New Defects reported by Coverity Scan for LibreOffice
scan-admin at coverity.com
scan-admin at coverity.com
Sun Nov 18 17:22:05 UTC 2018
Hi,
Please find the latest report on new defect(s) introduced to LibreOffice found with Coverity Scan.
4 new defect(s) introduced to LibreOffice found with Coverity Scan.
5 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 4 of 4 defect(s)
** CID 1441444: Integer handling issues (SIGN_EXTENSION)
/sc/source/filter/inc/ftools.hxx: 104 in insert_value<unsigned short, unsigned short>(T1 &, T2, unsigned char, unsigned char)()
________________________________________________________________________________________________________
*** CID 1441444: Integer handling issues (SIGN_EXTENSION)
/sc/source/filter/inc/ftools.hxx: 104 in insert_value<unsigned short, unsigned short>(T1 &, T2, unsigned char, unsigned char)()
98 there at bit nStartBit. Other contents of rnBitField keep unchanged. */
99 template< typename Type, typename InsertType >
100 void insert_value( Type& rnBitField, InsertType nValue, sal_uInt8 nStartBit, sal_uInt8 nBitCount )
101 {
102 unsigned long nMask = ((1UL << nBitCount) - 1);
103 Type nNewValue = static_cast< Type >( nValue & nMask );
>>> CID 1441444: Integer handling issues (SIGN_EXTENSION)
>>> Suspicious implicit sign extension: "nNewValue" with type "sal_uInt16" (16 bits, unsigned) is promoted in "nNewValue << nStartBit" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned). If "nNewValue << nStartBit" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
104 rnBitField = (rnBitField & ~(nMask << nStartBit)) | (nNewValue << nStartBit);
105 }
106
107 class Color;
108 class SfxPoolItem;
109 class SfxItemSet;
** CID 1441443: Null pointer dereferences (REVERSE_INULL)
/sw/source/core/text/txtfrm.cxx: 3310 in SwTextFrame::CalcAdditionalFirstLineOffset()()
________________________________________________________________________________________________________
*** CID 1441443: Null pointer dereferences (REVERSE_INULL)
/sw/source/core/text/txtfrm.cxx: 3310 in SwTextFrame::CalcAdditionalFirstLineOffset()()
3304 // reset additional first line offset
3305 mnAdditionalFirstLineOffset = 0;
3306
3307 const SwTextNode* pTextNode( GetTextNodeForParaProps() );
3308 // sw_redlinehide: check that pParaPropsNode is the correct one
3309 assert(pTextNode->IsNumbered(getRootFrame()) == pTextNode->IsNumbered(nullptr));
>>> CID 1441443: Null pointer dereferences (REVERSE_INULL)
>>> Null-checking "pTextNode" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
3310 if (pTextNode && pTextNode->IsNumbered(getRootFrame()) &&
3311 pTextNode->IsCountedInList() && pTextNode->GetNumRule())
3312 {
3313 int nListLevel = pTextNode->GetActualListLevel();
3314
3315 if (nListLevel < 0)
** CID 1441442: Integer handling issues (SIGN_EXTENSION)
/sc/source/filter/inc/ftools.hxx: 104 in insert_value<unsigned short, unsigned char>(T1 &, T2, unsigned char, unsigned char)()
________________________________________________________________________________________________________
*** CID 1441442: Integer handling issues (SIGN_EXTENSION)
/sc/source/filter/inc/ftools.hxx: 104 in insert_value<unsigned short, unsigned char>(T1 &, T2, unsigned char, unsigned char)()
98 there at bit nStartBit. Other contents of rnBitField keep unchanged. */
99 template< typename Type, typename InsertType >
100 void insert_value( Type& rnBitField, InsertType nValue, sal_uInt8 nStartBit, sal_uInt8 nBitCount )
101 {
102 unsigned long nMask = ((1UL << nBitCount) - 1);
103 Type nNewValue = static_cast< Type >( nValue & nMask );
>>> CID 1441442: Integer handling issues (SIGN_EXTENSION)
>>> Suspicious implicit sign extension: "nNewValue" with type "sal_uInt16" (16 bits, unsigned) is promoted in "nNewValue << nStartBit" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned). If "nNewValue << nStartBit" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
104 rnBitField = (rnBitField & ~(nMask << nStartBit)) | (nNewValue << nStartBit);
105 }
106
107 class Color;
108 class SfxPoolItem;
109 class SfxItemSet;
** CID 1441441: Error handling issues (UNCAUGHT_EXCEPT)
/sc/source/core/data/formulacell.cxx: 1505 in <unnamed>::TemporaryCellGroupMaker::~TemporaryCellGroupMaker()()
________________________________________________________________________________________________________
*** CID 1441441: Error handling issues (UNCAUGHT_EXCEPT)
/sc/source/core/data/formulacell.cxx: 1505 in <unnamed>::TemporaryCellGroupMaker::~TemporaryCellGroupMaker()()
1499 if( mEnabled && mCell->GetCellGroup() == nullptr )
1500 {
1501 mCell->CreateCellGroup( 1, false );
1502 mCell->GetDocument()->GetRecursionHelper().AddTemporaryGroupCell( mCell );
1503 }
1504 }
>>> CID 1441441: Error handling issues (UNCAUGHT_EXCEPT)
>>> An exception of type "com::sun::star::uno::RuntimeException" is thrown but the throw list "throw()" doesn't allow it to be thrown. This will cause a call to unexpected() which usually calls terminate().
1505 ~TemporaryCellGroupMaker()
1506 {
1507 if( mEnabled )
1508 mCell->GetDocument()->GetRecursionHelper().CleanTemporaryGroupCells();
1509 }
1510 ScFormulaCell* mCell;
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRZBnDJeNb0HijxaS4JNJPxk3kpyAm2AYqo71yXmnOxB72ibeUH-2F-2F1Lhi9AZq3dRu-2F4-3D_g-2BrHdvqzaBa155F-2F8AmPhpJzY63UzWDisJV95WUBpGhqFw1ICExHG8aMaV2EoFpySMbMX2y55vHGEqQWTnXUisR-2FXw3NRtZfMbeYNwrUl19KCNRklO4ozfB8onH8eFJKWaw-2B5G-2BZoQJgzd0ZryT1uC3NRgveG6BH4LoGSd7-2FUSfVygRQQZSAabrn8qq3OZxjmMt0dmDFJfsg1cUZBRyHF5x-2BFBXdHe8P40KeaUsrOtY-3D
More information about the LibreOffice
mailing list