New Defects reported by Coverity Scan for LibreOffice
scan-admin at coverity.com
scan-admin at coverity.com
Sun Jul 23 15:59:53 UTC 2017
Hi,
Please find the latest report on new defect(s) introduced to LibreOffice found with Coverity Scan.
12 new defect(s) introduced to LibreOffice found with Coverity Scan.
13 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 12 of 12 defect(s)
** CID 1415622: Memory - illegal accesses (RETURN_LOCAL)
/uui/source/iahndl.cxx: 1197 in UUIInteractionHelper::handleBrokenPackageRequest(const std::vector<rtl::OUString, std::allocator<rtl::OUString>> &, const com::sun::star::uno::Sequence<com::sun::star::uno::Reference<com::sun::star::task::XInteractionContinuation>> &, bool, bool &, rtl::OUString &)()
________________________________________________________________________________________________________
*** CID 1415622: Memory - illegal accesses (RETURN_LOCAL)
/uui/source/iahndl.cxx: 1197 in UUIInteractionHelper::handleBrokenPackageRequest(const std::vector<rtl::OUString, std::allocator<rtl::OUString>> &, const com::sun::star::uno::Sequence<com::sun::star::uno::Reference<com::sun::star::task::XInteractionContinuation>> &, bool, bool &, rtl::OUString &)()
1191 }
1192 else
1193 return;
1194
1195 OUString aMessage;
1196 {
>>> CID 1415622: Memory - illegal accesses (RETURN_LOCAL)
>>> Temporary variable of type "std::locale" goes out of scope.
1197 ErrorResource aErrorResource(RID_UUI_ERRHDL, Translate::Create("uui", Application::GetSettings().GetUILanguageTag()));
1198 if (!aErrorResource.getString(nErrorCode, aMessage))
1199 return;
1200 }
1201
1202 aMessage = replaceMessageWithArguments( aMessage, rArguments );
** CID 1415621: Memory - illegal accesses (OVERRUN)
/sw/source/core/layout/pagedesc.cxx: 382 in SwPageDesc::GetByName(SwDoc &, const rtl::OUString &)()
________________________________________________________________________________________________________
*** CID 1415621: Memory - illegal accesses (OVERRUN)
/sw/source/core/layout/pagedesc.cxx: 382 in SwPageDesc::GetByName(SwDoc &, const rtl::OUString &)()
376 return pDsc;
377 }
378 }
379
380 for (size_t i = 0; i <= SAL_N_ELEMENTS(STR_POOLPAGE); ++i)
381 {
>>> CID 1415621: Memory - illegal accesses (OVERRUN)
>>> Overrunning array "STR_POOLPAGE" of 10 8-byte elements at element index 10 (byte offset 80) using index "i" (which evaluates to 10).
382 if (rName == SwResId(STR_POOLPAGE[i]))
383 {
384 return rDoc.getIDocumentStylePoolAccess().GetPageDescFromPool( static_cast< sal_uInt16 >(
385 i + RES_POOLPAGE_BEGIN) );
386 }
387 }
** CID 1415620: Error handling issues (CHECKED_RETURN)
/sc/source/core/data/attrib.cxx: 874 in ScViewObjectModeItem::GetPresentation(SfxItemPresentation, MapUnit, MapUnit, rtl::OUString &, const IntlWrapper *) const()
________________________________________________________________________________________________________
*** CID 1415620: Error handling issues (CHECKED_RETURN)
/sc/source/core/data/attrib.cxx: 874 in ScViewObjectModeItem::GetPresentation(SfxItemPresentation, MapUnit, MapUnit, rtl::OUString &, const IntlWrapper *) const()
868 break;
869
870 default: break;
871 }
872 SAL_FALLTHROUGH;
873 case SfxItemPresentation::Nameless:
>>> CID 1415620: Error handling issues (CHECKED_RETURN)
>>> Calling "GetValue" without checking return value (as is done elsewhere 6 out of 7 times).
874 rText += ScGlobal::GetRscString(STR_VOBJ_MODE_SHOW+GetValue());
875 return true;
876 break;
877
878 default: break;
879 // added to avoid warnings
** CID 1415619: Null pointer dereferences (FORWARD_NULL)
/sc/source/core/data/global.cxx: 359 in ScGlobal::GetLongErrorString(FormulaError)()
________________________________________________________________________________________________________
*** CID 1415619: Null pointer dereferences (FORWARD_NULL)
/sc/source/core/data/global.cxx: 359 in ScGlobal::GetLongErrorString(FormulaError)()
353 OUString ScGlobal::GetLongErrorString(FormulaError nErr)
354 {
355 const char* pErrNumber;
356 switch (nErr)
357 {
358 case FormulaError::NONE:
>>> CID 1415619: Null pointer dereferences (FORWARD_NULL)
>>> Assigning: "pErrNumber" = "NULL".
359 pErrNumber = nullptr;
360 break;
361 case FormulaError::IllegalArgument:
362 pErrNumber = STR_LONG_ERR_ILL_ARG;
363 break;
364 case FormulaError::IllegalFPOperation:
** CID 1415618: Null pointer dereferences (FORWARD_NULL)
/vcl/source/gdi/bitmap3.cxx: 597 in Bitmap::ImplConvertDown(unsigned short, const Color *)()
________________________________________________________________________________________________________
*** CID 1415618: Null pointer dereferences (FORWARD_NULL)
/vcl/source/gdi/bitmap3.cxx: 597 in Bitmap::ImplConvertDown(unsigned short, const Color *)()
591 InverseColorMap aColorMap(aPalette);
592 BitmapColor aColor;
593 ImpErrorQuad aErrQuad;
594 std::vector<ImpErrorQuad> aErrQuad1(nWidth);
595 std::vector<ImpErrorQuad> aErrQuad2(nWidth);
596 ImpErrorQuad* pQLine1 = aErrQuad1.data();
>>> CID 1415618: Null pointer dereferences (FORWARD_NULL)
>>> Assigning: "pQLine2" = "NULL".
597 ImpErrorQuad* pQLine2 = nullptr;
598 long nYTmp = 0;
599 sal_uInt8 cIndex;
600 bool bQ1 = true;
601
602 if (pExtColor)
** CID 1415617: Resource leaks (RESOURCE_LEAK)
/sal/qa/osl/pipe/osl_Pipe.cxx: 190 in osl_Pipe::ctors::ctors_no_acquire()()
________________________________________________________________________________________________________
*** CID 1415617: Resource leaks (RESOURCE_LEAK)
/sal/qa/osl/pipe/osl_Pipe.cxx: 190 in osl_Pipe::ctors::ctors_no_acquire()()
184 bRes = false;
185 else
186 bRes = true;
187
188 CPPUNIT_ASSERT_MESSAGE( "#test comment#: test constructor with no acquire of handle, deleted nonacquired pipe but could still send on original pipe!.",
189 bRes );
>>> CID 1415617: Resource leaks (RESOURCE_LEAK)
>>> Variable "pPipe" going out of scope leaks the storage it points to.
190 }
191
192 void ctors_acquire( )
193 {
194 /// create a base pipe.
195 ::osl::Pipe aPipe( test::uniquePipeName(aTestPipeName), osl_Pipe_CREATE );
** CID 1415616: Control flow issues (MISSING_RESTORE)
/connectivity/source/drivers/writer/WTable.cxx: 374 in connectivity::writer::OWriterTable::seekRow(connectivity::IResultSetHelper::Movement, int, int &)()
________________________________________________________________________________________________________
*** CID 1415616: Control flow issues (MISSING_RESTORE)
/connectivity/source/drivers/writer/WTable.cxx: 374 in connectivity::writer::OWriterTable::seekRow(connectivity::IResultSetHelper::Movement, int, int &)()
368 m_nFilePos = 0;
369 break;
370 case IResultSetHelper::BOOKMARK:
371 m_nFilePos = nTempPos; // previous position
372 }
373 // aStatus.Set(SDB_STAT_NO_DATA_FOUND);
>>> CID 1415616: Control flow issues (MISSING_RESTORE)
>>> Value of non-local "this->m_nFilePos" that was saved in "nTempPos" is not restored as it was along other paths.
374 return false;
375
376 End:
377 nCurPos = m_nFilePos;
378 return true;
379 }
** CID 1415615: Null pointer dereferences (NULL_RETURNS)
________________________________________________________________________________________________________
*** CID 1415615: Null pointer dereferences (NULL_RETURNS)
/sw/source/core/undo/untbl.cxx: 3221 in SwUndoTableStyleUpdate::SwUndoTableStyleUpdate(const rtl::OUString &, const SwTableAutoFormat &, const SwDoc *)()
3215 return aResult;
3216 }
3217
3218 SwUndoTableStyleUpdate::SwUndoTableStyleUpdate(const OUString& rName, const SwTableAutoFormat& rOldFormat, const SwDoc* pDoc)
3219 : SwUndo(SwUndoId::TBLSTYLE_UPDATE, pDoc),
3220 m_pOldFormat(new SwTableAutoFormat(rOldFormat)),
>>> CID 1415615: Null pointer dereferences (NULL_RETURNS)
>>> Dereferencing a pointer that might be null "pDoc->GetTableStyles()->FindAutoFormat(rName)" when calling "SwTableAutoFormat".
3221 m_pNewFormat(new SwTableAutoFormat(*pDoc->GetTableStyles().FindAutoFormat(rName)))
3222 { }
3223
3224 SwUndoTableStyleUpdate::~SwUndoTableStyleUpdate()
3225 { }
3226
** CID 1415614: Memory - illegal accesses (OVERRUN)
/sw/source/core/doc/DocumentStylePoolManager.cxx: 1394 in sw::DocumentStylePoolManager::GetFormatFromPool(unsigned short)()
________________________________________________________________________________________________________
*** CID 1415614: Memory - illegal accesses (OVERRUN)
/sw/source/core/doc/DocumentStylePoolManager.cxx: 1394 in sw::DocumentStylePoolManager::GetFormatFromPool(unsigned short)()
1388 nId = RES_POOLCHR_BEGIN;
1389 }
1390
1391 if (nId > RES_POOLCHR_NORMAL_END)
1392 pRCId = STR_POOLCHR_HTML_ARY[nId - RES_POOLCHR_HTML_BEGIN];
1393 else
>>> CID 1415614: Memory - illegal accesses (OVERRUN)
>>> Overrunning array "STR_POOLCHR_ARY" of 17 8-byte elements at element index 17 (byte offset 136) using index "nId - RES_POOLCHR_BEGIN" (which evaluates to 17).
1394 pRCId = STR_POOLCHR_ARY[nId - RES_POOLCHR_BEGIN];
1395 }
1396 break;
1397 case POOLGRP_FRAMEFMT:
1398 {
1399 pArray[0] = m_rDoc.GetFrameFormats();
** CID 1415613: Null pointer dereferences (FORWARD_NULL)
/sd/source/filter/grf/sdgrffilter.cxx: 147 in SdGRFFilter::HandleGraphicFilterError(ErrCode, ErrCode)()
________________________________________________________________________________________________________
*** CID 1415613: Null pointer dereferences (FORWARD_NULL)
/sd/source/filter/grf/sdgrffilter.cxx: 147 in SdGRFFilter::HandleGraphicFilterError(ErrCode, ErrCode)()
141 pId = STR_IMPORT_GRFILTER_FORMATERROR;
142 else if( nFilterError == ERRCODE_GRFILTER_VERSIONERROR )
143 pId = STR_IMPORT_GRFILTER_VERSIONERROR;
144 else if( nFilterError == ERRCODE_GRFILTER_TOOBIG )
145 pId = STR_IMPORT_GRFILTER_TOOBIG;
146 else if( nFilterError == ERRCODE_NONE )
>>> CID 1415613: Null pointer dereferences (FORWARD_NULL)
>>> Assigning: "pId" = "NULL".
147 pId = nullptr;
148 else
149 pId = STR_IMPORT_GRFILTER_FILTERERROR;
150
151 if (pId && strcmp(pId, STR_IMPORT_GRFILTER_IOERROR) == 0)
152 ErrorHandler::HandleError( ERRCODE_IO_GENERAL );
** CID 1415611: Incorrect expression (UNINTENDED_INTEGER_DIVISION)
/oox/source/drawingml/diagram/diagramlayoutatoms.cxx: 264 in oox::drawingml::AlgAtom::layoutShape(const std::shared_ptr<oox::drawingml::Shape> &, const rtl::OUString &) const()
________________________________________________________________________________________________________
*** CID 1415611: Incorrect expression (UNINTENDED_INTEGER_DIVISION)
/oox/source/drawingml/diagram/diagramlayoutatoms.cxx: 264 in oox::drawingml::AlgAtom::layoutShape(const std::shared_ptr<oox::drawingml::Shape> &, const rtl::OUString &) const()
258
259 sal_Int32 nCol = 1;
260 sal_Int32 nRow = 1;
261 for ( ; nCol<nCount; nCol++)
262 {
263 nRow = (nCount+nCol-1) / nCol;
>>> CID 1415611: Incorrect expression (UNINTENDED_INTEGER_DIVISION)
>>> Dividing integer expressions "rShape->getSize().Height / nRow" and "rShape->getSize().Width / nCol", and then converting the integer quotient to type "double". Any remainder, or fractional part of the quotient, is ignored.
264 if ((rShape->getSize().Height / nRow) / (rShape->getSize().Width / nCol) >= fAspectRatio)
265 break;
266 }
267 SAL_INFO("oox.drawingml", "Snake layout grid: " << nCol << "x" << nRow);
268
269 sal_Int32 nWidth = rShape->getSize().Width / (nCol + (nCol-1)*fSpace);
** CID 1415610: Null pointer dereferences (FORWARD_NULL)
/svtools/source/filter/exportdialog.cxx: 422 in ExportDialog::GetGraphicStream()()
________________________________________________________________________________________________________
*** CID 1415610: Null pointer dereferences (FORWARD_NULL)
/svtools/source/filter/exportdialog.cxx: 422 in ExportDialog::GetGraphicStream()()
416 delete mpTempStream;
417 mpTempStream = new SvMemoryStream();
418 maBitmap = Bitmap();
419
420 if ( mxGraphic.is() )
421 {
>>> CID 1415610: Null pointer dereferences (FORWARD_NULL)
>>> Assigning: "pTempStream" = "dynamic_cast <SvMemoryStream *>(this->mpTempStream)".
422 SvMemoryStream* pTempStream = dynamic_cast<SvMemoryStream*>( mpTempStream );
423 Graphic aGraphic( mxGraphic );
424
425 if ( aGraphic.GetType() == GraphicType::Bitmap )
426 {
427 Size aSizePixel( aGraphic.GetSizePixel() );
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRZBnDJeNb0HijxaS4JNJPxk3kpyAm2AYqo71yXmnOxB72ibeUH-2F-2F1Lhi9AZq3dRu-2F4-3D_g-2BrHdvqzaBa155F-2F8AmPhpJzY63UzWDisJV95WUBpGhqFw1ICExHG8aMaV2EoFpyFxqV09XDWkb1s7Oo2ouMU0wS9xjBUkVfyhK-2FFNNKP1mATBNso5eBHVRg4T3RL7XWNFEjD05Jj7kDZvghOc48yavLLEzc4jchGYTqQylP5-2BVpWzT16aEZtoVVVbq2CLqs2924e8A4zFTWqCj4FpgjgV3mn9pYbJUTXSEYUYi7cGg-3D
To manage Coverity Scan email notifications for "libreoffice at lists.freedesktop.org", click https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4k1FZJSDV-2FTHi5VQof9xGafB4oBwGYxuHHknceo2QLpCrZ44Ciy7AqBR2QyX6OCB5N5X-2B1MAElavPQhH6nLwozJzqOkt2k8uOkYf2ZoppNa9QVe0T3fEZVQ7Kky1tOkLz_g-2BrHdvqzaBa155F-2F8AmPhpJzY63UzWDisJV95WUBpGhqFw1ICExHG8aMaV2EoFpyFxqV09XDWkb1s7Oo2ouMU-2FBm0c-2FvjZqTBBacYyZf6vjTKtyp-2BLKOlUqGd-2BHi7kgLge2RP2XaFQqi2A-2BDUUcDzgjiuyZw7Ix5dCDg-2FAqglnp9CtSJVR4SqO0ASKTQxB5MOzt8dlW3GCB8cf6oB3MSXHmBzmNGGux8q0j6OPpTQ5M-3D
More information about the LibreOffice
mailing list