New Defects reported by Coverity Scan for LibreOffice

scan-admin at coverity.com scan-admin at coverity.com
Sun Jul 23 15:59:53 UTC 2017


Hi,

Please find the latest report on new defect(s) introduced to LibreOffice found with Coverity Scan.

12 new defect(s) introduced to LibreOffice found with Coverity Scan.
13 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 12 of 12 defect(s)


** CID 1415622:  Memory - illegal accesses  (RETURN_LOCAL)
/uui/source/iahndl.cxx: 1197 in UUIInteractionHelper::handleBrokenPackageRequest(const std::vector<rtl::OUString, std::allocator<rtl::OUString>> &, const com::sun::star::uno::Sequence<com::sun::star::uno::Reference<com::sun::star::task::XInteractionContinuation>> &, bool, bool &, rtl::OUString &)()


________________________________________________________________________________________________________
*** CID 1415622:  Memory - illegal accesses  (RETURN_LOCAL)
/uui/source/iahndl.cxx: 1197 in UUIInteractionHelper::handleBrokenPackageRequest(const std::vector<rtl::OUString, std::allocator<rtl::OUString>> &, const com::sun::star::uno::Sequence<com::sun::star::uno::Reference<com::sun::star::task::XInteractionContinuation>> &, bool, bool &, rtl::OUString &)()
1191         }
1192         else
1193             return;
1194     
1195         OUString aMessage;
1196         {
>>>     CID 1415622:  Memory - illegal accesses  (RETURN_LOCAL)
>>>     Temporary variable of type "std::locale" goes out of scope.
1197             ErrorResource aErrorResource(RID_UUI_ERRHDL, Translate::Create("uui", Application::GetSettings().GetUILanguageTag()));
1198             if (!aErrorResource.getString(nErrorCode, aMessage))
1199                 return;
1200         }
1201     
1202         aMessage = replaceMessageWithArguments( aMessage, rArguments );

** CID 1415621:  Memory - illegal accesses  (OVERRUN)
/sw/source/core/layout/pagedesc.cxx: 382 in SwPageDesc::GetByName(SwDoc &, const rtl::OUString &)()


________________________________________________________________________________________________________
*** CID 1415621:  Memory - illegal accesses  (OVERRUN)
/sw/source/core/layout/pagedesc.cxx: 382 in SwPageDesc::GetByName(SwDoc &, const rtl::OUString &)()
376                 return pDsc;
377             }
378         }
379     
380         for (size_t i = 0; i <= SAL_N_ELEMENTS(STR_POOLPAGE); ++i)
381         {
>>>     CID 1415621:  Memory - illegal accesses  (OVERRUN)
>>>     Overrunning array "STR_POOLPAGE" of 10 8-byte elements at element index 10 (byte offset 80) using index "i" (which evaluates to 10).
382             if (rName == SwResId(STR_POOLPAGE[i]))
383             {
384                 return rDoc.getIDocumentStylePoolAccess().GetPageDescFromPool( static_cast< sal_uInt16 >(
385                             i + RES_POOLPAGE_BEGIN) );
386             }
387         }

** CID 1415620:  Error handling issues  (CHECKED_RETURN)
/sc/source/core/data/attrib.cxx: 874 in ScViewObjectModeItem::GetPresentation(SfxItemPresentation, MapUnit, MapUnit, rtl::OUString &, const IntlWrapper *) const()


________________________________________________________________________________________________________
*** CID 1415620:  Error handling issues  (CHECKED_RETURN)
/sc/source/core/data/attrib.cxx: 874 in ScViewObjectModeItem::GetPresentation(SfxItemPresentation, MapUnit, MapUnit, rtl::OUString &, const IntlWrapper *) const()
868                     break;
869     
870                     default: break;
871                 }
872                 SAL_FALLTHROUGH;
873             case SfxItemPresentation::Nameless:
>>>     CID 1415620:  Error handling issues  (CHECKED_RETURN)
>>>     Calling "GetValue" without checking return value (as is done elsewhere 6 out of 7 times).
874                 rText += ScGlobal::GetRscString(STR_VOBJ_MODE_SHOW+GetValue());
875                 return true;
876                 break;
877     
878             default: break;
879                 // added to avoid warnings

** CID 1415619:  Null pointer dereferences  (FORWARD_NULL)
/sc/source/core/data/global.cxx: 359 in ScGlobal::GetLongErrorString(FormulaError)()


________________________________________________________________________________________________________
*** CID 1415619:  Null pointer dereferences  (FORWARD_NULL)
/sc/source/core/data/global.cxx: 359 in ScGlobal::GetLongErrorString(FormulaError)()
353     OUString ScGlobal::GetLongErrorString(FormulaError nErr)
354     {
355         const char* pErrNumber;
356         switch (nErr)
357         {
358             case FormulaError::NONE:
>>>     CID 1415619:  Null pointer dereferences  (FORWARD_NULL)
>>>     Assigning: "pErrNumber" = "NULL".
359                 pErrNumber = nullptr;
360                 break;
361             case FormulaError::IllegalArgument:
362                 pErrNumber = STR_LONG_ERR_ILL_ARG;
363             break;
364             case FormulaError::IllegalFPOperation:

** CID 1415618:  Null pointer dereferences  (FORWARD_NULL)
/vcl/source/gdi/bitmap3.cxx: 597 in Bitmap::ImplConvertDown(unsigned short, const Color *)()


________________________________________________________________________________________________________
*** CID 1415618:  Null pointer dereferences  (FORWARD_NULL)
/vcl/source/gdi/bitmap3.cxx: 597 in Bitmap::ImplConvertDown(unsigned short, const Color *)()
591                 InverseColorMap aColorMap(aPalette);
592                 BitmapColor aColor;
593                 ImpErrorQuad aErrQuad;
594                 std::vector<ImpErrorQuad> aErrQuad1(nWidth);
595                 std::vector<ImpErrorQuad> aErrQuad2(nWidth);
596                 ImpErrorQuad* pQLine1 = aErrQuad1.data();
>>>     CID 1415618:  Null pointer dereferences  (FORWARD_NULL)
>>>     Assigning: "pQLine2" = "NULL".
597                 ImpErrorQuad* pQLine2 = nullptr;
598                 long nYTmp = 0;
599                 sal_uInt8 cIndex;
600                 bool bQ1 = true;
601     
602                 if (pExtColor)

** CID 1415617:  Resource leaks  (RESOURCE_LEAK)
/sal/qa/osl/pipe/osl_Pipe.cxx: 190 in osl_Pipe::ctors::ctors_no_acquire()()


________________________________________________________________________________________________________
*** CID 1415617:  Resource leaks  (RESOURCE_LEAK)
/sal/qa/osl/pipe/osl_Pipe.cxx: 190 in osl_Pipe::ctors::ctors_no_acquire()()
184                         bRes = false;
185                     else
186                         bRes = true;
187     
188                     CPPUNIT_ASSERT_MESSAGE( "#test comment#: test constructor with no acquire of handle, deleted nonacquired pipe but could still send on original pipe!.",
189                                             bRes );
>>>     CID 1415617:  Resource leaks  (RESOURCE_LEAK)
>>>     Variable "pPipe" going out of scope leaks the storage it points to.
190                 }
191     
192             void ctors_acquire( )
193                 {
194                     /// create a base pipe.
195                     ::osl::Pipe aPipe( test::uniquePipeName(aTestPipeName), osl_Pipe_CREATE );

** CID 1415616:  Control flow issues  (MISSING_RESTORE)
/connectivity/source/drivers/writer/WTable.cxx: 374 in connectivity::writer::OWriterTable::seekRow(connectivity::IResultSetHelper::Movement, int, int &)()


________________________________________________________________________________________________________
*** CID 1415616:  Control flow issues  (MISSING_RESTORE)
/connectivity/source/drivers/writer/WTable.cxx: 374 in connectivity::writer::OWriterTable::seekRow(connectivity::IResultSetHelper::Movement, int, int &)()
368                 m_nFilePos = 0;
369             break;
370         case IResultSetHelper::BOOKMARK:
371             m_nFilePos = nTempPos;   // previous position
372         }
373         //  aStatus.Set(SDB_STAT_NO_DATA_FOUND);
>>>     CID 1415616:  Control flow issues  (MISSING_RESTORE)
>>>     Value of non-local "this->m_nFilePos" that was saved in "nTempPos" is not restored as it was along other paths.
374         return false;
375     
376     End:
377         nCurPos = m_nFilePos;
378         return true;
379     }

** CID 1415615:  Null pointer dereferences  (NULL_RETURNS)


________________________________________________________________________________________________________
*** CID 1415615:  Null pointer dereferences  (NULL_RETURNS)
/sw/source/core/undo/untbl.cxx: 3221 in SwUndoTableStyleUpdate::SwUndoTableStyleUpdate(const rtl::OUString &, const SwTableAutoFormat &, const SwDoc *)()
3215         return aResult;
3216     }
3217     
3218     SwUndoTableStyleUpdate::SwUndoTableStyleUpdate(const OUString& rName, const SwTableAutoFormat& rOldFormat, const SwDoc* pDoc)
3219         : SwUndo(SwUndoId::TBLSTYLE_UPDATE, pDoc),
3220         m_pOldFormat(new SwTableAutoFormat(rOldFormat)),
>>>     CID 1415615:  Null pointer dereferences  (NULL_RETURNS)
>>>     Dereferencing a pointer that might be null "pDoc->GetTableStyles()->FindAutoFormat(rName)" when calling "SwTableAutoFormat".
3221         m_pNewFormat(new SwTableAutoFormat(*pDoc->GetTableStyles().FindAutoFormat(rName)))
3222     { }
3223     
3224     SwUndoTableStyleUpdate::~SwUndoTableStyleUpdate()
3225     { }
3226     

** CID 1415614:  Memory - illegal accesses  (OVERRUN)
/sw/source/core/doc/DocumentStylePoolManager.cxx: 1394 in sw::DocumentStylePoolManager::GetFormatFromPool(unsigned short)()


________________________________________________________________________________________________________
*** CID 1415614:  Memory - illegal accesses  (OVERRUN)
/sw/source/core/doc/DocumentStylePoolManager.cxx: 1394 in sw::DocumentStylePoolManager::GetFormatFromPool(unsigned short)()
1388                     nId = RES_POOLCHR_BEGIN;
1389                 }
1390     
1391                 if (nId > RES_POOLCHR_NORMAL_END)
1392                     pRCId = STR_POOLCHR_HTML_ARY[nId - RES_POOLCHR_HTML_BEGIN];
1393                 else
>>>     CID 1415614:  Memory - illegal accesses  (OVERRUN)
>>>     Overrunning array "STR_POOLCHR_ARY" of 17 8-byte elements at element index 17 (byte offset 136) using index "nId - RES_POOLCHR_BEGIN" (which evaluates to 17).
1394                     pRCId = STR_POOLCHR_ARY[nId - RES_POOLCHR_BEGIN];
1395             }
1396             break;
1397         case POOLGRP_FRAMEFMT:
1398             {
1399                 pArray[0] = m_rDoc.GetFrameFormats();

** CID 1415613:  Null pointer dereferences  (FORWARD_NULL)
/sd/source/filter/grf/sdgrffilter.cxx: 147 in SdGRFFilter::HandleGraphicFilterError(ErrCode, ErrCode)()


________________________________________________________________________________________________________
*** CID 1415613:  Null pointer dereferences  (FORWARD_NULL)
/sd/source/filter/grf/sdgrffilter.cxx: 147 in SdGRFFilter::HandleGraphicFilterError(ErrCode, ErrCode)()
141             pId = STR_IMPORT_GRFILTER_FORMATERROR;
142         else if( nFilterError == ERRCODE_GRFILTER_VERSIONERROR )
143             pId = STR_IMPORT_GRFILTER_VERSIONERROR;
144         else if( nFilterError == ERRCODE_GRFILTER_TOOBIG )
145             pId = STR_IMPORT_GRFILTER_TOOBIG;
146         else if( nFilterError == ERRCODE_NONE )
>>>     CID 1415613:  Null pointer dereferences  (FORWARD_NULL)
>>>     Assigning: "pId" = "NULL".
147             pId = nullptr;
148         else
149             pId = STR_IMPORT_GRFILTER_FILTERERROR;
150     
151         if (pId && strcmp(pId, STR_IMPORT_GRFILTER_IOERROR) == 0)
152             ErrorHandler::HandleError( ERRCODE_IO_GENERAL );

** CID 1415611:  Incorrect expression  (UNINTENDED_INTEGER_DIVISION)
/oox/source/drawingml/diagram/diagramlayoutatoms.cxx: 264 in oox::drawingml::AlgAtom::layoutShape(const std::shared_ptr<oox::drawingml::Shape> &, const rtl::OUString &) const()


________________________________________________________________________________________________________
*** CID 1415611:  Incorrect expression  (UNINTENDED_INTEGER_DIVISION)
/oox/source/drawingml/diagram/diagramlayoutatoms.cxx: 264 in oox::drawingml::AlgAtom::layoutShape(const std::shared_ptr<oox::drawingml::Shape> &, const rtl::OUString &) const()
258     
259                 sal_Int32 nCol = 1;
260                 sal_Int32 nRow = 1;
261                 for ( ; nCol<nCount; nCol++)
262                 {
263                     nRow = (nCount+nCol-1) / nCol;
>>>     CID 1415611:  Incorrect expression  (UNINTENDED_INTEGER_DIVISION)
>>>     Dividing integer expressions "rShape->getSize().Height / nRow" and "rShape->getSize().Width / nCol", and then converting the integer quotient to type "double". Any remainder, or fractional part of the quotient, is ignored.
264                     if ((rShape->getSize().Height / nRow) / (rShape->getSize().Width / nCol) >= fAspectRatio)
265                         break;
266                 }
267                 SAL_INFO("oox.drawingml", "Snake layout grid: " << nCol << "x" << nRow);
268     
269                 sal_Int32 nWidth = rShape->getSize().Width / (nCol + (nCol-1)*fSpace);

** CID 1415610:  Null pointer dereferences  (FORWARD_NULL)
/svtools/source/filter/exportdialog.cxx: 422 in ExportDialog::GetGraphicStream()()


________________________________________________________________________________________________________
*** CID 1415610:  Null pointer dereferences  (FORWARD_NULL)
/svtools/source/filter/exportdialog.cxx: 422 in ExportDialog::GetGraphicStream()()
416                 delete mpTempStream;
417                 mpTempStream = new SvMemoryStream();
418                 maBitmap = Bitmap();
419     
420                 if ( mxGraphic.is() )
421                 {
>>>     CID 1415610:  Null pointer dereferences  (FORWARD_NULL)
>>>     Assigning: "pTempStream" = "dynamic_cast <SvMemoryStream *>(this->mpTempStream)".
422                     SvMemoryStream* pTempStream = dynamic_cast<SvMemoryStream*>( mpTempStream );
423                     Graphic aGraphic( mxGraphic );
424     
425                     if ( aGraphic.GetType() == GraphicType::Bitmap )
426                     {
427                         Size aSizePixel( aGraphic.GetSizePixel() );


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRZBnDJeNb0HijxaS4JNJPxk3kpyAm2AYqo71yXmnOxB72ibeUH-2F-2F1Lhi9AZq3dRu-2F4-3D_g-2BrHdvqzaBa155F-2F8AmPhpJzY63UzWDisJV95WUBpGhqFw1ICExHG8aMaV2EoFpyFxqV09XDWkb1s7Oo2ouMU0wS9xjBUkVfyhK-2FFNNKP1mATBNso5eBHVRg4T3RL7XWNFEjD05Jj7kDZvghOc48yavLLEzc4jchGYTqQylP5-2BVpWzT16aEZtoVVVbq2CLqs2924e8A4zFTWqCj4FpgjgV3mn9pYbJUTXSEYUYi7cGg-3D

To manage Coverity Scan email notifications for "libreoffice at lists.freedesktop.org", click https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4k1FZJSDV-2FTHi5VQof9xGafB4oBwGYxuHHknceo2QLpCrZ44Ciy7AqBR2QyX6OCB5N5X-2B1MAElavPQhH6nLwozJzqOkt2k8uOkYf2ZoppNa9QVe0T3fEZVQ7Kky1tOkLz_g-2BrHdvqzaBa155F-2F8AmPhpJzY63UzWDisJV95WUBpGhqFw1ICExHG8aMaV2EoFpyFxqV09XDWkb1s7Oo2ouMU-2FBm0c-2FvjZqTBBacYyZf6vjTKtyp-2BLKOlUqGd-2BHi7kgLge2RP2XaFQqi2A-2BDUUcDzgjiuyZw7Ix5dCDg-2FAqglnp9CtSJVR4SqO0ASKTQxB5MOzt8dlW3GCB8cf6oB3MSXHmBzmNGGux8q0j6OPpTQ5M-3D



More information about the LibreOffice mailing list