New Defects reported by Coverity Scan for LibreOffice
scan-admin at coverity.com
scan-admin at coverity.com
Sat Aug 4 21:37:15 UTC 2018
Hi,
Please find the latest report on new defect(s) introduced to LibreOffice found with Coverity Scan.
16 new defect(s) introduced to LibreOffice found with Coverity Scan.
4 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 16 of 16 defect(s)
** CID 1438227: Error handling issues (NEGATIVE_RETURNS)
/desktop/source/splash/unxsplash.cxx: 98 in desktop::UnxSplashScreen::initialize(const com::sun::star::uno::Sequence<com::sun::star::uno::Any> &)()
________________________________________________________________________________________________________
*** CID 1438227: Error handling issues (NEGATIVE_RETURNS)
/desktop/source/splash/unxsplash.cxx: 98 in desktop::UnxSplashScreen::initialize(const com::sun::star::uno::Sequence<com::sun::star::uno::Any> &)()
92 OUString aArg;
93 osl_getCommandArg( i, &aArg.pData );
94 OUString aNum;
95 if ( aArg.startsWithIgnoreAsciiCase("--splash-pipe=", &aNum) )
96 {
97 int fd = aNum.toInt32();
>>> CID 1438227: Error handling issues (NEGATIVE_RETURNS)
>>> "fd" is passed to a parameter that cannot be negative.
98 m_pOutFd = fdopen( fd, "w" );
99 SAL_INFO("desktop.splash", "Got argument '--splash-pipe=" << fd << " ('"
100 << aNum << "') ("
101 << static_cast<void *>(m_pOutFd) << ")");
102 }
103 }
** CID 1438226: Null pointer dereferences (FORWARD_NULL)
________________________________________________________________________________________________________
*** CID 1438226: Null pointer dereferences (FORWARD_NULL)
/sw/source/core/unocore/unochart.cxx: 425 in GetFormatAndCreateCursorFromRangeRep(const SwDoc *, const rtl::OUString &, SwFrameFormat **, std::shared_ptr<SwUnoCursor> &)()
419 pUnoCursor->SetMark();
420 pUnoCursor->GetPoint()->nNode = *pBRBox->GetSttNd();
421 pUnoCursor->Move( fnMoveForward, GoInNode );
422 SwUnoTableCursor* pCursor =
423 dynamic_cast<SwUnoTableCursor*>(pUnoCursor.get());
424 // HACK: remove pending actions for old style tables
>>> CID 1438226: Null pointer dereferences (FORWARD_NULL)
>>> Passing null pointer "pCursor" to "UnoActionRemoveContext", which dereferences it.
425 UnoActionRemoveContext aRemoveContext(*pCursor);
426 pCursor->MakeBoxSels();
427 rpUnoCursor = pUnoCursor;
428 }
429 }
430 }
** CID 1438225: Integer handling issues (NEGATIVE_RETURNS)
/sw/source/core/tox/txmsrt.cxx: 677 in SwTOXAuthority::GetLevel() const()
________________________________________________________________________________________________________
*** CID 1438225: Integer handling issues (NEGATIVE_RETURNS)
/sw/source/core/tox/txmsrt.cxx: 677 in SwTOXAuthority::GetLevel() const()
671 OUString sText(static_cast<SwAuthorityField*>(m_rField.GetField())->GetFieldText(AUTH_FIELD_AUTHORITY_TYPE));
672 //#i18655# the level '0' is the heading level therefore the values are incremented here
673 sal_uInt16 nRet = 1;
674 if( pTOXIntl->IsNumeric( sText ) )
675 {
676 nRet = static_cast<sal_uInt16>(sText.toInt32());
>>> CID 1438225: Integer handling issues (NEGATIVE_RETURNS)
>>> Unsigned variable "nRet" is incremented, which might cause an integer overflow.
677 nRet++;
678 }
679 //illegal values are also set to 'ARTICLE' as non-numeric values are
680 if(nRet > AUTH_TYPE_END)
681 nRet = 1;
682 return nRet;
** CID 1438224: Null pointer dereferences (NULL_RETURNS)
________________________________________________________________________________________________________
*** CID 1438224: Null pointer dereferences (NULL_RETURNS)
/oox/source/drawingml/shape.cxx: 525 in oox::drawingml::lcl_createPresetShape(com::sun::star::uno::Reference<com::sun::star::drawing::XShape> &, const rtl::OUString &, const rtl::OUString &, std::shared_ptr<oox::drawingml::CustomShapeProperties>, std::shared_ptr<oox::drawingml::TextBody>, const oox::GraphicHelper &)()
519 ParagraphAdjust eAdjust = ParagraphAdjust_LEFT;
520 if (pParagraph->getProperties().getParaAdjust())
521 eAdjust = pParagraph->getProperties().getParaAdjust().get();
522 xSet->setPropertyValue( "ParaAdjust", uno::makeAny( eAdjust ) );
523 SvxShape* pShape = SvxShape::getImplementation( xShape );
524 SdrTextHorzAdjust eHorzAdjust = lcl_convertAdjust( eAdjust );
>>> CID 1438224: Null pointer dereferences (NULL_RETURNS)
>>> Dereferencing a pointer that might be null "pShape" when calling "GetSdrObject".
525 pShape->GetSdrObject()->SetMergedItem( SdrTextHorzAdjustItem( eHorzAdjust ) );
526 }
527 }
528
529 // Apply preset shape
530 xDefaulter->createCustomShapeDefaults( rClass );
** CID 1438223: Error handling issues (NEGATIVE_RETURNS)
/connectivity/source/commontools/RowFunctionParser.cxx: 234 in connectivity::<unnamed>::UnaryFunctionExpression::evaluate(const std::vector<rtl::Reference<connectivity::ORowSetValueDecorator>, std::allocator<rtl::Reference<connectivity::ORowSetValueDecorator>>> &) const()
________________________________________________________________________________________________________
*** CID 1438223: Error handling issues (NEGATIVE_RETURNS)
/connectivity/source/commontools/RowFunctionParser.cxx: 234 in connectivity::<unnamed>::UnaryFunctionExpression::evaluate(const std::vector<rtl::Reference<connectivity::ORowSetValueDecorator>, std::allocator<rtl::Reference<connectivity::ORowSetValueDecorator>>> &) const()
228 explicit UnaryFunctionExpression( const std::shared_ptr<ExpressionNode>& rArg ) :
229 mpArg( rArg )
230 {
231 }
232 virtual ORowSetValueDecoratorRef evaluate(const ODatabaseMetaDataResultSet::ORow& _aRow ) const override
233 {
>>> CID 1438223: Error handling issues (NEGATIVE_RETURNS)
>>> "connectivity::ORowSetValueDecoratorRef(this->mpArg->evaluate(_aRow))->getValue()->getInt32()" is passed to a parameter that cannot be negative. [Note: The source code implementation of the function has been overridden by a builtin model.]
234 return _aRow[mpArg->evaluate(_aRow )->getValue().getInt32()];
235 }
236 virtual void fill(const ODatabaseMetaDataResultSet::ORow& /*_aRow*/ ) const override
237 {
238 }
239 };
** CID 1438222: Error handling issues (NEGATIVE_RETURNS)
/sfx2/source/dialog/mgetempl.cxx: 437 in SfxManageStyleSheetPage::FillItemSet(SfxItemSet *)()
________________________________________________________________________________________________________
*** CID 1438222: Error handling issues (NEGATIVE_RETURNS)
/sfx2/source/dialog/mgetempl.cxx: 437 in SfxManageStyleSheetPage::FillItemSet(SfxItemSet *)()
431 m_xFilterLb->get_value_changed_from_saved() &&
432 m_xFilterLb->get_sensitive() )
433 {
434 bModified = true;
435 OSL_ENSURE( pItem, "No Item" );
436 // is only possibly for user templates
>>> CID 1438222: Error handling issues (NEGATIVE_RETURNS)
>>> "rtl::OUString(this->m_xFilterLb->get_id(nFilterIdx)).toInt32(10)" is passed to a parameter that cannot be negative. [Note: The source code implementation of the function has been overridden by a builtin model.]
437 SfxStyleSearchBits nMask = pItem->GetFilterList()[m_xFilterLb->get_id(nFilterIdx).toInt32()].nFlags | SfxStyleSearchBits::UserDefined;
438 pStyle->SetMask( nMask );
439 }
440 if (m_xAutoCB->get_visible() && m_xAutoCB->get_state_changed_from_saved())
441 {
442 rSet->Put(SfxBoolItem(SID_ATTR_AUTO_STYLE_UPDATE, m_xAutoCB->get_active()));
** CID 1438221: Error handling issues (NEGATIVE_RETURNS)
/sw/source/uibase/misc/glosdoc.cxx: 125 in SwGlossaries::FindGroupName(rtl::OUString &)()
________________________________________________________________________________________________________
*** CID 1438221: Error handling issues (NEGATIVE_RETURNS)
/sw/source/uibase/misc/glosdoc.cxx: 125 in SwGlossaries::FindGroupName(rtl::OUString &)()
119 const ::utl::TransliterationWrapper& rSCmp = GetAppCmpStrIgnore();
120 for(size_t i = 0; i < nCount; ++i)
121 {
122 const OUString sTemp( GetGroupName( i ));
123 sal_uInt16 nPath = static_cast<sal_uInt16>(sTemp.getToken(1, GLOS_DELIM).toInt32());
124
>>> CID 1438221: Error handling issues (NEGATIVE_RETURNS)
>>> "nPath" is passed to a parameter that cannot be negative. [Note: The source code implementation of the function has been overridden by a builtin model.]
125 if (!SWUnoHelper::UCB_IsCaseSensitiveFileName( m_PathArr[nPath] )
126 && rSCmp.isEqual( rGroup, sTemp.getToken( 0, GLOS_DELIM) ) )
127 {
128 rGroup = sTemp;
129 return true;
130 }
** CID 1438220: Integer handling issues (NEGATIVE_RETURNS)
________________________________________________________________________________________________________
*** CID 1438220: Integer handling issues (NEGATIVE_RETURNS)
/sc/source/ui/view/viewdata.cxx: 2868 in ScViewData::ReadUserData(const rtl::OUString &)()
2862 sal_Unicode cMode = aZoomStr.getToken(2,'/')[0]; // 0 or "0"/"1"
2863 SetPagebreakMode( cMode == '1' );
2864 // SetPagebreakMode must always be called due to CalcPPT / RecalcPixPos()
2865
2866 // sheet may have become invalid (for instance last version):
2867 SCTAB nNewTab = static_cast<SCTAB>(rData.getToken(1, ';').toInt32());
>>> CID 1438220: Integer handling issues (NEGATIVE_RETURNS)
>>> "nNewTab" is passed to a parameter that cannot be negative.
2868 if (pDoc->HasTable( nNewTab ))
2869 SetTabNo(nNewTab);
2870
2871 // if available, get tab bar width:
2872 OUString aTabOpt = rData.getToken(2, ';');
2873
** CID 1438219: Null pointer dereferences (FORWARD_NULL)
________________________________________________________________________________________________________
*** CID 1438219: Null pointer dereferences (FORWARD_NULL)
/sw/source/core/unocore/unotbl.cxx: 4197 in SwXTableColumns::removeByIndex(int, int)()
4191 pUnoCursor->SetMark();
4192 pUnoCursor->GetPoint()->nNode = *pTRBox->GetSttNd();
4193 pUnoCursor->Move(fnMoveForward, GoInNode);
4194 SwUnoTableCursor* pCursor = dynamic_cast<SwUnoTableCursor*>(pUnoCursor.get());
4195 {
4196 // HACK: remove pending actions for selecting old style tables
>>> CID 1438219: Null pointer dereferences (FORWARD_NULL)
>>> Passing null pointer "pCursor" to "UnoActionRemoveContext", which dereferences it.
4197 UnoActionRemoveContext aRemoveContext(*pCursor);
4198 }
4199 pCursor->MakeBoxSels();
4200 { // these braces are important
4201 UnoActionContext aAction(pFrameFormat->GetDoc());
4202 pFrameFormat->GetDoc()->DeleteCol(*pUnoCursor);
** CID 1438218: Null pointer dereferences (FORWARD_NULL)
________________________________________________________________________________________________________
*** CID 1438218: Null pointer dereferences (FORWARD_NULL)
/sw/source/core/unocore/unotbl.cxx: 3363 in SwXCellRange::getCellRangeByPosition(int, int, int, int)()
3357 {
3358 pUnoCursor->SetMark();
3359 pUnoCursor->GetPoint()->nNode = *pBRBox->GetSttNd();
3360 pUnoCursor->Move( fnMoveForward, GoInNode );
3361 SwUnoTableCursor* pCursor = dynamic_cast<SwUnoTableCursor*>(pUnoCursor.get());
3362 // HACK: remove pending actions for selecting old style tables
>>> CID 1438218: Null pointer dereferences (FORWARD_NULL)
>>> Passing null pointer "pCursor" to "UnoActionRemoveContext", which dereferences it.
3363 UnoActionRemoveContext aRemoveContext(*pCursor);
3364 pCursor->MakeBoxSels();
3365 // pUnoCursor will be provided and will not be deleted
3366 aRet = SwXCellRange::CreateXCellRange(pUnoCursor, *pFormat, aNewDesc).get();
3367 }
3368 }
** CID 1438217: (NEGATIVE_RETURNS)
________________________________________________________________________________________________________
*** CID 1438217: (NEGATIVE_RETURNS)
/chart2/source/tools/InternalDataProvider.cxx: 869 in chart::InternalDataProvider::getDataByRangeRepresentation(const rtl::OUString &)()
863 {
864 Sequence< uno::Any > aResult;
865
866 if( aRange.match( lcl_aLabelRangePrefix ) )
867 {
868 sal_Int32 nIndex = aRange.copy( strlen(lcl_aLabelRangePrefix)).toInt32();
>>> CID 1438217: (NEGATIVE_RETURNS)
>>> "nIndex" is passed to a parameter that cannot be negative.
869 vector< uno::Any > aComplexLabel = m_bDataInColumns
870 ? m_aInternalData.getComplexColumnLabel( nIndex )
871 : m_aInternalData.getComplexRowLabel( nIndex );
872 if( !aComplexLabel.empty() )
873 aResult = comphelper::containerToSequence(aComplexLabel);
874 }
/chart2/source/tools/InternalDataProvider.cxx: 878 in chart::InternalDataProvider::getDataByRangeRepresentation(const rtl::OUString &)()
872 if( !aComplexLabel.empty() )
873 aResult = comphelper::containerToSequence(aComplexLabel);
874 }
875 else if( aRange.match( lcl_aCategoriesPointRangeNamePrefix ) )
876 {
877 sal_Int32 nPointIndex = aRange.copy( strlen(lcl_aCategoriesPointRangeNamePrefix) ).toInt32();
>>> CID 1438217: (NEGATIVE_RETURNS)
>>> "nPointIndex" is passed to a parameter that cannot be negative.
878 vector< uno::Any > aComplexCategory = m_bDataInColumns
879 ? m_aInternalData.getComplexRowLabel( nPointIndex )
880 : m_aInternalData.getComplexColumnLabel( nPointIndex );
881 if( !aComplexCategory.empty() )
882 aResult = comphelper::containerToSequence(aComplexCategory);
883 }
** CID 1438216: Resource leaks (RESOURCE_LEAK)
/filter/source/pdf/pdfexport.cxx: 943 in PDFExport::Export(const rtl::OUString &, const com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> &)()
________________________________________________________________________________________________________
*** CID 1438216: Resource leaks (RESOURCE_LEAK)
/filter/source/pdf/pdfexport.cxx: 943 in PDFExport::Export(const rtl::OUString &, const com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> &)()
937 }
938 catch( const uno::Exception& )
939 {
940 }
941 }
942 }
>>> CID 1438216: Resource leaks (RESOURCE_LEAK)
>>> Variable "pXDevice" going out of scope leaks the storage it points to.
943 }
944 }
945
946 // show eventual errors during export
947 showErrors( aErrors );
948
** CID 1438215: (NEGATIVE_RETURNS)
/oox/source/ppt/comments.cxx: 60 in oox::ppt::Comment::setDateTime(const rtl::OUString &)()
/oox/source/ppt/comments.cxx: 55 in oox::ppt::Comment::setDateTime(const rtl::OUString &)()
________________________________________________________________________________________________________
*** CID 1438215: (NEGATIVE_RETURNS)
/oox/source/ppt/comments.cxx: 60 in oox::ppt::Comment::setDateTime(const rtl::OUString &)()
54 aDateTime.Seconds = 0;
55 ++aDateTime.Minutes;
56 }
57 if (aDateTime.Minutes == 60)
58 {
59 aDateTime.Minutes = 0;
>>> CID 1438215: (NEGATIVE_RETURNS)
>>> Unsigned variable "this->aDateTime.Hours" is incremented, which might cause an integer overflow.
60 ++aDateTime.Hours;
61 }
62 // if overflow goes into date, I give up
63 }
64
65 OUString Comment::getAuthor ( const CommentAuthorList& list )
/oox/source/ppt/comments.cxx: 55 in oox::ppt::Comment::setDateTime(const rtl::OUString &)()
49 aDateTime.NanoSeconds = 0;
50 ++aDateTime.Seconds;
51 }
52 if (aDateTime.Seconds == secondsOverflow)
53 {
54 aDateTime.Seconds = 0;
>>> CID 1438215: (NEGATIVE_RETURNS)
>>> Unsigned variable "this->aDateTime.Minutes" is incremented, which might cause an integer overflow.
55 ++aDateTime.Minutes;
56 }
57 if (aDateTime.Minutes == 60)
58 {
59 aDateTime.Minutes = 0;
60 ++aDateTime.Hours;
** CID 1438214: Null pointer dereferences (FORWARD_NULL)
________________________________________________________________________________________________________
*** CID 1438214: Null pointer dereferences (FORWARD_NULL)
/sw/source/core/unocore/unotbl.cxx: 2285 in <unnamed>::GetRangeByName(SwFrameFormat *, const SwTable *, const rtl::OUString &, const rtl::OUString &, const SwRangeDescriptor &)()
2279 return nullptr;
2280 pUnoCursor->SetMark();
2281 pUnoCursor->GetPoint()->nNode = *pBRBox->GetSttNd();
2282 pUnoCursor->Move( fnMoveForward, GoInNode );
2283 SwUnoTableCursor* pCursor = dynamic_cast<SwUnoTableCursor*>(pUnoCursor.get());
2284 // HACK: remove pending actions for selecting old style tables
>>> CID 1438214: Null pointer dereferences (FORWARD_NULL)
>>> Passing null pointer "pCursor" to "UnoActionRemoveContext", which dereferences it.
2285 UnoActionRemoveContext aRemoveContext(*pCursor);
2286 pCursor->MakeBoxSels();
2287 // pUnoCursor will be provided and will not be deleted
2288 return SwXCellRange::CreateXCellRange(pUnoCursor, *pFormat, rDesc).get();
2289 }
2290
** CID 1438213: Error handling issues (NEGATIVE_RETURNS)
/sw/source/filter/ww8/docxattributeoutput.cxx: 2662 in DocxAttributeOutput::StartURL(const rtl::OUString &, const rtl::OUString &)()
________________________________________________________________________________________________________
*** CID 1438213: Error handling issues (NEGATIVE_RETURNS)
/sw/source/filter/ww8/docxattributeoutput.cxx: 2662 in DocxAttributeOutput::StartURL(const rtl::OUString &, const rtl::OUString &)()
2656 std::map<OUString, std::vector<OString> >::iterator it = m_aSeqBookmarksNames.find(aSequenceName);
2657 if (it != m_aSeqBookmarksNames.end())
2658 {
2659 std::vector<OString>& rNames = it->second;
2660 if (rNames.size() > nIndex)
2661 // We know the bookmark name for this sequence and this index, do the replacement.
>>> CID 1438213: Error handling issues (NEGATIVE_RETURNS)
>>> "nIndex" is passed to a parameter that cannot be negative. [Note: The source code implementation of the function has been overridden by a builtin model.]
2662 sMark = OStringToOUString(rNames[nIndex], RTL_TEXTENCODING_UTF8);
2663 }
2664 }
2665 }
2666 m_pHyperlinkAttrList->add( FSNS( XML_w, XML_anchor ),
2667 OUStringToOString( sMark, RTL_TEXTENCODING_UTF8 ).getStr( ) );
** CID 1438212: Null pointer dereferences (FORWARD_NULL)
________________________________________________________________________________________________________
*** CID 1438212: Null pointer dereferences (FORWARD_NULL)
/sw/source/core/unocore/unotbl.cxx: 4046 in SwXTableRows::removeByIndex(int, int)()
4040 pUnoCursor->SetMark();
4041 pUnoCursor->GetPoint()->nNode = *pBLBox->GetSttNd();
4042 pUnoCursor->Move(fnMoveForward, GoInNode);
4043 SwUnoTableCursor* pCursor = dynamic_cast<SwUnoTableCursor*>(pUnoCursor.get());
4044 {
4045 // HACK: remove pending actions for selecting old style tables
>>> CID 1438212: Null pointer dereferences (FORWARD_NULL)
>>> Passing null pointer "pCursor" to "UnoActionRemoveContext", which dereferences it.
4046 UnoActionRemoveContext aRemoveContext(*pCursor);
4047 }
4048 pCursor->MakeBoxSels();
4049 { // these braces are important
4050 UnoActionContext aAction(pFrameFormat->GetDoc());
4051 pFrameFormat->GetDoc()->DeleteRow(*pUnoCursor);
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRZBnDJeNb0HijxaS4JNJPxk3kpyAm2AYqo71yXmnOxB72ibeUH-2F-2F1Lhi9AZq3dRu-2F4-3D_g-2BrHdvqzaBa155F-2F8AmPhpJzY63UzWDisJV95WUBpGhqFw1ICExHG8aMaV2EoFpyloE6GgXS1AjTJ-2FGD71VhITgxWWJLd9O-2FtEKv6BEReocUyNiAgJH9MLKXyaSlFNc7KFNSdM9Nd3x-2F84UvEFAdM95RKjGMHlXsPTV4UW-2BsnfwED0JNhQGeasxKgBc2zGz4SEdVIXNWMfEfBjLao-2F6A2-2B9Ag3IKn05yyLanx7WGe0U-3D
More information about the LibreOffice
mailing list