New Defects reported by Coverity Scan for LibreOffice

Tue Jan 24 07:03:15 UTC 2017

Hi,

Please find the latest report on new defect(s) introduced to LibreOffice found with Coverity Scan.

3 new defect(s) introduced to LibreOffice found with Coverity Scan.
41 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 3 of 3 defect(s)

** CID 1399552:  Integer handling issues  (SIGN_EXTENSION)
/vcl/source/filter/sgfbram.cxx: 297 in SgfFilterBMap(SvStream &, SvStream &, SgfHeader &, SgfEntry &)()

________________________________________________________________________________________________________
*** CID 1399552:  Integer handling issues  (SIGN_EXTENSION)
/vcl/source/filter/sgfbram.cxx: 297 in SgfFilterBMap(SvStream &, SvStream &, SgfHeader &, SgfEntry &)()
291             }
292         } else if (nColors==256) {
293     
294             //we're going to loop Ysize * XSize on GetByte, max compression for GetByte is a run of 63
295             //if we're less than that (and add a generous amount of wriggle room) then its not going
296             //to fly
>>>     CID 1399552:  Integer handling issues  (SIGN_EXTENSION)
>>>     Suspicious implicit sign extension: "rHead.Ysize" with type "sal_uInt16" (16 bits, unsigned) is promoted in "rHead.Xsize * rHead.Ysize / 128" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned).  If "rHead.Xsize * rHead.Ysize / 128" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
297             const sal_uInt64 nMinBytesPossiblyNeeded = rHead.Xsize * rHead.Ysize / 128;
298             if (rInp.remainingSize() < nMinBytesPossiblyNeeded)
299                 return false;
300     
301             cRGB[3]=0;                      // fourth palette entry for BMP
302             for (sal_uInt16 i=0;i<256;i++) {           // copy palette

** CID 1399551:  Integer handling issues  (SIGN_EXTENSION)
/vcl/source/filter/sgfbram.cxx: 297 in SgfFilterBMap(SvStream &, SvStream &, SgfHeader &, SgfEntry &)()

________________________________________________________________________________________________________
*** CID 1399551:  Integer handling issues  (SIGN_EXTENSION)
/vcl/source/filter/sgfbram.cxx: 297 in SgfFilterBMap(SvStream &, SvStream &, SgfHeader &, SgfEntry &)()
291             }
292         } else if (nColors==256) {
293     
294             //we're going to loop Ysize * XSize on GetByte, max compression for GetByte is a run of 63
295             //if we're less than that (and add a generous amount of wriggle room) then its not going
296             //to fly
>>>     CID 1399551:  Integer handling issues  (SIGN_EXTENSION)
>>>     Suspicious implicit sign extension: "rHead.Xsize" with type "sal_uInt16" (16 bits, unsigned) is promoted in "rHead.Xsize * rHead.Ysize / 128" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned).  If "rHead.Xsize * rHead.Ysize / 128" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
297             const sal_uInt64 nMinBytesPossiblyNeeded = rHead.Xsize * rHead.Ysize / 128;
298             if (rInp.remainingSize() < nMinBytesPossiblyNeeded)
299                 return false;
300     
301             cRGB[3]=0;                      // fourth palette entry for BMP
302             for (sal_uInt16 i=0;i<256;i++) {           // copy palette

** CID 1399550:  Null pointer dereferences  (FORWARD_NULL)
/sd/source/ui/unoidl/unopage.cxx: 2706 in SdMasterPage::SdMasterPage(SdXImpressDocument *, SdPage *)()

________________________________________________________________________________________________________
*** CID 1399550:  Null pointer dereferences  (FORWARD_NULL)
/sd/source/ui/unoidl/unopage.cxx: 2706 in SdMasterPage::SdMasterPage(SdXImpressDocument *, SdPage *)()
2700             return Any( Reference< XIndexAccess >( this ) );
2701         }
2702     }
2703     
2704     // class SdMasterPage
2705     SdMasterPage::SdMasterPage( SdXImpressDocument* pModel, SdPage* pPage ) throw()
>>>     CID 1399550:  Null pointer dereferences  (FORWARD_NULL)
>>>     Comparing "pPage" to null implies that "pPage" might be null.
2706     : SdGenericDrawPage( pModel, pPage, ImplGetMasterPagePropertySet( pPage ? pPage->GetPageKind() : PageKind::Standard ) )
2707     {
2708     }
2709     
2710     SdMasterPage::~SdMasterPage() throw()
2711     {

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRZBnDJeNb0HijxaS4JNJPxk3kpyAm2AYqo71yXmnOxB72ibeUH-2F-2F1Lhi9AZq3dRu-2F4-3D_g-2BrHdvqzaBa155F-2F8AmPhpJzY63UzWDisJV95WUBpGhqFw1ICExHG8aMaV2EoFpyto4qO066Rh0hXrp2oBZ4b-2Bxsdz-2FWSMWLQW9tdkWAtJPhX9rQ-2BdJDOkcVNWRxD2LkCdzRYe7U4AUYhcJ46wAl3SSTVnEj-2BY6ugYp4Wp1mcWPhAooe2SPvPdlgXMLUdnv8T3OY4DHD7MjcczCHZAaDqbOZ-2Fl29vhBGGjHNuUrJw6M-3D

To manage Coverity Scan email notifications for "libreoffice at lists.freedesktop.org", click https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4k1FZJSDV-2FTHi5VQof9xGafB4oBwGYxuHHknceo2QLpCrZ44Ciy7AqBR2QyX6OCB5N5X-2B1MAElavPQhH6nLwozJzqOkt2k8uOkYf2ZoppNa9QVe0T3fEZVQ7Kky1tOkLz_g-2BrHdvqzaBa155F-2F8AmPhpJzY63UzWDisJV95WUBpGhqFw1ICExHG8aMaV2EoFpyto4qO066Rh0hXrp2oBZ4b3D0KqVkUuGGCYkHeQakyfsodAXK2sUR9sBlz1uBsTZLCodXzySSbISNv3HYjWTQk80fb7jVhkLzH3PWefc0i0EO3tPKc4U48mus-2BzFB50gL4o4ctJ-2BYDsg1A8j2Ua0euaW27iJbYwYbqUyqD9xTF-2F0-3D