New Defects reported by Coverity Scan for LibreOffice

scan-admin at coverity.com scan-admin at coverity.com
Sat Jul 10 08:53:27 UTC 2021 

Hi,

Please find the latest report on new defect(s) introduced to LibreOffice found with Coverity Scan.

6 new defect(s) introduced to LibreOffice found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 6 of 6 defect(s)


** CID 1487035:  Uninitialized members  (UNINIT_CTOR)
/oox/source/ole/oleobjecthelper.cxx: 52 in oox::ole::OleObjectInfo::OleObjectInfo()()


________________________________________________________________________________________________________
*** CID 1487035:  Uninitialized members  (UNINIT_CTOR)
/oox/source/ole/oleobjecthelper.cxx: 52 in oox::ole::OleObjectInfo::OleObjectInfo()()
46     
47     OleObjectInfo::OleObjectInfo() :
48         mbLinked( false ),
49         mbShowAsIcon( false ),
50         mbAutoUpdate( false )
51     {
>>>     CID 1487035:  Uninitialized members  (UNINIT_CTOR)
>>>     Non-static class member "mbHasPicture" is not initialized in this constructor nor in any functions that it calls.
52     }
53     
54     const char g_aEmbeddedObjScheme[] = "vnd.sun.star.EmbeddedObject:";
55     
56     OleObjectHelper::OleObjectHelper(
57             const Reference< XMultiServiceFactory >& rxModelFactory,

** CID 1487034:    (TAINTED_SCALAR)


________________________________________________________________________________________________________
*** CID 1487034:    (TAINTED_SCALAR)
/vcl/source/filter/svm/SvmReader.cxx: 119 in SvmReader::Read(GDIMetaFile &, ImplMetaReadData *)()
113                     {
114                         if (pAction->GetType() == MetaActionType::COMMENT)
115                         {
116                             MetaCommentAction* pCommentAct
117                                 = static_cast<MetaCommentAction*>(pAction.get());
118     
>>>     CID 1487034:    (TAINTED_SCALAR)
>>>     Passing tainted expression "*pCommentAct->GetComment().pData" to "operator ==", which uses it as a loop boundary.
119                             if (pCommentAct->GetComment() == "EMF_PLUS")
120                                 rMetaFile.UseCanvas(true);
121                         }
122                         rMetaFile.AddAction(pAction);
123                     }
124                 }
/vcl/source/filter/svm/SvmReader.cxx: 119 in SvmReader::Read(GDIMetaFile &, ImplMetaReadData *)()
113                     {
114                         if (pAction->GetType() == MetaActionType::COMMENT)
115                         {
116                             MetaCommentAction* pCommentAct
117                                 = static_cast<MetaCommentAction*>(pAction.get());
118     
>>>     CID 1487034:    (TAINTED_SCALAR)
>>>     Passing tainted expression "*pCommentAct->GetComment().pData" to "operator ==", which uses it as an offset.
119                             if (pCommentAct->GetComment() == "EMF_PLUS")
120                                 rMetaFile.UseCanvas(true);
121                         }
122                         rMetaFile.AddAction(pAction);
123                     }
124                 }

** CID 1487033:    (FB.UWF_UNWRITTEN_FIELD)
/nlpsolver/ThirdParty/EvolutionarySolver/src/net/adaptivebox/deps/DEPSAgent.java: 76 in ()
/nlpsolver/ThirdParty/EvolutionarySolver/src/net/adaptivebox/deps/DEPSAgent.java: 75 in ()


________________________________________________________________________________________________________
*** CID 1487033:    (FB.UWF_UNWRITTEN_FIELD)
/nlpsolver/ThirdParty/EvolutionarySolver/src/net/adaptivebox/deps/DEPSAgent.java: 76 in ()
70       private DEGTBehavior deGTBehavior;
71       private PSGTBehavior psGTBehavior;
72       public double switchP = 0.5;
73     
74       public void setLibrary(Library lib) {
75         deGTBehavior.setLibrary(lib);
>>>     CID 1487033:    (FB.UWF_UNWRITTEN_FIELD)
>>>     Unwritten field: net.adaptivebox.deps.DEPSAgent.psGTBehavior.
76         psGTBehavior.setLibrary(lib);
77       }
78     
79       public void setProblemEncoder(ProblemEncoder encoder) {
80         problemEncoder = encoder;
81         trailPoint = problemEncoder.getFreshSearchPoint();
/nlpsolver/ThirdParty/EvolutionarySolver/src/net/adaptivebox/deps/DEPSAgent.java: 75 in ()
69       // Generate-and-test behaviors.
70       private DEGTBehavior deGTBehavior;
71       private PSGTBehavior psGTBehavior;
72       public double switchP = 0.5;
73     
74       public void setLibrary(Library lib) {
>>>     CID 1487033:    (FB.UWF_UNWRITTEN_FIELD)
>>>     Unwritten field: net.adaptivebox.deps.DEPSAgent.deGTBehavior.
75         deGTBehavior.setLibrary(lib);
76         psGTBehavior.setLibrary(lib);
77       }
78     
79       public void setProblemEncoder(ProblemEncoder encoder) {
80         problemEncoder = encoder;

** CID 1487032:    (FB.NP_UNWRITTEN_FIELD)
/nlpsolver/ThirdParty/EvolutionarySolver/src/net/adaptivebox/deps/DEPSAgent.java: 76 in net.adaptivebox.deps.DEPSAgent.setLibrary(net.adaptivebox.knowledge.Library)()
/nlpsolver/ThirdParty/EvolutionarySolver/src/net/adaptivebox/deps/DEPSAgent.java: 75 in net.adaptivebox.deps.DEPSAgent.setLibrary(net.adaptivebox.knowledge.Library)()


________________________________________________________________________________________________________
*** CID 1487032:    (FB.NP_UNWRITTEN_FIELD)
/nlpsolver/ThirdParty/EvolutionarySolver/src/net/adaptivebox/deps/DEPSAgent.java: 76 in net.adaptivebox.deps.DEPSAgent.setLibrary(net.adaptivebox.knowledge.Library)()
70       private DEGTBehavior deGTBehavior;
71       private PSGTBehavior psGTBehavior;
72       public double switchP = 0.5;
73     
74       public void setLibrary(Library lib) {
75         deGTBehavior.setLibrary(lib);
>>>     CID 1487032:    (FB.NP_UNWRITTEN_FIELD)
>>>     Read of unwritten field psGTBehavior.
76         psGTBehavior.setLibrary(lib);
77       }
78     
79       public void setProblemEncoder(ProblemEncoder encoder) {
80         problemEncoder = encoder;
81         trailPoint = problemEncoder.getFreshSearchPoint();
/nlpsolver/ThirdParty/EvolutionarySolver/src/net/adaptivebox/deps/DEPSAgent.java: 75 in net.adaptivebox.deps.DEPSAgent.setLibrary(net.adaptivebox.knowledge.Library)()
69       // Generate-and-test behaviors.
70       private DEGTBehavior deGTBehavior;
71       private PSGTBehavior psGTBehavior;
72       public double switchP = 0.5;
73     
74       public void setLibrary(Library lib) {
>>>     CID 1487032:    (FB.NP_UNWRITTEN_FIELD)
>>>     Read of unwritten field deGTBehavior.
75         deGTBehavior.setLibrary(lib);
76         psGTBehavior.setLibrary(lib);
77       }
78     
79       public void setProblemEncoder(ProblemEncoder encoder) {
80         problemEncoder = encoder;

** CID 1487031:  Insecure data handling  (TAINTED_SCALAR)


________________________________________________________________________________________________________
*** CID 1487031:  Insecure data handling  (TAINTED_SCALAR)
/vcl/source/filter/svm/SvmReader.cxx: 745 in SvmReader::TextArrayHandler(ImplMetaReadData *)()
739             {
740                 pAction->SetIndex(0);
741                 aArray.reset();
742             }
743         }
744     
>>>     CID 1487031:  Insecure data handling  (TAINTED_SCALAR)
>>>     Passing tainted expression "pAction->mnLen" to "SetDXArray", which uses it as an allocation size.
745         pAction->SetDXArray(aArray.get());
746         return pAction;
747     }
748     
749     rtl::Reference<MetaAction> SvmReader::StretchTextHandler(ImplMetaReadData* pData)
750     {

** CID 1487030:  Null pointer dereferences  (FORWARD_NULL)


________________________________________________________________________________________________________
*** CID 1487030:  Null pointer dereferences  (FORWARD_NULL)
/oox/source/shape/WpsContext.cxx: 40 in oox::shape::WpsContext::WpsContext(const oox::core::ContextHandler2Helper &, com::sun::star::uno::Reference<com::sun::star::drawing::XShape>, const std::shared_ptr<oox::drawingml::Shape> &, const std::shared_ptr<oox::drawingml::Shape> &)()
34     WpsContext::WpsContext(ContextHandler2Helper const& rParent, uno::Reference<drawing::XShape> xShape,
35                            const drawingml::ShapePtr& pMasterShapePtr,
36                            const drawingml::ShapePtr& pShapePtr)
37         : ShapeContext(rParent, pMasterShapePtr, pShapePtr)
38         , mxShape(std::move(xShape))
39     {
>>>     CID 1487030:  Null pointer dereferences  (FORWARD_NULL)
>>>     Passing null pointer "this->mpShapePtr" to "setWps", which dereferences it.
40         mpShapePtr->setWps(true);
41     }
42     
43     WpsContext::~WpsContext() = default;
44     
45     oox::core::ContextHandlerRef WpsContext::onCreateContext(sal_Int32 nElementToken,


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50ypSs1kiFPuCn2xFdlMIFBirii0zZ9j2-2F9F2XPBcBm2BNgi9duPy3v-2FzgFDd2LJ-2BDKI-3DkOcc_OTq2XUZbbipYjyLSo6GRo-2FpVxQ9OzkDINu9UTS-2FQhSdO0F0jQniitrGlNxDIzPJiGtuAb-2BR7mqMhKgI9yxano-2FEvS1V3hO8HvqwdnG98ftK-2BdHHQe6rM0mepiXqaqJfjZvf4CVq-2FWdXHvPE-2B695hKrZoML4-2B-2BEzWyPV8sEl7biCehptWXrHKtClAkE2w-2FymRdKSHCiVdxUybXPzhRn-2Fsjh68EmQd4bxzQ5rcicfUiHc-3D

More information about the LibreOffice mailing list