New Defects reported by Coverity Scan for LibreOffice
scan-admin at coverity.com
scan-admin at coverity.com
Fri May 26 08:45:21 UTC 2017
Hi,
Please find the latest report on new defect(s) introduced to LibreOffice found with Coverity Scan.
10 new defect(s) introduced to LibreOffice found with Coverity Scan.
9 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 10 of 10 defect(s)
** CID 1409901: Code maintainability issues (UNUSED_VALUE)
/sc/source/core/tool/interpr1.cxx: 3885 in ScInterpreter::GetStVarParams(bool, double (*)(double, unsigned long))()
________________________________________________________________________________________________________
*** CID 1409901: Code maintainability issues (UNUSED_VALUE)
/sc/source/core/tool/interpr1.cxx: 3885 in ScInterpreter::GetStVarParams(bool, double (*)(double, unsigned long))()
3879 {
3880 rArrayValue.mfSum = CreateDoubleError( nErr);
3881 }
3882 // Reset.
3883 std::vector<double>().swap(values);
3884 fSum = 0.0;
>>> CID 1409901: Code maintainability issues (UNUSED_VALUE)
>>> Assigning value "18446744073709551615UL" to "nRefArrayPos" here, but that stored value is overwritten before it can be used.
3885 nRefArrayPos = std::numeric_limits<size_t>::max();
3886 break;
3887 }
3888 }
3889 SAL_FALLTHROUGH;
3890 case svDoubleRef :
** CID 1409900: Error handling issues (UNCAUGHT_EXCEPT)
/sdext/source/presenter/PresenterTextView.cxx: 1087 in sdext::presenter::PresenterTextCaret::~PresenterTextCaret()()
________________________________________________________________________________________________________
*** CID 1409900: Error handling issues (UNCAUGHT_EXCEPT)
/sdext/source/presenter/PresenterTextView.cxx: 1087 in sdext::presenter::PresenterTextCaret::~PresenterTextCaret()()
1081 maInvalidator(rInvalidator),
1082 maBroadcaster(),
1083 maCaretBounds()
1084 {
1085 }
1086
>>> CID 1409900: Error handling issues (UNCAUGHT_EXCEPT)
>>> An exception of type "com::sun::star::uno::DeploymentException" is thrown but the throw list "throw()" doesn't allow it to be thrown. This will cause a call to unexpected() which usually calls terminate().
1087 PresenterTextCaret::~PresenterTextCaret()
1088 {
1089 HideCaret();
1090 }
1091
1092 void PresenterTextCaret::ShowCaret()
** CID 1409899: Null pointer dereferences (REVERSE_INULL)
/sw/source/core/para/paratr.cxx: 71 in SwFormatDrop::SetCharFormat(SwCharFormat *)()
________________________________________________________________________________________________________
*** CID 1409899: Null pointer dereferences (REVERSE_INULL)
/sw/source/core/para/paratr.cxx: 71 in SwFormatDrop::SetCharFormat(SwCharFormat *)()
65 void SwFormatDrop::SetCharFormat( SwCharFormat *pNew )
66 {
67 assert(!pNew->IsDefault()); // expose cases that lead to use-after-free
68 // Rewire
69 if ( GetRegisteredIn() )
70 GetRegisteredInNonConst()->Remove( this );
>>> CID 1409899: Null pointer dereferences (REVERSE_INULL)
>>> Null-checking "pNew" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
71 if(pNew)
72 pNew->Add( this );
73 }
74
75 void SwFormatDrop::Modify( const SfxPoolItem*, const SfxPoolItem * )
76 {
** CID 1409898: Null pointer dereferences (REVERSE_INULL)
/sc/source/core/tool/compiler.cxx: 1777 in ScCompiler::ScCompiler(ScDocument *, const ScAddress &, ScTokenArray &, formula::FormulaGrammar::Grammar)()
________________________________________________________________________________________________________
*** CID 1409898: Null pointer dereferences (REVERSE_INULL)
/sc/source/core/tool/compiler.cxx: 1777 in ScCompiler::ScCompiler(ScDocument *, const ScAddress &, ScTokenArray &, formula::FormulaGrammar::Grammar)()
1771 pConv( GetRefConvention( FormulaGrammar::CONV_OOO ) ),
1772 meExtendedErrorDetection( EXTENDED_ERROR_DETECTION_NONE ),
1773 mbCloseBrackets( true ),
1774 mbRewind( false )
1775 {
1776 SetGrammar( ((eGrammar == formula::FormulaGrammar::GRAM_UNSPECIFIED) ?
>>> CID 1409898: Null pointer dereferences (REVERSE_INULL)
>>> Null-checking "pDocument" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
1777 (pDocument ? pDocument->GetGrammar() : formula::FormulaGrammar::GRAM_DEFAULT) :
1778 eGrammar));
1779 nMaxTab = pDoc->GetTableCount() - 1;
1780 }
1781
1782 ScCompiler::ScCompiler( sc::CompileFormulaContext& rCxt, const ScAddress& rPos ) :
** CID 1409897: Null pointer dereferences (REVERSE_INULL)
/sc/source/ui/docshell/docsh4.cxx: 2244 in ScDocShell::LOKCommentNotify(LOKCommentNotificationType, const ScDocument *, const ScAddress &, const ScPostIt *)()
________________________________________________________________________________________________________
*** CID 1409897: Null pointer dereferences (REVERSE_INULL)
/sc/source/ui/docshell/docsh4.cxx: 2244 in ScDocShell::LOKCommentNotify(LOKCommentNotificationType, const ScDocument *, const ScAddress &, const ScPostIt *)()
2238 (nType == LOKCommentNotificationType::Modify ? "Modify" : "???"))));
2239
2240 assert(pNote);
2241 aAnnotation.put("id", pNote->GetId());
2242 aAnnotation.put("tab", rPos.Tab());
2243
>>> CID 1409897: Null pointer dereferences (REVERSE_INULL)
>>> Null-checking "pNote" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
2244 if (nType != LOKCommentNotificationType::Remove && pNote)
2245 {
2246 aAnnotation.put("author", pNote->GetAuthor());
2247 aAnnotation.put("dateTime", pNote->GetDate());
2248 aAnnotation.put("text", pNote->GetText());
2249
** CID 1409896: Null pointer dereferences (REVERSE_INULL)
/sw/source/uibase/app/docst.cxx: 280 in SwDocShell::StateStyleSheet(SfxItemSet &, SwWrtShell *)()
________________________________________________________________________________________________________
*** CID 1409896: Null pointer dereferences (REVERSE_INULL)
/sw/source/uibase/app/docst.cxx: 280 in SwDocShell::StateStyleSheet(SfxItemSet &, SwWrtShell *)()
274 break;
275 case SID_STYLE_EDIT:
276 break;
277 case SID_WATERMARK:
278 {
279 SfxWatermarkItem aItem = pSh->GetWatermark();
>>> CID 1409896: Null pointer dereferences (REVERSE_INULL)
>>> Null-checking "pSh" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
280 if( pSh )
281 rSet.Put(aItem);
282 }
283 break;
284 default:
285 OSL_FAIL("Invalid SlotId");
** CID 1409895: Resource leaks (RESOURCE_LEAK)
/sw/source/uibase/dialog/watermarkdialog.cxx: 85 in SwWatermarkDialog::InitFields()()
________________________________________________________________________________________________________
*** CID 1409895: Resource leaks (RESOURCE_LEAK)
/sw/source/uibase/dialog/watermarkdialog.cxx: 85 in SwWatermarkDialog::InitFields()()
79 m_pTextInput->SetText( sText );
80 m_pFont->SelectEntryPos( m_pFont->GetEntryPos( pWatermark->GetFont() ) );
81 m_pAngle->SetValue( pWatermark->GetAngle() );
82 m_pColor->SelectEntry( pWatermark->GetColor() );
83 m_pTransparency->SetValue( pWatermark->GetTransparency() );
84 }
>>> CID 1409895: Resource leaks (RESOURCE_LEAK)
>>> Variable "pFontList" going out of scope leaks the storage it points to.
85 }
86
87 IMPL_LINK_NOARG( SwWatermarkDialog, OKButtonHdl, Button*, void )
88 {
89 OUString sText = m_pTextInput->GetText();
90
** CID 1409894: Null pointer dereferences (FORWARD_NULL)
/svx/source/form/datanavi.cxx: 700 in svxform::XFormsPage::DoToolBoxAction(unsigned short)()
________________________________________________________________________________________________________
*** CID 1409894: Null pointer dereferences (FORWARD_NULL)
/svx/source/form/datanavi.cxx: 700 in svxform::XFormsPage::DoToolBoxAction(unsigned short)()
694 return bHandled;
695 }
696
697 ScopedVclPtrInstance< AddDataItemDialog > aDlg( this, pNode, m_xUIHelper );
698 DataItemType eType = DITElement;
699 sal_uInt16 nResId = RID_STR_DATANAV_EDIT_ELEMENT;
>>> CID 1409894: Null pointer dereferences (FORWARD_NULL)
>>> Comparing "pNode" to null implies that "pNode" might be null.
700 if ( pNode && pNode->m_xNode.is() )
701 {
702 try
703 {
704 css::xml::dom::NodeType eChildType = pNode->m_xNode->getNodeType();
705 if ( eChildType == css::xml::dom::NodeType_ATTRIBUTE_NODE )
** CID 1409893: Incorrect expression (DIVIDE_BY_ZERO)
/sw/source/core/edit/edfcol.cxx: 403 in SwEditShell::SetWatermark(const SfxWatermarkItem &)()
________________________________________________________________________________________________________
*** CID 1409893: Incorrect expression (DIVIDE_BY_ZERO)
/sw/source/core/edit/edfcol.cxx: 403 in SwEditShell::SetWatermark(const SfxWatermarkItem &)()
397 // Calc the ratio.
398 double fRatio = 0;
399 OutputDevice* pOut = Application::GetDefaultDevice();
400 vcl::Font aFont(pOut->GetFont());
401 aFont.SetFamilyName(sFont);
402 fRatio = aFont.GetFontSize().Height();
>>> CID 1409893: Incorrect expression (DIVIDE_BY_ZERO)
>>> In expression "fRatio /= pOut->GetTextWidth(rtl::OUString const(rWatermark->GetText()), 0, -1, NULL)", division by expression "pOut->GetTextWidth(rtl::OUString const(rWatermark->GetText()), 0, -1, NULL)" which may be zero has undefined behavior.
403 fRatio /= pOut->GetTextWidth(rWatermark.GetText());
404
405 // Calc the size.
406 sal_Int32 nWidth = 0;
407 awt::Size aSize;
408 xPageStyle->getPropertyValue(UNO_NAME_SIZE) >>= aSize;
** CID 1409892: (CONSTANT_EXPRESSION_RESULT)
/include/o3tl/strong_int.hxx: 65 in o3tl::detail::isInRange<unsigned char, unsigned char>(T2)()
/include/o3tl/strong_int.hxx: 57 in o3tl::detail::isInRange<unsigned int, int>(T2)()
/include/o3tl/strong_int.hxx: 65 in o3tl::detail::isInRange<unsigned short, unsigned short>(T2)()
/include/o3tl/strong_int.hxx: 39 in o3tl::detail::isInRange<int, int>(T2)()
/include/o3tl/strong_int.hxx: 65 in o3tl::detail::isInRange<unsigned int, unsigned int>(T2)()
/include/o3tl/strong_int.hxx: 57 in o3tl::detail::isInRange<unsigned short, short>(T2)()
________________________________________________________________________________________________________
*** CID 1409892: (CONSTANT_EXPRESSION_RESULT)
/include/o3tl/strong_int.hxx: 65 in o3tl::detail::isInRange<unsigned char, unsigned char>(T2)()
59 }
60
61 template<typename T1, typename T2> constexpr
62 typename std::enable_if<
63 std::is_unsigned<T1>::value && std::is_unsigned<T2>::value, bool>::type
64 isInRange(T2 value) {
>>> CID 1409892: (CONSTANT_EXPRESSION_RESULT)
>>> "value <= 255" is always true regardless of the values of its operands. This occurs as a return value.
65 return value <= std::numeric_limits<T1>::max();
66 }
67
68 }
69
70 #endif
/include/o3tl/strong_int.hxx: 57 in o3tl::detail::isInRange<unsigned int, int>(T2)()
51
52 template<typename T1, typename T2> constexpr
53 typename std::enable_if<
54 std::is_unsigned<T1>::value && std::is_signed<T2>::value, bool>::type
55 isInRange(T2 value) {
56 return value >= 0
>>> CID 1409892: (CONSTANT_EXPRESSION_RESULT)
>>> "static_cast<std::make_unsigned<int>::type>(value) <= 4294967295U" is always true regardless of the values of its operands. This occurs as the logical second operand of "&&".
57 && (static_cast<typename std::make_unsigned<T2>::type>(value)
58 <= std::numeric_limits<T1>::max());
59 }
60
61 template<typename T1, typename T2> constexpr
62 typename std::enable_if<
/include/o3tl/strong_int.hxx: 65 in o3tl::detail::isInRange<unsigned short, unsigned short>(T2)()
59 }
60
61 template<typename T1, typename T2> constexpr
62 typename std::enable_if<
63 std::is_unsigned<T1>::value && std::is_unsigned<T2>::value, bool>::type
64 isInRange(T2 value) {
>>> CID 1409892: (CONSTANT_EXPRESSION_RESULT)
>>> "value <= 65535" is always true regardless of the values of its operands. This occurs as a return value.
65 return value <= std::numeric_limits<T1>::max();
66 }
67
68 }
69
70 #endif
/include/o3tl/strong_int.hxx: 39 in o3tl::detail::isInRange<int, int>(T2)()
33 namespace detail {
34
35 template<typename T1, typename T2> constexpr
36 typename std::enable_if<
37 std::is_signed<T1>::value && std::is_signed<T2>::value, bool>::type
38 isInRange(T2 value) {
>>> CID 1409892: (CONSTANT_EXPRESSION_RESULT)
>>> "value >= -2147483648" is always true regardless of the values of its operands. This occurs as the logical first operand of "&&".
39 return value >= std::numeric_limits<T1>::min()
40 && value <= std::numeric_limits<T1>::max();
41 }
42
43 template<typename T1, typename T2> constexpr
44 typename std::enable_if<
/include/o3tl/strong_int.hxx: 65 in o3tl::detail::isInRange<unsigned int, unsigned int>(T2)()
59 }
60
61 template<typename T1, typename T2> constexpr
62 typename std::enable_if<
63 std::is_unsigned<T1>::value && std::is_unsigned<T2>::value, bool>::type
64 isInRange(T2 value) {
>>> CID 1409892: (CONSTANT_EXPRESSION_RESULT)
>>> "value <= 4294967295U" is always true regardless of the values of its operands. This occurs as a return value.
65 return value <= std::numeric_limits<T1>::max();
66 }
67
68 }
69
70 #endif
/include/o3tl/strong_int.hxx: 57 in o3tl::detail::isInRange<unsigned short, short>(T2)()
51
52 template<typename T1, typename T2> constexpr
53 typename std::enable_if<
54 std::is_unsigned<T1>::value && std::is_signed<T2>::value, bool>::type
55 isInRange(T2 value) {
56 return value >= 0
>>> CID 1409892: (CONSTANT_EXPRESSION_RESULT)
>>> "static_cast<std::make_unsigned<short>::type>(value) <= 65535" is always true regardless of the values of its operands. This occurs as the logical second operand of "&&".
57 && (static_cast<typename std::make_unsigned<T2>::type>(value)
58 <= std::numeric_limits<T1>::max());
59 }
60
61 template<typename T1, typename T2> constexpr
62 typename std::enable_if<
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRZBnDJeNb0HijxaS4JNJPxk3kpyAm2AYqo71yXmnOxB72ibeUH-2F-2F1Lhi9AZq3dRu-2F4-3D_g-2BrHdvqzaBa155F-2F8AmPhpJzY63UzWDisJV95WUBpGhqFw1ICExHG8aMaV2EoFpybZQLMAbZMCtF821VKx54ROVBE5oRamXv6dZ1bj-2BVXt5mzCRCaDAIjMTsY2U4JDxS5scI-2BpEs3kZWNtN4JrSvUrTBf9Fkc96Qsk59giRssdgu1anH6zy6ChVbWssPZK-2FgJPgnk-2FF8RlqUogNXRvSZxcNE1WKLOnEhBozK9Qxq4h4-3D
To manage Coverity Scan email notifications for "libreoffice at lists.freedesktop.org", click https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4k1FZJSDV-2FTHi5VQof9xGafB4oBwGYxuHHknceo2QLpCrZ44Ciy7AqBR2QyX6OCB5N5X-2B1MAElavPQhH6nLwozJzqOkt2k8uOkYf2ZoppNa9QVe0T3fEZVQ7Kky1tOkLz_g-2BrHdvqzaBa155F-2F8AmPhpJzY63UzWDisJV95WUBpGhqFw1ICExHG8aMaV2EoFpybZQLMAbZMCtF821VKx54RBEYEYr5REtqFlQP4FcwINgxbXVi7hc-2BMek2KATY1wPF3cHWOgfC476rbi0qZwVIa0-2FJxvwR7q3B0ci-2BEnuIXSr3J162bBFNMo131CUWh8ShLxTjsWerybhWA0yFEsEmRSbnLJv5Y7d6XIaUiTN6O9A-3D
More information about the LibreOffice
mailing list