New Defects reported by Coverity Scan for LibreOffice
scan-admin at coverity.com
scan-admin at coverity.com
Sat Dec 4 13:59:45 UTC 2021
Hi,
Please find the latest report on new defect(s) introduced to LibreOffice found with Coverity Scan.
7 new defect(s) introduced to LibreOffice found with Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 7 of 7 defect(s)
** CID 1494598: Uninitialized members (UNINIT_CTOR)
/sw/source/filter/ww8/docxattributeoutput.cxx: 10220 in DocxAttributeOutput::DocxAttributeOutput(DocxExport &, const std::shared_ptr<sax_fastparser::FastSerializerHelper> &, oox::drawingml::DrawingML *)()
________________________________________________________________________________________________________
*** CID 1494598: Uninitialized members (UNINIT_CTOR)
/sw/source/filter/ww8/docxattributeoutput.cxx: 10220 in DocxAttributeOutput::DocxAttributeOutput(DocxExport &, const std::shared_ptr<sax_fastparser::FastSerializerHelper> &, oox::drawingml::DrawingML *)()
10214 , m_nStateOfFlyFrame( FLY_NOT_PROCESSED )
10215 {
10216 // Push initial items to the RelId cache. In case the document contains no
10217 // special streams (headers, footers, etc.) then these items are used
10218 // during the full export.
10219 PushRelIdCache();
>>> CID 1494598: Uninitialized members (UNINIT_CTOR)
>>> Non-static class member "m_pMoveRedlineData" is not initialized in this constructor nor in any functions that it calls.
10220 }
10221
10222 DocxAttributeOutput::~DocxAttributeOutput()
10223 {
10224 }
10225
** CID 1494597: (UNCAUGHT_EXCEPT)
/include/comphelper/scopeguard.hxx: 59 in comphelper::ScopeGuard<SwUndoInsSection::RedoImpl(sw::UndoRedoContext &)::[lambda() (instance 1)]>::~ScopeGuard()()
/include/comphelper/scopeguard.hxx: 59 in comphelper::ScopeGuard<sd::<unnamed>::ClassificationInserter::insert(const std::vector<svx::ClassificationResult, std::allocator<svx::ClassificationResult>> &)::[lambda() (instance 2)]>::~ScopeGuard()()
________________________________________________________________________________________________________
*** CID 1494597: (UNCAUGHT_EXCEPT)
/include/comphelper/scopeguard.hxx: 59 in comphelper::ScopeGuard<SwUndoInsSection::RedoImpl(sw::UndoRedoContext &)::[lambda() (instance 1)]>::~ScopeGuard()()
53 {
54 public:
55 /** @param func function object to be executed in dtor
56 */
57 explicit ScopeGuard( Func && func ) : m_func( std::move(func) ) {}
58
>>> CID 1494597: (UNCAUGHT_EXCEPT)
>>> An exception of type "com::sun::star::uno::RuntimeException" is thrown but the throw list "noexcept" doesn't allow it to be thrown. This will cause a call to unexpected() which usually calls terminate().
59 ~ScopeGuard()
60 {
61 if (m_bDismissed)
62 return;
63 m_func();
64 }
/include/comphelper/scopeguard.hxx: 59 in comphelper::ScopeGuard<sd::<unnamed>::ClassificationInserter::insert(const std::vector<svx::ClassificationResult, std::allocator<svx::ClassificationResult>> &)::[lambda() (instance 2)]>::~ScopeGuard()()
53 {
54 public:
55 /** @param func function object to be executed in dtor
56 */
57 explicit ScopeGuard( Func && func ) : m_func( std::move(func) ) {}
58
>>> CID 1494597: (UNCAUGHT_EXCEPT)
>>> An exception of type "com::sun::star::uno::RuntimeException" is thrown but the throw list "noexcept" doesn't allow it to be thrown. This will cause a call to unexpected() which usually calls terminate().
59 ~ScopeGuard()
60 {
61 if (m_bDismissed)
62 return;
63 m_func();
64 }
** CID 1494596: Control flow issues (NO_EFFECT)
/solenv/lockfile/dotlockfile.c: 199 in main()
________________________________________________________________________________________________________
*** CID 1494596: Control flow issues (NO_EFFECT)
/solenv/lockfile/dotlockfile.c: 199 in main()
193 int passthrough = 0;
194
195 /*
196 * Remember real and effective gid, and
197 * drop privs for now.
198 */
>>> CID 1494596: Control flow issues (NO_EFFECT)
>>> This less-than-zero comparison of an unsigned value is never true. "(gid = getgid()) < 0U".
199 if ((gid = getgid()) < 0)
200 perror_exit("getgid");
201 if ((egid = getegid()) < 0)
202 perror_exit("getegid");
203 if (gid != egid) {
204 if (setregid(-1, gid) < 0)
** CID 1494595: Error handling issues (UNCAUGHT_EXCEPT)
/include/comphelper/scopeguard.hxx: 59 in comphelper::ScopeGuard<SwUndoInsSection::RedoImpl(sw::UndoRedoContext &)::[lambda() (instance 1)]>::~ScopeGuard()()
________________________________________________________________________________________________________
*** CID 1494595: Error handling issues (UNCAUGHT_EXCEPT)
/include/comphelper/scopeguard.hxx: 59 in comphelper::ScopeGuard<SwUndoInsSection::RedoImpl(sw::UndoRedoContext &)::[lambda() (instance 1)]>::~ScopeGuard()()
53 {
54 public:
55 /** @param func function object to be executed in dtor
56 */
57 explicit ScopeGuard( Func && func ) : m_func( std::move(func) ) {}
58
>>> CID 1494595: Error handling issues (UNCAUGHT_EXCEPT)
>>> An exception of type "boost::wrapexcept<boost::bad_rational>" is thrown but the throw list "noexcept" doesn't allow it to be thrown. This will cause a call to unexpected() which usually calls terminate().
59 ~ScopeGuard()
60 {
61 if (m_bDismissed)
62 return;
63 m_func();
64 }
** CID 1494594: (TOCTOU)
/solenv/lockfile/lockfile.c: 324 in lockfile_create_save_tmplock()
/solenv/lockfile/lockfile.c: 324 in lockfile_create_save_tmplock()
/solenv/lockfile/lockfile.c: 329 in lockfile_create_save_tmplock()
/solenv/lockfile/lockfile.c: 324 in lockfile_create_save_tmplock()
/solenv/lockfile/lockfile.c: 324 in lockfile_create_save_tmplock()
/solenv/lockfile/lockfile.c: 324 in lockfile_create_save_tmplock()
________________________________________________________________________________________________________
*** CID 1494594: (TOCTOU)
/solenv/lockfile/lockfile.c: 324 in lockfile_create_save_tmplock()
318 * link() over NFS can't be trusted.
319 * EXTRA FIX: the value of the nlink field
320 * can't be trusted (may be cached).
321 */
322 (void)!link(tmplock, lockfile);
323
>>> CID 1494594: (TOCTOU)
>>> Calling function "lstat" to perform check on "tmplock".
324 if (lstat(tmplock, &st1) < 0) {
325 tmplock[0] = 0;
326 return L_ERROR; /* Can't happen */
327 }
328
329 if (lstat(lockfile, &st) < 0) {
/solenv/lockfile/lockfile.c: 324 in lockfile_create_save_tmplock()
318 * link() over NFS can't be trusted.
319 * EXTRA FIX: the value of the nlink field
320 * can't be trusted (may be cached).
321 */
322 (void)!link(tmplock, lockfile);
323
>>> CID 1494594: (TOCTOU)
>>> Calling function "lstat" to perform check on "tmplock".
324 if (lstat(tmplock, &st1) < 0) {
325 tmplock[0] = 0;
326 return L_ERROR; /* Can't happen */
327 }
328
329 if (lstat(lockfile, &st) < 0) {
/solenv/lockfile/lockfile.c: 329 in lockfile_create_save_tmplock()
323
324 if (lstat(tmplock, &st1) < 0) {
325 tmplock[0] = 0;
326 return L_ERROR; /* Can't happen */
327 }
328
>>> CID 1494594: (TOCTOU)
>>> Calling function "lstat" to perform check on "lockfile".
329 if (lstat(lockfile, &st) < 0) {
330 if (statfailed++ > 5) {
331 /*
332 * Normally, this can't happen; either
333 * another process holds the lockfile or
334 * we do. So if this error pops up
/solenv/lockfile/lockfile.c: 324 in lockfile_create_save_tmplock()
318 * link() over NFS can't be trusted.
319 * EXTRA FIX: the value of the nlink field
320 * can't be trusted (may be cached).
321 */
322 (void)!link(tmplock, lockfile);
323
>>> CID 1494594: (TOCTOU)
>>> Calling function "lstat" to perform check on "tmplock".
324 if (lstat(tmplock, &st1) < 0) {
325 tmplock[0] = 0;
326 return L_ERROR; /* Can't happen */
327 }
328
329 if (lstat(lockfile, &st) < 0) {
/solenv/lockfile/lockfile.c: 324 in lockfile_create_save_tmplock()
318 * link() over NFS can't be trusted.
319 * EXTRA FIX: the value of the nlink field
320 * can't be trusted (may be cached).
321 */
322 (void)!link(tmplock, lockfile);
323
>>> CID 1494594: (TOCTOU)
>>> Calling function "lstat" to perform check on "tmplock".
324 if (lstat(tmplock, &st1) < 0) {
325 tmplock[0] = 0;
326 return L_ERROR; /* Can't happen */
327 }
328
329 if (lstat(lockfile, &st) < 0) {
/solenv/lockfile/lockfile.c: 324 in lockfile_create_save_tmplock()
318 * link() over NFS can't be trusted.
319 * EXTRA FIX: the value of the nlink field
320 * can't be trusted (may be cached).
321 */
322 (void)!link(tmplock, lockfile);
323
>>> CID 1494594: (TOCTOU)
>>> Calling function "lstat" to perform check on "tmplock".
324 if (lstat(tmplock, &st1) < 0) {
325 tmplock[0] = 0;
326 return L_ERROR; /* Can't happen */
327 }
328
329 if (lstat(lockfile, &st) < 0) {
** CID 1494593: Memory - corruptions (OVERRUN)
/solenv/lockfile/lockfile.c: 481 in lockfile_check()
________________________________________________________________________________________________________
*** CID 1494593: Memory - corruptions (OVERRUN)
/solenv/lockfile/lockfile.c: 481 in lockfile_check()
475 (len = read(fd, buf, sizeof(buf))) >= 0 &&
476 fstat(fd, &st2) == 0 &&
477 st.st_atime != st2.st_atime)
478 now = st.st_atime;
479 close(fd);
480 if (len > 0 && (flags & (L_PID|L_PPID))) {
>>> CID 1494593: Memory - corruptions (OVERRUN)
>>> Overrunning array "buf" of 16 bytes at byte offset 16 using index "len" (which evaluates to 16).
481 buf[len] = 0;
482 pid = atoi(buf);
483 }
484 }
485
486 if (pid > 0) {
** CID 1494592: Security best practices violations (TOCTOU)
/solenv/lockfile/lockfile.c: 459 in lockfile_check()
________________________________________________________________________________________________________
*** CID 1494592: Security best practices violations (TOCTOU)
/solenv/lockfile/lockfile.c: 459 in lockfile_check()
453 struct stat st, st2;
454 char buf[16];
455 time_t now;
456 pid_t pid;
457 int fd, len, r;
458
>>> CID 1494592: Security best practices violations (TOCTOU)
>>> Calling function "stat" to perform check on "lockfile".
459 if (stat(lockfile, &st) < 0)
460 return -1;
461
462 /*
463 * Get the contents and mtime of the lockfile.
464 */
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50ypSs1kiFPuCn2xFdlMIFBirii0zZ9j2-2F9F2XPBcBm2BNgi9duPy3v-2FzgFDd2LJ-2BDKI-3D7Jxk_OTq2XUZbbipYjyLSo6GRo-2FpVxQ9OzkDINu9UTS-2FQhSdO0F0jQniitrGlNxDIzPJikoIiBrCGUdAHsIGK0gVrEm82Cs-2F9VsYMiQEJZdy9lXepaX-2BbPlTR-2FqDmuFBpscKDpeXfst-2BWoVZYPeSnz23hgYPoLLebzfg0Lo-2BkS1Cvw1SKF0-2Fhg5IFtSKk5moSis805m93UlZpsznR7ETO-2BlOSsMI5m2-2BgAQrXIvZW3nqOf-2BI-3D
More information about the LibreOffice
mailing list