New Defects reported by Coverity Scan for LibreOffice
scan-admin at coverity.com
scan-admin at coverity.com
Sat Dec 18 07:22:01 UTC 2021
Hi,
Please find the latest report on new defect(s) introduced to LibreOffice found with Coverity Scan.
5 new defect(s) introduced to LibreOffice found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 5 of 5 defect(s)
** CID 1495785: Error handling issues (CHECKED_RETURN)
/sw/source/core/doc/DocumentRedlineManager.cxx: 459 in <unnamed>::lcl_DeleteTrackedTableRow(const SwPosition *)()
________________________________________________________________________________________________________
*** CID 1495785: Error handling issues (CHECKED_RETURN)
/sw/source/core/doc/DocumentRedlineManager.cxx: 459 in <unnamed>::lcl_DeleteTrackedTableRow(const SwPosition *)()
453 pPos->GetDoc().DeleteRow( aCursor );
454 }
455 else
456 {
457 // update property "HasTextChangesOnly"
458 SwRedlineTable::size_type nPos = 0;
>>> CID 1495785: Error handling issues (CHECKED_RETURN)
>>> Calling "UpdateTextChangesOnly" without checking return value (as is done elsewhere 5 out of 6 times).
459 pLine->UpdateTextChangesOnly(nPos);
460 }
461 }
462 }
463
464 // at rejection of a deletion in a table, remove the tracking of the table row
** CID 1495784: Low impact quality (MISSING_MOVE_ASSIGNMENT)
/include/cppu/unotype.hxx: 44 in ()
________________________________________________________________________________________________________
*** CID 1495784: Low impact quality (MISSING_MOVE_ASSIGNMENT)
/include/cppu/unotype.hxx: 44 in ()
38
39 namespace com { namespace sun { namespace star { namespace uno {
40 class Type;
41 class Any;
42 class Exception;
43 template< typename > class Reference;
>>> CID 1495784: Low impact quality (MISSING_MOVE_ASSIGNMENT)
>>> Class "com::sun::star::uno::Sequence<com::sun::star::uno::Reference<com::sun::star::frame::XDispatch> >" may benefit from adding a move assignment operator. See other events which show the copy assignment operator being applied to rvalues, where a move assignment may be faster.
44 template< typename > class Sequence;
45 class XInterface;
46 } } } }
47 namespace rtl { class OUString; }
48
49 namespace cppu {
** CID 1494594: (TOCTOU)
/solenv/lockfile/lockfile.c: 320 in lockfile_create_save_tmplock()
/solenv/lockfile/lockfile.c: 320 in lockfile_create_save_tmplock()
/solenv/lockfile/lockfile.c: 325 in lockfile_create_save_tmplock()
/solenv/lockfile/lockfile.c: 320 in lockfile_create_save_tmplock()
/solenv/lockfile/lockfile.c: 320 in lockfile_create_save_tmplock()
/solenv/lockfile/lockfile.c: 320 in lockfile_create_save_tmplock()
________________________________________________________________________________________________________
*** CID 1494594: (TOCTOU)
/solenv/lockfile/lockfile.c: 320 in lockfile_create_save_tmplock()
314 * link() over NFS can't be trusted.
315 * EXTRA FIX: the value of the nlink field
316 * can't be trusted (may be cached).
317 */
318 (void)!link(tmplock, lockfile);
319
>>> CID 1494594: (TOCTOU)
>>> Calling function "lstat" to perform check on "tmplock".
320 if (lstat(tmplock, &st1) < 0) {
321 tmplock[0] = 0;
322 return L_ERROR; /* Can't happen */
323 }
324
325 if (lstat(lockfile, &st) < 0) {
/solenv/lockfile/lockfile.c: 320 in lockfile_create_save_tmplock()
314 * link() over NFS can't be trusted.
315 * EXTRA FIX: the value of the nlink field
316 * can't be trusted (may be cached).
317 */
318 (void)!link(tmplock, lockfile);
319
>>> CID 1494594: (TOCTOU)
>>> Calling function "lstat" to perform check on "tmplock".
320 if (lstat(tmplock, &st1) < 0) {
321 tmplock[0] = 0;
322 return L_ERROR; /* Can't happen */
323 }
324
325 if (lstat(lockfile, &st) < 0) {
/solenv/lockfile/lockfile.c: 325 in lockfile_create_save_tmplock()
319
320 if (lstat(tmplock, &st1) < 0) {
321 tmplock[0] = 0;
322 return L_ERROR; /* Can't happen */
323 }
324
>>> CID 1494594: (TOCTOU)
>>> Calling function "lstat" to perform check on "lockfile".
325 if (lstat(lockfile, &st) < 0) {
326 if (statfailed++ > 5) {
327 /*
328 * Normally, this can't happen; either
329 * another process holds the lockfile or
330 * we do. So if this error pops up
/solenv/lockfile/lockfile.c: 320 in lockfile_create_save_tmplock()
314 * link() over NFS can't be trusted.
315 * EXTRA FIX: the value of the nlink field
316 * can't be trusted (may be cached).
317 */
318 (void)!link(tmplock, lockfile);
319
>>> CID 1494594: (TOCTOU)
>>> Calling function "lstat" to perform check on "tmplock".
320 if (lstat(tmplock, &st1) < 0) {
321 tmplock[0] = 0;
322 return L_ERROR; /* Can't happen */
323 }
324
325 if (lstat(lockfile, &st) < 0) {
/solenv/lockfile/lockfile.c: 320 in lockfile_create_save_tmplock()
314 * link() over NFS can't be trusted.
315 * EXTRA FIX: the value of the nlink field
316 * can't be trusted (may be cached).
317 */
318 (void)!link(tmplock, lockfile);
319
>>> CID 1494594: (TOCTOU)
>>> Calling function "lstat" to perform check on "tmplock".
320 if (lstat(tmplock, &st1) < 0) {
321 tmplock[0] = 0;
322 return L_ERROR; /* Can't happen */
323 }
324
325 if (lstat(lockfile, &st) < 0) {
/solenv/lockfile/lockfile.c: 320 in lockfile_create_save_tmplock()
314 * link() over NFS can't be trusted.
315 * EXTRA FIX: the value of the nlink field
316 * can't be trusted (may be cached).
317 */
318 (void)!link(tmplock, lockfile);
319
>>> CID 1494594: (TOCTOU)
>>> Calling function "lstat" to perform check on "tmplock".
320 if (lstat(tmplock, &st1) < 0) {
321 tmplock[0] = 0;
322 return L_ERROR; /* Can't happen */
323 }
324
325 if (lstat(lockfile, &st) < 0) {
** CID 1494593: Memory - corruptions (OVERRUN)
/solenv/lockfile/lockfile.c: 478 in lockfile_check()
________________________________________________________________________________________________________
*** CID 1494593: Memory - corruptions (OVERRUN)
/solenv/lockfile/lockfile.c: 478 in lockfile_check()
472 (len = read(fd, buf, sizeof(buf))) >= 0 &&
473 fstat(fd, &st2) == 0 &&
474 st.st_atime != st2.st_atime)
475 now = st.st_atime;
476 close(fd);
477 if (len > 0 && (flags & (L_PID|L_PPID))) {
>>> CID 1494593: Memory - corruptions (OVERRUN)
>>> Overrunning array "buf" of 16 bytes at byte offset 16 using index "len" (which evaluates to 16).
478 buf[len] = 0;
479 pid = atoi(buf);
480 }
481 }
482
483 if (pid > 0) {
** CID 1494592: Security best practices violations (TOCTOU)
/solenv/lockfile/lockfile.c: 456 in lockfile_check()
________________________________________________________________________________________________________
*** CID 1494592: Security best practices violations (TOCTOU)
/solenv/lockfile/lockfile.c: 456 in lockfile_check()
450 struct stat st, st2;
451 char buf[16];
452 time_t now;
453 pid_t pid;
454 int fd, len, r;
455
>>> CID 1494592: Security best practices violations (TOCTOU)
>>> Calling function "stat" to perform check on "lockfile".
456 if (stat(lockfile, &st) < 0)
457 return -1;
458
459 /*
460 * Get the contents and mtime of the lockfile.
461 */
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50ypSs1kiFPuCn2xFdlMIFBirii0zZ9j2-2F9F2XPBcBm2BNgi9duPy3v-2FzgFDd2LJ-2BDKI-3DeDJh_OTq2XUZbbipYjyLSo6GRo-2FpVxQ9OzkDINu9UTS-2FQhSdO0F0jQniitrGlNxDIzPJie3cfC7pTBaNmzuryYA3nP-2BmLwswIw4rJayOrqC9nfj-2BVL51zcu9sQnm2pzAVZMak3dsjU43DF5k7VAZ2f-2Fa1APw5ta29R4NRbimHrWvYIICtEZSZnGBawVaWsRHenCVppE76c9Az6Vz7fr8VoQJvznedoeBf8eQOT4lGH9OS4Pw-3D
More information about the LibreOffice
mailing list