New Defects reported by Coverity Scan for LibreOffice
scan-admin at coverity.com
scan-admin at coverity.com
Sat Sep 15 02:36:02 UTC 2018
Hi,
Please find the latest report on new defect(s) introduced to LibreOffice found with Coverity Scan.
10 new defect(s) introduced to LibreOffice found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 10 of 10 defect(s)
** CID 1439340: Error handling issues (CHECKED_RETURN)
/sfx2/qa/cppunit/test_misc.cxx: 190 in <unnamed>::MiscTest::testHardLinks()()
________________________________________________________________________________________________________
*** CID 1439340: Error handling issues (CHECKED_RETURN)
/sfx2/qa/cppunit/test_misc.cxx: 190 in <unnamed>::MiscTest::testHardLinks()()
184 int nRet = stat(aOld.getStr(), &buf);
185 CPPUNIT_ASSERT_EQUAL(0, nRet);
186 // This failed: hard link count was 1, the hard link broke on store.
187 CPPUNIT_ASSERT(buf.st_nlink > 1);
188
189 // Test that symlinks are presreved as well.
>>> CID 1439340: Error handling issues (CHECKED_RETURN)
>>> Calling "remove(aNew.getStr())" without checking return value. This library function may fail and return an error code.
190 remove(aNew.getStr());
191 symlink(aOld.getStr(), aNew.getStr());
192 xStorable->storeToURL(aURL + ".2", {});
193 nRet = lstat(aNew.getStr(), &buf);
194 CPPUNIT_ASSERT_EQUAL(0, nRet);
195 // This failed, the hello.odt.2 symlink was replaced with a real file.
** CID 1439339: Null pointer dereferences (NULL_RETURNS)
________________________________________________________________________________________________________
*** CID 1439339: Null pointer dereferences (NULL_RETURNS)
/sw/source/ui/envelp/label1.cxx: 684 in SwBusinessDataPage::FillItemSet(SfxItemSet *)()
678 FillItemSet(_pSet);
679 return DeactivateRC::LeavePage;
680 }
681
682 bool SwBusinessDataPage::FillItemSet(SfxItemSet* rSet)
683 {
>>> CID 1439339: Null pointer dereferences (NULL_RETURNS)
>>> Dereferencing a pointer that might be null "this->GetDialogExampleSet()" when calling "Get".
684 SwLabItem aItem = static_cast<const SwLabItem&>(GetDialogExampleSet()->Get(FN_LABEL));
685
686 aItem.m_aCompCompany = m_xCompanyED->get_text();
687 aItem.m_aCompCompanyExt= m_xCompanyExtED->get_text();
688 aItem.m_aCompSlogan = m_xSloganED->get_text();
689 aItem.m_aCompStreet = m_xStreetED->get_text();
** CID 1439338: Security best practices violations (TOCTOU)
/sfx2/qa/cppunit/test_misc.cxx: 184 in <unnamed>::MiscTest::testHardLinks()()
________________________________________________________________________________________________________
*** CID 1439338: Security best practices violations (TOCTOU)
/sfx2/qa/cppunit/test_misc.cxx: 184 in <unnamed>::MiscTest::testHardLinks()()
178 CPPUNIT_ASSERT(xComponent.is());
179
180 uno::Reference<frame::XStorable> xStorable(xComponent, uno::UNO_QUERY);
181 xStorable->store();
182
183 struct stat buf;
>>> CID 1439338: Security best practices violations (TOCTOU)
>>> Calling function "stat" to perform check on "aOld.getStr()".
184 int nRet = stat(aOld.getStr(), &buf);
185 CPPUNIT_ASSERT_EQUAL(0, nRet);
186 // This failed: hard link count was 1, the hard link broke on store.
187 CPPUNIT_ASSERT(buf.st_nlink > 1);
188
189 // Test that symlinks are presreved as well.
** CID 1439337: Uninitialized members (UNINIT_CTOR)
/svx/source/dialog/svxbmpnumvalueset.cxx: 822 in SvxBmpNumValueSet::SvxBmpNumValueSet(std::unique_ptr<weld::ScrolledWindow, std::default_delete<weld::ScrolledWindow>>)()
________________________________________________________________________________________________________
*** CID 1439337: Uninitialized members (UNINIT_CTOR)
/svx/source/dialog/svxbmpnumvalueset.cxx: 822 in SvxBmpNumValueSet::SvxBmpNumValueSet(std::unique_ptr<weld::ScrolledWindow, std::default_delete<weld::ScrolledWindow>>)()
816 }
817
818 SvxBmpNumValueSet::SvxBmpNumValueSet(std::unique_ptr<weld::ScrolledWindow> pScrolledWindow)
819 : NumValueSet(std::move(pScrolledWindow))
820 , aFormatIdle("SvxBmpNumValueSet FormatIdle")
821 {
>>> CID 1439337: Uninitialized members (UNINIT_CTOR)
>>> Non-static class member "bGrfNotFound" is not initialized in this constructor nor in any functions that it calls.
822 }
823
824 void SvxBmpNumValueSet::init()
825 {
826 NumValueSet::init(NumberingPageType::BITMAP);
827 bGrfNotFound = false;
** CID 1439336: Resource leaks (VIRTUAL_DTOR)
________________________________________________________________________________________________________
*** CID 1439336: Resource leaks (VIRTUAL_DTOR)
** CID 1439335: Null pointer dereferences (FORWARD_NULL)
________________________________________________________________________________________________________
*** CID 1439335: Null pointer dereferences (FORWARD_NULL)
/sw/source/core/crsr/findattr.cxx: 631 in SwAttrCheckArr::SetAttrBwd(const SwTextAttr &)()
625 nFound--;
626 }
627 }
628 if( pIter )
629 {
630 nWhch = pIter->NextWhich();
>>> CID 1439335: Null pointer dereferences (FORWARD_NULL)
>>> Passing null pointer "pSet" to "GetItemState", which dereferences it.
631 while( nWhch &&
632 SfxItemState::SET != pSet->GetItemState( nWhch, true, &pTmpItem ) )
633 nWhch = pIter->NextWhich();
634 if( !nWhch )
635 break;
636 }
** CID 1439334: Null pointer dereferences (NULL_RETURNS)
________________________________________________________________________________________________________
*** CID 1439334: Null pointer dereferences (NULL_RETURNS)
/sw/source/ui/envelp/label1.cxx: 594 in SwPrivateDataPage::FillItemSet(SfxItemSet *)()
588 FillItemSet(_pSet);
589 return DeactivateRC::LeavePage;
590 }
591
592 bool SwPrivateDataPage::FillItemSet(SfxItemSet* rSet)
593 {
>>> CID 1439334: Null pointer dereferences (NULL_RETURNS)
>>> Dereferencing a pointer that might be null "this->GetDialogExampleSet()" when calling "Get".
594 SwLabItem aItem = static_cast<const SwLabItem&>(GetDialogExampleSet()->Get(FN_LABEL));
595 aItem.m_aPrivFirstName = m_xFirstNameED->get_text();
596 aItem.m_aPrivName = m_xNameED->get_text();
597 aItem.m_aPrivShortCut = m_xShortCutED->get_text();
598 aItem.m_aPrivFirstName2 = m_xFirstName2ED->get_text();
599 aItem.m_aPrivName2 = m_xName2ED->get_text();
** CID 1439333: Null pointer dereferences (NULL_RETURNS)
________________________________________________________________________________________________________
*** CID 1439333: Null pointer dereferences (NULL_RETURNS)
/sw/qa/extras/ooxmlexport/ooxmlexport2.cxx: 349 in testTable::verify()()
343 // CHECK_FORMULA( "binom {a} {binom {b} {c}}", getFormula( getRun( getParagraph( 4 ), 1 )));
344 }
345
346 DECLARE_OOXMLEXPORT_TEST(testTable, "table.odt")
347 {
348 // Make sure we write qFormat for well-known style names.
>>> CID 1439333: Null pointer dereferences (NULL_RETURNS)
>>> Dereferencing a pointer that might be null "this->parseExport(rtl::OUString const("word/styles.xml", rtl::libreoffice_internal::Dummy()))" when calling "assertXPath".
349 assertXPath(parseExport("word/styles.xml"), "//w:style[@w:styleId='Normal']/w:qFormat", 1);
350 }
351
352 struct SingleLineBorders {
353 sal_Int16 top, bottom, left, right;
354 SingleLineBorders(int t=0, int b=0, int l=0, int r=0)
** CID 1439332: Incorrect expression (IDENTICAL_BRANCHES)
/sc/source/core/opencl/formulagroupcl.cxx: 2152 in sc::opencl::VectorRefFactory<sc::opencl::VectorRef>(const ScCalcConfig &, const std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> &, const std::shared_ptr<sc::opencl::FormulaTreeNode> &, std::shared_ptr<sc::opencl::SlidingFunctionBase>&, int)()
________________________________________________________________________________________________________
*** CID 1439332: Incorrect expression (IDENTICAL_BRANCHES)
/sc/source/core/opencl/formulagroupcl.cxx: 2152 in sc::opencl::VectorRefFactory<sc::opencl::VectorRef>(const ScCalcConfig &, const std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> &, const std::shared_ptr<sc::opencl::FormulaTreeNode> &, std::shared_ptr<sc::opencl::SlidingFunctionBase>&, int)()
2146 int index )
2147 {
2148 //Black lists ineligible classes here ..
2149 // SUMIFS does not perform parallel reduction at DoubleVectorRef level
2150 if (dynamic_cast<OpSumIfs*>(pCodeGen.get()))
2151 {
>>> CID 1439332: Incorrect expression (IDENTICAL_BRANCHES)
>>> The same code is executed when the condition "index == 0" is true or false, because the code in the if-then branch and after the if statement is identical. Should the if statement be removed?
2152 if (index == 0) // the first argument of OpSumIfs cannot be strings anyway
2153 return new DynamicKernelSlidingArgument<VectorRef>(config, s, ft, pCodeGen, index);
2154 return new DynamicKernelSlidingArgument<Base>(config, s, ft, pCodeGen, index);
2155 }
2156 // AVERAGE is not supported yet
2157 //Average has been supported by reduction kernel
** CID 1439331: Null pointer dereferences (FORWARD_NULL)
________________________________________________________________________________________________________
*** CID 1439331: Null pointer dereferences (FORWARD_NULL)
/sw/source/core/crsr/findattr.cxx: 480 in SwAttrCheckArr::SetAttrFwd(const SwTextAttr &)()
474 nFound--;
475 }
476 }
477 if( pIter )
478 {
479 nWhch = pIter->NextWhich();
>>> CID 1439331: Null pointer dereferences (FORWARD_NULL)
>>> Passing null pointer "pSet" to "GetItemState", which dereferences it.
480 while( nWhch &&
481 SfxItemState::SET != pSet->GetItemState( nWhch, true, &pTmpItem ) )
482 nWhch = pIter->NextWhich();
483 if( !nWhch )
484 break;
485 }
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRZBnDJeNb0HijxaS4JNJPxk3kpyAm2AYqo71yXmnOxB72ibeUH-2F-2F1Lhi9AZq3dRu-2F4-3D_g-2BrHdvqzaBa155F-2F8AmPhpJzY63UzWDisJV95WUBpGhqFw1ICExHG8aMaV2EoFpyRHuLWQO1iDYAKLqeTI-2FrWB-2BH0pyUfsnXEQTKIAHgwqeg-2BPlaNQppGcyGza2CEZnr4I4f-2BhlafEhhqWJ-2FGbjZllUmKsHDtuLfmvJYYcNPCZQO8MjGT353a257ALOFfqnmHN5sTtD0eF8915f0-2FQnXu1zRiuHGqTSoOsgC0XcIP7c-3D
More information about the LibreOffice
mailing list