New Defects reported by Coverity Scan for LibreOffice
scan-admin at coverity.com
scan-admin at coverity.com
Tue Nov 20 15:05:05 UTC 2018
Hi,
Please find the latest report on new defect(s) introduced to LibreOffice found with Coverity Scan.
5 new defect(s) introduced to LibreOffice found with Coverity Scan.
4 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 5 of 5 defect(s)
** CID 1441470: Uninitialized members (UNINIT_CTOR)
/vcl/unx/gtk3/gtk3gtkinst.cxx: 4133 in GtkInstanceTreeIter::GtkInstanceTreeIter(const GtkInstanceTreeIter*)()
________________________________________________________________________________________________________
*** CID 1441470: Uninitialized members (UNINIT_CTOR)
/vcl/unx/gtk3/gtk3gtkinst.cxx: 4133 in GtkInstanceTreeIter::GtkInstanceTreeIter(const GtkInstanceTreeIter*)()
4127
4128 struct GtkInstanceTreeIter : public weld::TreeIter
4129 {
4130 GtkInstanceTreeIter(const GtkInstanceTreeIter* pOrig)
4131 {
4132 if (!pOrig)
>>> CID 1441470: Uninitialized members (UNINIT_CTOR)
>>> Non-static class member field "iter.user_data3" is not initialized in this constructor nor in any functions that it calls.
4133 return;
4134 iter = pOrig->iter;
4135 }
4136 GtkTreeIter iter;
4137 };
4138
** CID 1441469: Null pointer dereferences (NULL_RETURNS)
________________________________________________________________________________________________________
*** CID 1441469: Null pointer dereferences (NULL_RETURNS)
/vcl/source/app/salvtables.cxx: 2165 in SalInstanceTreeView::ExpandingHdl(SvTreeListBox *)()
2159 bool bPlaceHolder = false;
2160 if (pEntry->HasChildren())
2161 {
2162 auto pChild = m_xTreeView->FirstChild(pEntry);
2163 if (m_xTreeView->GetEntryText(pChild) == "<dummy>")
2164 {
>>> CID 1441469: Null pointer dereferences (NULL_RETURNS)
>>> Dereferencing a pointer that might be null "pChild" when calling "RemoveEntry".
2165 m_xTreeView->RemoveEntry(pChild);
2166 bPlaceHolder = true;
2167 }
2168 }
2169
2170 SalInstanceTreeIter aIter(nullptr);
** CID 1441468: Uninitialized members (UNINIT_CTOR)
/vcl/source/app/salvtables.cxx: 1758 in SalInstanceTreeIter::SalInstanceTreeIter(const SalInstanceTreeIter*)()
________________________________________________________________________________________________________
*** CID 1441468: Uninitialized members (UNINIT_CTOR)
/vcl/source/app/salvtables.cxx: 1758 in SalInstanceTreeIter::SalInstanceTreeIter(const SalInstanceTreeIter*)()
1752
1753 struct SalInstanceTreeIter : public weld::TreeIter
1754 {
1755 SalInstanceTreeIter(const SalInstanceTreeIter* pOrig)
1756 {
1757 if (!pOrig)
>>> CID 1441468: Uninitialized members (UNINIT_CTOR)
>>> Non-static class member "iter" is not initialized in this constructor nor in any functions that it calls.
1758 return;
1759 iter = pOrig->iter;
1760 }
1761 SvTreeListEntry* iter;
1762 };
1763
** CID 1441467: Error handling issues (CHECKED_RETURN)
/vcl/unx/gtk/fpicker/SalGtkFilePicker.cxx: 1236 in SalGtkFilePicker::HandleGetListValue(_GtkComboBox *, short)()
________________________________________________________________________________________________________
*** CID 1441467: Error handling issues (CHECKED_RETURN)
/vcl/unx/gtk/fpicker/SalGtkFilePicker.cxx: 1236 in SalGtkFilePicker::HandleGetListValue(_GtkComboBox *, short)()
1230 {
1231 gchar *item;
1232 gtk_tree_model_get(gtk_combo_box_get_model(pWidget),
1233 &iter, 0, &item, -1);
1234 aItemList[i] = OUString(item, strlen(item), RTL_TEXTENCODING_UTF8);
1235 g_free(item);
>>> CID 1441467: Error handling issues (CHECKED_RETURN)
>>> Calling "gtk_tree_model_iter_next" without checking return value (as is done elsewhere 4 out of 5 times).
1236 gtk_tree_model_iter_next(pTree, &iter);
1237 }
1238 }
1239 aAny <<= aItemList;
1240 }
1241 break;
** CID 1441466: (TAINTED_SCALAR)
/filter/source/graphicfilter/ipict/ipict.cxx: 1095 in PictReader::ReadPixMapEtc(BitmapEx &, bool, bool, tools::Rectangle *, tools::Rectangle *, bool, bool)()
/filter/source/graphicfilter/ipict/ipict.cxx: 1126 in PictReader::ReadPixMapEtc(BitmapEx &, bool, bool, tools::Rectangle *, tools::Rectangle *, bool, bool)()
________________________________________________________________________________________________________
*** CID 1441466: (TAINTED_SCALAR)
/filter/source/graphicfilter/ipict/ipict.cxx: 1095 in PictReader::ReadPixMapEtc(BitmapEx &, bool, bool, tools::Rectangle *, tools::Rectangle *, bool, bool)()
1089 {
1090 pPict->ReadUChar( nByteCountAsByte );
1091 nByteCount = nByteCountAsByte;
1092 nByteCount++;
1093 }
1094 size_t i = 0;
>>> CID 1441466: (TAINTED_SCALAR)
>>> Using tainted variable "nByteWidth" as a loop boundary.
1095 while (i < nByteWidth)
1096 {
1097 pPict->ReadUChar( nFlagCounterByte );
1098 if ( ( nFlagCounterByte & 0x80 ) == 0)
1099 {
1100 nCount = static_cast<sal_uInt16>(nFlagCounterByte) + 1;
/filter/source/graphicfilter/ipict/ipict.cxx: 1126 in PictReader::ReadPixMapEtc(BitmapEx &, bool, bool, tools::Rectangle *, tools::Rectangle *, bool, bool)()
1120 aScanline[ i++ ] = nDat;
1121 }
1122 }
1123 sal_uInt8* pTmp = aScanline.data();
1124 if ( nCmpCount == 4 )
1125 pTmp += nWidth;
>>> CID 1441466: (TAINTED_SCALAR)
>>> Using tainted variable "nWidth" as a loop boundary.
1126 for (sal_uInt16 nx = 0; nx < nWidth; pTmp++)
1127 pBitmap->SetPixel(ny, nx++, Color(*pTmp, pTmp[ nWidth ], pTmp[ 2 * nWidth ]));
1128 nDataSize += static_cast<sal_uLong>(nByteCount);
1129 pPict->Seek( nSrcBitsPos + static_cast<sal_uLong>(nByteCount) );
1130 }
1131 }
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRZBnDJeNb0HijxaS4JNJPxk3kpyAm2AYqo71yXmnOxB72ibeUH-2F-2F1Lhi9AZq3dRu-2F4-3D_g-2BrHdvqzaBa155F-2F8AmPhpJzY63UzWDisJV95WUBpGhqFw1ICExHG8aMaV2EoFpyQz1mZFaU3QtY8RlAySX8fUu6CkVLuZ6r2pV3inpKznhWiLnouRQZA8-2FpWvZy44kDvenj-2B0PSXHISKojBmN5slzL1qpCVxPUYhLGpjBRYRuONEWsY-2BuQcfDHMhlj2mqXJTfIL4l9I-2B-2FbuuJQCiZ8-2B7ZknxVMaVmsQ-2BrdKy2HeKJc-3D
More information about the LibreOffice
mailing list