New Defects reported by Coverity Scan for LibreOffice

scan-admin at coverity.com scan-admin at coverity.com
Thu Aug 6 20:33:02 UTC 2020


Hi,

Please find the latest report on new defect(s) introduced to LibreOffice found with Coverity Scan.

17 new defect(s) introduced to LibreOffice found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 17 of 17 defect(s)


** CID 1465676:  Error handling issues  (CHECKED_RETURN)
/sw/source/uibase/docvw/OutlineContentVisibilityWin.cxx: 68 in SwOutlineContentVisibilityWin::Set()()


________________________________________________________________________________________________________
*** CID 1465676:  Error handling issues  (CHECKED_RETURN)
/sw/source/uibase/docvw/OutlineContentVisibilityWin.cxx: 68 in SwOutlineContentVisibilityWin::Set()()
62             Hide();
63             return;
64         }
65         const SwTextNode* pTextNode = pTextFrame->GetTextNodeFirst();
66         SwWrtShell& rSh = GetEditWin()->GetView().GetWrtShell();
67         const SwOutlineNodes& rOutlineNodes = rSh.GetNodes().GetOutLineNds();
>>>     CID 1465676:  Error handling issues  (CHECKED_RETURN)
>>>     Calling "Seek_Entry" without checking return value (as is done elsewhere 23 out of 26 times).
68         rOutlineNodes.Seek_Entry(static_cast<SwNode*>(const_cast<SwTextNode*>(pTextNode)),
69                                  &m_nOutlinePos);
70         assert(m_nOutlinePos != SwOutlineNodes::npos);
71     
72         // don't set if no content and no subs with content
73         auto nPos = m_nOutlinePos;

** CID 1465675:  Uninitialized members  (UNINIT_CTOR)
/sw/source/uibase/docvw/OutlineContentVisibilityWin.cxx: 41 in SwOutlineContentVisibilityWin::SwOutlineContentVisibilityWin(SwEditWin *, const SwFrame *)()


________________________________________________________________________________________________________
*** CID 1465675:  Uninitialized members  (UNINIT_CTOR)
/sw/source/uibase/docvw/OutlineContentVisibilityWin.cxx: 41 in SwOutlineContentVisibilityWin::SwOutlineContentVisibilityWin(SwEditWin *, const SwFrame *)()
35         , m_bDestroyed(false)
36     {
37         SetSizePixel(Size(BUTTON_WIDTH, BUTTON_HEIGHT));
38     
39         m_aDelayTimer.SetTimeout(50);
40         m_aDelayTimer.SetInvokeHandler(LINK(this, SwOutlineContentVisibilityWin, DelayHandler));
>>>     CID 1465675:  Uninitialized members  (UNINIT_CTOR)
>>>     Non-static class member "m_nOutlinePos" is not initialized in this constructor nor in any functions that it calls.
41     }
42     
43     void SwOutlineContentVisibilityWin::dispose()
44     {
45         m_bDestroyed = true;
46         m_aDelayTimer.Stop();

** CID 1465674:  Incorrect expression  (COPY_PASTE_ERROR)
/vcl/opengl/RenderList.cxx: 243 in RenderList::addDrawRectangle(long, long, long, long, double, Color, Color)()


________________________________________________________________________________________________________
*** CID 1465674:  Incorrect expression  (COPY_PASTE_ERROR)
/vcl/opengl/RenderList.cxx: 243 in RenderList::addDrawRectangle(long, long, long, long, double, Color, Color)()
237                         fX1 - 0.5f, fY2 - 0.5f, fX2 + 0.5f, fY2 + 0.5f, nLineColor, fTransparency);
238         }
239     
240         if (nFillColor == SALCOLOR_NONE)
241             return;
242     
>>>     CID 1465674:  Incorrect expression  (COPY_PASTE_ERROR)
>>>     "nLineColor" looks like a copy-paste error.
243         if (nLineColor == SALCOLOR_NONE)
244         {
245             appendRectangle(rRenderParameter.maVertices, rRenderParameter.maIndices,
246                         fX1 - 0.5f, fY1 - 0.5f, fX1 + 0.5f, fY2 + 0.5f, nFillColor, fTransparency);
247             appendRectangle(rRenderParameter.maVertices, rRenderParameter.maIndices,
248                         fX1 - 0.5f, fY1 - 0.5f, fX2 + 0.5f, fY1 + 0.5f, nFillColor, fTransparency);

** CID 1465673:  Error handling issues  (CHECKED_RETURN)
/dbaccess/source/ui/querydesign/ConnectionLine.cxx: 90 in <unnamed>::calcPointsYValue(const dbaui::OTableWindow *, int, Point &, Point &)()


________________________________________________________________________________________________________
*** CID 1465673:  Error handling issues  (CHECKED_RETURN)
/dbaccess/source/ui/querydesign/ConnectionLine.cxx: 90 in <unnamed>::calcPointsYValue(const dbaui::OTableWindow *, int, Point &, Point &)()
84             _rNewConPos.setY( _pWin->GetPosPixel().Y() );
85             if (_nEntry != -1)
86             {
87                 _rNewConPos.AdjustY(pListBox->GetPosPixel().Y() );
88                 const weld::TreeView& rTreeView = pListBox->get_widget();
89                 std::unique_ptr<weld::TreeIter> xEntry = rTreeView.make_iterator();
>>>     CID 1465673:  Error handling issues  (CHECKED_RETURN)
>>>     Calling "get_iter_first" without checking return value (as is done elsewhere 88 out of 94 times).
90                 rTreeView.get_iter_first(*xEntry);
91                 rTreeView.iter_nth_sibling(*xEntry, _nEntry);
92                 auto nEntryPos = rTreeView.get_row_area(*xEntry).Center().Y();
93     
94                 if( nEntryPos >= 0 )
95                 {

** CID 1465672:  Uninitialized members  (UNINIT_CTOR)
/xmloff/source/style/xmlstyle.cxx: 221 in <unnamed>::SvXMLStyleIndex_Impl::SvXMLStyleIndex_Impl(XmlStyleFamily, const rtl::OUString &)()


________________________________________________________________________________________________________
*** CID 1465672:  Uninitialized members  (UNINIT_CTOR)
/xmloff/source/style/xmlstyle.cxx: 221 in <unnamed>::SvXMLStyleIndex_Impl::SvXMLStyleIndex_Impl(XmlStyleFamily, const rtl::OUString &)()
215     public:
216     
217         SvXMLStyleIndex_Impl( XmlStyleFamily nFam, const OUString& rName ) :
218             sName( rName ),
219             nFamily( nFam )
220         {
>>>     CID 1465672:  Uninitialized members  (UNINIT_CTOR)
>>>     Non-static class member "mpStyle" is not initialized in this constructor nor in any functions that it calls.
221         }
222     
223         SvXMLStyleIndex_Impl( const rtl::Reference<SvXMLStyleContext> &rStl ) :
224             sName( rStl->GetName() ),
225             nFamily( rStl->GetFamily() ),
226             mpStyle ( rStl.get() )

** CID 1465671:  Error handling issues  (CHECKED_RETURN)
/xmloff/source/text/txtparai.cxx: 1941 in XMLParaContext::XMLParaContext(SvXMLImport &, unsigned short, const rtl::OUString &, const com::sun::star::uno::Reference<com::sun::star::xml::sax::XAttributeList> &, bool)()


________________________________________________________________________________________________________
*** CID 1465671:  Error handling issues  (CHECKED_RETURN)
/xmloff/source/text/txtparai.cxx: 1941 in XMLParaContext::XMLParaContext(SvXMLImport &, unsigned short, const rtl::OUString &, const com::sun::star::uno::Reference<com::sun::star::xml::sax::XAttributeList> &, bool)()
1935                     mbOutlineLevelAttrFound = true;
1936                 }
1937                 break;
1938             case XML_TOK_TEXT_P_OUTLINE_CONTENT_VISIBLE:
1939                 {
1940                     mbOutlineContentVisible = true;
>>>     CID 1465671:  Error handling issues  (CHECKED_RETURN)
>>>     Calling "convertBool" without checking return value (as is done elsewhere 73 out of 79 times).
1941                     ::sax::Converter::convertBool(mbOutlineContentVisible, rValue);
1942                 }
1943                 break;
1944             case XML_TOK_TEXT_P_IS_LIST_HEADER:
1945                 {
1946                     bool bBool(false);

** CID 1465670:  Control flow issues  (DEADCODE)
/sc/source/ui/cctrl/checklistmenu.cxx: 336 in ScCheckListMenuControl::selectMenuItem(unsigned long, bool)()


________________________________________________________________________________________________________
*** CID 1465670:  Control flow issues  (DEADCODE)
/sc/source/ui/cctrl/checklistmenu.cxx: 336 in ScCheckListMenuControl::selectMenuItem(unsigned long, bool)()
330             queueCloseSubMenu();
331             return;
332         }
333     
334     
335         if (nPos == MENU_NOT_SELECTED)
>>>     CID 1465670:  Control flow issues  (DEADCODE)
>>>     Execution cannot reach this statement: "return;".
336             return;
337     
338         ScCheckListMenuWindow* pParentMenu = mxFrame->GetParentMenu();
339         if (pParentMenu)
340             pParentMenu->get_widget().setSubMenuFocused(this);
341     

** CID 1465669:  Null pointer dereferences  (FORWARD_NULL)


________________________________________________________________________________________________________
*** CID 1465669:  Null pointer dereferences  (FORWARD_NULL)
/sw/source/uibase/uno/unotxdoc.cxx: 2951 in SwXTextDocument::render(int, const com::sun::star::uno::Any &, const com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> &)()
2945         if (!m_pPrintUIOptions)
2946             m_pPrintUIOptions = lcl_GetPrintUIOptions( pDocShell, pView );
2947         m_pPrintUIOptions->processProperties( rxOptions );
2948         const bool bPrintProspect   = m_pPrintUIOptions->getBoolValue( "PrintProspect" );
2949         const bool bLastPage        = m_pPrintUIOptions->getBoolValue( "IsLastPage" );
2950     
>>>     CID 1465669:  Null pointer dereferences  (FORWARD_NULL)
>>>     "GetRenderDoc" dereferences null "this->pDocShell".
2951         SwDoc *pDoc = GetRenderDoc( pView, rSelection, bIsPDFExport );
2952         OSL_ENSURE( pDoc && pView, "doc or view shell missing!" );
2953         if (pDoc && pView)
2954         {
2955             sal_Int32 nMaxRenderer = 0;
2956             if (!bIsSwSrcView)

** CID 1462318:  Memory - illegal accesses  (USE_AFTER_FREE)


________________________________________________________________________________________________________
*** CID 1462318:  Memory - illegal accesses  (USE_AFTER_FREE)
/bridges/source/jni_uno/jni_java2uno.cxx: 218 in jni_uno::Bridge::call_uno(const jni_uno::JNI_context &, _uno_Interface *, _typelib_TypeDescription *, _typelib_TypeDescriptionReference *, int, const _typelib_MethodParameter *, _jobjectArray *) const()
212                 {
213                     JLocalAutoRef jo_arg(
214                         jni, jni->GetObjectArrayElement( jo_args, nPos ) );
215                     jni.ensure_no_exception();
216                     jvalue java_arg;
217                     java_arg.l = jo_arg.get();
>>>     CID 1462318:  Memory - illegal accesses  (USE_AFTER_FREE)
>>>     Calling "map_to_uno" dereferences freed pointer "type".
218                     map_to_uno(
219                         jni, uno_args[ nPos ], java_arg, type, nullptr,
220                         false /* no assign */, param.bOut,
221                         true /* special wrapped integral types */ );
222                 }
223                 catch (...)

** CID 1462316:    (USE_AFTER_FREE)
/cppu/source/helper/purpenv/helper_purpenv_Proxy.cxx: 491 in Proxy::dispatch(_typelib_TypeDescriptionReference *, _typelib_MethodParameter *, int, const _typelib_TypeDescription *, void *, void **, _uno_Any **)()


________________________________________________________________________________________________________
*** CID 1462316:    (USE_AFTER_FREE)
/cppu/source/helper/purpenv/helper_purpenv_Proxy.cxx: 457 in Proxy::dispatch(_typelib_TypeDescriptionReference *, _typelib_MethodParameter *, int, const _typelib_TypeDescription *, void *, void **, _uno_Any **)()
451                     }
452                     uno_Environment_invoke(m_to.get(), s_type_destructData_v, args[nPos], param.pTypeRef, 0);
453                 }
454             }
455             if (ret != pReturn)
456             {
>>>     CID 1462316:    (USE_AFTER_FREE)
>>>     Calling "uno_type_copyAndConvertData" dereferences freed pointer "pReturnTypeRef".
457                 uno_type_copyAndConvertData(pReturn,
458                                             ret,
459                                             pReturnTypeRef,
460                                             m_to_from.get());
461     
462                 uno_Environment_invoke(m_to.get(), s_type_destructData_v, ret, pReturnTypeRef, 0);
/cppu/source/helper/purpenv/helper_purpenv_Proxy.cxx: 491 in Proxy::dispatch(_typelib_TypeDescriptionReference *, _typelib_MethodParameter *, int, const _typelib_TypeDescription *, void *, void **, _uno_Any **)()
485     
486             // FIXME: need to destruct in m_to
487             uno_any_destruct(exc, nullptr);
488         }
489     
490         if (m_probeFun)
>>>     CID 1462316:    (USE_AFTER_FREE)
>>>     Passing freed pointer "pReturnTypeRef" as an argument to "*this->m_probeFun".
491             m_probeFun(false,
492                        this,
493                        m_pProbeContext,
494                        pReturnTypeRef,
495                        pParams,
496                        nParams,

** CID 1462314:  Memory - illegal accesses  (USE_AFTER_FREE)


________________________________________________________________________________________________________
*** CID 1462314:  Memory - illegal accesses  (USE_AFTER_FREE)
/bridges/source/cpp_uno/gcc3_linux_x86-64/cpp2uno.cxx: 78 in cpp2uno_call(bridges::cpp_uno::shared::CppInterfaceProxy *, const _typelib_TypeDescription *, _typelib_TypeDescriptionReference *, int, _typelib_MethodParameter *, void **, void **, void **, unsigned long *)()
72     
73         void * pUnoReturn = nullptr;
74         void * pCppReturn = nullptr; // complex return ptr: if != 0 && != pUnoReturn, reconversion need
75     
76         if ( pReturnTypeDescr )
77         {
>>>     CID 1462314:  Memory - illegal accesses  (USE_AFTER_FREE)
>>>     Calling "return_in_hidden_param" dereferences freed pointer "pReturnTypeRef".
78             if ( x86_64::return_in_hidden_param( pReturnTypeRef ) )
79             {
80                 pCppReturn = *gpreg++;
81                 nr_gpr++;
82     
83                 pUnoReturn = ( bridges::cpp_uno::shared::relatesToInterfaceType( pReturnTypeDescr )

** CID 1462313:  Memory - illegal accesses  (USE_AFTER_FREE)
/bridges/source/jni_uno/jni_data.cxx: 1047 in jni_uno::Bridge::map_to_uno(const jni_uno::JNI_context &, void *, jvalue, _typelib_TypeDescriptionReference *, const jni_uno::JNI_type_info *, bool, bool, bool) const()


________________________________________________________________________________________________________
*** CID 1462313:  Memory - illegal accesses  (USE_AFTER_FREE)
/bridges/source/jni_uno/jni_data.cxx: 1047 in jni_uno::Bridge::map_to_uno(const jni_uno::JNI_context &, void *, jvalue, _typelib_TypeDescriptionReference *, const jni_uno::JNI_type_info *, bool, bool, bool) const()
1041             case typelib_TypeClass_INTERFACE:
1042             {
1043                 TypeDescr element_td( element_type );
1044                 seq = seq_allocate( nElements, element_td.get()->nSize );
1045     
1046                 JNI_type_info const * element_info;
>>>     CID 1462313:  Memory - illegal accesses  (USE_AFTER_FREE)
>>>     Dereferencing freed pointer "element_type".
1047                 if (element_type->eTypeClass == typelib_TypeClass_STRUCT ||
1048                     element_type->eTypeClass == typelib_TypeClass_EXCEPTION ||
1049                     element_type->eTypeClass == typelib_TypeClass_INTERFACE)
1050                 {
1051                     element_info =
1052                         getJniInfo()->get_type_info( jni, element_td.get() );

** CID 1462312:  Memory - illegal accesses  (USE_AFTER_FREE)
/bridges/source/jni_uno/jni_data.cxx: 2388 in jni_uno::Bridge::map_to_java(const jni_uno::JNI_context &, jvalue *, const void *, _typelib_TypeDescriptionReference *, const jni_uno::JNI_type_info *, bool, bool, bool) const()


________________________________________________________________________________________________________
*** CID 1462312:  Memory - illegal accesses  (USE_AFTER_FREE)
/bridges/source/jni_uno/jni_data.cxx: 2388 in jni_uno::Bridge::map_to_java(const jni_uno::JNI_context &, jvalue *, const void *, _typelib_TypeDescriptionReference *, const jni_uno::JNI_type_info *, bool, bool, bool) const()
2382                     }
2383                 }
2384                 break;
2385             }
2386             default:
2387             {
>>>     CID 1462312:  Memory - illegal accesses  (USE_AFTER_FREE)
>>>     Dereferencing freed pointer "type".
2388                 throw BridgeRuntimeError(
2389                     "[map_to_java():" + OUString::unacquired( &type->pTypeName )
2390                     + "] unsupported element type: "
2391                     + OUString::unacquired( &element_type->pTypeName )
2392                     + jni.get_stack_trace() );
2393             }

** CID 1462311:  Memory - illegal accesses  (USE_AFTER_FREE)
/cppu/source/uno/sequence.cxx: 805 in uno_type_sequence_reference2One()


________________________________________________________________________________________________________
*** CID 1462311:  Memory - illegal accesses  (USE_AFTER_FREE)
/cppu/source/uno/sequence.cxx: 805 in uno_type_sequence_reference2One()
799                     &pNew, pSequence->elements,
800                     reinterpret_cast<typelib_IndirectTypeDescription *>(pTypeDescr)->pType,
801                     pSequence->nElements, acquire,
802                     pSequence->nElements ); // alloc nElements
803                 if (ret)
804                 {
>>>     CID 1462311:  Memory - illegal accesses  (USE_AFTER_FREE)
>>>     Passing freed pointer "pType" as an argument to "idestructSequence".
805                     idestructSequence( *ppSequence, pType, pTypeDescr, release );
806                     *ppSequence = pNew;
807                 }
808     
809                 TYPELIB_DANGER_RELEASE( pTypeDescr );
810             }

** CID 1462310:  Memory - illegal accesses  (USE_AFTER_FREE)
/bridges/source/jni_uno/jni_data.cxx: 1094 in jni_uno::Bridge::map_to_uno(const jni_uno::JNI_context &, void *, jvalue, _typelib_TypeDescriptionReference *, const jni_uno::JNI_type_info *, bool, bool, bool) const()


________________________________________________________________________________________________________
*** CID 1462310:  Memory - illegal accesses  (USE_AFTER_FREE)
/bridges/source/jni_uno/jni_data.cxx: 1094 in jni_uno::Bridge::map_to_uno(const jni_uno::JNI_context &, void *, jvalue, _typelib_TypeDescriptionReference *, const jni_uno::JNI_type_info *, bool, bool, bool) const()
1088                     }
1089                 }
1090                 break;
1091             }
1092             default:
1093             {
>>>     CID 1462310:  Memory - illegal accesses  (USE_AFTER_FREE)
>>>     Dereferencing freed pointer "type".
1094                 throw BridgeRuntimeError(
1095                     "[map_to_uno():" + OUString::unacquired( &type->pTypeName )
1096                     + "] unsupported sequence element type: "
1097                     + OUString::unacquired( &element_type->pTypeName )
1098                     + jni.get_stack_trace() );
1099             }

** CID 1462309:  Memory - illegal accesses  (USE_AFTER_FREE)


________________________________________________________________________________________________________
*** CID 1462309:  Memory - illegal accesses  (USE_AFTER_FREE)
/cppu/source/uno/destr.hxx: 139 in cppu::_destructAny(_uno_Any *, void (*)(void *))()
133             break;
134         }
135     #if OSL_DEBUG_LEVEL > 0
136         pAny->pData = reinterpret_cast<void *>(uintptr_t(0xdeadbeef));
137     #endif
138     
>>>     CID 1462309:  Memory - illegal accesses  (USE_AFTER_FREE)
>>>     Calling "typelib_typedescriptionreference_release" dereferences freed pointer "pType".
139         ::typelib_typedescriptionreference_release( pType );
140     }
141     
142     inline sal_Int32 idestructElements(
143         void * pElements, typelib_TypeDescriptionReference * pElementType,
144         sal_Int32 nStartIndex, sal_Int32 nStopIndex,

** CID 1462308:  Memory - illegal accesses  (USE_AFTER_FREE)
/bridges/source/jni_uno/jni_java2uno.cxx: 286 in jni_uno::Bridge::call_uno(const jni_uno::JNI_context &, _uno_Interface *, _typelib_TypeDescription *, _typelib_TypeDescriptionReference *, int, const _typelib_MethodParameter *, _jobjectArray *) const()


________________________________________________________________________________________________________
*** CID 1462308:  Memory - illegal accesses  (USE_AFTER_FREE)
/bridges/source/jni_uno/jni_java2uno.cxx: 286 in jni_uno::Bridge::call_uno(const jni_uno::JNI_context &, _uno_Interface *, _typelib_TypeDescription *, _typelib_TypeDescriptionReference *, int, const _typelib_MethodParameter *, _jobjectArray *) const()
280                     type->eTypeClass != typelib_TypeClass_ENUM) // opt
281                 {
282                     uno_type_destructData( uno_args[ nPos ], type, nullptr );
283                 }
284             }
285     
>>>     CID 1462308:  Memory - illegal accesses  (USE_AFTER_FREE)
>>>     Dereferencing freed pointer "return_type".
286             if (return_type->eTypeClass != typelib_TypeClass_VOID)
287             {
288                 // convert uno return value
289                 jvalue java_ret;
290                 try
291                 {


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50ypSs1kiFPuCn2xFdlMIFBirii0zZ9j2-2F9F2XPBcBm2BNgi9duPy3v-2FzgFDd2LJ-2BDKI-3DPtsO_OTq2XUZbbipYjyLSo6GRo-2FpVxQ9OzkDINu9UTS-2FQhSdO0F0jQniitrGlNxDIzPJiiXPZi4mOPHWPLpuiRofcUvRfRJq4-2BGfNgELYxKs2jfk9Za1i14VsFm3DmBFhqKLg1B4Cp0AZIX5o1YV6-2B-2Fc3HGbrLNcmNsvZtqkfq3hBZ8rlDFLv5u0YpvnJKMW3aJ9WJZM5PwHSKnBcU9TSZyE-2FoDqBoBhaWDfP9FdtKMDZCtk-2FLFeOuCcJi-2BGpYDM5MZUh



More information about the LibreOffice mailing list