New Defects reported by Coverity Scan for LibreOffice

scan-admin at coverity.com scan-admin at coverity.com
Thu Mar 29 08:18:41 UTC 2018 

Hi,

Please find the latest report on new defect(s) introduced to LibreOffice found with Coverity Scan.

7 new defect(s) introduced to LibreOffice found with Coverity Scan.
5 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 7 of 7 defect(s)


** CID 1433648:  Error handling issues  (CHECKED_RETURN)
/sc/source/filter/xml/xmldrani.cxx: 447 in ScXMLDatabaseRangeContext::endFastElement(int)()


________________________________________________________________________________________________________
*** CID 1433648:  Error handling issues  (CHECKED_RETURN)
/sc/source/filter/xml/xmldrani.cxx: 447 in ScXMLDatabaseRangeContext::endFastElement(int)()
441         {
442             ::std::unique_ptr<ScDBData> pData(ConvertToDBData(sDatabaseRangeName));
443     
444             if (pData.get())
445             {
446                 setAutoFilterFlags(*pDoc, *pData);
>>>     CID 1433648:  Error handling issues  (CHECKED_RETURN)
>>>     Calling "insert" without checking return value (as is done elsewhere 13 out of 15 times).
447                 pDoc->GetDBCollection()->getNamedDBs().insert(pData.release());
448             }
449         }
450     }
451     
452     ScXMLSourceSQLContext::ScXMLSourceSQLContext( ScXMLImport& rImport,

** CID 1433647:  Error handling issues  (CHECKED_RETURN)
/sfx2/qa/cppunit/test_misc.cxx: 174 in <unnamed>::MiscTest::testHardLinks()()


________________________________________________________________________________________________________
*** CID 1433647:  Error handling issues  (CHECKED_RETURN)
/sfx2/qa/cppunit/test_misc.cxx: 174 in <unnamed>::MiscTest::testHardLinks()()
168         CPPUNIT_ASSERT(xComponent.is());
169     
170         uno::Reference<frame::XStorable> xStorable(xComponent, uno::UNO_QUERY);
171         xStorable->store();
172     
173         struct stat buf;
>>>     CID 1433647:  Error handling issues  (CHECKED_RETURN)
>>>     Calling "stat(aOld.getStr(), &buf)" without checking return value. This library function may fail and return an error code. [Note: The source code implementation of the function has been overridden by a builtin model.]
174         stat(aOld.getStr(), &buf);
175         // This failed: hard link count was 1, the hard link broke on store.
176         CPPUNIT_ASSERT(buf.st_nlink > 1);
177     
178         xComponent->dispose();
179     #endif

** CID 1433646:  Null pointer dereferences  (FORWARD_NULL)


________________________________________________________________________________________________________
*** CID 1433646:  Null pointer dereferences  (FORWARD_NULL)
/sd/source/ui/slidesorter/controller/SlsClipboard.cxx: 446 in sd::slidesorter::controller::Clipboard::CreateSlideTransferable(vcl::Window *, bool)()
440     
441             if (bDrag)
442                 SD_MOD()->pTransferDrag = pTransferable;
443             else
444                 SD_MOD()->pTransferClip = pTransferable;
445     
>>>     CID 1433646:  Null pointer dereferences  (FORWARD_NULL)
>>>     Passing null pointer "pDocument" to "CreatingDataObj", which dereferences it.
446             pDocument->CreatingDataObj (pTransferable);
447             pTransferable->SetWorkDocument(pDocument->AllocSdDrawDocument());
448             std::unique_ptr<TransferableObjectDescriptor> pObjDesc(new TransferableObjectDescriptor);
449             pTransferable->GetWorkDocument()->GetDocSh()
450                 ->FillTransferableObjectDescriptor (*pObjDesc);
451     

** CID 1433645:  Memory - illegal accesses  (OVERRUN)
/sw/source/core/access/accpara.cxx: 2855 in SwAccessibleParagraph::setAttributes(int, int, const com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> &)()


________________________________________________________________________________________________________
*** CID 1433645:  Memory - illegal accesses  (OVERRUN)
/sw/source/core/access/accpara.cxx: 2855 in SwAccessibleParagraph::setAttributes(int, int, const com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> &)()
2849         sal_Int32 nLength = rAttributeSet.getLength();
2850         const PropertyValue* pPairs = rAttributeSet.getConstArray();
2851         sal_Int32* pIndices = new sal_Int32[nLength];
2852         sal_Int32 i;
2853         for( i = 0; i < nLength; i++ )
2854             pIndices[i] = i;
>>>     CID 1433645:  Memory - illegal accesses  (OVERRUN)
>>>     Overrunning dynamic array "pIndices" at offset corresponding to index variable "nLength".
2855         sort( &pIndices[0], &pIndices[nLength], IndexCompare(pPairs) );
2856     
2857         // create sorted sequences according to index array
2858         uno::Sequence< OUString > aNames( nLength );
2859         OUString* pNames = aNames.getArray();
2860         uno::Sequence< uno::Any > aValues( nLength );

** CID 1433644:  Null pointer dereferences  (FORWARD_NULL)


________________________________________________________________________________________________________
*** CID 1433644:  Null pointer dereferences  (FORWARD_NULL)
/sd/source/ui/slidesorter/controller/SlsClipboard.cxx: 463 in sd::slidesorter::controller::Clipboard::CreateSlideTransferable(vcl::Window *, bool)()
457             {
458                 ViewShell* pViewShell = mrSlideSorter.GetViewShell();
459                 if (pViewShell != nullptr)
460                     pActionWindow = pViewShell->GetActiveWindow();
461             }
462     
>>>     CID 1433644:  Null pointer dereferences  (FORWARD_NULL)
>>>     Passing null pointer "pActionWindow" to "GetPointerPosPixel", which dereferences it.
463             pTransferable->SetStartPos (pActionWindow->PixelToLogic(
464                 pActionWindow->GetPointerPosPixel()));
465             pTransferable->SetObjectDescriptor (std::move(pObjDesc));
466     
467             {
468                 TemporarySlideTrackingDeactivator aDeactivator (mrController);

** CID 1401334:  Error handling issues  (UNCAUGHT_EXCEPT)
/usr/include/c++/7/bits/unique_ptr.h: 371 in std::unique_ptr<SwChartLockController_Helper, std::default_delete<SwChartLockController_Helper>>::reset(SwChartLockController_Helper *)()


________________________________________________________________________________________________________
*** CID 1401334:  Error handling issues  (UNCAUGHT_EXCEPT)
/usr/include/c++/7/bits/unique_ptr.h: 371 in std::unique_ptr<SwChartLockController_Helper, std::default_delete<SwChartLockController_Helper>>::reset(SwChartLockController_Helper *)()
365            *
366            * @param __p  The new pointer to store.
367            *
368            * The deleter will be invoked if a pointer is already owned.
369            */
370           void
>>>     CID 1401334:  Error handling issues  (UNCAUGHT_EXCEPT)
>>>     An exception of type "com::sun::star::uno::RuntimeException" is thrown but the throw list "throw()" doesn't allow it to be thrown. This will cause a call to unexpected() which usually calls terminate().
371           reset(pointer __p = pointer()) noexcept
372           {
373     	using std::swap;
374     	swap(_M_t._M_ptr(), __p);
375     	if (__p != pointer())
376     	  get_deleter()(__p);

** CID 1401328:  Error handling issues  (UNCAUGHT_EXCEPT)
/usr/include/c++/7/bits/unique_ptr.h: 264 in std::unique_ptr<SwChartLockController_Helper, std::default_delete<SwChartLockController_Helper>>::~unique_ptr()()


________________________________________________________________________________________________________
*** CID 1401328:  Error handling issues  (UNCAUGHT_EXCEPT)
/usr/include/c++/7/bits/unique_ptr.h: 264 in std::unique_ptr<SwChartLockController_Helper, std::default_delete<SwChartLockController_Helper>>::~unique_ptr()()
258           template<typename _Up, typename = _Require<
259     	       is_convertible<_Up*, _Tp*>, is_same<_Dp, default_delete<_Tp>>>>
260     	unique_ptr(auto_ptr<_Up>&& __u) noexcept;
261     #endif
262     
263           /// Destructor, invokes the deleter if the stored pointer is not null.
>>>     CID 1401328:  Error handling issues  (UNCAUGHT_EXCEPT)
>>>     An exception of type "com::sun::star::uno::RuntimeException" is thrown but the throw list "throw()" doesn't allow it to be thrown. This will cause a call to unexpected() which usually calls terminate().
264           ~unique_ptr() noexcept
265           {
266     	auto& __ptr = _M_t._M_ptr();
267     	if (__ptr != nullptr)
268     	  get_deleter()(__ptr);
269     	__ptr = pointer();


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRZBnDJeNb0HijxaS4JNJPxk3kpyAm2AYqo71yXmnOxB72ibeUH-2F-2F1Lhi9AZq3dRu-2F4-3D_g-2BrHdvqzaBa155F-2F8AmPhpJzY63UzWDisJV95WUBpGhqFw1ICExHG8aMaV2EoFpybxs0vF-2FzJaUsdJNf-2FeeRCITg1nDf-2FJOef-2F-2FTa6Xz7xlHvZD-2Baijcc9e-2F8O94bxBKOcOP-2BBD5ATT8u6EDVt-2BwOLht9pR67Q3Oh8wDVTR0-2FFybLibSkKkd8wltkTcKHwInqujZfuqPVQVvIbEJnSjUuIHOwbOttp-2FwuaG0dc-2F7QkU-3D

More information about the LibreOffice mailing list