New Defects reported by Coverity Scan for LibreOffice

scan-admin at coverity.com scan-admin at coverity.com
Fri Jan 26 10:07:53 UTC 2018 

Hi,

Please find the latest report on new defect(s) introduced to LibreOffice found with Coverity Scan.

7 new defect(s) introduced to LibreOffice found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 7 of 7 defect(s)


** CID 1428613:  Error handling issues  (CHECKED_RETURN)
/sc/source/core/data/documen3.cxx: 226 in ScDocument::IsAddressInRangeName(RangeNameScope, ScAddress &)()


________________________________________________________________________________________________________
*** CID 1428613:  Error handling issues  (CHECKED_RETURN)
/sc/source/core/data/documen3.cxx: 226 in ScDocument::IsAddressInRangeName(RangeNameScope, ScAddress &)()
220             pRangeNames= GetRangeName(rAddress.Tab());
221     
222         ScRangeName::iterator itrBegin = pRangeNames->begin(), itrEnd = pRangeNames->end();
223     
224         for (ScRangeName::iterator itr = itrBegin; itr != itrEnd; ++itr)
225         {
>>>     CID 1428613:  Error handling issues  (CHECKED_RETURN)
>>>     Calling "IsValidReference" without checking return value (as is done elsewhere 14 out of 15 times).
226             itr->second->IsValidReference(aNameRange);
227             bRet = aNameRange.In(rAddress);
228             if (!bRet)
229                 continue;
230             else
231                 break;

** CID 1428612:  Error handling issues  (CHECKED_RETURN)
/desktop/source/lib/init.cxx: 3685 in preloadData()()


________________________________________________________________________________________________________
*** CID 1428612:  Error handling issues  (CHECKED_RETURN)
/desktop/source/lib/init.cxx: 3685 in preloadData()()
3679         ImageTree &images = ImageTree::get();
3680         images.getImageUrl("forcefed.png", "style", "FO_oo");
3681     
3682         std::cerr << "Preload languages\n";
3683         // force load language singleton
3684         SvtLanguageTable::HasLanguageType(LANGUAGE_SYSTEM);
>>>     CID 1428612:  Error handling issues  (CHECKED_RETURN)
>>>     Calling "isValidBcp47" without checking return value (as is done elsewhere 6 out of 7 times).
3685         LanguageTag::isValidBcp47("foo", nullptr);
3686     }
3687     
3688     static int lo_initialize(LibreOfficeKit* pThis, const char* pAppPath, const char* pUserProfileUrl)
3689     {
3690         enum {

** CID 1428611:  Null pointer dereferences  (NULL_RETURNS)
/sc/source/ui/unoobj/cellsuno.cxx: 6420 in ScCellObj::GetResultType_Impl()()


________________________________________________________________________________________________________
*** CID 1428611:  Null pointer dereferences  (NULL_RETURNS)
/sc/source/ui/unoobj/cellsuno.cxx: 6420 in ScCellObj::GetResultType_Impl()()
6414         sal_Int32 eRet = sheet::FormulaResult::STRING;
6415         ScDocShell* pDocSh = GetDocShell();
6416         if (pDocSh)
6417         {
6418             if (pDocSh->GetDocument().GetCellType(aCellPos) == CELLTYPE_FORMULA)
6419             {
>>>     CID 1428611:  Null pointer dereferences  (NULL_RETURNS)
>>>     Assigning: "pFCell" = null return value from "GetFormulaCell".
6420                 ScFormulaCell* pFCell = pDocSh->GetDocument().GetFormulaCell(aCellPos);
6421                 if (pFCell->GetErrCode() != FormulaError::NONE )
6422                 {
6423                     eRet = sheet::FormulaResult::ERROR;
6424                 }
6425                 else if (pFCell->IsValue())

** CID 1428610:  Integer handling issues  (SIGN_EXTENSION)
/vcl/source/filter/igif/gifread.cxx: 665 in GIFReader::CreateNewBitmaps()()


________________________________________________________________________________________________________
*** CID 1428610:  Integer handling issues  (SIGN_EXTENSION)
/vcl/source/filter/igif/gifread.cxx: 665 in GIFReader::CreateNewBitmaps()()
659         else if( nGCDisposalMethod == 3 )
660             aAnimBmp.eDisposal = Disposal::Previous;
661         else
662             aAnimBmp.eDisposal = Disposal::Not;
663     
664         nAnimationByteSize += aAnimBmp.aBmpEx.GetSizeBytes();
>>>     CID 1428610:  Integer handling issues  (SIGN_EXTENSION)
>>>     Suspicious implicit sign extension: "this->nImageWidth" with type "sal_uInt16" (16 bits, unsigned) is promoted in "this->nImageWidth * this->nImageHeight / 2560" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned).  If "this->nImageWidth * this->nImageHeight / 2560" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
665         nAnimationMinFileData += nImageWidth * nImageHeight / 2560;
666         aAnimation.Insert( aAnimBmp );
667     
668         if( aAnimation.Count() == 1 )
669         {
670             aAnimation.SetDisplaySizePixel( Size( nGlobalWidth, nGlobalHeight ) );

** CID 1428609:  Integer handling issues  (SIGN_EXTENSION)
/vcl/source/filter/igif/gifread.cxx: 665 in GIFReader::CreateNewBitmaps()()


________________________________________________________________________________________________________
*** CID 1428609:  Integer handling issues  (SIGN_EXTENSION)
/vcl/source/filter/igif/gifread.cxx: 665 in GIFReader::CreateNewBitmaps()()
659         else if( nGCDisposalMethod == 3 )
660             aAnimBmp.eDisposal = Disposal::Previous;
661         else
662             aAnimBmp.eDisposal = Disposal::Not;
663     
664         nAnimationByteSize += aAnimBmp.aBmpEx.GetSizeBytes();
>>>     CID 1428609:  Integer handling issues  (SIGN_EXTENSION)
>>>     Suspicious implicit sign extension: "this->nImageHeight" with type "sal_uInt16" (16 bits, unsigned) is promoted in "this->nImageWidth * this->nImageHeight / 2560" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned).  If "this->nImageWidth * this->nImageHeight / 2560" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
665         nAnimationMinFileData += nImageWidth * nImageHeight / 2560;
666         aAnimation.Insert( aAnimBmp );
667     
668         if( aAnimation.Count() == 1 )
669         {
670             aAnimation.SetDisplaySizePixel( Size( nGlobalWidth, nGlobalHeight ) );

** CID 1401308:  Error handling issues  (UNCAUGHT_EXCEPT)
/usr/include/c++/7/bits/unique_ptr.h: 371 in std::unique_ptr<SwDBManager, std::default_delete<SwDBManager>>::reset(SwDBManager *)()


________________________________________________________________________________________________________
*** CID 1401308:  Error handling issues  (UNCAUGHT_EXCEPT)
/usr/include/c++/7/bits/unique_ptr.h: 371 in std::unique_ptr<SwDBManager, std::default_delete<SwDBManager>>::reset(SwDBManager *)()
365            *
366            * @param __p  The new pointer to store.
367            *
368            * The deleter will be invoked if a pointer is already owned.
369            */
370           void
>>>     CID 1401308:  Error handling issues  (UNCAUGHT_EXCEPT)
>>>     An exception of type "com::sun::star::uno::DeploymentException" is thrown but the throw list "throw()" doesn't allow it to be thrown. This will cause a call to unexpected() which usually calls terminate().
371           reset(pointer __p = pointer()) noexcept
372           {
373     	using std::swap;
374     	swap(_M_t._M_ptr(), __p);
375     	if (__p != pointer())
376     	  get_deleter()(__p);

** CID 1401307:  Error handling issues  (UNCAUGHT_EXCEPT)
/usr/include/c++/7/bits/unique_ptr.h: 264 in std::unique_ptr<SwDBManager, std::default_delete<SwDBManager>>::~unique_ptr()()


________________________________________________________________________________________________________
*** CID 1401307:  Error handling issues  (UNCAUGHT_EXCEPT)
/usr/include/c++/7/bits/unique_ptr.h: 264 in std::unique_ptr<SwDBManager, std::default_delete<SwDBManager>>::~unique_ptr()()
258           template<typename _Up, typename = _Require<
259     	       is_convertible<_Up*, _Tp*>, is_same<_Dp, default_delete<_Tp>>>>
260     	unique_ptr(auto_ptr<_Up>&& __u) noexcept;
261     #endif
262     
263           /// Destructor, invokes the deleter if the stored pointer is not null.
>>>     CID 1401307:  Error handling issues  (UNCAUGHT_EXCEPT)
>>>     An exception of type "com::sun::star::uno::DeploymentException" is thrown but the throw list "throw()" doesn't allow it to be thrown. This will cause a call to unexpected() which usually calls terminate().
264           ~unique_ptr() noexcept
265           {
266     	auto& __ptr = _M_t._M_ptr();
267     	if (__ptr != nullptr)
268     	  get_deleter()(__ptr);
269     	__ptr = pointer();


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRZBnDJeNb0HijxaS4JNJPxk3kpyAm2AYqo71yXmnOxB72ibeUH-2F-2F1Lhi9AZq3dRu-2F4-3D_g-2BrHdvqzaBa155F-2F8AmPhpJzY63UzWDisJV95WUBpGhqFw1ICExHG8aMaV2EoFpyzP80Ae8h0nGrlAIV-2FOK1pkqKlt24IoqN9HKnVAXx4nK1-2BfiWfMR9zib-2FvZ2gxGq9-2FxxDLcfS9-2BROxLGErRskSdKqd7Ur5-2Bur8u1TH6kX97f223l3E6TjEd2sPXfZX05jrqbgOeE-2FO7yOmwSm2hq1E3r4XFLoma-2Fx0wE-2B0UxCvjQ-3D

To manage Coverity Scan email notifications for "libreoffice at lists.freedesktop.org", click https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4k1FZJSDV-2FTHi5VQof9xGafB4oBwGYxuHHknceo2QLpCrZ44Ciy7AqBR2QyX6OCB5lwWgMDuK-2FivqaohkU3M9kT-2Fww10Qt2GoaCJAOQCa0Wv4ijH4oV8jCt0XXa7QeAwh_g-2BrHdvqzaBa155F-2F8AmPhpJzY63UzWDisJV95WUBpGhqFw1ICExHG8aMaV2EoFpyzP80Ae8h0nGrlAIV-2FOK1prK3VORSsTGaAql5B-2F4uLchzCfaZfBSP-2F899rNxTFXVNjG1yG4INqpYn-2BiqCJWiK2URU2yflbXeZm1-2B2lmAuhbN4efn0DHF0VTQEqil-2Fw8LTQMj6-2BMu4uI2p-2FwexRmD13aM4PFjVXuRswNwy4-2FAGdvg-3D

More information about the LibreOffice mailing list