New Defects reported by Coverity Scan for LibreOffice
scan-admin at coverity.com
scan-admin at coverity.com
Fri Dec 22 09:34:11 UTC 2017
Hi,
Please find the latest report on new defect(s) introduced to LibreOffice found with Coverity Scan.
9 new defect(s) introduced to LibreOffice found with Coverity Scan.
9 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 9 of 9 defect(s)
** CID 1426881: Integer handling issues (SIGN_EXTENSION)
/starmath/source/ooxmlexport.cxx: 446 in SmOoxmlExport::HandleMatrix(const SmMatrixNode *, int)()
________________________________________________________________________________________________________
*** CID 1426881: Integer handling issues (SIGN_EXTENSION)
/starmath/source/ooxmlexport.cxx: 446 in SmOoxmlExport::HandleMatrix(const SmMatrixNode *, int)()
440 for( int row = 0; row < pNode->GetNumRows(); ++row )
441 {
442 m_pSerializer->startElementNS( XML_m, XML_mr, FSEND );
443 for( int col = 0; col < pNode->GetNumCols(); ++col )
444 {
445 m_pSerializer->startElementNS( XML_m, XML_e, FSEND );
>>> CID 1426881: Integer handling issues (SIGN_EXTENSION)
>>> Suspicious implicit sign extension: "pNode->GetNumCols()" with type "sal_uInt16" (16 bits, unsigned) is promoted in "row * pNode->GetNumCols() + col" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned). If "row * pNode->GetNumCols() + col" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
446 if( const SmNode* node = pNode->GetSubNode( row * pNode->GetNumCols() + col ))
447 HandleNode( node, nLevel + 1 );
448 m_pSerializer->endElementNS( XML_m, XML_e );
449 }
450 m_pSerializer->endElementNS( XML_m, XML_mr );
451 }
** CID 1426880: Integer handling issues (SIGN_EXTENSION)
/starmath/source/visitors.cxx: 1069 in SmCaretPosGraphBuildingVisitor::Visit(SmMatrixNode *)()
________________________________________________________________________________________________________
*** CID 1426880: Integer handling issues (SIGN_EXTENSION)
/starmath/source/visitors.cxx: 1069 in SmCaretPosGraphBuildingVisitor::Visit(SmMatrixNode *)()
1063 SmCaretPosGraphEntry *left = mpRightMost,
1064 *right = mpGraph->Add( SmCaretPos( pNode, 1 ) );
1065
1066 for ( sal_uInt16 i = 0; i < pNode->GetNumRows( ); i++ ) {
1067 SmCaretPosGraphEntry* r = left;
1068 for ( sal_uInt16 j = 0; j < pNode->GetNumCols( ); j++ ){
>>> CID 1426880: Integer handling issues (SIGN_EXTENSION)
>>> Suspicious implicit sign extension: "pNode->GetNumCols()" with type "sal_uInt16" (16 bits, unsigned) is promoted in "i * pNode->GetNumCols() + j" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned). If "i * pNode->GetNumCols() + j" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
1069 SmNode* pSubNode = pNode->GetSubNode( i * pNode->GetNumCols( ) + j );
1070
1071 mpRightMost = mpGraph->Add( SmCaretPos( pSubNode, 0 ), r );
1072 if( j != 0 || ( pNode->GetNumRows( ) - 1 ) / 2 == i )
1073 r->SetRight( mpRightMost );
1074
** CID 1426879: Integer handling issues (SIGN_EXTENSION)
/starmath/source/node.cxx: 2211 in SmMatrixNode::CreateTextFromNode(rtl::OUString &)()
________________________________________________________________________________________________________
*** CID 1426879: Integer handling issues (SIGN_EXTENSION)
/starmath/source/node.cxx: 2211 in SmMatrixNode::CreateTextFromNode(rtl::OUString &)()
2205 {
2206 rText += "matrix {";
2207 for (sal_uInt16 i = 0; i < mnNumRows; i++)
2208 {
2209 for (sal_uInt16 j = 0; j < mnNumCols; j++)
2210 {
>>> CID 1426879: Integer handling issues (SIGN_EXTENSION)
>>> Suspicious implicit sign extension: "this->mnNumCols" with type "sal_uInt16" (16 bits, unsigned) is promoted in "i * this->mnNumCols + j" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned). If "i * this->mnNumCols + j" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
2211 SmNode *pNode = GetSubNode(i * mnNumCols + j);
2212 if (pNode)
2213 pNode->CreateTextFromNode(rText);
2214 if (j != mnNumCols-1)
2215 rText += "# ";
2216 }
** CID 1426878: Integer handling issues (SIGN_EXTENSION)
/starmath/source/visitors.cxx: 2286 in SmNodeToTextVisitor::Visit(SmMatrixNode *)()
________________________________________________________________________________________________________
*** CID 1426878: Integer handling issues (SIGN_EXTENSION)
/starmath/source/visitors.cxx: 2286 in SmNodeToTextVisitor::Visit(SmMatrixNode *)()
2280
2281 void SmNodeToTextVisitor::Visit( SmMatrixNode* pNode )
2282 {
2283 Append( "matrix{" );
2284 for ( sal_uInt16 i = 0; i < pNode->GetNumRows( ); i++ ) {
2285 for ( sal_uInt16 j = 0; j < pNode->GetNumCols( ); j++ ) {
>>> CID 1426878: Integer handling issues (SIGN_EXTENSION)
>>> Suspicious implicit sign extension: "i" with type "sal_uInt16" (16 bits, unsigned) is promoted in "i * pNode->GetNumCols() + j" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned). If "i * pNode->GetNumCols() + j" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
2286 SmNode* pSubNode = pNode->GetSubNode( i * pNode->GetNumCols( ) + j );
2287 Separate( );
2288 pSubNode->Accept( this );
2289 Separate( );
2290 if( j != pNode->GetNumCols( ) - 1 )
2291 Append( "#" );
** CID 1426877: Integer handling issues (SIGN_EXTENSION)
/starmath/source/node.cxx: 2211 in SmMatrixNode::CreateTextFromNode(rtl::OUString &)()
________________________________________________________________________________________________________
*** CID 1426877: Integer handling issues (SIGN_EXTENSION)
/starmath/source/node.cxx: 2211 in SmMatrixNode::CreateTextFromNode(rtl::OUString &)()
2205 {
2206 rText += "matrix {";
2207 for (sal_uInt16 i = 0; i < mnNumRows; i++)
2208 {
2209 for (sal_uInt16 j = 0; j < mnNumCols; j++)
2210 {
>>> CID 1426877: Integer handling issues (SIGN_EXTENSION)
>>> Suspicious implicit sign extension: "i" with type "sal_uInt16" (16 bits, unsigned) is promoted in "i * this->mnNumCols + j" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned). If "i * this->mnNumCols + j" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
2211 SmNode *pNode = GetSubNode(i * mnNumCols + j);
2212 if (pNode)
2213 pNode->CreateTextFromNode(rText);
2214 if (j != mnNumCols-1)
2215 rText += "# ";
2216 }
** CID 1426876: Integer handling issues (SIGN_EXTENSION)
/starmath/source/visitors.cxx: 1069 in SmCaretPosGraphBuildingVisitor::Visit(SmMatrixNode *)()
________________________________________________________________________________________________________
*** CID 1426876: Integer handling issues (SIGN_EXTENSION)
/starmath/source/visitors.cxx: 1069 in SmCaretPosGraphBuildingVisitor::Visit(SmMatrixNode *)()
1063 SmCaretPosGraphEntry *left = mpRightMost,
1064 *right = mpGraph->Add( SmCaretPos( pNode, 1 ) );
1065
1066 for ( sal_uInt16 i = 0; i < pNode->GetNumRows( ); i++ ) {
1067 SmCaretPosGraphEntry* r = left;
1068 for ( sal_uInt16 j = 0; j < pNode->GetNumCols( ); j++ ){
>>> CID 1426876: Integer handling issues (SIGN_EXTENSION)
>>> Suspicious implicit sign extension: "i" with type "sal_uInt16" (16 bits, unsigned) is promoted in "i * pNode->GetNumCols() + j" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned). If "i * pNode->GetNumCols() + j" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
1069 SmNode* pSubNode = pNode->GetSubNode( i * pNode->GetNumCols( ) + j );
1070
1071 mpRightMost = mpGraph->Add( SmCaretPos( pSubNode, 0 ), r );
1072 if( j != 0 || ( pNode->GetNumRows( ) - 1 ) / 2 == i )
1073 r->SetRight( mpRightMost );
1074
** CID 1426875: Integer handling issues (SIGN_EXTENSION)
/starmath/source/rtfexport.cxx: 394 in SmRtfExport::HandleMatrix(const SmMatrixNode *, int)()
________________________________________________________________________________________________________
*** CID 1426875: Integer handling issues (SIGN_EXTENSION)
/starmath/source/rtfexport.cxx: 394 in SmRtfExport::HandleMatrix(const SmMatrixNode *, int)()
388 for (int row = 0; row < pNode->GetNumRows(); ++row)
389 {
390 m_pBuffer->append("{" LO_STRING_SVTOOLS_RTF_MMR " ");
391 for (int col = 0; col < pNode->GetNumCols(); ++col)
392 {
393 m_pBuffer->append("{" LO_STRING_SVTOOLS_RTF_ME " ");
>>> CID 1426875: Integer handling issues (SIGN_EXTENSION)
>>> Suspicious implicit sign extension: "pNode->GetNumCols()" with type "sal_uInt16" (16 bits, unsigned) is promoted in "row * pNode->GetNumCols() + col" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned). If "row * pNode->GetNumCols() + col" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
394 if (const SmNode* node = pNode->GetSubNode(row * pNode->GetNumCols() + col))
395 HandleNode(node, nLevel + 1);
396 m_pBuffer->append("}"); // me
397 }
398 m_pBuffer->append("}"); // mmr
399 }
** CID 1426874: Null pointer dereferences (FORWARD_NULL)
/sw/source/uibase/shells/basesh.cxx: 2263 in SwBaseShell::ExecBckCol(SfxRequest &)()
________________________________________________________________________________________________________
*** CID 1426874: Null pointer dereferences (FORWARD_NULL)
/sw/source/uibase/shells/basesh.cxx: 2263 in SwBaseShell::ExecBckCol(SfxRequest &)()
2257 {
2258 SwWrtShell &rSh = GetShell();
2259 SelectionType nSelType(rSh.GetSelectionType());
2260 const SfxItemSet* pArgs = rReq.GetArgs();
2261 sal_uInt16 nSlot(rReq.GetSlot());
2262
>>> CID 1426874: Null pointer dereferences (FORWARD_NULL)
>>> Comparing "pArgs" to null implies that "pArgs" might be null.
2263 if(!pArgs && nSlot != SID_BACKGROUND_COLOR)
2264 {
2265 return;
2266 }
2267
2268 SvxBrushItem aBrushItem(RES_BACKGROUND);
** CID 1426873: Integer handling issues (SIGN_EXTENSION)
/starmath/source/visitors.cxx: 2286 in SmNodeToTextVisitor::Visit(SmMatrixNode *)()
________________________________________________________________________________________________________
*** CID 1426873: Integer handling issues (SIGN_EXTENSION)
/starmath/source/visitors.cxx: 2286 in SmNodeToTextVisitor::Visit(SmMatrixNode *)()
2280
2281 void SmNodeToTextVisitor::Visit( SmMatrixNode* pNode )
2282 {
2283 Append( "matrix{" );
2284 for ( sal_uInt16 i = 0; i < pNode->GetNumRows( ); i++ ) {
2285 for ( sal_uInt16 j = 0; j < pNode->GetNumCols( ); j++ ) {
>>> CID 1426873: Integer handling issues (SIGN_EXTENSION)
>>> Suspicious implicit sign extension: "pNode->GetNumCols()" with type "sal_uInt16" (16 bits, unsigned) is promoted in "i * pNode->GetNumCols() + j" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned). If "i * pNode->GetNumCols() + j" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
2286 SmNode* pSubNode = pNode->GetSubNode( i * pNode->GetNumCols( ) + j );
2287 Separate( );
2288 pSubNode->Accept( this );
2289 Separate( );
2290 if( j != pNode->GetNumCols( ) - 1 )
2291 Append( "#" );
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRZBnDJeNb0HijxaS4JNJPxk3kpyAm2AYqo71yXmnOxB72ibeUH-2F-2F1Lhi9AZq3dRu-2F4-3D_g-2BrHdvqzaBa155F-2F8AmPhpJzY63UzWDisJV95WUBpGhqFw1ICExHG8aMaV2EoFpyK1hKEUYSVz-2F7VlwLWIyqyAG6HMOTGaDtsDhBRgcu2Ot6seKqwBv-2BJsLGOxIGKBH9fCVpZiZkGoT1Mb9d2fmnkAEDZpMWSureyNYrGZhZQpwhmeTEa45SNidLw6RHUAyz-2FwyMHFkjpRmgll56EgooUDdvGDlrZA50UdXCVjsjFdM-3D
To manage Coverity Scan email notifications for "libreoffice at lists.freedesktop.org", click https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4k1FZJSDV-2FTHi5VQof9xGafB4oBwGYxuHHknceo2QLpCrZ44Ciy7AqBR2QyX6OCB5lwWgMDuK-2FivqaohkU3M9kT-2Fww10Qt2GoaCJAOQCa0Wv4ijH4oV8jCt0XXa7QeAwh_g-2BrHdvqzaBa155F-2F8AmPhpJzY63UzWDisJV95WUBpGhqFw1ICExHG8aMaV2EoFpyK1hKEUYSVz-2F7VlwLWIyqyFQ3S2f8SD0kp4XrqL8tqOC3xj3R2xMb2ugJ19q0ZU5Tudup3hY0-2BvSNDAlkhgjrf1-2FPYWmC8uo2SdsdbumdY6WQ6nzRfoQ7sNJHbaIN4dxyz5Y-2Bjj4wQfkuc5XOwJZFYoGFB7sOohYio4d3G7baK18-3D
More information about the LibreOffice
mailing list