New Defects reported by Coverity Scan for LibreOffice

scan-admin at coverity.com scan-admin at coverity.com
Thu Jul 23 04:00:14 PDT 2015 

Hi,

Please find the latest report on new defect(s) introduced to LibreOffice found with Coverity Scan.

2 new defect(s) introduced to LibreOffice found with Coverity Scan.
7 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)


** CID 1312139:  Insecure data handling  (TAINTED_SCALAR)
/comphelper/source/xml/xmltools.cxx: 84 in comphelper::xml::makeXMLChaff()()


________________________________________________________________________________________________________
*** CID 1312139:  Insecure data handling  (TAINTED_SCALAR)
/comphelper/source/xml/xmltools.cxx: 84 in comphelper::xml::makeXMLChaff()()
78                 rtlRandomPool pool = rtl_random_createPool();
79     
80                 sal_Int8 n;
81                 rtl_random_getBytes(pool, &n, 1);
82     
83                 //1024 minus max -127/plus max 128
>>>     CID 1312139:  Insecure data handling  (TAINTED_SCALAR)
>>>     Assigning: "nLength" = "1024 + n". Both are now tainted.
84                 sal_Int32 nLength = 1024+n;
85                 std::vector<sal_uInt8> aChaff(nLength);
86                 rtl_random_getBytes(pool, &aChaff[0], nLength);
87     
88                 rtl_random_destroyPool(pool);
89     

** CID 1312138:  Resource leaks  (RESOURCE_LEAK)
/sal/osl/unx/random.cxx: 30 in osl_get_system_random_data()


________________________________________________________________________________________________________
*** CID 1312138:  Resource leaks  (RESOURCE_LEAK)
/sal/osl/unx/random.cxx: 30 in osl_get_system_random_data()
24             while(desired_len)
25             {
26                 if ((nb_read = read(fd, buffer, desired_len)) == -1)
27                 {
28                     if (errno != EINTR)
29                     {
>>>     CID 1312138:  Resource leaks  (RESOURCE_LEAK)
>>>     Handle variable "fd" going out of scope leaks the handle.
30                         return false;
31                     }
32                 }
33                 else
34                 {
35                     buffer  += nb_read;


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/211?tab=overview

To manage Coverity Scan email notifications for "libreoffice at lists.freedesktop.org", click https://scan.coverity.com/subscriptions/edit?email=libreoffice%40lists.freedesktop.org&token=d6481d718a775246b2340f282ebe5939

More information about the LibreOffice mailing list