New Defects reported by Coverity Scan for LibreOffice

scan-admin at coverity.com scan-admin at coverity.com
Thu Dec 9 11:29:21 UTC 2021 

Hi,

Please find the latest report on new defect(s) introduced to LibreOffice found with Coverity Scan.

2 new defect(s) introduced to LibreOffice found with Coverity Scan.
7 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)


** CID 1494650:  Insecure data handling  (TAINTED_SCALAR)


________________________________________________________________________________________________________
*** CID 1494650:  Insecure data handling  (TAINTED_SCALAR)
/sc/source/filter/lotus/op.cxx: 425 in OP_Formula123(LotusContext &, SvStream &, unsigned short)()
419     
420         if (rContext.rDoc.ValidAddress(aAddress) && nTab <= rContext.rDoc.GetMaxTableNumber())
421         {
422             ScFormulaCell* pCell = new ScFormulaCell(rContext.rDoc, aAddress, std::move(pResult));
423             pCell->AddRecalcMode( ScRecalcMode::ONLOAD_ONCE );
424             rContext.rDoc.EnsureTable(nTab);
>>>     CID 1494650:  Insecure data handling  (TAINTED_SCALAR)
>>>     Passing tainted expression "aAddress.nRow" to "SetFormulaCell", which uses it as an offset.
425             rContext.rDoc.SetFormulaCell(aAddress, pCell);
426         }
427     }
428     
429     void OP_IEEENumber123(LotusContext& rContext, SvStream& r, sal_uInt16 /*n*/)
430     {

** CID 1485150:    (UNCAUGHT_EXCEPT)
/usr/include/c++/9/optional: 254 in std::_Optional_payload_base<sd::ClientView>::_M_destroy()()
/usr/include/c++/9/optional: 254 in std::_Optional_payload_base<SwContentNotify>::_M_destroy()()
/usr/include/c++/9/optional: 254 in std::_Optional_payload_base<sd::View>::_M_destroy()()


________________________________________________________________________________________________________
*** CID 1485150:    (UNCAUGHT_EXCEPT)
/usr/include/c++/9/optional: 254 in std::_Optional_payload_base<sd::ClientView>::_M_destroy()()
248               ::new ((void *) std::__addressof(this->_M_payload))
249                 _Stored_type(std::forward<_Args>(__args)...);
250               this->_M_engaged = true;
251             }
252     
253           constexpr void
>>>     CID 1485150:    (UNCAUGHT_EXCEPT)
>>>     An exception of type "com::sun::star::uno::RuntimeException" is thrown but the throw list "noexcept" doesn't allow it to be thrown. This will cause a call to unexpected() which usually calls terminate().
254           _M_destroy() noexcept
255           {
256     	_M_engaged = false;
257     	_M_payload._M_value.~_Stored_type();
258           }
259     
/usr/include/c++/9/optional: 254 in std::_Optional_payload_base<SwContentNotify>::_M_destroy()()
248               ::new ((void *) std::__addressof(this->_M_payload))
249                 _Stored_type(std::forward<_Args>(__args)...);
250               this->_M_engaged = true;
251             }
252     
253           constexpr void
>>>     CID 1485150:    (UNCAUGHT_EXCEPT)
>>>     An exception of type "com::sun::star::uno::RuntimeException" is thrown but the throw list "noexcept" doesn't allow it to be thrown. This will cause a call to unexpected() which usually calls terminate().
254           _M_destroy() noexcept
255           {
256     	_M_engaged = false;
257     	_M_payload._M_value.~_Stored_type();
258           }
259     
/usr/include/c++/9/optional: 254 in std::_Optional_payload_base<sd::View>::_M_destroy()()
248               ::new ((void *) std::__addressof(this->_M_payload))
249                 _Stored_type(std::forward<_Args>(__args)...);
250               this->_M_engaged = true;
251             }
252     
253           constexpr void
>>>     CID 1485150:    (UNCAUGHT_EXCEPT)
>>>     An exception of type "com::sun::star::uno::RuntimeException" is thrown but the throw list "noexcept" doesn't allow it to be thrown. This will cause a call to unexpected() which usually calls terminate().
254           _M_destroy() noexcept
255           {
256     	_M_engaged = false;
257     	_M_payload._M_value.~_Stored_type();
258           }
259     


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50ypSs1kiFPuCn2xFdlMIFBirii0zZ9j2-2F9F2XPBcBm2BNgi9duPy3v-2FzgFDd2LJ-2BDKI-3Dp7_p_OTq2XUZbbipYjyLSo6GRo-2FpVxQ9OzkDINu9UTS-2FQhSdO0F0jQniitrGlNxDIzPJiJSoGrcCjebVW1WIhH27qKBlXotPr-2FU5jAGduSSzFLtw0U74hq-2BcU4RnVZmQLMtehWHhJicQDBF-2FqBU9OWWblA14BEcKkxuvPAclTuv9q3oW4FDKBrftPOgkCW4HS99G9dbcJH94NAPhw86G5yWmHxi9V2LqGq-2FGklD4POTUsehM-3D

More information about the LibreOffice mailing list