New Defects reported by Coverity Scan for LibreOffice

scan-admin at coverity.com scan-admin at coverity.com
Thu Jul 15 18:57:22 UTC 2021 

Hi,

Please find the latest report on new defect(s) introduced to LibreOffice found with Coverity Scan.

1 new defect(s) introduced to LibreOffice found with Coverity Scan.
5 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 1487031:    (TAINTED_SCALAR)
/vcl/source/filter/svm/SvmReader.cxx: 730 in SvmReader::TextArrayHandler(ImplMetaReadData *)()
/vcl/source/filter/svm/SvmReader.cxx: 719 in SvmReader::TextArrayHandler(ImplMetaReadData *)()


________________________________________________________________________________________________________
*** CID 1487031:    (TAINTED_SCALAR)
/vcl/source/filter/svm/SvmReader.cxx: 730 in SvmReader::TextArrayHandler(ImplMetaReadData *)()
724                     for (i = 0; i < nAryLen; i++)
725                     {
726                         mrStream.ReadInt32(val);
727                         aArray[i] = val;
728                     }
729                     // #106172# setup remainder
>>>     CID 1487031:    (TAINTED_SCALAR)
>>>     Using tainted variable "nTmpLen" as a loop boundary.
730                     for (; i < nTmpLen; i++)
731                         aArray[i] = 0;
732                 }
733             }
734             else
735             {
/vcl/source/filter/svm/SvmReader.cxx: 719 in SvmReader::TextArrayHandler(ImplMetaReadData *)()
713     
714         if (nAryLen)
715         {
716             // #i9762#, #106172# Ensure that DX array is at least mnLen entries long
717             if (nTmpLen >= nAryLen)
718             {
>>>     CID 1487031:    (TAINTED_SCALAR)
>>>     Passing tainted expression "nTmpLen * 8UL" to "operator new[]", which uses it as an allocation size.
719                 aArray.reset(new (std::nothrow) tools::Long[nTmpLen]);
720                 if (aArray)
721                 {
722                     sal_Int32 i;
723                     sal_Int32 val;
724                     for (i = 0; i < nAryLen; i++)


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50ypSs1kiFPuCn2xFdlMIFBirii0zZ9j2-2F9F2XPBcBm2BNgi9duPy3v-2FzgFDd2LJ-2BDKI-3D8t0__OTq2XUZbbipYjyLSo6GRo-2FpVxQ9OzkDINu9UTS-2FQhSdO0F0jQniitrGlNxDIzPJiZLg-2FhhZU40JdDnlkz7uSerbednszgGbOaYkWH4-2BRmJvr4Puwx2qW0yhvtD-2FHhrlwIOL-2BARlL2NRJNYNbpKVur-2BuVXKlr0Wi5I-2FOxSx1xpWvZX4GaA58qc2mIqyyq-2FmiDZCK3Q5cDcov63Gd7-2BF3wJgux71lv1xifcuDVhFWXx5I-3D

More information about the LibreOffice mailing list