New Defects reported by Coverity Scan for LibreOffice
scan-admin at coverity.com
scan-admin at coverity.com
Sat Jun 11 18:17:45 UTC 2016
Hi,
Please find the latest report on new defect(s) introduced to LibreOffice found with Coverity Scan.
14 new defect(s) introduced to LibreOffice found with Coverity Scan.
3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 14 of 14 defect(s)
** CID 1362689: Uninitialized members (UNINIT_CTOR)
/sd/source/filter/eppt/pptx-text.cxx: 70 in PortionObj::PortionObj(const com::sun::star::uno::Reference<com::sun::star::beans::XPropertySet> &, FontCollection &)()
________________________________________________________________________________________________________
*** CID 1362689: Uninitialized members (UNINIT_CTOR)
/sd/source/filter/eppt/pptx-text.cxx: 70 in PortionObj::PortionObj(const com::sun::star::uno::Reference<com::sun::star::beans::XPropertySet> &, FontCollection &)()
64 mpText ( nullptr ),
65 mpFieldEntry ( nullptr )
66 {
67 mXPropSet = rXPropSet;
68
69 ImplGetPortionValues( rFontCollection );
>>> CID 1362689: Uninitialized members (UNINIT_CTOR)
>>> Non-static class member "meCharHeight" is not initialized in this constructor nor in any functions that it calls.
70 }
71
72 PortionObj::PortionObj(css::uno::Reference< css::text::XTextRange > & rXTextRange,
73 bool bLast, FontCollection& rFontCollection)
74 : meCharColor(css::beans::PropertyState_AMBIGUOUS_VALUE)
75 , meCharHeight(css::beans::PropertyState_AMBIGUOUS_VALUE)
** CID 1362688: Uninitialized members (UNINIT_CTOR)
/sw/source/uibase/app/docstyle.cxx: 485 in SwDocStyleSheet::SwDocStyleSheet(SwDoc &, const rtl::OUString &, SwDocStyleSheetPool *, SfxStyleFamily)()
________________________________________________________________________________________________________
*** CID 1362688: Uninitialized members (UNINIT_CTOR)
/sw/source/uibase/app/docstyle.cxx: 485 in SwDocStyleSheet::SwDocStyleSheet(SwDoc &, const rtl::OUString &, SwDocStyleSheetPool *, SfxStyleFamily)()
479 FN_PARAM_FTN_INFO, FN_PARAM_FTN_INFO, // [21123
480 FN_COND_COLL, FN_COND_COLL, // [22401
481 0),
482 bPhysical(false)
483 {
484 nHelpId = UCHAR_MAX;
>>> CID 1362688: Uninitialized members (UNINIT_CTOR)
>>> Non-static class member "pBoxFormat" is not initialized in this constructor nor in any functions that it calls.
485 }
486
487 SwDocStyleSheet::SwDocStyleSheet( const SwDocStyleSheet& rOrg) :
488 SfxStyleSheetBase(rOrg),
489 pCharFormat(rOrg.pCharFormat),
490 pColl(rOrg.pColl),
** CID 1362687: Uninitialized members (UNINIT_CTOR)
/sw/source/uibase/app/docstyle.cxx: 498 in SwDocStyleSheet::SwDocStyleSheet(const SwDocStyleSheet&)()
________________________________________________________________________________________________________
*** CID 1362687: Uninitialized members (UNINIT_CTOR)
/sw/source/uibase/app/docstyle.cxx: 498 in SwDocStyleSheet::SwDocStyleSheet(const SwDocStyleSheet&)()
492 pDesc(rOrg.pDesc),
493 pNumRule(rOrg.pNumRule),
494 rDoc(rOrg.rDoc),
495 aCoreSet(rOrg.aCoreSet),
496 bPhysical(rOrg.bPhysical)
497 {
>>> CID 1362687: Uninitialized members (UNINIT_CTOR)
>>> Non-static class member "pBoxFormat" is not initialized in this constructor nor in any functions that it calls.
498 }
499
500 SwDocStyleSheet::~SwDocStyleSheet()
501 {
502 }
503
** CID 1362686: Uninitialized variables (UNINIT)
/sd/source/filter/eppt/pptx-stylesheet.cxx: 83 in PPTExCharSheet::SetStyleSheet(const com::sun::star::uno::Reference<com::sun::star::beans::XPropertySet> &, FontCollection &, int)()
________________________________________________________________________________________________________
*** CID 1362686: Uninitialized variables (UNINIT)
/sd/source/filter/eppt/pptx-stylesheet.cxx: 83 in PPTExCharSheet::SetStyleSheet(const com::sun::star::uno::Reference<com::sun::star::beans::XPropertySet> &, FontCollection &, int)()
77 PPTExCharLevel& rLev = maCharLevel[ nLevel ];
78
79 if ( aPortionObj.meCharColor == css::beans::PropertyState_DIRECT_VALUE )
80 rLev.mnFontColor = aPortionObj.mnCharColor;
81 if ( aPortionObj.meCharEscapement == css::beans::PropertyState_DIRECT_VALUE )
82 rLev.mnEscapement = aPortionObj.mnCharEscapement;
>>> CID 1362686: Uninitialized variables (UNINIT)
>>> Using uninitialized value "aPortionObj.meCharHeight".
83 if ( aPortionObj.meCharHeight == css::beans::PropertyState_DIRECT_VALUE )
84 rLev.mnFontHeight = aPortionObj.mnCharHeight;
85 if ( aPortionObj.meFontName == css::beans::PropertyState_DIRECT_VALUE )
86 rLev.mnFont = aPortionObj.mnFont;
87 if ( aPortionObj.meAsianOrComplexFont == css::beans::PropertyState_DIRECT_VALUE )
88 rLev.mnAsianOrComplexFont = aPortionObj.mnAsianOrComplexFont;
** CID 1362685: Uninitialized variables (UNINIT)
/sc/source/core/data/dpobject.cxx: 1888 in ScDPObject::ParseFilters(rtl::OUString &, std::vector<com::sun::star::sheet::DataPilotFieldFilter, std::allocator<com::sun::star::sheet::DataPilotFieldFilter>> &, std::vector<com::sun::star::sheet::GeneralFunction, std::allocator<com::sun::star::sheet::GeneralFunction>>&, const rtl::OUString &)()
________________________________________________________________________________________________________
*** CID 1362685: Uninitialized variables (UNINIT)
/sc/source/core/data/dpobject.cxx: 1888 in ScDPObject::ParseFilters(rtl::OUString &, std::vector<com::sun::star::sheet::DataPilotFieldFilter, std::allocator<com::sun::star::sheet::DataPilotFieldFilter>> &, std::vector<com::sun::star::sheet::GeneralFunction, std::allocator<com::sun::star::sheet::GeneralFunction>>&, const rtl::OUString &)()
1882 {
1883 SvNumberFormatter* pFormatter = mpTableData->GetCacheTable().getCache().GetNumberFormatter();
1884 if (pFormatter)
1885 {
1886 // Parse possible number from aQueryValueName and format
1887 // locale independent as aQueryValue.
>>> CID 1362685: Uninitialized variables (UNINIT)
>>> Declaring variable "nNumFormat" without initializer.
1888 sal_uInt32 nNumFormat;
1889 double fValue;
1890 if (pFormatter->IsNumberFormat( aQueryValueName, nNumFormat, fValue))
1891 aQueryValue = ScDPCache::GetLocaleIndependentFormattedString( fValue, *pFormatter, nNumFormat);
1892 }
1893 }
** CID 1362684: Uninitialized variables (UNINIT)
/sc/source/core/tool/interpr2.cxx: 3363 in ScInterpreter::ScGetPivotData()()
________________________________________________________________________________________________________
*** CID 1362684: Uninitialized variables (UNINIT)
/sc/source/core/tool/interpr2.cxx: 3363 in ScInterpreter::ScGetPivotData()()
3357 else
3358 {
3359 aFilters[i].MatchValueName = aSharedString.getString();
3360
3361 // Parse possible number from MatchValueName and format
3362 // locale independent as MatchValue.
>>> CID 1362684: Uninitialized variables (UNINIT)
>>> Declaring variable "nNumFormat" without initializer.
3363 sal_uInt32 nNumFormat;
3364 double fValue;
3365 if (pFormatter->IsNumberFormat( aFilters[i].MatchValueName, nNumFormat, fValue))
3366 aFilters[i].MatchValue = ScDPCache::GetLocaleIndependentFormattedString(
3367 fValue, *pFormatter, nNumFormat);
3368 else
** CID 1362682: Insecure data handling (TAINTED_SCALAR)
/lotuswordpro/source/filter/lwpsdwgrouploaderv0102.cxx: 226 in LwpSdwGroupLoaderV0102::BeginDrawObjects(std::vector<rtl::Reference<XFFrame>, std::allocator<rtl::Reference<XFFrame>>> *)()
________________________________________________________________________________________________________
*** CID 1362682: Insecure data handling (TAINTED_SCALAR)
/lotuswordpro/source/filter/lwpsdwgrouploaderv0102.cxx: 226 in LwpSdwGroupLoaderV0102::BeginDrawObjects(std::vector<rtl::Reference<XFFrame>, std::allocator<rtl::Reference<XFFrame>>> *)()
220 m_aTransformData.fLeftMargin = fLeftMargin;
221 m_aTransformData.fTopMargin = fTopMargin;
222 }
223 }
224
225 //load draw object
>>> CID 1362682: Insecure data handling (TAINTED_SCALAR)
>>> Using tainted variable "nRecCount" as a loop boundary.
226 for (unsigned short i = 0; i < nRecCount; i++)
227 {
228 XFFrame* pXFDrawObj = CreateDrawObject();
229
230 if (pXFDrawObj)
231 {
** CID 1362681: Insecure data handling (TAINTED_SCALAR)
/lotuswordpro/source/filter/lwpsdwgrouploaderv0102.cxx: 279 in LwpSdwGroupLoaderV0102::CreateDrawGroupObject()()
________________________________________________________________________________________________________
*** CID 1362681: Insecure data handling (TAINTED_SCALAR)
/lotuswordpro/source/filter/lwpsdwgrouploaderv0102.cxx: 279 in LwpSdwGroupLoaderV0102::CreateDrawGroupObject()()
273 // fileSize
274 m_pStream->SeekRel(2);
275
276 XFDrawGroup* pXFDrawGroup = new XFDrawGroup();
277
278 //load draw object
>>> CID 1362681: Insecure data handling (TAINTED_SCALAR)
>>> Using tainted variable "nRecCount" as a loop boundary.
279 for (unsigned short i = 0; i < nRecCount; i++)
280 {
281 XFFrame* pXFDrawObj = CreateDrawObject();
282
283 if (pXFDrawObj)
284 {
** CID 1362680: (RETURN_LOCAL)
/dbaccess/source/ui/uno/copytablewizard.cxx: 977 in dbaui::<unnamed>::ValueTransfer::ValueTransfer(int, int, const std::vector<int, std::allocator<int>> &, const com::sun::star::uno::Reference<com::sun::star::sdbc::XRow> &, const com::sun::star::uno::Reference<com::sun::star::sdbc::XParameters> &)()
/dbaccess/source/ui/uno/copytablewizard.cxx: 977 in dbaui::<unnamed>::ValueTransfer::ValueTransfer(int, int, const std::vector<int, std::allocator<int>> &, const com::sun::star::uno::Reference<com::sun::star::sdbc::XRow> &, const com::sun::star::uno::Reference<com::sun::star::sdbc::XParameters> &)()
________________________________________________________________________________________________________
*** CID 1362680: (RETURN_LOCAL)
/dbaccess/source/ui/uno/copytablewizard.cxx: 977 in dbaui::<unnamed>::ValueTransfer::ValueTransfer(int, int, const std::vector<int, std::allocator<int>> &, const com::sun::star::uno::Reference<com::sun::star::sdbc::XRow> &, const com::sun::star::uno::Reference<com::sun::star::sdbc::XParameters> &)()
971 :m_rSourcePos( _rSourcePos )
972 ,m_rDestPos( _rDestPos )
973 ,m_rColTypes( _rColTypes )
974 ,m_xSource( _rxSource )
975 ,m_xDest( _rxDest )
976 {
>>> CID 1362680: (RETURN_LOCAL)
>>> Returning here.
977 }
978
979 template< typename VALUE_TYPE >
980 void transferValue( VALUE_TYPE ( SAL_CALL XRow::*_pGetter )( sal_Int32 ),
981 void (SAL_CALL XParameters::*_pSetter)( sal_Int32, VALUE_TYPE ) )
982 {
/dbaccess/source/ui/uno/copytablewizard.cxx: 977 in dbaui::<unnamed>::ValueTransfer::ValueTransfer(int, int, const std::vector<int, std::allocator<int>> &, const com::sun::star::uno::Reference<com::sun::star::sdbc::XRow> &, const com::sun::star::uno::Reference<com::sun::star::sdbc::XParameters> &)()
971 :m_rSourcePos( _rSourcePos )
972 ,m_rDestPos( _rDestPos )
973 ,m_rColTypes( _rColTypes )
974 ,m_xSource( _rxSource )
975 ,m_xDest( _rxDest )
976 {
>>> CID 1362680: (RETURN_LOCAL)
>>> Returning here.
977 }
978
979 template< typename VALUE_TYPE >
980 void transferValue( VALUE_TYPE ( SAL_CALL XRow::*_pGetter )( sal_Int32 ),
981 void (SAL_CALL XParameters::*_pSetter)( sal_Int32, VALUE_TYPE ) )
982 {
** CID 1362679: (FORWARD_NULL)
/editeng/source/editeng/impedit3.cxx: 3091 in ImpEditEngine::Paint(OutputDevice *, Rectangle, Point, bool, short)()
/editeng/source/editeng/impedit3.cxx: 3440 in ImpEditEngine::Paint(OutputDevice *, Rectangle, Point, bool, short)()
/editeng/source/editeng/impedit3.cxx: 3063 in ImpEditEngine::Paint(OutputDevice *, Rectangle, Point, bool, short)()
________________________________________________________________________________________________________
*** CID 1362679: (FORWARD_NULL)
/editeng/source/editeng/impedit3.cxx: 3091 in ImpEditEngine::Paint(OutputDevice *, Rectangle, Point, bool, short)()
3085
3086 if ( 0x200B == cChar || 0x2060 == cChar )
3087 {
3088 const OUString aBlank( ' ' );
3089 long nHalfBlankWidth = aTmpFont.QuickGetTextSize( pOutDev, aBlank, 0, 1 ).Width() / 2;
3090
>>> CID 1362679: (FORWARD_NULL)
>>> Dereferencing null pointer "pDXArray".
3091 const long nAdvanceX = ( nTmpIdx == nTmpEnd ?
3092 rTextPortion.GetSize().Width() :
3093 pDXArray[ nTmpIdx - nTextStart ] ) - nHalfBlankWidth;
3094 const long nAdvanceY = -pLine->GetMaxAscent();
3095
3096 Point aTopLeftRectPos( aTmpPos );
/editeng/source/editeng/impedit3.cxx: 3440 in ImpEditEngine::Paint(OutputDevice *, Rectangle, Point, bool, short)()
3434 {
3435 aRealOutPos.X() += rTextPortion.GetExtraInfos()->nPortionOffsetX;
3436 }
3437
3438 // RTL portions with (#i37132#)
3439 // compressed blank should not paint this blank:
>>> CID 1362679: (FORWARD_NULL)
>>> Dereferencing null pointer "pDXArray".
3440 if ( rTextPortion.IsRightToLeft() && nTextLen >= 2 &&
3441 pDXArray[ nTextLen - 1 ] ==
3442 pDXArray[ nTextLen - 2 ] &&
3443 ' ' == aText[nTextStart + nTextLen - 1] )
3444 --nTextLen;
3445
/editeng/source/editeng/impedit3.cxx: 3063 in ImpEditEngine::Paint(OutputDevice *, Rectangle, Point, bool, short)()
3057 ImplInitLayoutMode( pOutDev, n, nIndex );
3058 ImplInitDigitMode(pOutDev, aTmpFont.GetLanguage());
3059
3060 OUString aText;
3061 sal_Int32 nTextStart = 0;
3062 sal_Int32 nTextLen = 0;
>>> CID 1362679: (FORWARD_NULL)
>>> Assigning: "pDXArray" = "NULL".
3063 const long* pDXArray = nullptr;
3064 std::unique_ptr<long[]> pTmpDXArray;
3065
3066 if ( rTextPortion.GetKind() == PortionKind::TEXT )
3067 {
3068 aText = pPortion->GetNode()->GetString();
** CID 1362678: Null pointer dereferences (FORWARD_NULL)
/sd/source/ui/slidesorter/shell/SlideSorterViewShell.cxx: 295 in sd::slidesorter::SlideSorterViewShell::RelocateToParentWindow(vcl::Window *)()
________________________________________________________________________________________________________
*** CID 1362678: Null pointer dereferences (FORWARD_NULL)
/sd/source/ui/slidesorter/shell/SlideSorterViewShell.cxx: 295 in sd::slidesorter::SlideSorterViewShell::RelocateToParentWindow(vcl::Window *)()
289 bool SlideSorterViewShell::RelocateToParentWindow (vcl::Window* pParentWindow)
290 {
291 OSL_ASSERT(mpSlideSorter);
292 if ( ! mpSlideSorter)
293 return false;
294
>>> CID 1362678: Null pointer dereferences (FORWARD_NULL)
>>> Comparing "pParentWindow" to null implies that "pParentWindow" might be null.
295 if (pParentWindow == nullptr)
296 WriteFrameViewData();
297 const bool bSuccess (mpSlideSorter->RelocateToWindow(pParentWindow));
298 if (pParentWindow != nullptr)
299 ReadFrameViewData(mpFrameView);
300
** CID 1362677: Null pointer dereferences (FORWARD_NULL)
/sfx2/source/control/templateabstractview.cxx: 324 in TemplateAbstractView::RemoveDefaultTemplateIcon(const rtl::OUString &)()
________________________________________________________________________________________________________
*** CID 1362677: Null pointer dereferences (FORWARD_NULL)
/sfx2/source/control/templateabstractview.cxx: 324 in TemplateAbstractView::RemoveDefaultTemplateIcon(const rtl::OUString &)()
318 }
319
320 void TemplateAbstractView::RemoveDefaultTemplateIcon(const OUString& rPath)
321 {
322 for (ThumbnailViewItem* pItem : mItemList)
323 {
>>> CID 1362677: Null pointer dereferences (FORWARD_NULL)
>>> Assigning: "pViewItem" = "dynamic_cast <TemplateViewItem *>(pItem)".
324 TemplateViewItem* pViewItem = dynamic_cast<TemplateViewItem*>(pItem);
325 if(pViewItem->getPath().match(rPath))
326 {
327 pViewItem->showDefaultIcon(false);
328 Invalidate();
329 return;
** CID 1362676: Null pointer dereferences (FORWARD_NULL)
/vcl/source/window/paint.cxx: 1463 in vcl::Window::PaintToDevice(OutputDevice *, const Point &, const Size &)()
________________________________________________________________________________________________________
*** CID 1362676: Null pointer dereferences (FORWARD_NULL)
/vcl/source/window/paint.cxx: 1463 in vcl::Window::PaintToDevice(OutputDevice *, const Point &, const Size &)()
1457 DBG_ASSERT( ! pDev->IsRTLEnabled(), "PaintToDevice to mirroring device" );
1458
1459 vcl::Window* pRealParent = nullptr;
1460 if( ! mpWindowImpl->mbVisible )
1461 {
1462 vcl::Window* pTempParent = ImplGetDefaultWindow();
>>> CID 1362676: Null pointer dereferences (FORWARD_NULL)
>>> Comparing "pTempParent" to null implies that "pTempParent" might be null.
1463 if( pTempParent )
1464 pTempParent->EnableChildTransparentMode();
1465 pRealParent = GetParent();
1466 SetParent( pTempParent );
1467 // trigger correct visibility flags for children
1468 Show();
** CID 1362675: Null pointer dereferences (FORWARD_NULL)
/ridljar/com/sun/star/lib/uno/typedesc/TypeDescription.java: 499 in com.sun.star.lib.uno.typedesc.TypeDescription.<init>(com.sun.star.uno.TypeClass, java.lang.String, java.lang.String, java.lang.Class, com.sun.star.lib.uno.typedesc.TypeDescription[], com.sun.star.lib.uno.typedesc.TypeDescription)()
________________________________________________________________________________________________________
*** CID 1362675: Null pointer dereferences (FORWARD_NULL)
/ridljar/com/sun/star/lib/uno/typedesc/TypeDescription.java: 499 in com.sun.star.lib.uno.typedesc.TypeDescription.<init>(com.sun.star.uno.TypeClass, java.lang.String, java.lang.String, java.lang.Class, com.sun.star.lib.uno.typedesc.TypeDescription[], com.sun.star.lib.uno.typedesc.TypeDescription)()
493 this.typeName = typeName;
494 this.arrayTypeName = arrayTypeName;
495 this.zClass = zClass;
496 this.superTypes = superTypes;
497 this.componentType = componentType;
498 TypeDescription[] args = calculateTypeArguments();
>>> CID 1362675: Null pointer dereferences (FORWARD_NULL)
>>> Comparing "args" to null implies that "args" might be null.
499 this.hasTypeArguments = args != null;
500 this.fieldDescriptions = calculateFieldDescriptions(args);
501 // methodDescriptions must be initialized lazily, to avoid problems with
502 // circular dependencies (a super-interface that has a sub-interface as
503 // method parameter type; an interface that has a struct as method
504 // parameter type, and the struct has the interface as member type)
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/libreoffice?tab=overview
To manage Coverity Scan email notifications for "libreoffice at lists.freedesktop.org", click https://scan.coverity.com/subscriptions/edit?email=libreoffice%40lists.freedesktop.org&token=d6481d718a775246b2340f282ebe5939
More information about the LibreOffice
mailing list