New Defects reported by Coverity Scan for LibreOffice
scan-admin at coverity.com
scan-admin at coverity.com
Sat Dec 12 09:27:28 UTC 2020
Hi,
Please find the latest report on new defect(s) introduced to LibreOffice found with Coverity Scan.
2 new defect(s) introduced to LibreOffice found with Coverity Scan.
4 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)
** CID 1470591: Null pointer dereferences (REVERSE_INULL)
/sc/source/filter/xcl97/xcl97rec.cxx: 1106 in XclObjAny::WriteFromTo(XclExpXmlStream &, const com::sun::star::uno::Reference<com::sun::star::drawing::XShape> &, short)()
________________________________________________________________________________________________________
*** CID 1470591: Null pointer dereferences (REVERSE_INULL)
/sc/source/filter/xcl97/xcl97rec.cxx: 1106 in XclObjAny::WriteFromTo(XclExpXmlStream &, const com::sun::star::uno::Reference<com::sun::star::drawing::XShape> &, short)()
1100 awt::Point aTopLeft = rShape->getPosition();
1101 awt::Size aSize = rShape->getSize();
1102
1103 // size is correct, but aTopLeft needs correction for rotated shapes
1104 SdrObject* pObj = SdrObject::getSdrObjectFromXShape(rShape.get());
1105 sal_Int32 nRotation = pObj->GetRotateAngle();
>>> CID 1470591: Null pointer dereferences (REVERSE_INULL)
>>> Null-checking "pObj" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
1106 if ( pObj && nRotation != 0 && pObj->GetObjIdentifier() == OBJ_CUSTOMSHAPE )
1107 {
1108 const tools::Rectangle& aSnapRect(pObj->GetSnapRect()); // bounding box of the rotated shape
1109 aTopLeft.X = aSnapRect.getX() + (aSnapRect.GetWidth() / 2) - (aSize.Width / 2);
1110 aTopLeft.Y = aSnapRect.getY() + (aSnapRect.GetHeight() / 2) - (aSize.Height / 2);
1111 }
** CID 1470590: Memory - corruptions (OVERRUN)
________________________________________________________________________________________________________
*** CID 1470590: Memory - corruptions (OVERRUN)
/comphelper/source/misc/storagehelper.cxx: 436 in comphelper::OStorageHelper::CreatePackageEncryptionData(std::basic_string_view<char16_t, std::char_traits<char16_t>>)()
430 if ( nError != rtl_Digest_E_None )
431 {
432 aEncryptionData.realloc( nSha1Ind );
433 break;
434 }
435
>>> CID 1470590: Memory - corruptions (OVERRUN)
>>> Overrunning array "pBuffer" of 20 bytes by passing it to a function which accesses it at byte offset 159 using argument "20".
436 aEncryptionData[nSha1Ind+nInd].Value <<= uno::Sequence< sal_Int8 >( reinterpret_cast<sal_Int8*>(pBuffer), RTL_DIGEST_LENGTH_SHA1 );
437 }
438
439 // actual SHA1
440 aEncryptionData[nSha1Ind + 2].Name = PACKAGE_ENCRYPTIONDATA_SHA1CORRECT;
441 OString aByteStrPass = OUStringToOString(aPassword, RTL_TEXTENCODING_UTF8);
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50ypSs1kiFPuCn2xFdlMIFBirii0zZ9j2-2F9F2XPBcBm2BNgi9duPy3v-2FzgFDd2LJ-2BDKI-3D3Fdw_OTq2XUZbbipYjyLSo6GRo-2FpVxQ9OzkDINu9UTS-2FQhSdO0F0jQniitrGlNxDIzPJi4Hml82RPhD614tpZwPe6uTjWmrhpUB9PgbQjAFoqHUX47TnYaD0Q17l-2BtWdnv4HsPIeGYUVj3Oq0r0t711qIX9ZOpOSOAIx6G5nV6s2ODdsVTwoec340-2BsUA0BFp5nk-2BJrXE5Jel7S2Q1jQzFEjAfDeXhnPGp7lVAb0eFiDE53atHAxfvdEKq0vZ11iau-2BCG
More information about the LibreOffice
mailing list