New Defects reported by Coverity Scan for LibreOffice
scan-admin at coverity.com
scan-admin at coverity.com
Fri Sep 27 05:30:58 UTC 2019
Hi,
Please find the latest report on new defect(s) introduced to LibreOffice found with Coverity Scan.
11 new defect(s) introduced to LibreOffice found with Coverity Scan.
4 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 11 of 11 defect(s)
** CID 1454003: (DEADCODE)
/libreofficekit/qa/tilebench/tilebench.cxx: 129 in dumpTile(const char *, int, int, int, const unsigned char *, int, int, int)()
/libreofficekit/qa/tilebench/tilebench.cxx: 96 in dumpTile(const char *, int, int, int, const unsigned char *, int, int, int)()
/libreofficekit/qa/tilebench/tilebench.cxx: 134 in dumpTile(const char *, int, int, int, const unsigned char *, int, int, int)()
________________________________________________________________________________________________________
*** CID 1454003: (DEADCODE)
/libreofficekit/qa/tilebench/tilebench.cxx: 129 in dumpTile(const char *, int, int, int, const unsigned char *, int, int, int)()
123 }
124
125 ofs.write(buf, 3);
126 }
127 if (dumpText)
128 {
>>> CID 1454003: (DEADCODE)
>>> Execution cannot reach this statement: "lowResI = (pixel[0] + pixel...".
129 int lowResI = (pixel[0] + pixel[1] + pixel[2])/(3*16);
130 fprintf(stderr,"%1x", lowResI);
131 }
132 }
133 if (dumpText)
134 fprintf(stderr,"\n");
/libreofficekit/qa/tilebench/tilebench.cxx: 96 in dumpTile(const char *, int, int, int, const unsigned char *, int, int, int)()
90 << nHeight << "\n"
91 << 255 << "\n" ;
92
93 bool dumpText = false;
94
95 if (dumpText)
>>> CID 1454003: (DEADCODE)
>>> Execution cannot reach this statement: "fprintf(stderr, "Stream %s ...".
96 fprintf(stderr, "Stream %s - %dx%d:\n", pNameStem, nWidth, nHeight);
97
98 for (int y = 0; y < nHeight; ++y)
99 {
100 const char* row = pBuffer + (y + nOffY) * nTotalWidth * 4 + nOffX * 4;
101 for (int x = 0; x < nWidth; ++x)
/libreofficekit/qa/tilebench/tilebench.cxx: 134 in dumpTile(const char *, int, int, int, const unsigned char *, int, int, int)()
128 {
129 int lowResI = (pixel[0] + pixel[1] + pixel[2])/(3*16);
130 fprintf(stderr,"%1x", lowResI);
131 }
132 }
133 if (dumpText)
>>> CID 1454003: (DEADCODE)
>>> Execution cannot reach this statement: "fprintf(stderr, "\n");".
134 fprintf(stderr,"\n");
135 }
136 ofs.close();
137 }
138
139 static void testTile( Document *pDocument, int max_parts,
** CID 1454002: (FORWARD_NULL)
________________________________________________________________________________________________________
*** CID 1454002: (FORWARD_NULL)
/sc/source/ui/app/inputhdl.cxx: 3777 in ScInputHandler::NotifyChange(const ScInputHdlState *, bool, ScTabViewShell *, bool)()
3771 ScModule* pScMod = SC_MOD();
3772
3773 ScTabViewShell* pScTabViewShell = pScMod ? dynamic_cast<ScTabViewShell*>(pScMod->GetViewShell()) : nullptr;
3774
3775 // Also take foreign reference input into account here (e.g. FunctionsAutoPilot),
3776 // FormEditData, if we're switching from Help to Calc:
>>> CID 1454002: (FORWARD_NULL)
>>> Passing null pointer "pScMod" to "IsFormulaMode", which dereferences it.
3777 if ( !bFormulaMode && !pScMod->IsFormulaMode() &&
3778 ( !pScTabViewShell || !pScTabViewShell->GetFormEditData() ) )
3779 {
3780 bool bIgnore = false;
3781 if ( bModified )
3782 {
/sc/source/ui/app/inputhdl.cxx: 3900 in ScInputHandler::NotifyChange(const ScInputHdlState *, bool, ScTabViewShell *, bool)()
3894 }
3895 }
3896
3897 if ( pInputWin)
3898 {
3899 // Do not enable if RefDialog is open
>>> CID 1454002: (FORWARD_NULL)
>>> Passing null pointer "pScMod" to "IsFormulaMode", which dereferences it.
3900 if(!pScMod->IsFormulaMode()&& !pScMod->IsRefDialogOpen())
3901 {
3902 if ( !pInputWin->IsEnabled())
3903 {
3904 pDelayTimer->Stop();
3905 pInputWin->Enable();
** CID 1454001: Null pointer dereferences (FORWARD_NULL)
________________________________________________________________________________________________________
*** CID 1454001: Null pointer dereferences (FORWARD_NULL)
/vcl/unx/gtk3/gtk3gtkinst.cxx: 2746 in GtkInstanceContainer::CreateChildFrame()()
2740 // will create a toplevel GtkEventBox window
2741 auto xEmbedWindow = VclPtr<ChildFrame>::Create(ImplGetDefaultWindow(), WB_SYSTEMCHILDWINDOW | WB_DIALOGCONTROL | WB_CHILDDLGCTRL);
2742 SalFrame* pFrame = xEmbedWindow->ImplGetFrame();
2743 GtkSalFrame* pGtkFrame = dynamic_cast<GtkSalFrame*>(pFrame);
2744
2745 // relocate that toplevel GtkEventBox into this widget
>>> CID 1454001: Null pointer dereferences (FORWARD_NULL)
>>> Passing null pointer "pGtkFrame" to "getWindow", which dereferences it.
2746 GtkWidget* pWindow = pGtkFrame->getWindow();
2747
2748 GtkWidget* pParent = gtk_widget_get_parent(pWindow);
2749
2750 g_object_ref(pWindow);
2751 gtk_container_remove(GTK_CONTAINER(pParent), pWindow);
** CID 1454000: Incorrect expression (ASSERT_SIDE_EFFECT)
/include/opencl/OpenCLZone.hxx: 35 in OpenCLZone::~OpenCLZone()()
________________________________________________________________________________________________________
*** CID 1454000: Incorrect expression (ASSERT_SIDE_EFFECT)
/include/opencl/OpenCLZone.hxx: 35 in OpenCLZone::~OpenCLZone()()
29 {
30 gnEnterCount = gnEnterCount + 1; //TODO: overflow
31 }
32
33 ~OpenCLZone()
34 {
>>> CID 1454000: Incorrect expression (ASSERT_SIDE_EFFECT)
>>> Argument "OpenCLZone::gnEnterCount" of assert() has a side effect because the variable is volatile. The containing function might work differently in a non-debug build.
35 assert(gnEnterCount > 0);
36 gnEnterCount = gnEnterCount - 1;
37 if (!isInZone())
38 gbInInitialTest = false;
39 }
40
** CID 1453998: Memory - illegal accesses (WRAPPER_ESCAPE)
/chart2/source/controller/dialogs/dlg_CreationWizard.cxx: 100 in chart::CreationWizard::createPage(short)()
________________________________________________________________________________________________________
*** CID 1453998: Memory - illegal accesses (WRAPPER_ESCAPE)
/chart2/source/controller/dialogs/dlg_CreationWizard.cxx: 100 in chart::CreationWizard::createPage(short)()
94 switch( nState )
95 {
96 case STATE_CHARTTYPE:
97 {
98 m_aTimerTriggeredControllerLock.startTimer();
99 xRet = std::make_unique<ChartTypeTabPage>(pPageContainer, this, m_xChartModel);
>>> CID 1453998: Memory - illegal accesses (WRAPPER_ESCAPE)
>>> The internal representation of local "xRet" escapes into "this->m_pTemplateProvider", but is destroyed when it exits scope.
100 m_pTemplateProvider = static_cast<ChartTypeTabPage*>(xRet.get());
101 if (m_pDialogModel)
102 m_pDialogModel->setTemplate( m_pTemplateProvider->getCurrentTemplate());
103 break;
104 }
105 case STATE_SIMPLE_RANGE:
** CID 1453997: (UNCAUGHT_EXCEPT)
/cui/source/options/optcolor.cxx: 720 in SvxColorOptionsTabPage::~SvxColorOptionsTabPage()()
/cui/source/options/optcolor.cxx: 720 in SvxColorOptionsTabPage::~SvxColorOptionsTabPage()()
________________________________________________________________________________________________________
*** CID 1453997: (UNCAUGHT_EXCEPT)
/cui/source/options/optcolor.cxx: 720 in SvxColorOptionsTabPage::~SvxColorOptionsTabPage()()
714 m_xDeleteSchemePB->connect_clicked(aLk);
715
716 m_rWidget1.connect_size_allocate(LINK(this, SvxColorOptionsTabPage, AdjustHeaderBar));
717 m_rWidget2.connect_size_allocate(LINK(this, SvxColorOptionsTabPage, AdjustHeaderBar));
718 }
719
>>> CID 1453997: (UNCAUGHT_EXCEPT)
>>> An exception of type "com::sun::star::uno::RuntimeException" is thrown but the throw list "noexcept" doesn't allow it to be thrown. This will cause a call to unexpected() which usually calls terminate().
720 SvxColorOptionsTabPage::~SvxColorOptionsTabPage()
721 {
722 if (pColorConfig)
723 {
724 //when the dialog is cancelled but the color scheme ListBox has been changed these
725 //changes need to be undone
/cui/source/options/optcolor.cxx: 720 in SvxColorOptionsTabPage::~SvxColorOptionsTabPage()()
714 m_xDeleteSchemePB->connect_clicked(aLk);
715
716 m_rWidget1.connect_size_allocate(LINK(this, SvxColorOptionsTabPage, AdjustHeaderBar));
717 m_rWidget2.connect_size_allocate(LINK(this, SvxColorOptionsTabPage, AdjustHeaderBar));
718 }
719
>>> CID 1453997: (UNCAUGHT_EXCEPT)
>>> An exception of type "com::sun::star::uno::RuntimeException" is thrown but the throw list "noexcept" doesn't allow it to be thrown. This will cause a call to unexpected() which usually calls terminate().
720 SvxColorOptionsTabPage::~SvxColorOptionsTabPage()
721 {
722 if (pColorConfig)
723 {
724 //when the dialog is cancelled but the color scheme ListBox has been changed these
725 //changes need to be undone
** CID 1453996: Error handling issues (CHECKED_RETURN)
/cui/source/options/treeopt.cxx: 581 in OfaTreeOptionsDialog::AddTabPage(unsigned short, const rtl::OUString &, unsigned short)()
________________________________________________________________________________________________________
*** CID 1453996: Error handling issues (CHECKED_RETURN)
/cui/source/options/treeopt.cxx: 581 in OfaTreeOptionsDialog::AddTabPage(unsigned short, const rtl::OUString &, unsigned short)()
575 OptionsPageInfo* OfaTreeOptionsDialog::AddTabPage(
576 sal_uInt16 nId, const OUString& rPageName, sal_uInt16 nGroup )
577 {
578 OptionsPageInfo* pPageInfo = new OptionsPageInfo( nId );
579
580 std::unique_ptr<weld::TreeIter> xParent = xTreeLB->make_iterator();
>>> CID 1453996: Error handling issues (CHECKED_RETURN)
>>> Calling "get_iter_first" without checking return value (as is done elsewhere 58 out of 62 times).
581 xTreeLB->get_iter_first(*xParent);
582 xTreeLB->iter_nth_sibling(*xParent, nGroup);
583
584 OUString sId(OUString::number(reinterpret_cast<sal_Int64>(pPageInfo)));;
585 xTreeLB->insert(xParent.get(), -1, &rPageName, &sId, nullptr, nullptr, nullptr, false, nullptr);
586
** CID 1453994: Uninitialized members (UNINIT_CTOR)
/cui/source/options/optcolor.cxx: 372 in ColorConfigWindow_Impl::ColorConfigWindow_Impl(weld::Window *, weld::Container *)()
________________________________________________________________________________________________________
*** CID 1453994: Uninitialized members (UNINIT_CTOR)
/cui/source/options/optcolor.cxx: 372 in ColorConfigWindow_Impl::ColorConfigWindow_Impl(weld::Window *, weld::Container *)()
366 , m_xBuilder(Application::CreateBuilder(pParent, "cui/ui/colorconfigwin.ui"))
367 , m_xGrid(m_xBuilder->weld_container("ColorConfigWindow"))
368 , m_xWidget1(m_xBuilder->weld_widget("doccolor"))
369 , m_xWidget2(m_xBuilder->weld_widget("doccolor_lb"))
370 {
371 CreateEntries();
>>> CID 1453994: Uninitialized members (UNINIT_CTOR)
>>> Non-static class member "m_pVScroll" is not initialized in this constructor nor in any functions that it calls.
372 }
373
374 void ColorConfigWindow_Impl::CreateEntries()
375 {
376 std::bitset<nGroupCount> aModulesInstalled;
377 // creating group headers
** CID 1453993: Error handling issues (CHECKED_RETURN)
/cui/source/options/treeopt.cxx: 850 in OfaTreeOptionsDialog::SelectHdl_Impl()()
________________________________________________________________________________________________________
*** CID 1453993: Error handling issues (CHECKED_RETURN)
/cui/source/options/treeopt.cxx: 850 in OfaTreeOptionsDialog::SelectHdl_Impl()()
844 }
845
846 void OfaTreeOptionsDialog::SelectHdl_Impl()
847 {
848 std::unique_ptr<weld::TreeIter> xEntry(xTreeLB->make_iterator());
849
>>> CID 1453993: Error handling issues (CHECKED_RETURN)
>>> Calling "get_cursor" without checking return value (as is done elsewhere 17 out of 19 times).
850 xTreeLB->get_cursor(xEntry.get());
851 if (xCurrentPageEntry && xCurrentPageEntry->equal(*xEntry))
852 return;
853
854 std::unique_ptr<weld::TreeIter> xParent(xTreeLB->make_iterator(xEntry.get()));
855 bool bParent = xTreeLB->iter_parent(*xParent);
** CID 1453992: (FORWARD_NULL)
________________________________________________________________________________________________________
*** CID 1453992: (FORWARD_NULL)
/sc/source/ui/formdlg/formula.cxx: 146 in ScFormulaDlg::ScFormulaDlg(SfxBindings *, SfxChildWindow *, weld::Window *, const ScViewData *, const formula::IFunctionManager *)()
140 bMatrix = CheckMatrix(aFormula);
141
142 sal_Int32 nFStart = 0;
143 sal_Int32 nFEnd = 0;
144 if ( GetFormulaHelper().GetNextFunc( aFormula, false, nFStart, &nFEnd) )
145 {
>>> CID 1453992: (FORWARD_NULL)
>>> Passing null pointer "pInputHdl" to "InputReplaceSelection", which dereferences it.
146 pInputHdl->InputReplaceSelection( aFormula );
147 pInputHdl->InputSetSelection( nFStart, nFEnd );
148 sal_Int32 PrivStart, PrivEnd;
149 pInputHdl->InputGetSelection( PrivStart, PrivEnd);
150
151 eMode = SetMeText(pInputHdl->GetFormString(),PrivStart, PrivEnd, bMatrix, true, true);
/sc/source/ui/formdlg/formula.cxx: 164 in ScFormulaDlg::ScFormulaDlg(SfxBindings *, SfxChildWindow *, weld::Window *, const ScViewData *, const formula::IFunctionManager *)()
158 if ( !bEdit )
159 {
160 OUString aNewFormula('=');
161 if ( aFormula.startsWith("=") )
162 aNewFormula = aFormula;
163
>>> CID 1453992: (FORWARD_NULL)
>>> Passing null pointer "pInputHdl" to "InputReplaceSelection", which dereferences it.
164 pInputHdl->InputReplaceSelection( aNewFormula );
165 pInputHdl->InputSetSelection( 1, aNewFormula.getLength()+1 );
166 sal_Int32 PrivStart, PrivEnd;
167 pInputHdl->InputGetSelection( PrivStart, PrivEnd);
168 SetMeText(pInputHdl->GetFormString(),PrivStart, PrivEnd,bMatrix,false,false);
169
** CID 1453991: (WRAPPER_ESCAPE)
/dbaccess/source/ui/dlg/dbwizsetup.cxx: 518 in dbaui::ODbTypeWizDialogSetup::createPage(short)()
/dbaccess/source/ui/dlg/dbwizsetup.cxx: 460 in dbaui::ODbTypeWizDialogSetup::createPage(short)()
/dbaccess/source/ui/dlg/dbwizsetup.cxx: 532 in dbaui::ODbTypeWizDialogSetup::createPage(short)()
________________________________________________________________________________________________________
*** CID 1453991: (WRAPPER_ESCAPE)
/dbaccess/source/ui/dlg/dbwizsetup.cxx: 518 in dbaui::ODbTypeWizDialogSetup::createPage(short)()
512
513 case PAGE_DBSETUPWIZARD_MSACCESS:
514 xPage = OConnectionTabPageSetup::CreateMSAccessTabPage(pPageContainer, this, *m_pOutSet);
515 break;
516 case PAGE_DBSETUPWIZARD_MYSQL_INTRO:
517 xPage = OMySQLIntroPageSetup::CreateMySQLIntroTabPage(pPageContainer, this, *m_pOutSet);
>>> CID 1453991: (WRAPPER_ESCAPE)
>>> The internal representation of local "xPage" escapes into "this->m_pMySQLIntroPage", but is destroyed when it exits scope.
518 m_pMySQLIntroPage = static_cast<OMySQLIntroPageSetup*>(xPage.get());
519 m_pMySQLIntroPage->SetClickHdl(LINK( this, ODbTypeWizDialogSetup, ImplClickHdl ) );
520 break;
521
522 case PAGE_DBSETUPWIZARD_AUTHENTIFICATION:
523 xPage = OAuthentificationPageSetup::CreateAuthentificationTabPage(pPageContainer, this, *m_pOutSet);
/dbaccess/source/ui/dlg/dbwizsetup.cxx: 460 in dbaui::ODbTypeWizDialogSetup::createPage(short)()
454 weld::Container* pPageContainer = m_xAssistant->append_page(sIdent);
455
456 switch(_nState)
457 {
458 case PAGE_DBSETUPWIZARD_INTRO:
459 xPage = std::make_unique<OGeneralPageWizard>(pPageContainer,this,*m_pOutSet);
>>> CID 1453991: (WRAPPER_ESCAPE)
>>> The internal representation of local "xPage" escapes into "this->m_pGeneralPage", but is destroyed when it exits scope.
460 m_pGeneralPage = static_cast<OGeneralPageWizard*>(xPage.get());
461 m_pGeneralPage->SetTypeSelectHandler(LINK(this, ODbTypeWizDialogSetup, OnTypeSelected));
462 m_pGeneralPage->SetCreationModeHandler(LINK( this, ODbTypeWizDialogSetup, OnChangeCreationMode ) );
463 m_pGeneralPage->SetDocumentSelectionHandler(LINK( this, ODbTypeWizDialogSetup, OnRecentDocumentSelected ) );
464 m_pGeneralPage->SetChooseDocumentHandler(LINK( this, ODbTypeWizDialogSetup, OnSingleDocumentChosen ) );
465 break;
/dbaccess/source/ui/dlg/dbwizsetup.cxx: 532 in dbaui::ODbTypeWizDialogSetup::createPage(short)()
526 case PAGE_DBSETUPWIZARD_USERDEFINED:
527 xPage = OConnectionTabPageSetup::CreateUserDefinedTabPage(pPageContainer, this, *m_pOutSet);
528 break;
529
530 case PAGE_DBSETUPWIZARD_FINAL:
531 xPage = OFinalDBPageSetup::CreateFinalDBTabPageSetup(pPageContainer, this, *m_pOutSet);
>>> CID 1453991: (WRAPPER_ESCAPE)
>>> The internal representation of local "xPage" escapes into "this->m_pFinalPage", but is destroyed when it exits scope.
532 m_pFinalPage = static_cast<OFinalDBPageSetup*>(xPage.get());
533 break;
534 }
535
536 if ( xPage )
537 {
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRZBnDJeNb0HijxaS4JNJPxk3kpyAm2AYqo71yXmnOxB73RtgzoPcQtNNP5dkHLuV1E-3D_g-2BrHdvqzaBa155F-2F8AmPhpJzY63UzWDisJV95WUBpGhqFw1ICExHG8aMaV2EoFpyYTxH00YffKYncjRAYUbMucjBCEf08-2FZTFDwlyyJ-2F73B5Bi3YIOY3iSv6Fexjdl1pBMZ6Zjzw2uO2-2FddS-2Fa0T6CHpKQ-2FP7Q3kTId1RyBDRXIPmG-2F9VLkmoi52LeefVVJ4S-2BGcoJQLFC-2FWp5XbLOadZ7OIzH-2BRTzgt3SBDwfjEnnE-3D
More information about the LibreOffice
mailing list