New Defects reported by Coverity Scan for LibreOffice
scan-admin at coverity.com
scan-admin at coverity.com
Fri Sep 22 22:23:38 UTC 2017
Hi,
Please find the latest report on new defect(s) introduced to LibreOffice found with Coverity Scan.
7 new defect(s) introduced to LibreOffice found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 7 of 7 defect(s)
** CID 1418341: Null pointer dereferences (FORWARD_NULL)
/sc/source/core/data/fillinfo.cxx: 441 in ScDocument::FillInfo(ScTableInfo &, short, int, short, int, short, double, double, bool, bool, const ScMarkData *)()
________________________________________________________________________________________________________
*** CID 1418341: Null pointer dereferences (FORWARD_NULL)
/sc/source/core/data/fillinfo.cxx: 441 in ScDocument::FillInfo(ScTableInfo &, short, int, short, int, short, double, double, bool, bool, const ScMarkData *)()
435 // to nRotMax due to nRotateDir Flag
436 initCellInfo(pRowInfo, nArrCount, nRotMax, pDefShadow);
437
438 initColWidths(pRowInfo, this, fColScale, nTab, nCol2, nRotMax);
439
440 ScConditionalFormatList* pCondFormList = GetCondFormList(nTab);
>>> CID 1418341: Null pointer dereferences (FORWARD_NULL)
>>> Comparing "pCondFormList" to null implies that "pCondFormList" might be null.
441 if(pCondFormList)
442 pCondFormList->startRendering();
443
444 for (SCCOL nArrCol=0; nArrCol<=nCol2+2; nArrCol++) // left & right + 1
445 {
446 SCCOL nX = (nArrCol>0) ? nArrCol-1 : MAXCOL+1; // negative -> invalid
** CID 1418340: Integer handling issues (DIVIDE_BY_ZERO)
/sw/source/uibase/docvw/PostItMgr.cxx: 1065 in SwPostItMgr::AutoScroll(const sw::annotation::SwAnnotationWin *, unsigned long)()
________________________________________________________________________________________________________
*** CID 1418340: Integer handling issues (DIVIDE_BY_ZERO)
/sw/source/uibase/docvw/PostItMgr.cxx: 1065 in SwPostItMgr::AutoScroll(const sw::annotation::SwAnnotationWin *, unsigned long)()
1059 if ( !(bBottom && bTop))
1060 {
1061 const long aDiff = bBottom ? mpEditWin->LogicToPixel(Point(0,mPages[aPage-1]->mPageRect.Top() + aSidebarheight)).Y() - pPostIt->GetPosPixel().Y() :
1062 mpEditWin->LogicToPixel(Point(0,mPages[aPage-1]->mPageRect.Bottom() - aSidebarheight)).Y() - (pPostIt->GetPosPixel().Y()+pPostIt->GetSizePixel().Height());
1063 // this just adds the missing value to get the next a* GetScrollSize() after aDiff
1064 // e.g aDiff= 61 POSTIT_SCROLL=50 --> lScroll = 100
>>> CID 1418340: Integer handling issues (DIVIDE_BY_ZERO)
>>> In expression "aDiff % this->GetScrollSize()", modulo by expression "this->GetScrollSize()" which may be zero has undefined behavior.
1065 const long lScroll = bBottom ? (aDiff + ( GetScrollSize() - (aDiff % GetScrollSize()))) : (aDiff - (GetScrollSize() + (aDiff % GetScrollSize())));
1066 Scroll(lScroll, aPage);
1067 }
1068 }
1069 }
1070
** CID 1418339: (RESOURCE_LEAK)
/vcl/unx/generic/printer/cpdmgr.cxx: 424 in psp::CPDManager::createCPDParser(const rtl::OUString &)()
/vcl/unx/generic/printer/cpdmgr.cxx: 439 in psp::CPDManager::createCPDParser(const rtl::OUString &)()
/vcl/unx/generic/printer/cpdmgr.cxx: 456 in psp::CPDManager::createCPDParser(const rtl::OUString &)()
________________________________________________________________________________________________________
*** CID 1418339: (RESOURCE_LEAK)
/vcl/unx/generic/printer/cpdmgr.cxx: 424 in psp::CPDManager::createCPDParser(const rtl::OUString &)()
418 aValueName = OStringToOUString( "", aEncoding );
419 pValue = pKey->insertValue( aValueName, eQuoted );
420 if( pValue )
421 pValue->m_aValue = aValueName;
422 pKey -> m_pDefaultValue = pValue;
423
>>> CID 1418339: (RESOURCE_LEAK)
>>> Overwriting "pKey" in "pKey = new psp::PPDKey(rtl::OUString const("NickName", rtl::libreoffice_internal::Dummy({})))" leaks the storage that "pKey" points to.
424 pKey = new PPDKey("NickName");
425 aValueName = OStringToOUString( pDest -> name, aEncoding );
426 pValue = pKey->insertValue( aValueName, eQuoted );
427 if( pValue )
428 pValue->m_aValue = aValueName;
429 pKey -> m_pDefaultValue = pValue;
/vcl/unx/generic/printer/cpdmgr.cxx: 439 in psp::CPDManager::createCPDParser(const rtl::OUString &)()
433 PPDContext& rContext = m_aDefaultContexts[ aPrinter ];
434 rContext.setParser( pNewParser );
435 setDefaultPaper( rContext );
436 std::vector<PPDKey*>::iterator keyit;
437 std::vector<OUString>::iterator defit;
438 for (keyit = keys.begin(), defit = default_values.begin(); keyit != keys.end(); keyit++, defit++ ) {
>>> CID 1418339: (RESOURCE_LEAK)
>>> Overwriting "pKey" in "pKey = *keyit" leaks the storage that "pKey" points to.
439 pKey = *keyit;
440 const PPDValue* p1Value = pKey->getValue( *defit );
441 if( p1Value )
442 {
443 if( p1Value != pKey->getDefaultValue() )
444 {
/vcl/unx/generic/printer/cpdmgr.cxx: 456 in psp::CPDManager::createCPDParser(const rtl::OUString &)()
450 }
451 }
452
453 rInfo.m_pParser = pNewParser;
454 rInfo.m_aContext = rContext;
455 g_variant_unref(ret);
>>> CID 1418339: (RESOURCE_LEAK)
>>> Variable "pKey" going out of scope leaks the storage it points to.
456 }
457 else
458 SAL_INFO("vcl.unx.print", "CPD GetAllOptions failed, falling back to generic driver");
459 }
460 else
461 SAL_INFO("vcl.unx.print", "no dest found for printer " << aPrinter);
** CID 1418338: Error handling issues (UNCAUGHT_EXCEPT)
/sw/source/core/text/txtftn.cxx: 1310 in SwFootnoteSave::~SwFootnoteSave()()
________________________________________________________________________________________________________
*** CID 1418338: Error handling issues (UNCAUGHT_EXCEPT)
/sw/source/core/text/txtftn.cxx: 1310 in SwFootnoteSave::~SwFootnoteSave()()
1304 pFnt->SetBackColor( new Color( static_cast<const SvxBrushItem*>(pItem)->GetColor() ) );
1305 }
1306 else
1307 pFnt = nullptr;
1308 }
1309
>>> CID 1418338: Error handling issues (UNCAUGHT_EXCEPT)
>>> An exception of type "boost::exception_detail::clone_impl<boost::exception_detail::error_info_injector<boost::bad_rational> >" is thrown but the throw list "throw()" doesn't allow it to be thrown. This will cause a call to unexpected() which usually calls terminate().
1310 SwFootnoteSave::~SwFootnoteSave()
1311 {
1312 if( pFnt )
1313 {
1314 // Put back SwFont
1315 *pFnt = *pOld;
** CID 1418337: Null pointer dereferences (FORWARD_NULL)
/svx/source/dialog/ClassificationDialog.cxx: 162 in svx::ClassificationDialog::getResult()()
________________________________________________________________________________________________________
*** CID 1418337: Null pointer dereferences (FORWARD_NULL)
/svx/source/dialog/ClassificationDialog.cxx: 162 in svx::ClassificationDialog::getResult()()
156 ESelection aSelection(rSection.mnParagraph, rSection.mnStart, rSection.mnParagraph, rSection.mnEnd);
157 OUString sString = m_pEditWindow->pEdEngine->GetText(aSelection);
158
159 if (pFieldItem)
160 {
161 const ClassificationField* pClassificationField = dynamic_cast<const ClassificationField*>(pFieldItem->GetField());
>>> CID 1418337: Null pointer dereferences (FORWARD_NULL)
>>> Dereferencing null pointer "pClassificationField".
162 aClassificationResults.push_back({ pClassificationField->meType , sString, rSection.mnParagraph });
163 }
164 else
165 {
166 aClassificationResults.push_back({ ClassificationType::TEXT, sString, rSection.mnParagraph });
167 }
** CID 1401307: Error handling issues (UNCAUGHT_EXCEPT)
/usr/include/c++/6.3.1/bits/unique_ptr.h: 235 in std::unique_ptr<SwDBManager, std::default_delete<SwDBManager>>::~unique_ptr()()
________________________________________________________________________________________________________
*** CID 1401307: Error handling issues (UNCAUGHT_EXCEPT)
/usr/include/c++/6.3.1/bits/unique_ptr.h: 235 in std::unique_ptr<SwDBManager, std::default_delete<SwDBManager>>::~unique_ptr()()
229 template<typename _Up, typename = _Require<
230 is_convertible<_Up*, _Tp*>, is_same<_Dp, default_delete<_Tp>>>>
231 unique_ptr(auto_ptr<_Up>&& __u) noexcept;
232 #endif
233
234 /// Destructor, invokes the deleter if the stored pointer is not null.
>>> CID 1401307: Error handling issues (UNCAUGHT_EXCEPT)
>>> An exception of type "com::sun::star::uno::DeploymentException" is thrown but the throw list "throw()" doesn't allow it to be thrown. This will cause a call to unexpected() which usually calls terminate().
235 ~unique_ptr() noexcept
236 {
237 auto& __ptr = std::get<0>(_M_t);
238 if (__ptr != nullptr)
239 get_deleter()(__ptr);
240 __ptr = pointer();
** CID 1399392: Error handling issues (UNCAUGHT_EXCEPT)
/sw/source/core/doc/list.cxx: 99 in SwListImpl::~SwListImpl()()
________________________________________________________________________________________________________
*** CID 1399392: Error handling issues (UNCAUGHT_EXCEPT)
/sw/source/core/doc/list.cxx: 99 in SwListImpl::~SwListImpl()()
93 pNode = rNodes[nIndex];
94 }
95 }
96 while ( pNode != &rNodes.GetEndOfContent() );
97 }
98
>>> CID 1399392: Error handling issues (UNCAUGHT_EXCEPT)
>>> An exception of type "com::sun::star::uno::RuntimeException" is thrown but the throw list "throw()" doesn't allow it to be thrown. This will cause a call to unexpected() which usually calls terminate().
99 SwListImpl::~SwListImpl()
100 {
101 tListTrees::iterator aNumberTreeIter;
102 for ( aNumberTreeIter = maListTrees.begin();
103 aNumberTreeIter != maListTrees.end();
104 ++aNumberTreeIter )
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRZBnDJeNb0HijxaS4JNJPxk3kpyAm2AYqo71yXmnOxB72ibeUH-2F-2F1Lhi9AZq3dRu-2F4-3D_g-2BrHdvqzaBa155F-2F8AmPhpJzY63UzWDisJV95WUBpGhqFw1ICExHG8aMaV2EoFpyDnBhtDR1RM96ggVK04UQlr32VTBBx6bM4smcNTfraQQ-2BL5qZYnIBSVIwrnhOQj5roYdZINnCu9ytCWEzdzbx-2BpUpyd5kHHdVi0gWmA-2B3PqjENOFa65HzNq-2FtVhUim7dE-2BEkBNERaJNOBFE8Wyt1xuQs7dxwzEbAjf3XRyIfcDN0-3D
To manage Coverity Scan email notifications for "libreoffice at lists.freedesktop.org", click https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4k1FZJSDV-2FTHi5VQof9xGafB4oBwGYxuHHknceo2QLpCrZ44Ciy7AqBR2QyX6OCB5lwWgMDuK-2FivqaohkU3M9kT-2Fww10Qt2GoaCJAOQCa0Wv4ijH4oV8jCt0XXa7QeAwh_g-2BrHdvqzaBa155F-2F8AmPhpJzY63UzWDisJV95WUBpGhqFw1ICExHG8aMaV2EoFpyDnBhtDR1RM96ggVK04UQlnBqu1zv7gzi3k1frVpxaNuqFpSomJDDXXbo4Jllic4-2F4LBGHZmGRPJMTUO9FtCYqyU7-2F0jmcO1rGEepZaP8bUM41QydA6es89mdNgL33nthXZoodKGHS4K9BTwV-2BAu1uqJaraDZpZWDQHx5VyRWL6A-3D
More information about the LibreOffice
mailing list