New Defects reported by Coverity Scan for LibreOffice
scan-admin at coverity.com
scan-admin at coverity.com
Fri Jun 23 06:28:12 UTC 2017
Hi,
Please find the latest report on new defect(s) introduced to LibreOffice found with Coverity Scan.
9 new defect(s) introduced to LibreOffice found with Coverity Scan.
11 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 9 of 9 defect(s)
** CID 1412992: Code maintainability issues (UNUSED_VALUE)
/svx/source/dialog/hdft.cxx: 831 in SvxHFPage::ResetBackground_Impl(const SfxItemSet &)()
________________________________________________________________________________________________________
*** CID 1412992: Code maintainability issues (UNUSED_VALUE)
/svx/source/dialog/hdft.cxx: 831 in SvxHFPage::ResetBackground_Impl(const SfxItemSet &)()
825 setSvxBrushItemAsFillAttributesToTargetSet(rItem, aTempSet);
826 aFooterFillAttributes.reset(new drawinglayer::attribute::SdrAllFillAttributesHelper(aTempSet));
827 }
828 }
829
830 m_pBspWin->setFooterFillAttributes(aFooterFillAttributes);
>>> CID 1412992: Code maintainability issues (UNUSED_VALUE)
>>> Assigning value from "this->GetWhich(10024, true)" to "nWhich" here, but that stored value is overwritten before it can be used.
831 nWhich = GetWhich(SID_ATTR_BORDER_OUTER);
832 }
833 }
834
835 drawinglayer::attribute::SdrAllFillAttributesHelperPtr aPageFillAttributes;
836
** CID 1412991: Resource leaks (RESOURCE_LEAK)
/sw/source/uibase/dochdl/gloshdl.cxx: 725 in SwGlossaryHdl::ImportGlossaries(const rtl::OUString &)()
________________________________________________________________________________________________________
*** CID 1412991: Resource leaks (RESOURCE_LEAK)
/sw/source/uibase/dochdl/gloshdl.cxx: 725 in SwGlossaryHdl::ImportGlossaries(const rtl::OUString &)()
719 {
720 const SvxAutoCorrCfg& rCfg = SvxAutoCorrCfg::Get();
721 bRet = aReader.ReadGlossaries( *pR, *pGlossary,
722 rCfg.IsSaveRelFile() );
723 }
724 }
>>> CID 1412991: Resource leaks (RESOURCE_LEAK)
>>> Variable "pGlossary" going out of scope leaks the storage it points to.
725 }
726 }
727 return bRet;
728 }
729
** CID 1412990: Memory - corruptions (OVERRUN)
________________________________________________________________________________________________________
*** CID 1412990: Memory - corruptions (OVERRUN)
/sw/source/filter/ww8/docxattributeoutput.cxx: 3265 in DocxAttributeOutput::TableDefinition(std::shared_ptr<ww8::WW8TableNodeInfoInner>)()
3259 FSNS( XML_w, XML_tblLook ),
3260 FSNS( XML_w, XML_tblPrChange )
3261 };
3262
3263 // postpone the output so that we can later []
3264 // prepend the properties before the run
>>> CID 1412990: Memory - corruptions (OVERRUN)
>>> Overrunning array "aOrder" of 64 bytes by passing it to a function which accesses it at byte offset 120.
3265 m_pSerializer->mark(Tag_TableDefinition, comphelper::containerToSequence(aOrder));
3266
3267 long nPageSize = 0;
3268 const char* widthType = "dxa";
3269
3270 // If actual width of table is relative it should export is as "pct".`
** CID 1412989: Memory - corruptions (OVERRUN)
________________________________________________________________________________________________________
*** CID 1412989: Memory - corruptions (OVERRUN)
/sw/source/filter/ww8/docxattributeoutput.cxx: 5599 in DocxAttributeOutput::StartSection()()
5593 FSNS( XML_w, XML_printerSettings ),
5594 FSNS( XML_w, XML_sectPrChange )
5595 };
5596
5597 // postpone the output so that we can later [in EndParagraphProperties()]
5598 // prepend the properties before the run
>>> CID 1412989: Memory - corruptions (OVERRUN)
>>> Overrunning array "aOrder" of 88 bytes by passing it to a function which accesses it at byte offset 168.
5599 m_pSerializer->mark(Tag_StartSection, comphelper::containerToSequence(aOrder));
5600 m_bHadSectPr = true;
5601 }
5602
5603 void DocxAttributeOutput::EndSection()
5604 {
** CID 1412988: Uninitialized members (UNINIT_CTOR)
/vcl/source/window/errinf.cxx: 235 in ImplDynamicErrorInfo::ImplDynamicErrorInfo()()
________________________________________________________________________________________________________
*** CID 1412988: Uninitialized members (UNINIT_CTOR)
/vcl/source/window/errinf.cxx: 235 in ImplDynamicErrorInfo::ImplDynamicErrorInfo()()
229 private:
230 void RegisterError(DynamicErrorInfo *);
231 static void UnRegisterError(DynamicErrorInfo const *);
232 static ErrorInfo* GetDynamicErrorInfo(ErrCode nId);
233
234 ErrCode nErrId;
>>> CID 1412988: Uninitialized members (UNINIT_CTOR)
>>> The compiler-generated constructor for this class does not initialize "nMask".
235 DialogMask nMask;
236
237 };
238
239 void ImplDynamicErrorInfo::RegisterError(DynamicErrorInfo *pDynErrInfo)
240 {
** CID 1412987: Insecure data handling (TAINTED_SCALAR)
/vcl/source/filter/sgvmain.cxx: 779 in DrawObjkList(SvStream &, OutputDevice &)()
________________________________________________________________________________________________________
*** CID 1412987: Insecure data handling (TAINTED_SCALAR)
/vcl/source/filter/sgvmain.cxx: 779 in DrawObjkList(SvStream &, OutputDevice &)()
773 case ObjRect: { RectType aRect; ReadRectType( rInp, aRect ); if (!rInp.GetError()) aRect.Draw(rOut); } break;
774 case ObjCirc: { CircType aCirc; ReadCircType( rInp, aCirc ); if (!rInp.GetError()) aCirc.Draw(rOut); } break;
775 case ObjText: {
776 TextType aText;
777 ReadTextType( rInp, aText );
778 if (!rInp.GetError()) {
>>> CID 1412987: Insecure data handling (TAINTED_SCALAR)
>>> Passing tainted variable "aText.BufSize + 1" to a tainted sink.
779 aText.Buffer=new UCHAR[aText.BufSize+1]; // add one for LookAhead at CK-separation
780 rInp.ReadBytes(aText.Buffer, aText.BufSize);
781 if (!rInp.GetError()) aText.Draw(rOut);
782 delete[] aText.Buffer;
783 }
784 } break;
** CID 1412986: Memory - corruptions (OVERRUN)
________________________________________________________________________________________________________
*** CID 1412986: Memory - corruptions (OVERRUN)
/sw/source/filter/ww8/docxattributeoutput.cxx: 1809 in DocxAttributeOutput::InitCollectedRunProperties()()
1803 FSNS( XML_w14, XML_stylisticSets ),
1804 FSNS( XML_w14, XML_cntxtAlts ),
1805 };
1806
1807 // postpone the output so that we can later [in EndParagraphProperties()]
1808 // prepend the properties before the run
>>> CID 1412986: Memory - corruptions (OVERRUN)
>>> Overrunning array "aOrder" of 208 bytes by passing it to a function which accesses it at byte offset 408.
1809 m_pSerializer->mark(Tag_InitCollectedRunProperties, comphelper::containerToSequence(aOrder));
1810 }
1811
1812 namespace
1813 {
1814
** CID 1412985: Memory - corruptions (OVERRUN)
________________________________________________________________________________________________________
*** CID 1412985: Memory - corruptions (OVERRUN)
/sw/source/filter/ww8/docxattributeoutput.cxx: 886 in DocxAttributeOutput::InitCollectedParagraphProperties()()
880 FSNS( XML_w, XML_sectPr ),
881 FSNS( XML_w, XML_pPrChange )
882 };
883
884 // postpone the output so that we can later [in EndParagraphProperties()]
885 // prepend the properties before the run
>>> CID 1412985: Memory - corruptions (OVERRUN)
>>> Overrunning array "aOrder" of 144 bytes by passing it to a function which accesses it at byte offset 280.
886 m_pSerializer->mark(Tag_InitCollectedParagraphProperties, comphelper::containerToSequence(aOrder));
887 }
888
889 void DocxAttributeOutput::WriteCollectedParagraphProperties()
890 {
891 if ( m_rExport.SdrExporter().getFlyAttrList().is() )
** CID 735795: Null pointer dereferences (FORWARD_NULL)
/sc/source/core/tool/interpr4.cxx: 3434 in ScInterpreter::ScMacro()()
________________________________________________________________________________________________________
*** CID 735795: Null pointer dereferences (FORWARD_NULL)
/sc/source/core/tool/interpr4.cxx: 3434 in ScInterpreter::ScMacro()()
3428 }
3429 PushDouble( fVal );
3430 }
3431 else if ( eResType & SbxARRAY )
3432 {
3433 SbxBase* pElemObj = refRes->GetObject();
>>> CID 735795: Null pointer dereferences (FORWARD_NULL)
>>> Assigning: "pDimArray" = "dynamic_cast <SbxDimArray *>(pElemObj)".
3434 SbxDimArray* pDimArray = dynamic_cast< SbxDimArray *>( pElemObj );
3435 short nDim = pDimArray->GetDims();
3436 if ( 1 <= nDim && nDim <= 2 )
3437 {
3438 sal_Int32 nCs, nCe, nRs, nRe;
3439 SCSIZE nC, nR;
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRZBnDJeNb0HijxaS4JNJPxk3kpyAm2AYqo71yXmnOxB72ibeUH-2F-2F1Lhi9AZq3dRu-2F4-3D_g-2BrHdvqzaBa155F-2F8AmPhpJzY63UzWDisJV95WUBpGhqFw1ICExHG8aMaV2EoFpygf-2BM7yEdP4gaehqtN2ZnhrBE0TvXn7KlDzzgR2zfoJqEMksRuQszhWPTFa8PBMMzrVywaBXOZXm1KH40G1GaTpmuvazj9aQNYZ3VO0TKaM3GDu5-2BolmRZo40QrLu-2BO4A0sTnzK1glKasxJta8bS4xEO6YmX0AEUTdcDmFiUw5kQ-3D
To manage Coverity Scan email notifications for "libreoffice at lists.freedesktop.org", click https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4k1FZJSDV-2FTHi5VQof9xGafB4oBwGYxuHHknceo2QLpCrZ44Ciy7AqBR2QyX6OCB5N5X-2B1MAElavPQhH6nLwozJzqOkt2k8uOkYf2ZoppNa9QVe0T3fEZVQ7Kky1tOkLz_g-2BrHdvqzaBa155F-2F8AmPhpJzY63UzWDisJV95WUBpGhqFw1ICExHG8aMaV2EoFpygf-2BM7yEdP4gaehqtN2ZnhmvSzTiQ6xNqHXYLni6Ky2iLgLaztcy-2BdiKibK9YPPC5Qalkv069x0hj8YBonmEe-2Bq9dQuTDhHpV6aI7QGV4EL1hbxx6rQlx5yeLuKWztzxd3be3UfdHJbCusAFdYvNgxtwn6UR3SBUwD5As9O1J95s-3D
More information about the LibreOffice
mailing list