 mxData->mpScBasePos = pScBasePos;
589             break;
590             case EXC_FMLATYPE_SHARED:
>>>     CID 704680:  Dereference after null check  (FORWARD_NULL)
>>>     Comparing "pScBasePos" to null implies that "pScBasePos" might be null.
591                 mxData->mbOk = pScBasePos != 0;
592                 OSL_ENSURE( mxData->mbOk, "XclExpFmlaCompImpl::Init - missing cell address" );
593                 // clone the passed token array, convert references relative to current cell position
594                 mxData->mxOwnScTokArr.reset( rScTokArr.Clone() );
595                 ScCompiler::MoveRelWrap( *mxData->mxOwnScTokArr, GetDocPtr(), *pScBasePos, MAXCOL, MAXROW );
596                 // don't remember pScBasePos in mxData->mpScBasePos, shared formulas use real relative refs

________________________________________________________________________________________________________
*** CID 735323:  Unchecked return value  (CHECKED_RETURN)
/sd/source/filter/eppt/eppt.cxx: 394 in PPTWriter::ImplWriteSlideMaster(unsigned int, com::sun::star::uno::Reference<com::sun::star::beans::XPropertySet>)()
388         {
389             if ( nInstance == EPP_TEXTTYPE_notUsed )
390                 continue;
391     
392             // the auto color is dependent to the page background,so we have to set a page that is in the right context
393             if ( nInstance == EPP_TEXTTYPE_Notes )
>>>     CID 735323:  Unchecked return value  (CHECKED_RETURN)
>>>     Calling "GetPageByIndex" without checking return value (as is done elsewhere 5 out of 6 times).
394                 GetPageByIndex( 0, NOTICE );
395             else
396                 GetPageByIndex( 0, MASTER );
397     
398             mpPptEscherEx->BeginAtom();
399     

________________________________________________________________________________________________________
*** CID 982431:  Division or modulo by float zero  (DIVIDE_BY_ZERO)
/vcl/source/filter/wmf/winwmf.cxx: 233 in WMFReader::ReadRecordParams(unsigned short)()
227             break;
228     
229             case W_META_SCALEWINDOWEXT:
230             {
231                 short nXNum = 0, nXDenom = 0, nYNum = 0, nYDenom = 0;
232                 pWMF->ReadInt16( nYDenom ).ReadInt16( nYNum ).ReadInt16( nXDenom ).ReadInt16( nXNum );
>>>     CID 982431:  Division or modulo by float zero  (DIVIDE_BY_ZERO)
>>>     In expression "(double)nXNum / nXDenom", division by expression "nXDenom" which may be zero has undefined behavior.
233                 pOut->ScaleWinExt( (double)nXNum / nXDenom, (double)nYNum / nYDenom );
234             }
235             break;
236     
237             case W_META_SETVIEWPORTORG:
238             case W_META_SETVIEWPORTEXT:
/vcl/source/filter/wmf/winwmf.cxx: 253 in WMFReader::ReadRecordParams(unsigned short)()
247             break;
248     
249             case W_META_SCALEVIEWPORTEXT:
250             {
251                 short nXNum = 0, nXDenom = 0, nYNum = 0, nYDenom = 0;
252                 pWMF->ReadInt16( nYDenom ).ReadInt16( nYNum ).ReadInt16( nXDenom ).ReadInt16( nXNum );
>>>     CID 982431:  Division or modulo by float zero  (DIVIDE_BY_ZERO)
>>>     In expression "(double)nXNum / nXDenom", division by expression "nXDenom" which may be zero has undefined behavior.
253                 pOut->ScaleDevExt( (double)nXNum / nXDenom, (double)nYNum / nYDenom );
254             }
255             break;
256     
257             case W_META_LINETO:
258             {

________________________________________________________________________________________________________
*** CID 982432:  Division or modulo by float zero  (DIVIDE_BY_ZERO)
/vcl/source/filter/wmf/winwmf.cxx: 233 in WMFReader::ReadRecordParams(unsigned short)()
227             break;
228     
229             case W_META_SCALEWINDOWEXT:
230             {
231                 short nXNum = 0, nXDenom = 0, nYNum = 0, nYDenom = 0;
232                 pWMF->ReadInt16( nYDenom ).ReadInt16( nYNum ).ReadInt16( nXDenom ).ReadInt16( nXNum );
>>>     CID 982432:  Division or modulo by float zero  (DIVIDE_BY_ZERO)
>>>     In expression "(double)nYNum / nYDenom", division by expression "nYDenom" which may be zero has undefined behavior.
233                 pOut->ScaleWinExt( (double)nXNum / nXDenom, (double)nYNum / nYDenom );
234             }
235             break;
236     
237             case W_META_SETVIEWPORTORG:
238             case W_META_SETVIEWPORTEXT:
/vcl/source/filter/wmf/winwmf.cxx: 253 in WMFReader::ReadRecordParams(unsigned short)()
247             break;
248     
249             case W_META_SCALEVIEWPORTEXT:
250             {
251                 short nXNum = 0, nXDenom = 0, nYNum = 0, nYDenom = 0;
252                 pWMF->ReadInt16( nYDenom ).ReadInt16( nYNum ).ReadInt16( nXDenom ).ReadInt16( nXNum );
>>>     CID 982432:  Division or modulo by float zero  (DIVIDE_BY_ZERO)
>>>     In expression "(double)nYNum / nYDenom", division by expression "nYDenom" which may be zero has undefined behavior.
253                 pOut->ScaleDevExt( (double)nXNum / nXDenom, (double)nYNum / nYDenom );
254             }
255             break;
256     
257             case W_META_LINETO:
258             {

________________________________________________________________________________________________________
*** CID 984091:  Uninitialized scalar field  (UNINIT_CTOR)
/filter/source/msfilter/msdffimp.cxx: 5562 in SvxMSDffManager::SvxMSDffManager(SvStream &, const rtl::OUString &, unsigned int, SvStream *, SdrModel *, long, unsigned int, unsigned long, SvStream *)()
5556         CheckTxBxStoryChain();
5557     
5558         // restore old FilePos of the stream(s)
5559         rStCtrl.Seek( nOldPosCtrl );
5560         if( &rStCtrl != pStData )
5561             pStData->Seek( nOldPosData );
>>>     CID 984091:  Uninitialized scalar field  (UNINIT_CTOR)
>>>     Non-static class member "mnIdClusters" is not initialized in this constructor nor in any functions that it calls.
5562     }
5563     
5564     SvxMSDffManager::SvxMSDffManager( SvStream& rStCtrl_, const OUString& rBaseURL )
5565         :DffPropertyReader( *this ),
5566          pFormModel( NULL ),
5567          pBLIPInfos(   new SvxMSDffBLIPInfos  ),

________________________________________________________________________________________________________
*** CID 1242859:  Untrusted loop bound  (TAINTED_SCALAR)
/vcl/source/gdi/regionband.cxx: 268 in RegionBand::load(SvStream &)()
262                 return;
263             }
264     
265             // get next header
266             rIStrm.ReadUInt16( nTmp16 );
267         }
>>>     CID 1242859:  Untrusted loop bound  (TAINTED_SCALAR)
>>>     Using tainted variable "(StreamEntryType)nTmp16" as a loop boundary.
268         while(STREAMENTRY_END != (StreamEntryType)nTmp16);
269     
270     }
271     
272     void RegionBand::save(SvStream& rOStrm) const
273     {

________________________________________________________________________________________________________
*** CID 1244944:  Use of untrusted scalar value  (TAINTED_SCALAR)
/vcl/source/gdi/cvtsvm.cxx: 408 in ImplReadExtendedPolyPolygonAction(SvStream &, tools::PolyPolygon &)()
402             return;
403     
404         for(sal_uInt16 a(0); a < nPolygonCount; a++)
405         {
406             sal_uInt16 nPointCount(0);
407             rIStm.ReadUInt16( nPointCount );
>>>     CID 1244944:  Use of untrusted scalar value  (TAINTED_SCALAR)
>>>     Passing tainted variable "nPointCount" to a tainted sink.
408             Polygon aCandidate(nPointCount);
409     
410             if(nPointCount)
411             {
412                 for(sal_uInt16 b(0); b < nPointCount; b++)
413                 {
/vcl/source/gdi/cvtsvm.cxx: 404 in ImplReadExtendedPolyPolygonAction(SvStream &, tools::PolyPolygon &)()
398         sal_uInt16 nPolygonCount(0);
399         rIStm.ReadUInt16( nPolygonCount );
400     
401         if (!nPolygonCount)
402             return;
403     
>>>     CID 1244944:  Use of untrusted scalar value  (TAINTED_SCALAR)
>>>     Using tainted variable "nPolygonCount" as a loop boundary.
404         for(sal_uInt16 a(0); a < nPolygonCount; a++)
405         {
406             sal_uInt16 nPointCount(0);
407             rIStm.ReadUInt16( nPointCount );
408             Polygon aCandidate(nPointCount);
409     

________________________________________________________________________________________________________
*** CID 1244945:  Untrusted value as argument  (TAINTED_SCALAR)
/tools/source/generic/poly2.cxx: 637 in tools::PolyPolygon::Read(SvStream &)()
631         {
632             if ( mpImplPolyPolygon->mnRefCount > 1 )
633                 mpImplPolyPolygon->mnRefCount--;
634             else
635                 delete mpImplPolyPolygon;
636     
>>>     CID 1244945:  Untrusted value as argument  (TAINTED_SCALAR)
>>>     Passing tainted variable "nPolyCount" to a tainted sink.
637             mpImplPolyPolygon = new ImplPolyPolygon( nPolyCount );
638     
639             for ( sal_uInt16 i = 0; i < nPolyCount; i++ )
640             {
641                 pPoly = new Polygon;
642                 pPoly->ImplRead( rIStream );

________________________________________________________________________________________________________
*** CID 1244946:  Untrusted value as argument  (TAINTED_SCALAR)
/tools/source/generic/poly2.cxx: 588 in tools::ReadPolyPolygon(SvStream &, tools::PolyPolygon &)()
582         {
583             if ( rPolyPoly.mpImplPolyPolygon->mnRefCount > 1 )
584                 rPolyPoly.mpImplPolyPolygon->mnRefCount--;
585             else
586                 delete rPolyPoly.mpImplPolyPolygon;
587     
>>>     CID 1244946:  Untrusted value as argument  (TAINTED_SCALAR)
>>>     Passing tainted variable "nPolyCount" to a tainted sink.
588             rPolyPoly.mpImplPolyPolygon = new ImplPolyPolygon( nPolyCount );
589     
590             for ( sal_uInt16 i = 0; i < nPolyCount; i++ )
591             {
592                 pPoly = new Polygon;
593                 ReadPolygon( rIStream, *pPoly );

________________________________________________________________________________________________________
*** CID 1266440:  Unchecked return value  (CHECKED_RETURN)
/svx/source/tbxctrls/Palette.cxx: 196 in PaletteSOC::LoadColorSet(SvxColorValueSet &)()
190     void PaletteSOC::LoadColorSet( SvxColorValueSet& rColorSet )
191     {
192         if( !mbLoadedPalette )
193         {
194             mbLoadedPalette = true;
195             mpColorList = XPropertyList::AsColorList(XPropertyList::CreatePropertyListFromURL(XCOLOR_LIST, maFPath));
>>>     CID 1266440:  Unchecked return value  (CHECKED_RETURN)
>>>     Calling "Load" without checking return value (as is done elsewhere 9 out of 10 times).
196             mpColorList->Load();
197         }
198         rColorSet.Clear();
199         if( mpColorList.is() )
200             rColorSet.addEntriesForXColorList( *mpColorList );
201     }

________________________________________________________________________________________________________
*** CID 1266441:  Unchecked return value  (CHECKED_RETURN)
/sw/source/filter/ww8/rtfattributeoutput.cxx: 3837 in RtfAttributeOutput::FlyFrameGraphic(const SwFlyFrmFmt *, const SwGrfNode *)()
3831         bool bWritePicProp = !pFrame || pFrame->IsInline();
3832         if (pBLIPType)
3833             ExportPICT(pFlyFrmFmt, aSize, aRendered, aMapped, rCr, pBLIPType, pGraphicAry, nSize, m_rExport, &m_rExport.Strm(), bWritePicProp);
3834         else
3835         {
3836             aStream.Seek(0);
>>>     CID 1266441:  Unchecked return value  (CHECKED_RETURN)
>>>     Calling "Export" without checking return value (as is done elsewhere 12 out of 15 times).
3837             GraphicConverter::Export(aStream, rGraphic, CVT_WMF);
3838             pBLIPType = OOO_STRING_SVTOOLS_RTF_WMETAFILE;
3839             aStream.Seek(STREAM_SEEK_TO_END);
3840             nSize = aStream.Tell();
3841             pGraphicAry = (sal_uInt8*)aStream.GetData();
3842     
/sw/source/filter/ww8/rtfattributeoutput.cxx: 3853 in RtfAttributeOutput::FlyFrameGraphic(const SwFlyFrmFmt *, const SwGrfNode *)()
3847         {
3848             if (!bIsWMF)
3849             {
3850                 m_rExport.Strm().WriteCharPtr("}" "{" OOO_STRING_SVTOOLS_RTF_NONSHPPICT);
3851     
3852                 aStream.Seek(0);
>>>     CID 1266441:  Unchecked return value  (CHECKED_RETURN)
>>>     Calling "Export" without checking return value (as is done elsewhere 12 out of 15 times).
3853                 GraphicConverter::Export(aStream, rGraphic, CVT_WMF);
3854                 pBLIPType = OOO_STRING_SVTOOLS_RTF_WMETAFILE;
3855                 aStream.Seek(STREAM_SEEK_TO_END);
3856                 nSize = aStream.Tell();
3857                 pGraphicAry = (sal_uInt8*)aStream.GetData();
3858     

________________________________________________________________________________________________________
*** CID 1266442:  Dereference after null check  (FORWARD_NULL)
/sw/source/uibase/docvw/edtwin.cxx: 2976 in SwEditWin::MouseButtonDown(const MouseEvent &)()
2970         if( rSh.FinishOLEObj() )
2971             return; // end InPlace and the click doesn't count anymore
2972     
2973         SET_CURR_SHELL( &rSh );
2974     
2975         SdrView *pSdrView = rSh.GetDrawView();
>>>     CID 1266442:  Dereference after null check  (FORWARD_NULL)
>>>     Comparing "pSdrView" to null implies that "pSdrView" might be null.
2976         if ( pSdrView )
2977         {
2978             if (pSdrView->MouseButtonDown( rMEvt, this ) )
2979             {
2980                 rSh.GetView().GetViewFrame()->GetBindings().InvalidateAll(false);
2981                 return; // SdrView's event evaluated

________________________________________________________________________________________________________
*** CID 1266443:  Dereference after null check  (FORWARD_NULL)
/sw/source/core/layout/trvlfrm.cxx: 749 in lcl_UpDown(SwPaM *, const SwCntntFrm *, const SwCntntFrm *(*)(const SwCntntFrm *), bool)()
743             pStart->GetCharRect( aRect, *pPam->GetPoint() );
744             Point aCenter = aRect.Center();
745             nX = bVert ? aCenter.Y() : aCenter.X();
746     
747             pTable = pCnt ? pCnt->FindTabFrm() : 0;
748             if ( !pTable )
>>>     CID 1266443:  Dereference after null check  (FORWARD_NULL)
>>>     Assigning: "pTable" = "pStTab".
749                 pTable = pStTab;
750     
751             if ( pStTab &&
752                 !pStTab->GetUpper()->IsInTab() &&
753                 !pTable->GetUpper()->IsInTab() )
754             {

________________________________________________________________________________________________________
*** CID 1266444:  Explicit null dereferenced  (FORWARD_NULL)
/sw/source/filter/ww8/wrtw8nds.cxx: 1528 in WW8Export::TrueFrameBgBrush(const SwFrmFmt &) const()
1522         while (pFlyFmt)
1523         {
1524             //If not set, or "no fill", get real bg
1525             const SfxPoolItem* pItem = 0;
1526             SfxItemState eState =
1527                 pFlyFmt->GetItemState(RES_BACKGROUND, true, &pItem);
>>>     CID 1266444:  Explicit null dereferenced  (FORWARD_NULL)
>>>     Assigning: "pRet" = "pItem".
1528             pRet = static_cast<const SvxBrushItem*>(pItem);
1529             if (SfxItemState::SET != eState || (!pRet->GetGraphic() &&
1530                 pRet->GetColor() == COL_TRANSPARENT))
1531             {
1532                 pRet = 0;
1533                 const SwFmtAnchor* pAnchor = &pFlyFmt->GetAnchor();

________________________________________________________________________________________________________
*** CID 1266445:  Explicit null dereferenced  (FORWARD_NULL)
/cppuhelper/source/component_context.cxx: 747 in cppu::ComponentContext::disposing()()
741             &envs, &envCount, &rtl_allocateMemory, OUString("java").pData);
742         assert(envCount >= 0);
743         assert(envCount == 0 || envs != nullptr);
744         for (sal_Int32 i = 0; i != envCount; ++i) {
745             assert(envs[i] != nullptr);
746             assert(envs[i]->dispose != nullptr);
>>>     CID 1266445:  Explicit null dereferenced  (FORWARD_NULL)
>>>     Dereferencing null pointer "envs".
747             (*envs[i]->dispose)(envs[i]);
748         }
749         rtl_freeMemory(envs);
750     }
751     
752     ComponentContext::ComponentContext(

________________________________________________________________________________________________________
*** CID 1266446:  Explicit null dereferenced  (FORWARD_NULL)
/sw/source/core/undo/unattr.cxx: 594 in SwUndoFmtResetAttr::SwUndoFmtResetAttr(SwFmt &, unsigned short)()
588         , m_pChangedFormat( &rChangedFormat )
589         , m_nWhichId( nWhichId )
590     {
591         const SfxPoolItem* pItem = 0;
592         if (rChangedFormat.GetItemState( nWhichId, false, &pItem ) == SfxItemState::SET)
593         {
>>>     CID 1266446:  Explicit null dereferenced  (FORWARD_NULL)
>>>     Passing null pointer "pItem" to "Clone", which dereferences it. (The dereference happens because this is a virtual function call.)
594             m_pOldItem.reset( pItem->Clone() );
595         }
596     }
597     
598     SwUndoFmtResetAttr::~SwUndoFmtResetAttr()
599     {

________________________________________________________________________________________________________
*** CID 1266447:  Explicit null dereferenced  (FORWARD_NULL)
/sw/source/filter/ww8/wrtw8nds.cxx: 1508 in WW8Export::GetCurrentPageBgBrush() const()
1502                         : pDoc->GetPageDesc(0).GetMaster();
1503     
1504         const SfxPoolItem* pItem = 0;
1505         //If not set, or "no fill", get real bg
1506         SfxItemState eState = rFmt.GetItemState(RES_BACKGROUND, true, &pItem);
1507     
>>>     CID 1266447:  Explicit null dereferenced  (FORWARD_NULL)
>>>     Assigning: "pRet" = "pItem".
1508         const SvxBrushItem* pRet = static_cast<const SvxBrushItem*>(pItem);
1509         if (SfxItemState::SET != eState || (!pRet->GetGraphic() &&
1510             pRet->GetColor() == COL_TRANSPARENT))
1511         {
1512             pRet = &(DefaultItemGet<SvxBrushItem>(*pDoc,RES_BACKGROUND));
1513         }

________________________________________________________________________________________________________
*** CID 1266448:  Explicit null dereferenced  (FORWARD_NULL)
/sc/source/filter/excel/xiescher.cxx: 243 in XclImpDrawObjBase::ReadObj4(const XclImpRoot &, XclImpStream &)()
237                     OSL_TRACE( "XclImpDrawObjBase::ReadObj4 - unknown object type 0x%04hX", nObjType );
238                     rRoot.GetTracer().TraceUnsupportedObjects();
239                     xDrawObj.reset( new XclImpPhObj( rRoot ) );
240             }
241         }
242     
>>>     CID 1266448:  Explicit null dereferenced  (FORWARD_NULL)
>>>     Dereferencing null pointer "xDrawObj".
243         xDrawObj->mnTab = rRoot.GetCurrScTab();
244         xDrawObj->ImplReadObj4( rStrm );
245         return xDrawObj;
246     }
247     
248     XclImpDrawObjRef XclImpDrawObjBase::ReadObj5( const XclImpRoot& rRoot, XclImpStream& rStrm )


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/211?tab=overview

To manage Coverity Scan email notifications for "libreoffice at lists.freedesktop.org", click https://scan.coverity.com/subscriptions/edit?email=libreoffice%40lists.freedesktop.org&token=d6481d718a775246b2340f282ebe5939 .



More information about the LibreOffice mailing list