New Defects reported by Coverity Scan for LibreOffice
scan-admin at coverity.com
scan-admin at coverity.com
Thu Oct 1 05:45:58 PDT 2015
Hi,
Please find the latest report on new defect(s) introduced to LibreOffice found with Coverity Scan.
17 new defect(s) introduced to LibreOffice found with Coverity Scan.
30 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 17 of 17 defect(s)
** CID 1325257: (UNINIT)
/vcl/source/gdi/salmisc.cxx: 388 in StretchAndConvert(const BitmapBuffer &, const SalTwoRect &, unsigned long, const BitmapPalette *, const ColorMask *)()
/vcl/source/gdi/salmisc.cxx: 388 in StretchAndConvert(const BitmapBuffer &, const SalTwoRect &, unsigned long, const BitmapPalette *, const ColorMask *)()
________________________________________________________________________________________________________
*** CID 1325257: (UNINIT)
/vcl/source/gdi/salmisc.cxx: 388 in StretchAndConvert(const BitmapBuffer &, const SalTwoRect &, unsigned long, const BitmapPalette *, const ColorMask *)()
382 Scanline* pDstScan = NULL;
383 long* pMapX = NULL;
384 long* pMapY = NULL;
385
386 try
387 {
>>> CID 1325257: (UNINIT)
>>> Assigning: "pSrcScan" = "new Scanline[rSrcBuffer.mnHeight]", which is allocated but not initialized.
388 pSrcScan = new Scanline[rSrcBuffer.mnHeight];
389 pDstScan = new Scanline[pDstBuffer->mnHeight];
390 pMapX = new long[pDstBuffer->mnWidth];
391 pMapY = new long[pDstBuffer->mnHeight];
392 }
393 catch( const std::bad_alloc& )
/vcl/source/gdi/salmisc.cxx: 388 in StretchAndConvert(const BitmapBuffer &, const SalTwoRect &, unsigned long, const BitmapPalette *, const ColorMask *)()
382 Scanline* pDstScan = NULL;
383 long* pMapX = NULL;
384 long* pMapY = NULL;
385
386 try
387 {
>>> CID 1325257: (UNINIT)
>>> Assigning: "pSrcScan" = "new Scanline[rSrcBuffer.mnHeight]", which is allocated but not initialized.
388 pSrcScan = new Scanline[rSrcBuffer.mnHeight];
389 pDstScan = new Scanline[pDstBuffer->mnHeight];
390 pMapX = new long[pDstBuffer->mnWidth];
391 pMapY = new long[pDstBuffer->mnHeight];
392 }
393 catch( const std::bad_alloc& )
** CID 1325256: Null pointer dereferences (NULL_RETURNS)
/sfx2/source/view/viewfrm.cxx: 2561 in SfxViewFrame::AddDispatchMacroToBasic_Impl(const rtl::OUString &)()
________________________________________________________________________________________________________
*** CID 1325256: Null pointer dereferences (NULL_RETURNS)
/sfx2/source/view/viewfrm.cxx: 2561 in SfxViewFrame::AddDispatchMacroToBasic_Impl(const rtl::OUString &)()
2555 StarBASIC* pBasic = pBasMgr->GetLib( aLibName );
2556 if ( pBasic )
2557 {
2558 SbModule* pModule = pBasic->FindModule( aModuleName );
2559 if ( pModule )
2560 {
>>> CID 1325256: Null pointer dereferences (NULL_RETURNS)
>>> Assigning: "pMethod" = null return value from "Find".
2561 SbMethod* pMethod = static_cast<SbMethod*>(pModule->GetMethods()->Find( aMacroName, SbxCLASS_METHOD ));
2562 aOUSource = pModule->GetSource32();
2563 sal_uInt16 nStart, nEnd;
2564 pMethod->GetLineRange( nStart, nEnd );
2565 sal_uIntPtr nlStart = nStart;
2566 sal_uIntPtr nlEnd = nEnd;
** CID 1325255: Null pointer dereferences (FORWARD_NULL)
/basic/source/runtime/runtime.cxx: 3257 in SbiRuntime::checkClass_Impl(const tools::SvRef<SbxVariable> &, const rtl::OUString &, bool, bool)()
________________________________________________________________________________________________________
*** CID 1325255: Null pointer dereferences (FORWARD_NULL)
/basic/source/runtime/runtime.cxx: 3257 in SbiRuntime::checkClass_Impl(const tools::SvRef<SbxVariable> &, const rtl::OUString &, bool, bool)()
3251 if( pObj )
3252 {
3253 if( !implIsClass( pObj, aClass ) )
3254 {
3255 if ( ( bVBAEnabled || CodeCompleteOptions::IsExtendedTypeDeclaration() ) && pObj->IsA( TYPE(SbUnoObject) ) )
3256 {
>>> CID 1325255: Null pointer dereferences (FORWARD_NULL)
>>> Assigning: "pUnoObj" = "dynamic_cast <SbUnoObject *>(pObj)".
3257 SbUnoObject* pUnoObj = dynamic_cast<SbUnoObject*>( pObj );
3258 bOk = checkUnoObjectType( pUnoObj, aClass );
3259 }
3260 else
3261 bOk = false;
3262 if ( !bOk )
** CID 1325254: Null pointer dereferences (FORWARD_NULL)
/xmloff/source/text/XMLTextFrameHyperlinkContext.cxx: 167 in XMLTextFrameHyperlinkContext::GetShape() const()
________________________________________________________________________________________________________
*** CID 1325254: Null pointer dereferences (FORWARD_NULL)
/xmloff/source/text/XMLTextFrameHyperlinkContext.cxx: 167 in XMLTextFrameHyperlinkContext::GetShape() const()
161 Reference < drawing::XShape > XMLTextFrameHyperlinkContext::GetShape() const
162 {
163 Reference < drawing::XShape > xShape;
164 if( xFrameContext.Is() )
165 {
166 SvXMLImportContext *pContext = &xFrameContext;
>>> CID 1325254: Null pointer dereferences (FORWARD_NULL)
>>> Dynamic cast to pointer "dynamic_cast <XMLTextFrameContext *>(pContext)" can return "NULL".
167 xShape = dynamic_cast<XMLTextFrameContext*>( pContext )->GetShape( );
168 }
169
170 return xShape;
171 }
172
** CID 1325253: Null pointer dereferences (FORWARD_NULL)
/xmloff/source/text/XMLTextFrameHyperlinkContext.cxx: 154 in XMLTextFrameHyperlinkContext::GetTextContent() const()
________________________________________________________________________________________________________
*** CID 1325253: Null pointer dereferences (FORWARD_NULL)
/xmloff/source/text/XMLTextFrameHyperlinkContext.cxx: 154 in XMLTextFrameHyperlinkContext::GetTextContent() const()
148 Reference < XTextContent > XMLTextFrameHyperlinkContext::GetTextContent() const
149 {
150 Reference <XTextContent > xTxt;
151 if( xFrameContext.Is() )
152 {
153 SvXMLImportContext *pContext = &xFrameContext;
>>> CID 1325253: Null pointer dereferences (FORWARD_NULL)
>>> Dynamic cast to pointer "dynamic_cast <XMLTextFrameContext *>(pContext)" can return "NULL".
154 xTxt = dynamic_cast<XMLTextFrameContext*>( pContext )->GetTextContent( );
155 }
156
157 return xTxt;
158 }
159
** CID 1325252: Null pointer dereferences (FORWARD_NULL)
/xmloff/source/text/XMLTextFrameHyperlinkContext.cxx: 141 in XMLTextFrameHyperlinkContext::GetAnchorType() const()
________________________________________________________________________________________________________
*** CID 1325252: Null pointer dereferences (FORWARD_NULL)
/xmloff/source/text/XMLTextFrameHyperlinkContext.cxx: 141 in XMLTextFrameHyperlinkContext::GetAnchorType() const()
135
136 TextContentAnchorType XMLTextFrameHyperlinkContext::GetAnchorType() const
137 {
138 if( xFrameContext.Is() )
139 {
140 SvXMLImportContext *pContext = &xFrameContext;
>>> CID 1325252: Null pointer dereferences (FORWARD_NULL)
>>> Dynamic cast to pointer "dynamic_cast <XMLTextFrameContext *>(pContext)" can return "NULL".
141 return dynamic_cast<XMLTextFrameContext*>( pContext ) ->GetAnchorType( );
142 }
143 else
144 return eDefaultAnchorType;
145
146 }
** CID 1325251: Null pointer dereferences (FORWARD_NULL)
/cui/source/customize/acccfg.cxx: 1477 in SfxAcceleratorConfigPage::Reset(const SfxItemSet *)()
________________________________________________________________________________________________________
*** CID 1325251: Null pointer dereferences (FORWARD_NULL)
/cui/source/customize/acccfg.cxx: 1477 in SfxAcceleratorConfigPage::Reset(const SfxItemSet *)()
1471
1472 RadioHdl(0);
1473
1474 const SfxPoolItem* pMacroItem=0;
1475 if( SfxItemState::SET == rSet->GetItemState( SID_MACROINFO, true, &pMacroItem ) )
1476 {
>>> CID 1325251: Null pointer dereferences (FORWARD_NULL)
>>> Assigning: "this->m_pMacroInfoItem" = "dynamic_cast <SfxMacroInfoItem const *>(pMacroItem)".
1477 m_pMacroInfoItem = dynamic_cast<const SfxMacroInfoItem*>( pMacroItem );
1478 m_pGroupLBox->SelectMacro( m_pMacroInfoItem );
1479 }
1480 else
1481 {
1482 const SfxPoolItem* pStringItem=0;
** CID 1325250: Null pointer dereferences (FORWARD_NULL)
/basic/source/classes/sbunoobj.cxx: 146 in getDefaultProp(SbxVariable *)()
________________________________________________________________________________________________________
*** CID 1325250: Null pointer dereferences (FORWARD_NULL)
/basic/source/classes/sbunoobj.cxx: 146 in getDefaultProp(SbxVariable *)()
140 {
141 SbxBase* pObjVarObj = pRef->GetObject();
142 pObj = dynamic_cast<SbxObject*>( pObjVarObj );
143 }
144 if ( pObj && 0 != dynamic_cast<const SbUnoObject*>( pObj) )
145 {
>>> CID 1325250: Null pointer dereferences (FORWARD_NULL)
>>> Assigning: "pUnoObj" = "dynamic_cast <SbUnoObject *>(pObj)".
146 SbUnoObject* pUnoObj = dynamic_cast<SbUnoObject*>( pObj );
147 pDefaultProp = pUnoObj->GetDfltProperty();
148 }
149 }
150 return pDefaultProp;
151 }
** CID 1325249: Null pointer dereferences (FORWARD_NULL)
/xmloff/source/draw/ximpshap.cxx: 3613 in SdXMLFrameShapeContext::CreateChildContext(unsigned short, const rtl::OUString &, const com::sun::star::uno::Reference<com::sun::star::xml::sax::XAttributeList> &)()
________________________________________________________________________________________________________
*** CID 1325249: Null pointer dereferences (FORWARD_NULL)
/xmloff/source/draw/ximpshap.cxx: 3613 in SdXMLFrameShapeContext::CreateChildContext(unsigned short, const rtl::OUString &, const com::sun::star::uno::Reference<com::sun::star::xml::sax::XAttributeList> &)()
3607 (IsXMLToken( rLocalName, XML_TITLE ) || IsXMLToken( rLocalName, XML_DESC ) ) ) ||
3608 (nPrefix == XML_NAMESPACE_OFFICE && IsXMLToken( rLocalName, XML_EVENT_LISTENERS ) ) ||
3609 (nPrefix == XML_NAMESPACE_DRAW && (IsXMLToken( rLocalName, XML_GLUE_POINT ) ||
3610 IsXMLToken( rLocalName, XML_THUMBNAIL ) ) ) )
3611 {
3612 SvXMLImportContext *pImplContext = &mxImplContext;
>>> CID 1325249: Null pointer dereferences (FORWARD_NULL)
>>> Passing null pointer "dynamic_cast <SdXMLShapeContext *>(pImplContext)" to "CreateChildContext", which dereferences it. (The dereference happens because this is a virtual function call.)
3613 pContext = dynamic_cast<SdXMLShapeContext*>( pImplContext )->CreateChildContext( nPrefix,
3614 rLocalName, xAttrList );
3615 }
3616 else if ( (XML_NAMESPACE_DRAW == nPrefix) && IsXMLToken( rLocalName, XML_IMAGE_MAP ) )
3617 {
3618 SdXMLShapeContext *pSContext = dynamic_cast< SdXMLShapeContext* >( &mxImplContext );
** CID 1325248: Null pointer dereferences (FORWARD_NULL)
/xmloff/source/text/txtparaimphint.hxx: 223 in XMLTextFrameHint_Impl::GetShape() const()
________________________________________________________________________________________________________
*** CID 1325248: Null pointer dereferences (FORWARD_NULL)
/xmloff/source/text/txtparaimphint.hxx: 223 in XMLTextFrameHint_Impl::GetShape() const()
217 // Frame "to character": anchor moves from first to last char after saving (#i33242#)
218 css::uno::Reference < css::drawing::XShape > GetShape() const
219 {
220 css::uno::Reference < css::drawing::XShape > xShape;
221 SvXMLImportContext *pContext = &xContext;
222 if( 0 != dynamic_cast<const XMLTextFrameContext*>(pContext) )
>>> CID 1325248: Null pointer dereferences (FORWARD_NULL)
>>> Dynamic cast to pointer "dynamic_cast <XMLTextFrameContext *>(pContext)" can return "NULL".
223 xShape = dynamic_cast< XMLTextFrameContext*>( pContext )->GetShape();
224 else if( 0 != dynamic_cast<const XMLTextFrameHyperlinkContext*>(pContext) )
225 xShape = dynamic_cast<XMLTextFrameHyperlinkContext*>( pContext )->GetShape();
226
227 return xShape;
228 }
** CID 1325247: Null pointer dereferences (FORWARD_NULL)
/xmloff/source/text/txtparaimphint.hxx: 209 in XMLTextFrameHint_Impl::GetTextContent() const()
________________________________________________________________________________________________________
*** CID 1325247: Null pointer dereferences (FORWARD_NULL)
/xmloff/source/text/txtparaimphint.hxx: 209 in XMLTextFrameHint_Impl::GetTextContent() const()
203
204 css::uno::Reference < css::text::XTextContent > GetTextContent() const
205 {
206 css::uno::Reference < css::text::XTextContent > xTxt;
207 SvXMLImportContext *pContext = &xContext;
208 if( 0 != dynamic_cast<const XMLTextFrameContext*>(pContext) )
>>> CID 1325247: Null pointer dereferences (FORWARD_NULL)
>>> Dynamic cast to pointer "dynamic_cast <XMLTextFrameContext *>(pContext)" can return "NULL".
209 xTxt = dynamic_cast< XMLTextFrameContext*>( pContext )->GetTextContent();
210 else if( 0 != dynamic_cast<const XMLTextFrameHyperlinkContext*>(pContext) )
211 xTxt = dynamic_cast< XMLTextFrameHyperlinkContext* >( pContext )
212 ->GetTextContent();
213
214 return xTxt;
** CID 1325246: Null pointer dereferences (FORWARD_NULL)
/xmloff/source/text/txtparaimphint.hxx: 235 in XMLTextFrameHint_Impl::IsBoundAtChar() const()
________________________________________________________________________________________________________
*** CID 1325246: Null pointer dereferences (FORWARD_NULL)
/xmloff/source/text/txtparaimphint.hxx: 235 in XMLTextFrameHint_Impl::IsBoundAtChar() const()
229
230 bool IsBoundAtChar() const
231 {
232 bool bRet = false;
233 SvXMLImportContext *pContext = &xContext;
234 if( 0 != dynamic_cast<const XMLTextFrameContext*>(pContext) )
>>> CID 1325246: Null pointer dereferences (FORWARD_NULL)
>>> Dynamic cast to pointer "dynamic_cast <XMLTextFrameContext const *>(pContext)" can return "NULL".
235 bRet = css::text::TextContentAnchorType_AT_CHARACTER ==
236 dynamic_cast<const XMLTextFrameContext*>( pContext )
237 ->GetAnchorType();
238 else if( 0 != dynamic_cast<const XMLTextFrameHyperlinkContext*>( pContext) )
239 bRet = css::text::TextContentAnchorType_AT_CHARACTER ==
240 dynamic_cast<const XMLTextFrameHyperlinkContext*>( pContext )
** CID 1325245: Incorrect expression (COPY_PASTE_ERROR)
/filter/source/graphicfilter/ipict/ipict.cxx: 910 in PictReader::ReadPixMapEtc(Bitmap &, bool, bool, Rectangle *, Rectangle *, bool, bool)()
________________________________________________________________________________________________________
*** CID 1325245: Incorrect expression (COPY_PASTE_ERROR)
/filter/source/graphicfilter/ipict/ipict.cxx: 910 in PictReader::ReadPixMapEtc(Bitmap &, bool, bool, Rectangle *, Rectangle *, bool, bool)()
904 sal_uInt16 nByteCount, nCount, nD;
905 sal_uLong nSrcBitsPos;
906
907 if (nWidth > nRowBytes / 2)
908 BITMAPERROR;
909
>>> CID 1325245: Incorrect expression (COPY_PASTE_ERROR)
>>> "nRowBytes" in "nRowBytes < 8" looks like a copy-paste error.
910 if ( nRowBytes < 8 || nPackType == 1 ) {
911 if (pPict->remainingSize() < sizeof(sal_uInt16) * nHeight * nWidth)
912 BITMAPERROR;
913 }
914
915 for (sal_uInt16 ny = 0; ny < nHeight; ++ny)
** CID 1209375: Null pointer dereferences (FORWARD_NULL)
/connectivity/source/drivers/dbase/DIndexIter.cxx: 135 in connectivity::dbase::OIndexIterator::GetCompare(bool)()
________________________________________________________________________________________________________
*** CID 1209375: Null pointer dereferences (FORWARD_NULL)
/connectivity/source/drivers/dbase/DIndexIter.cxx: 135 in connectivity::dbase::OIndexIterator::GetCompare(bool)()
129 }
130
131
132 sal_uIntPtr OIndexIterator::GetCompare(bool bFirst)
133 {
134 ONDXKey* pKey = NULL;
>>> CID 1209375: Null pointer dereferences (FORWARD_NULL)
>>> Dynamic cast to pointer "dynamic_cast <connectivity::file::OOp_COMPARE *>(this->m_pOperator)" can return "NULL".
135 sal_Int32 ePredicateType = dynamic_cast<file::OOp_COMPARE*>(m_pOperator)->getPredicateType();
136
137 if (bFirst)
138 {
139 // Preparation, position on the smallest element
140 ONDXPage* pPage = m_aRoot;
** CID 735748: Null pointer dereferences (FORWARD_NULL)
/filter/source/pdf/pdfexport.cxx: 187 in PDFExport::ExportSelection(vcl::PDFWriter &, com::sun::star::uno::Reference<com::sun::star::view::XRenderable> &, const com::sun::star::uno::Any &, const StringRangeEnumerator &, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> &, int)()
________________________________________________________________________________________________________
*** CID 735748: Null pointer dereferences (FORWARD_NULL)
/filter/source/pdf/pdfexport.cxx: 187 in PDFExport::ExportSelection(vcl::PDFWriter &, com::sun::star::uno::Reference<com::sun::star::view::XRenderable> &, const com::sun::star::uno::Any &, const StringRangeEnumerator &, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> &, int)()
181 }
182
183 OutputDevice* pOut = rPDFWriter.GetReferenceDevice();
184
185 if( pOut )
186 {
>>> CID 735748: Null pointer dereferences (FORWARD_NULL)
>>> Assigning: "pPDFExtOutDevData" = "dynamic_cast <vcl::PDFExtOutDevData *>(pOut->GetExtOutDevData())".
187 vcl::PDFExtOutDevData* pPDFExtOutDevData = dynamic_cast<vcl::PDFExtOutDevData* >( pOut->GetExtOutDevData() );
188 if ( nPageCount )
189 {
190 pPDFExtOutDevData->SetIsExportNotesPages( bExportNotesPages );
191
192 sal_Int32 nCurrentPage(0);
** CID 735690: Null pointer dereferences (FORWARD_NULL)
/dbaccess/source/ui/dlg/dbadmin.cxx: 112 in dbaui::ODbAdminDialog::impl_selectDataSource(const com::sun::star::uno::Any &)()
________________________________________________________________________________________________________
*** CID 735690: Null pointer dereferences (FORWARD_NULL)
/dbaccess/source/ui/dlg/dbadmin.cxx: 112 in dbaui::ODbAdminDialog::impl_selectDataSource(const com::sun::star::uno::Any &)()
106 void ODbAdminDialog::impl_selectDataSource(const css::uno::Any& _aDataSourceName)
107 {
108 m_pImpl->setDataSourceOrName(_aDataSourceName);
109 Reference< XPropertySet > xDatasource = m_pImpl->getCurrentDataSource();
110 impl_resetPages( xDatasource );
111
>>> CID 735690: Null pointer dereferences (FORWARD_NULL)
>>> Assigning: "pCollectionItem" = "dynamic_cast <dbaui::DbuTypeCollectionItem const *>(this->getOutputSet()->GetItem(5, true, NULL))".
112 const DbuTypeCollectionItem* pCollectionItem = dynamic_cast<const DbuTypeCollectionItem*>( getOutputSet()->GetItem(DSID_TYPECOLLECTION) );
113 ::dbaccess::ODsnTypeCollection* pCollection = pCollectionItem->getCollection();
114 ::dbaccess::DATASOURCE_TYPE eType = pCollection->determineType(getDatasourceType(*getOutputSet()));
115
116 // and insert the new ones
117 switch ( eType )
** CID 735689: Null pointer dereferences (FORWARD_NULL)
/dbaccess/source/ui/dlg/dbadmin.cxx: 203 in dbaui::ODbAdminDialog::impl_resetPages(const com::sun::star::uno::Reference<com::sun::star::beans::XPropertySet> &)()
________________________________________________________________________________________________________
*** CID 735689: Null pointer dereferences (FORWARD_NULL)
/dbaccess/source/ui/dlg/dbadmin.cxx: 203 in dbaui::ODbAdminDialog::impl_resetPages(const com::sun::star::uno::Reference<com::sun::star::beans::XPropertySet> &)()
197 // reset the example set
198 delete pExampleSet;
199 pExampleSet = new SfxItemSet(*GetInputSetImpl());
200
201 // special case: MySQL Native does not have the generic "advanced" page
202
>>> CID 735689: Null pointer dereferences (FORWARD_NULL)
>>> Assigning: "pCollectionItem" = "dynamic_cast <dbaui::DbuTypeCollectionItem const *>(this->getOutputSet()->GetItem(5, true, NULL))".
203 const DbuTypeCollectionItem* pCollectionItem = dynamic_cast<const DbuTypeCollectionItem*>( getOutputSet()->GetItem(DSID_TYPECOLLECTION) );
204 ::dbaccess::ODsnTypeCollection* pCollection = pCollectionItem->getCollection();
205 if ( pCollection->determineType(getDatasourceType( *pExampleSet )) == ::dbaccess::DST_MYSQL_NATIVE )
206 {
207 AddTabPage( PAGE_MYSQL_NATIVE, OUString( ModuleRes( STR_PAGETITLE_CONNECTION ) ), ODriversSettings::CreateMySQLNATIVE, NULL );
208 RemoveTabPage("advanced");
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/libreoffice?tab=overview
To manage Coverity Scan email notifications for "libreoffice at lists.freedesktop.org", click https://scan.coverity.com/subscriptions/edit?email=libreoffice%40lists.freedesktop.org&token=d6481d718a775246b2340f282ebe5939
More information about the LibreOffice
mailing list