New Defects reported by Coverity Scan for LibreOffice
scan-admin at coverity.com
scan-admin at coverity.com
Thu Dec 15 21:04:51 UTC 2016
Hi,
Please find the latest report on new defect(s) introduced to LibreOffice found with Coverity Scan.
12 new defect(s) introduced to LibreOffice found with Coverity Scan.
30 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 12 of 12 defect(s)
** CID 1397207: Null pointer dereferences (REVERSE_INULL)
/sw/source/core/draw/dcontact.cxx: 414 in SwFlyDrawContact::GetAnchoredObj(const SdrObject *) const()
________________________________________________________________________________________________________
*** CID 1397207: Null pointer dereferences (REVERSE_INULL)
/sw/source/core/draw/dcontact.cxx: 414 in SwFlyDrawContact::GetAnchoredObj(const SdrObject *) const()
408 "<SwFlyDrawContact::GetAnchoredObj(..)> - wrong object type object provided" );
409 assert(GetUserCall(_pSdrObj) == this &&
410 "<SwFlyDrawContact::GetAnchoredObj(..)> - provided object doesn't belong to this contact");
411
412 const SwAnchoredObject* pRetAnchoredObj = nullptr;
413
>>> CID 1397207: Null pointer dereferences (REVERSE_INULL)
>>> Null-checking "_pSdrObj" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
414 if ( _pSdrObj && dynamic_cast<const SwVirtFlyDrawObj*>( _pSdrObj) != nullptr )
415 {
416 pRetAnchoredObj = static_cast<const SwVirtFlyDrawObj*>(_pSdrObj)->GetFlyFrame();
417 }
418
419 return pRetAnchoredObj;
** CID 1397206: Resource leaks (RESOURCE_LEAK)
/sc/source/ui/docshell/dataprovider.cxx: 123 in sc::CSVFetchThread::execute()()
________________________________________________________________________________________________________
*** CID 1397206: Resource leaks (RESOURCE_LEAK)
/sc/source/ui/docshell/dataprovider.cxx: 123 in sc::CSVFetchThread::execute()()
117 orcus::csv_parser<CSVHandler> parser(rLine.maLine.getStr(), rLine.maLine.getLength(), aHdl, maConfig);
118 parser.parse();
119 }
120
121 if (!mpStream->good())
122 RequestTerminate();
>>> CID 1397206: Resource leaks (RESOURCE_LEAK)
>>> Variable "pLines" going out of scope leaks the storage it points to.
123 }
124
125 CSVDataProvider::CSVDataProvider(const OUString& rURL, const ScRange& rRange):
126 maURL(rURL),
127 mrRange(rRange),
128 mbImportUnderway(false)
** CID 1397205: Memory - corruptions (OVERRUN)
________________________________________________________________________________________________________
*** CID 1397205: Memory - corruptions (OVERRUN)
/ucb/source/ucp/file/filtask.cxx: 694 in fileaccess::TaskManager::page(int, const rtl::OUString &, const com::sun::star::uno::Reference<com::sun::star::io::XOutputStream> &)()
688
689 do
690 {
691 err = aFile.read( static_cast<void*>(BFF),bfz,nrc );
692 if( err == osl::FileBase::E_None )
693 {
>>> CID 1397205: Memory - corruptions (OVERRUN)
>>> Overrunning array "BFF" of 512 8-byte elements by passing it to a function which accesses it at element index 4095 (byte offset 32760) using argument "(sal_uInt32)nrc" (which evaluates to 4096).
694 uno::Sequence< sal_Int8 > seq( BFF, (sal_uInt32)nrc );
695 try
696 {
697 xOutputStream->writeBytes( seq );
698 }
699 catch (const io::NotConnectedException&)
** CID 1397204: Null pointer dereferences (NULL_RETURNS)
/cui/source/options/optlingu.cxx: 225 in lcl_SetCheckButton(SvTreeListEntry *, bool)()
________________________________________________________________________________________________________
*** CID 1397204: Null pointer dereferences (NULL_RETURNS)
/cui/source/options/optlingu.cxx: 225 in lcl_SetCheckButton(SvTreeListEntry *, bool)()
219
220 static void lcl_SetCheckButton( SvTreeListEntry* pEntry, bool bCheck )
221 {
222 SvLBoxButton* pItem = static_cast<SvLBoxButton*>(pEntry->GetFirstItem(SvLBoxItemType::Button));
223
224 DBG_ASSERT(pItem,"SetCheckButton:Item not found");
>>> CID 1397204: Null pointer dereferences (NULL_RETURNS)
>>> Dereferencing a pointer that might be null "pItem" when calling "GetType". (The dereference happens because this is a virtual function call.)
225 if (pItem->GetType() == SvLBoxItemType::Button)
226 {
227 if (bCheck)
228 pItem->SetStateChecked();
229 else
230 pItem->SetStateUnchecked();
** CID 1397203: Null pointer dereferences (FORWARD_NULL)
/sw/source/core/layout/anchoreddrawobject.cxx: 66 in SwPosNotify::~SwPosNotify()()
________________________________________________________________________________________________________
*** CID 1397203: Null pointer dereferences (FORWARD_NULL)
/sw/source/core/layout/anchoreddrawobject.cxx: 66 in SwPosNotify::~SwPosNotify()()
60 }
61
62 SwPosNotify::~SwPosNotify()
63 {
64 if ( maOldObjRect != mpAnchoredDrawObj->GetObjRect() )
65 {
>>> CID 1397203: Null pointer dereferences (FORWARD_NULL)
>>> Comparing "this->mpOldPageFrame" to null implies that "this->mpOldPageFrame" might be null.
66 if( maOldObjRect.HasArea() && mpOldPageFrame )
67 {
68 mpAnchoredDrawObj->NotifyBackground( mpOldPageFrame, maOldObjRect,
69 PREP_FLY_LEAVE );
70 }
71 SwRect aNewObjRect( mpAnchoredDrawObj->GetObjRect() );
** CID 1397202: (CHECKED_RETURN)
/sc/source/filter/xml/xmlcondformat.cxx: 230 in ScXMLDataBarFormatContext::ScXMLDataBarFormatContext(ScXMLImport &, unsigned short, const rtl::OUString &, const com::sun::star::uno::Reference<com::sun::star::xml::sax::XAttributeList> &, ScConditionalFormat *)()
/sc/source/filter/xml/xmlcondformat.cxx: 269 in ScXMLDataBarFormatContext::ScXMLDataBarFormatContext(ScXMLImport &, unsigned short, const rtl::OUString &, const com::sun::star::uno::Reference<com::sun::star::xml::sax::XAttributeList> &, ScConditionalFormat *)()
________________________________________________________________________________________________________
*** CID 1397202: (CHECKED_RETURN)
/sc/source/filter/xml/xmlcondformat.cxx: 230 in ScXMLDataBarFormatContext::ScXMLDataBarFormatContext(ScXMLImport &, unsigned short, const rtl::OUString &, const com::sun::star::uno::Reference<com::sun::star::xml::sax::XAttributeList> &, ScConditionalFormat *)()
224 mpDataBarFormat = new ScDataBarFormat(rImport.GetDocument());
225 mpFormatData = new ScDataBarFormatData();
226 mpDataBarFormat->SetDataBarData(mpFormatData);
227 if(!sGradient.isEmpty())
228 {
229 bool bGradient = true;
>>> CID 1397202: (CHECKED_RETURN)
>>> Calling "convertBool" without checking return value (as is done elsewhere 73 out of 81 times).
230 sax::Converter::convertBool( bGradient, sGradient);
231 mpFormatData->mbGradient = bGradient;
232 }
233
234 if(!sPositiveColor.isEmpty())
235 {
/sc/source/filter/xml/xmlcondformat.cxx: 269 in ScXMLDataBarFormatContext::ScXMLDataBarFormatContext(ScXMLImport &, unsigned short, const rtl::OUString &, const com::sun::star::uno::Reference<com::sun::star::xml::sax::XAttributeList> &, ScConditionalFormat *)()
263 mpFormatData->maAxisColor = Color(nColor);
264 }
265
266 if(!sShowValue.isEmpty())
267 {
268 bool bShowValue = true;
>>> CID 1397202: (CHECKED_RETURN)
>>> Calling "convertBool" without checking return value (as is done elsewhere 73 out of 81 times).
269 sax::Converter::convertBool( bShowValue, sShowValue );
270 mpFormatData->mbOnlyBar = !bShowValue;
271 }
272
273 if (!sMinLength.isEmpty())
274 {
** CID 1397201: Error handling issues (CHECKED_RETURN)
/sc/source/filter/xml/xmlcondformat.cxx: 369 in ScXMLIconSetFormatContext::ScXMLIconSetFormatContext(ScXMLImport &, unsigned short, const rtl::OUString &, const com::sun::star::uno::Reference<com::sun::star::xml::sax::XAttributeList> &, ScConditionalFormat *)()
________________________________________________________________________________________________________
*** CID 1397201: Error handling issues (CHECKED_RETURN)
/sc/source/filter/xml/xmlcondformat.cxx: 369 in ScXMLIconSetFormatContext::ScXMLIconSetFormatContext(ScXMLImport &, unsigned short, const rtl::OUString &, const com::sun::star::uno::Reference<com::sun::star::xml::sax::XAttributeList> &, ScConditionalFormat *)()
363 ScIconSetFormat* pIconSetFormat = new ScIconSetFormat(GetScImport().GetDocument());
364 ScIconSetFormatData* pIconSetFormatData = new ScIconSetFormatData;
365
366 if(!sShowValue.isEmpty())
367 {
368 bool bShowValue = true;
>>> CID 1397201: Error handling issues (CHECKED_RETURN)
>>> Calling "convertBool" without checking return value (as is done elsewhere 73 out of 81 times).
369 sax::Converter::convertBool( bShowValue, sShowValue );
370 pIconSetFormatData->mbShowValue = !bShowValue;
371 }
372
373 pIconSetFormatData->eIconSetType = eType;
374 pIconSetFormat->SetIconSetData(pIconSetFormatData);
** CID 1397200: Error handling issues (CHECKED_RETURN)
/sfx2/source/appl/appmisc.cxx: 221 in SfxApplication::GetApplicationLogo(long)()
________________________________________________________________________________________________________
*** CID 1397200: Error handling issues (CHECKED_RETURN)
/sfx2/source/appl/appmisc.cxx: 221 in SfxApplication::GetApplicationLogo(long)()
215
216 /** loads the application logo as used in the impress slideshow pause screen */
217 BitmapEx SfxApplication::GetApplicationLogo(long nWidth)
218 {
219 BitmapEx aBitmap;
220 SfxApplication::loadBrandSvg("flat_logo", aBitmap, nWidth);
>>> CID 1397200: Error handling issues (CHECKED_RETURN)
>>> Calling "LoadBrandBitmap" without checking return value (as is done elsewhere 4 out of 5 times).
221 Application::LoadBrandBitmap ("about", aBitmap);
222 return aBitmap;
223 }
224
** CID 1394416: Memory - illegal accesses (OVERRUN)
/sw/source/filter/ww8/ww8scan.cxx: 2538 in WW8PLCFx_Fc_FKP::WW8Fkp::WW8Fkp(const WW8Fib &, SvStream *, SvStream *, long, long, ePLCFT, int)()
________________________________________________________________________________________________________
*** CID 1394416: Memory - illegal accesses (OVERRUN)
/sw/source/filter/ww8/ww8scan.cxx: 2538 in WW8PLCFx_Fc_FKP::WW8Fkp::WW8Fkp(const WW8Fib &, SvStream *, SvStream *, long, long, ePLCFT, int)()
2532 /*
2533 If we replace then we throw away the old data, if we
2534 are expanding, then we tack the old data onto the end
2535 of the new data
2536 */
2537 bool bExpand = IsExpandableSprm(nSpId);
>>> CID 1394416: Memory - illegal accesses (OVERRUN)
>>> Assigning: "pStartData" = "aEntry.mpData + 2". "pStartData" may now point between bytes 11 and 512 (inclusive) of "this->maRawData" (which consists of 512 bytes).
2538 const sal_uInt8* pStartData = aEntry.mpData + 2;
2539 const sal_uInt8* pLastValidDataPos = maRawData + 512 - sizeof(sal_uInt32);
2540 if ((IsReplaceAllSprm(nSpId) || bExpand) && pStartData <= pLastValidDataPos)
2541 {
2542 sal_uInt32 nCurr = pDataSt->Tell();
2543 sal_uInt32 nPos = SVBT32ToUInt32(pStartData);
** CID 1374076: Error handling issues (UNCAUGHT_EXCEPT)
/xmlsecurity/workben/pdfverify.cxx: 25 in main()
________________________________________________________________________________________________________
*** CID 1374076: Error handling issues (UNCAUGHT_EXCEPT)
/xmlsecurity/workben/pdfverify.cxx: 25 in main()
19 #include <sal/main.h>
20
21 #include <pdfio/pdfdocument.hxx>
22
23 using namespace com::sun::star;
24
>>> CID 1374076: Error handling issues (UNCAUGHT_EXCEPT)
>>> In function "main(int, char **)" an exception of type "std::length_error" is thrown and never caught.
25 SAL_IMPLEMENT_MAIN_WITH_ARGS(nArgc, pArgv)
26 {
27 if (nArgc < 2)
28 {
29 SAL_WARN("xmlsecurity.pdfio", "not enough parameters");
30 return 1;
** CID 1374075: Error handling issues (UNCAUGHT_EXCEPT)
/xmlsecurity/workben/pdfverify.cxx: 25 in main()
________________________________________________________________________________________________________
*** CID 1374075: Error handling issues (UNCAUGHT_EXCEPT)
/xmlsecurity/workben/pdfverify.cxx: 25 in main()
19 #include <sal/main.h>
20
21 #include <pdfio/pdfdocument.hxx>
22
23 using namespace com::sun::star;
24
>>> CID 1374075: Error handling issues (UNCAUGHT_EXCEPT)
>>> In function "main(int, char **)" an exception of type "com::sun::star::uno::DeploymentException" is thrown and never caught.
25 SAL_IMPLEMENT_MAIN_WITH_ARGS(nArgc, pArgv)
26 {
27 if (nArgc < 2)
28 {
29 SAL_WARN("xmlsecurity.pdfio", "not enough parameters");
30 return 1;
** CID 1371220: Low impact quality (MISSING_MOVE_ASSIGNMENT)
/include/svl/svdde.hxx: 53 in ()
________________________________________________________________________________________________________
*** CID 1371220: Low impact quality (MISSING_MOVE_ASSIGNMENT)
/include/svl/svdde.hxx: 53 in ()
47
48 typedef ::std::vector< DdeService* > DdeServices;
49 typedef ::std::vector< long > DdeFormats;
50 typedef ::std::vector< Conversation* > ConvList;
51
52
>>> CID 1371220: Low impact quality (MISSING_MOVE_ASSIGNMENT)
>>> Class "DdeData" may benefit from adding a move assignment operator. See other events which show the copy assignment operator being applied to rvalue(s), where a move assignment may be faster.
53 class SVL_DLLPUBLIC DdeData
54 {
55 friend class DdeInternal;
56 friend class DdeService;
57 friend class DdeConnection;
58 friend class DdeTransaction;
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRZBnDJeNb0HijxaS4JNJPxk3kpyAm2AYqo71yXmnOxB72ibeUH-2F-2F1Lhi9AZq3dRu-2F4-3D_g-2BrHdvqzaBa155F-2F8AmPhpJzY63UzWDisJV95WUBpGhqFw1ICExHG8aMaV2EoFpySWNurGZWaFtY-2BAGgN49CK3AATPFRGtPX0kNty-2BwHMWB7PAeIMj8PEdzK-2FIQnvkeWOgAM3KeVzpMwZO9ZxoSjJqTpH5j6myed0ldre6BaVJLwaItHli5h7d5ABwPzPngyPCH-2B020SNQlSSvMoFyBOm09Q-2BR8kOnOb7RPaaLNxOBk-3D
To manage Coverity Scan email notifications for "libreoffice at lists.freedesktop.org", click https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4k1FZJSDV-2FTHi5VQof9xGafB4oBwGYxuHHknceo2QLpCrZ44Ciy7AqBR2QyX6OCB5N5X-2B1MAElavPQhH6nLwozJzqOkt2k8uOkYf2ZoppNa9QVe0T3fEZVQ7Kky1tOkLz_g-2BrHdvqzaBa155F-2F8AmPhpJzY63UzWDisJV95WUBpGhqFw1ICExHG8aMaV2EoFpySWNurGZWaFtY-2BAGgN49CK3trAizMeo9JRei2wiz08IUH8TcmeFMjps3JOrO05yGEPOGJ8sLEl77Qafz1wkPQe-2FeDlJRh-2FMJzXC1dt9y4jT4PtPquN-2BgafApH8kAFam-2FHLGZB5tUej9bCb3fIvGAPXH9DnawuJGVMB1w-2BdLDkkaw-3D
More information about the LibreOffice
mailing list