New Defects reported by Coverity Scan for LibreOffice

scan-admin at coverity.com scan-admin at coverity.com
Sun Nov 10 05:59:48 UTC 2019


Hi,

Please find the latest report on new defect(s) introduced to LibreOffice found with Coverity Scan.

8 new defect(s) introduced to LibreOffice found with Coverity Scan.
10 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 8 of 8 defect(s)


** CID 1455328:  Uninitialized members  (UNINIT_CTOR)
/include/basegfx/DrawCommands.hxx: 70 in gfx::LinearGradientInfo::LinearGradientInfo()()


________________________________________________________________________________________________________
*** CID 1455328:  Uninitialized members  (UNINIT_CTOR)
/include/basegfx/DrawCommands.hxx: 70 in gfx::LinearGradientInfo::LinearGradientInfo()()
64     class LinearGradientInfo : public GradientInfo
65     {
66     public:
67         LinearGradientInfo()
68             : GradientInfo(GradientType::Linear)
69         {
>>>     CID 1455328:  Uninitialized members  (UNINIT_CTOR)
>>>     Non-static class member "y2" is not initialized in this constructor nor in any functions that it calls.
70         }
71     
72         double x1;
73         double y1;
74         double x2;
75         double y2;

** CID 1455327:  Null pointer dereferences  (NULL_RETURNS)


________________________________________________________________________________________________________
*** CID 1455327:  Null pointer dereferences  (NULL_RETURNS)
/sc/source/ui/navipi/navcitem.cxx: 53 in ScNavigatorControllerItem::StateChanged(unsigned short, SfxItemState, const SfxPoolItem *)()
47                     OSL_ENSURE( pCellPosItem, "SfxStringItem expected!" );
48     
49                     if ( pCellPosItem )
50                     {
51                         const OUString&  aAddress( pCellPosItem->GetValue() );
52                         ScAddress aScAddress;
>>>     CID 1455327:  Null pointer dereferences  (NULL_RETURNS)
>>>     Dereferencing a pointer that might be "nullptr" "this->rNavigatorDlg->GetViewData()" when calling "GetDocument".
53                         aScAddress.Parse( aAddress, rNavigatorDlg.GetViewData()->GetDocument() );
54     
55                         SCCOL nCol = aScAddress.Col()+1;
56                         SCROW nRow = aScAddress.Row()+1;
57     
58                         rNavigatorDlg.UpdateColumn( &nCol );

** CID 1455326:    (FORWARD_NULL)


________________________________________________________________________________________________________
*** CID 1455326:    (FORWARD_NULL)
/sc/source/core/tool/address.cxx: 2381 in ScRange::MoveSticky(const ScDocument *, short, int, short, ScRange&)()
2375             dy = 0;     // Entire column not to be moved.
2376         if (dx && aStart.Col() == 0 && aEnd.Col() == nMaxCol)
2377             dx = 0;     // Entire row not to be moved.
2378         bool b1 = aStart.Move( dx, dy, dz, rErrorRange.aStart );
2379         if (dx && bColRange && aEnd.Col() == nMaxCol)
2380             dx = 0;     // End column sticky.
>>>     CID 1455326:    (FORWARD_NULL)
>>>     Passing null pointer "pDoc" to "MaxRow", which dereferences it.
2381         if (dy && bRowRange && aEnd.Row() == pDoc->MaxRow())
2382             dy = 0;     // End row sticky.
2383         SCTAB nOldTab = aEnd.Tab();
2384         bool b2 = aEnd.Move( dx, dy, dz, rErrorRange.aEnd );
2385         if (!b2)
2386         {
/sc/source/core/tool/address.cxx: 2374 in ScRange::MoveSticky(const ScDocument *, short, int, short, ScRange&)()
2368     
2369     bool ScRange::MoveSticky( const ScDocument* pDoc, SCCOL dx, SCROW dy, SCTAB dz, ScRange& rErrorRange )
2370     {
2371         const SCCOL nMaxCol = (pDoc ? pDoc->MaxCol() : MAXCOL);
2372         bool bColRange = (aStart.Col() < aEnd.Col());
2373         bool bRowRange = (aStart.Row() < aEnd.Row());
>>>     CID 1455326:    (FORWARD_NULL)
>>>     Passing null pointer "pDoc" to "MaxRow", which dereferences it.
2374         if (dy && aStart.Row() == 0 && aEnd.Row() == pDoc->MaxRow())
2375             dy = 0;     // Entire column not to be moved.
2376         if (dx && aStart.Col() == 0 && aEnd.Col() == nMaxCol)
2377             dx = 0;     // Entire row not to be moved.
2378         bool b1 = aStart.Move( dx, dy, dz, rErrorRange.aStart );
2379         if (dx && bColRange && aEnd.Col() == nMaxCol)

** CID 1455325:    (FORWARD_NULL)


________________________________________________________________________________________________________
*** CID 1455325:    (FORWARD_NULL)
/sc/source/core/tool/address.cxx: 2282 in ScRange::Format(ScRefFlags, const ScDocument *, const ScAddress::Details &, bool) const()
2276                 if( aStart.Row() != aEnd.Row() ||
2277                     lcl_RowAbsFlagDiffer( nFlags ) ) {
2278                     r.append(":");
2279                     lcl_r1c1_append_r( r, aEnd.Row(), (nFlags & ScRefFlags::ROW2_ABS) != ScRefFlags::ZERO, rDetails );
2280                 }
2281             }
>>>     CID 1455325:    (FORWARD_NULL)
>>>     Passing null pointer "pDoc" to "MaxRow", which dereferences it.
2282             else if( aStart.Row() == 0 && aEnd.Row() >= pDoc->MaxRow() && !bFullAddressNotation )
2283             {
2284                 lcl_r1c1_append_c( r, aStart.Col(), (nFlags & ScRefFlags::COL_ABS) != ScRefFlags::ZERO, rDetails );
2285                 if( aStart.Col() != aEnd.Col() ||
2286                     lcl_ColAbsFlagDiffer( nFlags )) {
2287                     r.append(":");
/sc/source/core/tool/address.cxx: 2249 in ScRange::Format(ScRefFlags, const ScDocument *, const ScAddress::Details &, bool) const()
2243             {
2244                 // Full col refs always require 2 rows (2:2)
2245                 lcl_a1_append_r( r, aStart.Row(), (nFlags & ScRefFlags::ROW_ABS) != ScRefFlags::ZERO );
2246                 r.append(":");
2247                 lcl_a1_append_r( r, aEnd.Row(), (nFlags & ScRefFlags::ROW2_ABS) != ScRefFlags::ZERO );
2248             }
>>>     CID 1455325:    (FORWARD_NULL)
>>>     Passing null pointer "pDoc" to "MaxRow", which dereferences it.
2249             else if( aStart.Row() == 0 && aEnd.Row() >= pDoc->MaxRow() && !bFullAddressNotation )
2250             {
2251                 // Full row refs always require 2 cols (A:A)
2252                 lcl_a1_append_c( r, aStart.Col(), (nFlags & ScRefFlags::COL_ABS) != ScRefFlags::ZERO );
2253                 r.append(":");
2254                 lcl_a1_append_c( r, aEnd.Col(), (nFlags & ScRefFlags::COL2_ABS) != ScRefFlags::ZERO );

** CID 1448502:  Insecure data handling  (TAINTED_SCALAR)


________________________________________________________________________________________________________
*** CID 1448502:  Insecure data handling  (TAINTED_SCALAR)
/sc/source/filter/excel/xlpivot.cxx: 874 in operator >>(XclImpStream &, XclPTInfo &)()
868         rInfo.mnDataRows = rStrm.ReaduInt16();
869         rInfo.mnDataCols = rStrm.ReaduInt16();
870         rInfo.mnFlags = rStrm.ReaduInt16();
871         rInfo.mnAutoFmtIdx = rStrm.ReaduInt16();
872         nTabLen = rStrm.ReaduInt16();
873         nDataLen = rStrm.ReaduInt16();
>>>     CID 1448502:  Insecure data handling  (TAINTED_SCALAR)
>>>     Passing tainted variable "nTabLen" to a tainted sink.
874         rInfo.maTableName = rStrm.ReadUniString( nTabLen );
875         rInfo.maDataName = rStrm.ReadUniString( nDataLen );
876         return rStrm;
877     }
878     
879     XclExpStream& operator<<( XclExpStream& rStrm, const XclPTInfo& rInfo )

** CID 1448374:  Insecure data handling  (TAINTED_SCALAR)


________________________________________________________________________________________________________
*** CID 1448374:  Insecure data handling  (TAINTED_SCALAR)
/sc/source/filter/excel/xichart.cxx: 1230 in XclImpChText::ReadChFrLabelProps(XclImpStream &)()
1224             mxLabelProps.reset( new XclChFrLabelProps );
1225             sal_uInt16 nSepLen;
1226             rStrm.Ignore( 12 );
1227             mxLabelProps->mnFlags = rStrm.ReaduInt16();
1228             nSepLen = rStrm.ReaduInt16();
1229             if( nSepLen > 0 )
>>>     CID 1448374:  Insecure data handling  (TAINTED_SCALAR)
>>>     Passing tainted variable "nSepLen" to a tainted sink.
1230                 mxLabelProps->maSeparator = rStrm.ReadUniString( nSepLen );
1231         }
1232     }
1233     
1234     namespace {
1235     

** CID 1448371:  Insecure data handling  (TAINTED_SCALAR)


________________________________________________________________________________________________________
*** CID 1448371:  Insecure data handling  (TAINTED_SCALAR)
/sc/source/filter/excel/xlpivot.cxx: 408 in operator >>(XclImpStream &, XclPTCachedName &)()
402         sal_uInt16 nStrLen;
403         nStrLen = rStrm.ReaduInt16();
404         rCachedName.mbUseCache = nStrLen == EXC_PT_NOSTRING;
405         if( rCachedName.mbUseCache )
406             rCachedName.maName.clear();
407         else
>>>     CID 1448371:  Insecure data handling  (TAINTED_SCALAR)
>>>     Passing tainted variable "nStrLen" to a tainted sink.
408             rCachedName.maName = rStrm.ReadUniString( nStrLen );
409         return rStrm;
410     }
411     
412     XclExpStream& operator<<( XclExpStream& rStrm, const XclPTCachedName& rCachedName )
413     {

** CID 1448242:  Insecure data handling  (TAINTED_SCALAR)


________________________________________________________________________________________________________
*** CID 1448242:  Insecure data handling  (TAINTED_SCALAR)
/sc/source/filter/excel/xistream.cxx: 902 in XclImpStream::ReadUniString()()
896     {
897         return ReadUniString( nChars, ReaduInt8() );
898     }
899     
900     OUString XclImpStream::ReadUniString()
901     {
>>>     CID 1448242:  Insecure data handling  (TAINTED_SCALAR)
>>>     Passing tainted variable "this->ReaduInt16()" to a tainted sink.
902         return ReadUniString( ReaduInt16() );
903     }
904     
905     void XclImpStream::IgnoreRawUniString( sal_uInt16 nChars, bool b16Bit )
906     {
907         sal_uInt16 nCharsLeft = nChars;


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRZBnDJeNb0HijxaS4JNJPxk3kpyAm2AYqo71yXmnOxB73RtgzoPcQtNNP5dkHLuV1E-3D_g-2BrHdvqzaBa155F-2F8AmPhpJzY63UzWDisJV95WUBpGhqFw1ICExHG8aMaV2EoFpyUbHeJv53ur8ib48CsDoT1aiypfQnzYD-2Bb8fRbM9rWTspy-2F-2FfWqE-2FsX6j0S0WLQVu-2FWKmZZXXjnEqMi52P094kauIhg4w-2Bt3mte1LAXrlusgnU2aqshyPmRVMbjh6b0YDJIPdIadbtHBhKLjUuB4wGjT87CNgWFObnW4j9eiwti4-3D



More information about the LibreOffice mailing list