New Defects reported by Coverity Scan for LibreOffice
scan-admin at coverity.com
scan-admin at coverity.com
Fri Jan 30 10:47:51 PST 2015
Hi,
Please find the latest report on new defect(s) introduced to LibreOffice found with Coverity Scan.
78 new defect(s) introduced to LibreOffice found with Coverity Scan.
86 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 20 of 78 defect(s)
** CID 440978: Dereference before null check (REVERSE_INULL)
/sfx2/source/doc/objstor.cxx: 1204 in SfxObjectShell::SaveTo_Impl(SfxMedium &, const SfxItemSet *)()
** CID 704645: Dereference after null check (FORWARD_NULL)
/forms/source/solar/component/navbarcontrol.cxx: 164 in frm::ONavigationBarControl::createPeer(const com::sun::star::uno::Reference<com::sun::star::awt::XToolkit> &, const com::sun::star::uno::Reference<com::sun::star::awt::XWindowPeer> &)()
** CID 707772: Uninitialized scalar field (UNINIT_CTOR)
/extensions/source/update/check/updatecheck.cxx: 749 in UpdateCheck::UpdateCheck()()
** CID 1197492: Uninitialized scalar variable (UNINIT)
/usr/include/c++/4.9.2/bits/random.tcc: 1782 in std::binomial_distribution<int>::operator ()<std::mersenne_twister_engine<unsigned long, (unsigned long)32, (unsigned long)624, (unsigned long)397, (unsigned long)31, (unsigned long)2567483615, (unsigned long)11, (unsigned long)4294967295, (unsigned long)7, (unsigned long)2636928640, (unsigned long)15, (unsigned long)4022730752, (unsigned long)18, (unsigned long)1812433253>>(T1 &, const std::binomial_distribution<int>::param_type &)()
** CID 1267628: Resource leak in object (CTOR_DTOR_LEAK)
/connectivity/source/drivers/evoab2/NResultSet.cxx: 626 in connectivity::evoab::OEvoabResultSet::OEvoabResultSet(connectivity::evoab::OCommonStatement *, connectivity::evoab::OEvoabConnection *)()
** CID 1267629: Logically dead code (DEADCODE)
/writerfilter/source/ooxml/OOXMLFastContextHandler.cxx: 2082 in writerfilter::ooxml::OOXMLFastContextHandlerMath::process()()
** CID 1267630: Logically dead code (DEADCODE)
/vcl/source/window/builder.cxx: 2035 in VclBuilder::handleChild(vcl::Window *, xmlreader::XmlReader &)()
** CID 1267631: Logically dead code (DEADCODE)
/sw/source/filter/ww8/wrtw8esh.cxx: 3123 in SwMSConvertControls::ExportControl(WW8Export &, const SdrObject *)()
** CID 1267632: Logically dead code (DEADCODE)
/sw/source/filter/html/htmlforw.cxx: 681 in GetControlSize(const SdrObject &, Size &, SwDoc *)()
** CID 1267633: Logically dead code (DEADCODE)
/sw/source/core/table/swnewtable.cxx: 1332 in lcl_CalculateSplitLineHeights(std::set<long, std::less<long>, std::allocator<long>> &, std::set<long, std::less<long>, std::allocator<long>> &, const SwTable &, const SwSelBoxes &, unsigned short)()
** CID 1267634: Logically dead code (DEADCODE)
/sw/source/filter/html/htmlforw.cxx: 708 in OutHTML_DrawFrmFmtAsControl(Writer &, const SwDrawFrmFmt &, const SdrObject &, bool)()
** CID 1267635: Logically dead code (DEADCODE)
/sw/source/core/doc/docnum.cxx: 767 in lcl_ChgNumRule(SwDoc &, const SwNumRule &)()
** CID 1267636: Logically dead code (DEADCODE)
/sw/source/core/doc/textboxhelper.cxx: 242 in SwTextBoxHelper::getByIndex(SdrPage *, int, std::set<const SwFrmFmt *, std::less<const SwFrmFmt *>, std::allocator<const SwFrmFmt *>> &)()
** CID 1267637: Logically dead code (DEADCODE)
/sw/source/core/undo/undobj.cxx: 233 in SwUndo::Repeat(SfxRepeatTarget &)()
** CID 1267638: Logically dead code (DEADCODE)
/sw/source/core/undo/undobj.cxx: 223 in SwUndo::RedoWithContext(SfxUndoContext &)()
** CID 1267639: Logically dead code (DEADCODE)
/sw/source/core/undo/undobj.cxx: 213 in SwUndo::UndoWithContext(SfxUndoContext &)()
** CID 1267640: Logically dead code (DEADCODE)
/sw/source/filter/html/htmlforw.cxx: 647 in SwHTMLWriter::GetHTMLControl(const SwDrawFrmFmt &)()
** CID 1267641: Logically dead code (DEADCODE)
/sw/source/core/layout/pagechg.cxx: 538 in SwPageFrm::_UpdateAttr(const SfxPoolItem *, const SfxPoolItem *, unsigned char &, SwAttrSetChg *, SwAttrSetChg *)()
** CID 1267642: Logically dead code (DEADCODE)
/lotuswordpro/source/filter/xfilter/xfstylemanager.cxx: 120 in XFStyleManager::AddStyle(IXFStyle *)()
** CID 1267643: Logically dead code (DEADCODE)
/sfx2/source/dialog/tabdlg.cxx: 1108 in SfxTabDialog::ActivatePageHdl(TabControl *)()
________________________________________________________________________________________________________
*** CID 440978: Dereference before null check (REVERSE_INULL)
/sfx2/source/doc/objstor.cxx: 1204 in SfxObjectShell::SaveTo_Impl(SfxMedium &, const SfxItemSet *)()
1198 SFX_ITEMSET_ARG( pMedSet, pSaveToItem, SfxBoolItem, SID_SAVETO, false );
1199 bCopyTo = GetCreateMode() == SFX_CREATE_MODE_EMBEDDED ||
1200 (pSaveToItem && pSaveToItem->GetValue());
1201 }
1202
1203 // use UCB for case sensitive/insensitive file name comparison
>>> CID 440978: Dereference before null check (REVERSE_INULL)
>>> Null-checking "this->pMedium" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
1204 if ( pMedium
1205 && !pMedium->GetName().equalsIgnoreAsciiCase("private:stream")
1206 && !rMedium.GetName().equalsIgnoreAsciiCase("private:stream")
1207 && ::utl::UCBContentHelper::EqualURLs( pMedium->GetName(), rMedium.GetName() ) )
1208 {
1209 bStoreToSameLocation = true;
________________________________________________________________________________________________________
*** CID 704645: Dereference after null check (FORWARD_NULL)
/forms/source/solar/component/navbarcontrol.cxx: 164 in frm::ONavigationBarControl::createPeer(const com::sun::star::uno::Reference<com::sun::star::awt::XToolkit> &, const com::sun::star::uno::Reference<com::sun::star::awt::XWindowPeer> &)()
158 xPeerView->setGraphics( mxGraphics );
159 }
160
161 // a lot of initial settings from our component infos
162 setPosSize( maComponentInfos.nX, maComponentInfos.nY, maComponentInfos.nWidth, maComponentInfos.nHeight, PosSize::POSSIZE );
163
>>> CID 704645: Dereference after null check (FORWARD_NULL)
>>> Passing null pointer "pPeer" to "setVisible", which dereferences it. (The dereference happens because this is a virtual function call.)
164 pPeer->setVisible ( maComponentInfos.bVisible && !mbDesignMode );
165 pPeer->setEnable ( maComponentInfos.bEnable );
166 pPeer->setDesignMode( mbDesignMode );
167
168 peerCreated();
169
________________________________________________________________________________________________________
*** CID 707772: Uninitialized scalar field (UNINIT_CTOR)
/extensions/source/update/check/updatecheck.cxx: 749 in UpdateCheck::UpdateCheck()()
743
744
745
746 UpdateCheck::UpdateCheck():
747 m_eState(NOT_INITIALIZED), m_eUpdateState(UPDATESTATES_COUNT),
748 m_pThread(NULL)
>>> CID 707772: Uninitialized scalar field (UNINIT_CTOR)
>>> Non-static class member "m_bShowExtUpdDlg" is not initialized in this constructor nor in any functions that it calls.
749 {};
750
751 UpdateCheck::~UpdateCheck() {}
752
753 void
754 UpdateCheck::initialize(const uno::Sequence< beans::NamedValue >& rValues,
________________________________________________________________________________________________________
*** CID 1197492: Uninitialized scalar variable (UNINIT)
/usr/include/c++/4.9.2/bits/random.tcc: 1782 in std::binomial_distribution<int>::operator ()<std::mersenne_twister_engine<unsigned long, (unsigned long)32, (unsigned long)624, (unsigned long)397, (unsigned long)31, (unsigned long)2567483615, (unsigned long)11, (unsigned long)4294967295, (unsigned long)7, (unsigned long)2636928640, (unsigned long)15, (unsigned long)4022730752, (unsigned long)18, (unsigned long)1812433253>>(T1 &, const std::binomial_distribution<int>::param_type &)()
1776 std::lgamma(__np + __x + 1)
1777 + std::lgamma(__t - (__np + __x) + 1);
1778 __reject = __v > __param._M_lf - __lfx
1779 + __x * __param._M_lp1p;
1780 }
1781
>>> CID 1197492: Uninitialized scalar variable (UNINIT)
>>> Using uninitialized value "__x".
1782 __reject |= __x + __np >= __thr;
1783 }
1784 while (__reject);
1785
1786 __x += __np + __naf;
1787
________________________________________________________________________________________________________
*** CID 1267628: Resource leak in object (CTOR_DTOR_LEAK)
/connectivity/source/drivers/evoab2/NResultSet.cxx: 626 in connectivity::evoab::OEvoabResultSet::OEvoabResultSet(connectivity::evoab::OCommonStatement *, connectivity::evoab::OEvoabConnection *)()
620 ,m_nFetchDirection(FetchDirection::FORWARD)
621 ,m_nResultSetConcurrency(ResultSetConcurrency::READ_ONLY)
622 ,m_nIndex(-1)
623 ,m_nLength(0)
624 {
625 if (eds_check_version( 3, 7, 6 ) == NULL)
>>> CID 1267628: Resource leak in object (CTOR_DTOR_LEAK)
>>> The constructor allocates field "m_pVersionHelper" of "connectivity::evoab::OEvoabResultSet" but the destructor and whatever functions it calls do not free it.
626 m_pVersionHelper = new OEvoabVersion38Helper;
627 else if (eds_check_version( 3, 6, 0 ) == NULL)
628 m_pVersionHelper = new OEvoabVersion36Helper;
629 else
630 m_pVersionHelper = new OEvoabVersion35Helper;
631
________________________________________________________________________________________________________
*** CID 1267629: Logically dead code (DEADCODE)
/writerfilter/source/ooxml/OOXMLFastContextHandler.cxx: 2082 in writerfilter::ooxml::OOXMLFastContextHandlerMath::process()()
2076 // gcc4.4 (and 4.3 and possibly older) have a problem with dynamic_cast directly to the target class,
2077 // so help it with an intermediate cast. I'm not sure what exactly the problem is, seems to be unrelated
2078 // to RTLD_GLOBAL, so most probably a gcc bug.
2079 oox::FormulaImportBase* import = dynamic_cast< oox::FormulaImportBase* >( dynamic_cast< SfxBaseModel* >(component.get()));
2080 assert( import != nullptr );
2081 if (!import)
>>> CID 1267629: Logically dead code (DEADCODE)
>>> Execution cannot reach this statement: "return;".
2082 return;
2083 import->readFormulaOoxml( buffer );
2084 if (isForwardEvents())
2085 {
2086 OOXMLPropertySet * pProps = new OOXMLPropertySetImpl();
2087 OOXMLValue::Pointer_t pVal( new OOXMLStarMathValue( ref ));
________________________________________________________________________________________________________
*** CID 1267630: Logically dead code (DEADCODE)
/vcl/source/window/builder.cxx: 2035 in VclBuilder::handleChild(vcl::Window *, xmlreader::XmlReader &)()
2029 pBoxParent->set_content_area(static_cast<VclBox*>(pCurrentChild));
2030 }
2031 else if (sInternalChild.startsWith("action_area") || sInternalChild.startsWith("messagedialog-action_area"))
2032 {
2033 vcl::Window *pContentArea = pCurrentChild->GetParent();
2034 assert(pContentArea && pContentArea->GetType() == WINDOW_CONTAINER);
>>> CID 1267630: Logically dead code (DEADCODE)
>>> Execution cannot reach the expression "NULL" inside this statement: "pBoxParent = dynamic_cast <...".
2035 if (Dialog *pBoxParent = dynamic_cast<Dialog*>(pContentArea ? pContentArea->GetParent() : NULL))
2036 {
2037 pBoxParent->set_action_area(static_cast<VclButtonBox*>(pCurrentChild));
2038 }
2039 }
2040
________________________________________________________________________________________________________
*** CID 1267631: Logically dead code (DEADCODE)
/sw/source/filter/ww8/wrtw8esh.cxx: 3123 in SwMSConvertControls::ExportControl(WW8Export &, const SdrObject *)()
3117 if (!rWW8Wrt.bWrtWW8)
3118 return false;
3119
3120 const SdrUnoObj *pFormObj = PTR_CAST(SdrUnoObj,pObj);
3121 assert(pFormObj);
3122 if (!pFormObj)
>>> CID 1267631: Logically dead code (DEADCODE)
>>> Execution cannot reach this statement: "return false;".
3123 return false;
3124 uno::Reference< awt::XControlModel > xControlModel =
3125 pFormObj->GetUnoControlModel();
3126
3127 //Why oh lord do we use so many different units ?
3128 //I think I painted myself into a little bit of a
________________________________________________________________________________________________________
*** CID 1267632: Logically dead code (DEADCODE)
/sw/source/filter/html/htmlforw.cxx: 681 in GetControlSize(const SdrObject &, Size &, SwDoc *)()
675 if( !pVSh )
676 return;
677
678 const SdrUnoObj *pFormObj = PTR_CAST( SdrUnoObj, &rSdrObj );
679 assert(pFormObj);
680 if (!pFormObj)
>>> CID 1267632: Logically dead code (DEADCODE)
>>> Execution cannot reach this statement: "return;".
681 return;
682 uno::Reference< awt::XControl > xControl;
683 SdrView* pDrawView = pVSh->GetDrawView();
684 OSL_ENSURE( pDrawView && pVSh->GetWin(), "no DrawView or window!" );
685 if ( pDrawView && pVSh->GetWin() )
686 xControl = pFormObj->GetUnoControl( *pDrawView, *pVSh->GetWin() );
________________________________________________________________________________________________________
*** CID 1267633: Logically dead code (DEADCODE)
/sw/source/core/table/swnewtable.cxx: 1332 in lcl_CalculateSplitLineHeights(std::set<long, std::less<long>, std::allocator<long>> &, std::set<long, std::less<long>, std::allocator<long>> &, const SwTable &, const SwSelBoxes &, unsigned short)()
1326 if( aBoxes.empty() )
1327 return 0;
1328
1329 //coverity#705106, help coverity out here
1330 assert(nFirst != USHRT_MAX);
1331 if (nFirst == USHRT_MAX)
>>> CID 1267633: Logically dead code (DEADCODE)
>>> Execution cannot reach this statement: "return 0;".
1332 return 0;
1333
1334 SwTwips nHeight = 0;
1335 SwTwips* pLines = new SwTwips[ nLast + 1 - nFirst ];
1336 for( sal_uInt16 i = nFirst; i <= nLast; ++i )
1337 {
________________________________________________________________________________________________________
*** CID 1267634: Logically dead code (DEADCODE)
/sw/source/filter/html/htmlforw.cxx: 708 in OutHTML_DrawFrmFmtAsControl(Writer &, const SwDrawFrmFmt &, const SdrObject &, bool)()
702 {
703 SwHTMLWriter & rHTMLWrt = static_cast<SwHTMLWriter&>(rWrt);
704
705 const SdrUnoObj *pFormObj = PTR_CAST( SdrUnoObj, &rSdrObject );
706 assert(pFormObj);
707 if (!pFormObj)
>>> CID 1267634: Logically dead code (DEADCODE)
>>> Execution cannot reach this statement: "return rWrt;".
708 return rWrt;
709 uno::Reference< awt::XControlModel > xControlModel =
710 pFormObj->GetUnoControlModel();
711
712 OSL_ENSURE( xControlModel.is(), "UNO-Control ohne Model" );
713 if( !xControlModel.is() )
________________________________________________________________________________________________________
*** CID 1267635: Logically dead code (DEADCODE)
/sw/source/core/doc/docnum.cxx: 767 in lcl_ChgNumRule(SwDoc &, const SwNumRule &)()
761
762 static void lcl_ChgNumRule( SwDoc& rDoc, const SwNumRule& rRule )
763 {
764 SwNumRule* pOld = rDoc.FindNumRulePtr( rRule.GetName() );
765 assert(pOld); //we cannot proceed without the old NumRule
766 if (!pOld)
>>> CID 1267635: Logically dead code (DEADCODE)
>>> Execution cannot reach this statement: "return;".
767 return;
768
769 sal_uInt16 nChgFmtLevel = 0;
770 sal_uInt16 nMask = 1;
771
772 for ( sal_uInt8 n = 0; n < MAXLEVEL; ++n, nMask <<= 1 )
________________________________________________________________________________________________________
*** CID 1267636: Logically dead code (DEADCODE)
/sw/source/core/doc/textboxhelper.cxx: 242 in SwTextBoxHelper::getByIndex(SdrPage *, int, std::set<const SwFrmFmt *, std::less<const SwFrmFmt *>, std::allocator<const SwFrmFmt *>> &)()
236 pRet = pPage->GetObj(i);
237 break;
238 }
239 ++nCount;
240 }
241 assert(pRet);
>>> CID 1267636: Logically dead code (DEADCODE)
>>> Execution cannot reach this statement: "<temporary>.Any();".
242 return pRet ? uno::makeAny(uno::Reference<drawing::XShape>(pRet->getUnoShape(), uno::UNO_QUERY)) : uno::Any();
243 }
244
245 sal_Int32 SwTextBoxHelper::getOrdNum(const SdrObject* pObject, std::set<const SwFrmFmt*>& rTextBoxes)
246 {
247 if (const SdrPage* pPage = pObject->GetPage())
________________________________________________________________________________________________________
*** CID 1267637: Logically dead code (DEADCODE)
/sw/source/core/undo/undobj.cxx: 233 in SwUndo::Repeat(SfxRepeatTarget &)()
227
228 void SwUndo::Repeat(SfxRepeatTarget & rContext)
229 {
230 ::sw::RepeatContext *const pRepeatContext(
231 dynamic_cast< ::sw::RepeatContext * >(& rContext));
232 assert(pRepeatContext);
>>> CID 1267637: Logically dead code (DEADCODE)
>>> Execution cannot reach this statement: "return;".
233 if (!pRepeatContext) { return; }
234 RepeatImpl(*pRepeatContext);
235 }
236
237 bool SwUndo::CanRepeat(SfxRepeatTarget & rContext) const
238 {
________________________________________________________________________________________________________
*** CID 1267638: Logically dead code (DEADCODE)
/sw/source/core/undo/undobj.cxx: 223 in SwUndo::RedoWithContext(SfxUndoContext &)()
217
218 void SwUndo::RedoWithContext(SfxUndoContext & rContext)
219 {
220 ::sw::UndoRedoContext *const pContext(
221 dynamic_cast< ::sw::UndoRedoContext * >(& rContext));
222 assert(pContext);
>>> CID 1267638: Logically dead code (DEADCODE)
>>> Execution cannot reach this statement: "return;".
223 if (!pContext) { return; }
224 const UndoRedoRedlineGuard aUndoRedoRedlineGuard(*pContext, *this);
225 RedoImpl(*pContext);
226 }
227
228 void SwUndo::Repeat(SfxRepeatTarget & rContext)
________________________________________________________________________________________________________
*** CID 1267639: Logically dead code (DEADCODE)
/sw/source/core/undo/undobj.cxx: 213 in SwUndo::UndoWithContext(SfxUndoContext &)()
207
208 void SwUndo::UndoWithContext(SfxUndoContext & rContext)
209 {
210 ::sw::UndoRedoContext *const pContext(
211 dynamic_cast< ::sw::UndoRedoContext * >(& rContext));
212 assert(pContext);
>>> CID 1267639: Logically dead code (DEADCODE)
>>> Execution cannot reach this statement: "return;".
213 if (!pContext) { return; }
214 const UndoRedoRedlineGuard aUndoRedoRedlineGuard(*pContext, *this);
215 UndoImpl(*pContext);
216 }
217
218 void SwUndo::RedoWithContext(SfxUndoContext & rContext)
________________________________________________________________________________________________________
*** CID 1267640: Logically dead code (DEADCODE)
/sw/source/filter/html/htmlforw.cxx: 647 in SwHTMLWriter::GetHTMLControl(const SwDrawFrmFmt &)()
641 if( !pObj || FmFormInventor != pObj->GetObjInventor() )
642 return 0;
643
644 const SdrUnoObj *pFormObj = PTR_CAST( SdrUnoObj, pObj );
645 assert(pFormObj);
646 if (!pFormObj)
>>> CID 1267640: Logically dead code (DEADCODE)
>>> Execution cannot reach this statement: "return NULL;".
647 return 0;
648 uno::Reference< awt::XControlModel > xControlModel =
649 pFormObj->GetUnoControlModel();
650
651 OSL_ENSURE( xControlModel.is(), "UNO-Control ohne Model" );
652 if( !xControlModel.is() )
________________________________________________________________________________________________________
*** CID 1267641: Logically dead code (DEADCODE)
/sw/source/core/layout/pagechg.cxx: 538 in SwPageFrm::_UpdateAttr(const SfxPoolItem *, const SfxPoolItem *, unsigned char &, SwAttrSetChg *, SwAttrSetChg *)()
532 case RES_FMT_CHG:
533 {
534 // If the frame format is changed, several things might also change:
535 // 1. columns:
536 assert(pOld && pNew); //FMT_CHG Missing Format
537 const SwFmt* pOldFmt = pOld ? static_cast<const SwFmtChg*>(pOld)->pChangedFmt : NULL;
>>> CID 1267641: Logically dead code (DEADCODE)
>>> Execution cannot reach the expression "NULL" inside this statement: "pNewFmt = (pNew ? static_ca...".
538 const SwFmt* pNewFmt = pNew ? static_cast<const SwFmtChg*>(pNew)->pChangedFmt : NULL;
539 assert(pOldFmt && pNewFmt); //FMT_CHG Missing Format
540 if (pOldFmt && pNewFmt)
541 {
542 const SwFmtCol &rOldCol = pOldFmt->GetCol();
543 const SwFmtCol &rNewCol = pNewFmt->GetCol();
________________________________________________________________________________________________________
*** CID 1267642: Logically dead code (DEADCODE)
/lotuswordpro/source/filter/xfilter/xfstylemanager.cxx: 120 in XFStyleManager::AddStyle(IXFStyle *)()
114 IXFStyleRet aRet;
115
116 assert(pStyle);
117 OUString name;
118
119 if( !pStyle )
>>> CID 1267642: Logically dead code (DEADCODE)
>>> Execution cannot reach this statement: "return aRet;".
120 return aRet;
121 name = pStyle->GetStyleName();
122
123 if( pStyle->GetStyleFamily() == enumXFStyleText )
124 {
125 if( !name.isEmpty() )
________________________________________________________________________________________________________
*** CID 1267643: Logically dead code (DEADCODE)
/sfx2/source/dialog/tabdlg.cxx: 1108 in SfxTabDialog::ActivatePageHdl(TabControl *)()
1102 pTabPage = dynamic_cast< SfxTabPage* >(pTabCtrl->GetTabPage(nId));
1103 pDataObject = Find(pImpl->aData, nId);
1104 }
1105
1106 assert(pDataObject); //Id not known
1107 if (!pDataObject)
>>> CID 1267643: Logically dead code (DEADCODE)
>>> Execution cannot reach this statement: "return 0L;".
1108 return 0;
1109
1110 // Create TabPage if possible:
1111 if ( !pTabPage )
1112 {
1113 const SfxItemSet* pTmpSet = 0;
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/211?tab=overview
To manage Coverity Scan email notifications for "libreoffice at lists.freedesktop.org", click https://scan.coverity.com/subscriptions/edit?email=libreoffice%40lists.freedesktop.org&token=d6481d718a775246b2340f282ebe5939 .
More information about the LibreOffice
mailing list