New Defects reported by Coverity Scan for LibreOffice
scan-admin at coverity.com
scan-admin at coverity.com
Mon Aug 15 22:46:33 UTC 2022
Hi,
Please find the latest report on new defect(s) introduced to LibreOffice found with Coverity Scan.
236 new defect(s) introduced to LibreOffice found with Coverity Scan.
31 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 20 of 236 defect(s)
** CID 1509313: Null pointer dereferences (FORWARD_NULL)
________________________________________________________________________________________________________
*** CID 1509313: Null pointer dereferences (FORWARD_NULL)
/sc/source/ui/view/hdrcont.cxx: 726 in ScHeaderControl::MouseButtonDown(const MouseEvent &)()
720 if( !pTabView )
721 return;
722 SCTAB nTab = pTabView->GetViewData().GetTabNo();
723 if( !rMEvt.IsShift() )
724 pTabView->DoneRefMode( rMEvt.IsMod1() );
725 ScTabViewShell* pViewSh = dynamic_cast<ScTabViewShell*>(SfxViewShell::Current());
>>> CID 1509313: Null pointer dereferences (FORWARD_NULL)
>>> Passing null pointer "pViewSh->GetViewData()" to "GetDocument", which dereferences it.
726 ScDocument& rDoc = pViewSh->GetViewData().GetDocument();
727 if( !bVertical )
728 {
729 pTabView->InitRefMode( nHitNo, 0, nTab, SC_REFTYPE_REF );
730 pTabView->UpdateRef( nHitNo, rDoc.MaxRow(), nTab );
731 }
** CID 1509312: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
/sc/source/core/data/queryiter.cxx: 1447 in ScCountIfCellIterator<(ScQueryCellIteratorAccess)1>::GetCount()()
________________________________________________________________________________________________________
*** CID 1509312: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
/sc/source/core/data/queryiter.cxx: 1447 in ScCountIfCellIterator<(ScQueryCellIteratorAccess)1>::GetCount()()
1441 count += sortedCache->indexForRow(nRow) + 1;
1442 }
1443 }
1444 if( maParam.GetEntry(0).GetQueryItem().mbMatchEmpty
1445 && maParam.nCol2 >= rDoc.GetAllocatedColumnsCount( nTab ))
1446 {
>>> CID 1509312: Integer handling issues (OVERFLOW_BEFORE_WIDEN)
>>> Potentially overflowing expression "(this->maParam.nCol2 - this->rDoc->GetAllocatedColumnsCount(this->nTab)) * (this->maParam.nRow2 - this->maParam.nRow1 + 1)" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "sal_uInt64" (64 bits, unsigned).
1447 count += (maParam.nCol2 - rDoc.GetAllocatedColumnsCount( nTab ))
1448 * ( maParam.nRow2 - maParam.nRow1 + 1 );
1449 }
1450 return count;
1451 }
1452
** CID 1509311: Uninitialized variables (UNINIT)
________________________________________________________________________________________________________
*** CID 1509311: Uninitialized variables (UNINIT)
/sw/source/core/doc/CntntIdxStore.cxx: 393 in <unnamed>::ContentIdxStoreImpl::RestoreFlys(SwDoc &, const std::function<void (SwPosition &, int)> &, bool, bool)()
387 if ( RndStdIds::FLY_AT_CHAR != rFlyAnchor.GetAnchorId() )
388 {
389 aNewPos.nContent.Assign( nullptr, 0 );
390 }
391 aNew.SetAnchor( &aNewPos );
392 pFrameFormat->SetFormatAttr( aNew );
>>> CID 1509311: Uninitialized variables (UNINIT)
>>> Using uninitialized value "aNew.m_oContentAnchor._M_payload._M_payload" when calling "~SwFormatAnchor".
393 }
394 }
395 else if( bAuto )
396 {
397 SwFrameFormat* pFrameFormat = (*pSpz)[ aEntry.m_nIdx ];
398 const SfxPoolItem* pAnchor = &pFrameFormat->GetAnchor();
** CID 1509310: Uninitialized variables (UNINIT)
________________________________________________________________________________________________________
*** CID 1509310: Uninitialized variables (UNINIT)
/sw/source/core/txtnode/atrflyin.cxx: 129 in SwTextFlyCnt::CopyFlyFormat(SwDoc &)()
123 }
124 aAnchor.SetAnchor( &pos );
125 }
126
127 SwFrameFormat* pNew = rDoc.getIDocumentLayoutAccess().CopyLayoutFormat( *pFormat, aAnchor, false, false );
128 const_cast<SwFormatFlyCnt&>(GetFlyCnt()).SetFlyFormat( pNew );
>>> CID 1509310: Uninitialized variables (UNINIT)
>>> Using uninitialized value "aAnchor.m_oContentAnchor._M_payload._M_payload" when calling "~SwFormatAnchor".
129 }
130
131 /** SetAnchor() is called by SwTextNode::InsertHint() and sets the anchor
132 * position in the SwFlyFrameFormat to the SwPosition of the dummy
133 * CH_TXTATR_BREAKWORD. This cannot be done in MakeTextAttr() because it
134 * doesn't know the target text node.
** CID 1509309: High impact quality (Y2K38_SAFETY)
/vcl/unx/generic/dtrans/X11_selection.cxx: 1546 in x11::SelectionManager::sendData(x11::SelectionAdaptor *, unsigned long, unsigned long, unsigned long, unsigned long)()
________________________________________________________________________________________________________
*** CID 1509309: High impact quality (Y2K38_SAFETY)
/vcl/unx/generic/dtrans/X11_selection.cxx: 1546 in x11::SelectionManager::sendData(x11::SelectionAdaptor *, unsigned long, unsigned long, unsigned long, unsigned long)()
1540 rInc.m_aData = aData;
1541 rInc.m_nBufferPos = 0;
1542 rInc.m_aRequestor = requestor;
1543 rInc.m_aProperty = property;
1544 rInc.m_aTarget = target;
1545 rInc.m_nFormat = nFormat;
>>> CID 1509309: High impact quality (Y2K38_SAFETY)
>>> A "time_t" value is stored in an integer with too few bits to accommodate it. The expression "time(NULL)" is cast to "int".
1546 rInc.m_nTransferStartTime = time( nullptr );
1547
1548 // use incr protocol, signal start to requestor
1549 tools::Long nMinSize = m_nIncrementalThreshold;
1550 XSelectInput( m_pDisplay, requestor, PropertyChangeMask );
1551 XChangeProperty( m_pDisplay, requestor, property,
** CID 1509308: Control flow issues (DEADCODE)
/sc/source/core/data/table4.cxx: 1233 in ScTable::FillSparkline(bool, int, int, int, int, int)()
________________________________________________________________________________________________________
*** CID 1509308: Control flow issues (DEADCODE)
/sc/source/core/data/table4.cxx: 1233 in ScTable::FillSparkline(bool, int, int, int, int, int)()
1227 bHasSparklines = bHasSparklines || bool(pSparkline);
1228 aSparklineSeries.push_back(pSparkline);
1229 }
1230
1231 if (bHasSparklines)
1232 {
>>> CID 1509308: Control flow issues (DEADCODE)
>>> Execution cannot reach this statement: "for (SCCOLROW nCurrent = nF...".
1233 for (SCCOLROW nCurrent = nFillStart; nCurrent <= nFillEnd; nCurrent++)
1234 {
1235 size_t nIndex = size_t(nFillStart - nCurrent) % aSparklineSeries.size();
1236 if (auto& rpSparkline = aSparklineSeries[nIndex])
1237 {
1238 auto pGroup = rpSparkline->getSparklineGroup();
** CID 1509307: Uninitialized variables (UNINIT)
________________________________________________________________________________________________________
*** CID 1509307: Uninitialized variables (UNINIT)
/slideshow/source/engine/transitions/slidetransitionfactory.cxx: 121 in slideshow::internal::<unnamed>::PluginSlideChange::PluginSlideChange(short, short, const slideshow::internal::RGBColor &, const std::optional<std::shared_ptr<slideshow::internal::Slide>> &, const std::shared_ptr<slideshow::internal::Slide> &, const slideshow::internal::UnoViewContainer &, slideshow::internal::ScreenUpdater &, com::sun::star::uno::Reference<com::sun::star::presentation::XTransitionFactory>, std::shared_ptr<slideshow::internal::SoundPlayer>&, slideshow::internal::EventMultiplexer &)()
115 const UnoViewContainer& rViewContainer,
116 ScreenUpdater& rScreenUpdater,
117 uno::Reference<
118 presentation::XTransitionFactory> xFactory,
119 const SoundPlayerSharedPtr& pSoundPlayer,
120 EventMultiplexer& rEventMultiplexer) :
>>> CID 1509307: Uninitialized variables (UNINIT)
>>> Using uninitialized value "<temporary>._M_payload._M_payload" when calling "~optional".
121 SlideChangeBase( leavingSlide_,
122 pEnteringSlide,
123 pSoundPlayer,
124 rViewContainer,
125 rScreenUpdater,
126 rEventMultiplexer ),
** CID 1509306: Uninitialized variables (UNINIT)
________________________________________________________________________________________________________
*** CID 1509306: Uninitialized variables (UNINIT)
/sw/source/core/doc/docedt.cxx: 131 in SaveFlyInRange(const SwNodeRange &, std::deque<SaveFly, std::allocator<SaveFly>> &)()
125 pFormat->DelFrames();
126 // set a dummy anchor position to maintain anchoring invariants
127 SwFormatAnchor aAnchor( pFormat->GetAnchor() );
128 aAnchor.SetAnchor(nullptr);
129 pFormat->SetFormatAttr(aAnchor);
130 rFormats.erase( rFormats.begin() + n-- );
>>> CID 1509306: Uninitialized variables (UNINIT)
>>> Using uninitialized value "aAnchor.m_oContentAnchor._M_payload._M_payload" when calling "~SwFormatAnchor".
131 }
132 }
133 sw::CheckAnchoredFlyConsistency(rRg.aStart.GetNode().GetDoc());
134 }
135
136 void SaveFlyInRange( const SwPaM& rPam, const SwPosition& rInsPos,
** CID 1509305: (NULL_RETURNS)
________________________________________________________________________________________________________
*** CID 1509305: (NULL_RETURNS)
/sc/source/ui/docshell/olinefun.cxx: 644 in ScOutlineDocFunc::ShowOutline(short, bool, unsigned short, unsigned short, bool, bool)()
638 ScDocument& rDoc = rDocShell.GetDocument();
639 if (bRecord && !rDoc.IsUndoEnabled())
640 bRecord = false;
641
642 ScOutlineTable* pTable = rDoc.GetOutlineTable( nTab );
643 ScOutlineArray& rArray = bColumns ? pTable->GetColArray() : pTable->GetRowArray();
>>> CID 1509305: (NULL_RETURNS)
>>> Dereferencing a pointer that might be "nullptr" "rArray" when calling "GetEntry".
644 ScOutlineEntry* pEntry = rArray.GetEntry( nLevel, nEntry );
645 SCCOLROW nStart = pEntry->GetStart();
646 SCCOLROW nEnd = pEntry->GetEnd();
647
648 // TODO undo can mess things up when another view is editing a cell in the range of group entry
649 // this is a temporarily workaround
/sc/source/ui/docshell/olinefun.cxx: 644 in ScOutlineDocFunc::ShowOutline(short, bool, unsigned short, unsigned short, bool, bool)()
638 ScDocument& rDoc = rDocShell.GetDocument();
639 if (bRecord && !rDoc.IsUndoEnabled())
640 bRecord = false;
641
642 ScOutlineTable* pTable = rDoc.GetOutlineTable( nTab );
643 ScOutlineArray& rArray = bColumns ? pTable->GetColArray() : pTable->GetRowArray();
>>> CID 1509305: (NULL_RETURNS)
>>> Dereferencing a pointer that might be "nullptr" "rArray" when calling "GetEntry".
644 ScOutlineEntry* pEntry = rArray.GetEntry( nLevel, nEntry );
645 SCCOLROW nStart = pEntry->GetStart();
646 SCCOLROW nEnd = pEntry->GetEnd();
647
648 // TODO undo can mess things up when another view is editing a cell in the range of group entry
649 // this is a temporarily workaround
** CID 1509304: (UNINIT)
________________________________________________________________________________________________________
*** CID 1509304: (UNINIT)
/sw/source/core/frmedt/fefly1.cxx: 1048 in SwFEShell::SetPageObjsNewPage(std::vector<SwFrameFormat *, std::allocator<SwFrameFormat *>> &)()
1042 else
1043 pFormat->DelFrames();
1044 bTmpAssert = true;
1045 }
1046 aNewAnchor.SetPageNum(nNewPage);
1047 mxDoc->SetAttr( aNewAnchor, *pFormat );
>>> CID 1509304: (UNINIT)
>>> Using uninitialized value "aNewAnchor.m_oContentAnchor._M_payload._M_payload" when calling "~SwFormatAnchor".
1048 }
1049 }
1050
1051 if( bTmpAssert )
1052 pTmpRootFrame->SetAssertFlyPages();
1053
/sw/source/core/frmedt/fefly1.cxx: 1036 in SwFEShell::SetPageObjsNewPage(std::vector<SwFrameFormat *, std::allocator<SwFrameFormat *>> &)()
1030 {
1031 // FlyFormat is still valid, therefore process
1032
1033 SwFormatAnchor aNewAnchor( pFormat->GetAnchor() );
1034 if (RndStdIds::FLY_AT_PAGE != aNewAnchor.GetAnchorId())
1035 // Anchor has been changed, therefore: do not change!
>>> CID 1509304: (UNINIT)
>>> Using uninitialized value "aNewAnchor.m_oContentAnchor._M_payload._M_payload" when calling "~SwFormatAnchor".
1036 continue;
1037 sal_uInt16 nNewPage = aNewAnchor.GetPageNum() + 1;
1038 if (nNewPage > nMaxPage)
1039 {
1040 if ( RES_DRAWFRMFMT == pFormat->Which() )
1041 pFormat->CallSwClientNotify(sw::DrawFrameFormatHint(sw::DrawFrameFormatHintId::PAGE_OUT_OF_BOUNDS));
** CID 1509303: SpotBugs: Dodgy code (FB.DCN_NULLPOINTER_EXCEPTION)
/wizards/com/sun/star/wizards/report/DBColumn.java: 160 in com.sun.star.wizards.report.DBColumn.<init>(com.sun.star.wizards.text.TextTableHandler, com.sun.star.wizards.db.RecordParser, java.lang.String, java.lang.String)()
________________________________________________________________________________________________________
*** CID 1509303: SpotBugs: Dodgy code (FB.DCN_NULLPOINTER_EXCEPTION)
/wizards/com/sun/star/wizards/report/DBColumn.java: 160 in com.sun.star.wizards.report.DBColumn.<init>(com.sun.star.wizards.text.TextTableHandler, com.sun.star.wizards.db.RecordParser, java.lang.String, java.lang.String)()
154
155 XTableRows xRows = null;
156 try
157 {
158 xRows = xTextTable.getRows();
159 }
>>> CID 1509303: SpotBugs: Dodgy code (FB.DCN_NULLPOINTER_EXCEPTION)
>>> Do not catch NullPointerException like.
160 catch (java.lang.NullPointerException e)
161 {
162 e.printStackTrace();
163 // TODO: handle the nullpointer right
164 // return;
165 }
** CID 1509302: Null pointer dereferences (FORWARD_NULL)
________________________________________________________________________________________________________
*** CID 1509302: Null pointer dereferences (FORWARD_NULL)
/sw/source/core/access/accframebase.cxx: 130 in SwAccessibleFrameBase::SwAccessibleFrameBase(const std::shared_ptr<SwAccessibleMap> &, short, const SwFlyFrame *)()
124 m_bIsSelected( false )
125 {
126 const SwFrameFormat* pFrameFormat = pFlyFrame->GetFormat();
127 if(pFrameFormat)
128 StartListening(const_cast<SwFrameFormat*>(pFrameFormat)->GetNotifier());
129
>>> CID 1509302: Null pointer dereferences (FORWARD_NULL)
>>> Passing null pointer "pFrameFormat->GetName()" to "SetName", which dereferences it.
130 SetName( pFrameFormat->GetName() );
131
132 m_bIsSelected = IsSelected();
133 }
134
135 void SwAccessibleFrameBase::InvalidateCursorPos_()
** CID 1509301: (UNINIT)
________________________________________________________________________________________________________
*** CID 1509301: (UNINIT)
/sw/source/core/doc/DocumentContentOperationsManager.cxx: 3982 in sw::DocumentContentOperationsManager::CopyFlyInFlyImpl(const SwNodeRange &, const SwPaM *, SwNode &, bool, SwCopyFlags) const()
3976 if( rContent.GetContentIdx() &&
3977 nullptr != ( pSNd = rContent.GetContentIdx()->GetNode().GetStartNode() ) &&
3978 pSNd->GetIndex() < rStartIdx.GetIndex() &&
3979 rStartIdx.GetIndex() < pSNd->EndOfSectionIndex() )
3980 {
3981 it = aSet.erase(it);
>>> CID 1509301: (UNINIT)
>>> Using uninitialized value "aAnchor.m_oContentAnchor._M_payload._M_payload" when calling "~SwFormatAnchor".
3982 continue;
3983 }
3984 }
3985
3986 // Ignore TextBoxes, they are already handled in
3987 // sw::DocumentLayoutManager::CopyLayoutFormat().
/sw/source/core/doc/DocumentContentOperationsManager.cxx: 3998 in sw::DocumentContentOperationsManager::CopyFlyInFlyImpl(const SwNodeRange &, const SwPaM *, SwNode &, bool, SwCopyFlags) const()
3992 }
3993
3994 // Copy the format and set the new anchor
3995 aVecSwFrameFormat.push_back( rDest.getIDocumentLayoutAccess().CopyLayoutFormat( *(*it).GetFormat(),
3996 aAnchor, false, true ) );
3997 ++it;
>>> CID 1509301: (UNINIT)
>>> Using uninitialized value "aAnchor.m_oContentAnchor._M_payload._M_payload" when calling "~SwFormatAnchor".
3998 }
3999
4000 // Rebuild as much as possible of all chains that are available in the original,
4001 OSL_ENSURE( aSet.size() == aVecSwFrameFormat.size(), "Missing new Flys" );
4002 if ( aSet.size() != aVecSwFrameFormat.size() )
4003 return;
** CID 1509300: Uninitialized variables (UNINIT)
________________________________________________________________________________________________________
*** CID 1509300: Uninitialized variables (UNINIT)
/sw/source/core/undo/rolbck.cxx: 964 in SwHistoryChangeFlyAnchor::SetInDoc(SwDoc *, bool)()
958 if (!pCNd || !pCNd->getLayoutFrame(pDoc->getIDocumentLayoutAccess().GetCurrentLayout(), nullptr, nullptr))
959 {
960 m_rFormat.DelFrames();
961 }
962
963 m_rFormat.SetFormatAttr( aTmp );
>>> CID 1509300: Uninitialized variables (UNINIT)
>>> Using uninitialized value "aTmp.m_oContentAnchor._M_payload._M_payload" when calling "~SwFormatAnchor".
964 }
965
966 SwHistoryChangeFlyChain::SwHistoryChangeFlyChain( SwFlyFrameFormat& rFormat,
967 const SwFormatChain& rAttr )
968 : SwHistoryHint( HSTRY_CHGFLYCHAIN )
969 , m_pPrevFormat( rAttr.GetPrev() )
** CID 1509299: (UNINIT)
________________________________________________________________________________________________________
*** CID 1509299: (UNINIT)
/oox/source/vml/vmltextboxcontext.cxx: 101 in oox::vml::TextPortionContext::onCreateContext(int, const oox::AttributeList &)()
95
96 ContextHandlerRef TextPortionContext::onCreateContext( sal_Int32 nElement, const AttributeList& rAttribs )
97 {
98 OSL_ENSURE( nElement != XML_font, "TextPortionContext::onCreateContext - nested <font> elements" );
99 if (getNamespace(getCurrentElement()) == NMSP_doc)
100 return this;
>>> CID 1509299: (UNINIT)
>>> Using uninitialized value "<temporary>.moNameComplex._M_payload._M_payload" when calling "~TextFontModel".
101 return new TextPortionContext( *this, mrTextBox, maParagraph, maFont, nElement, rAttribs );
102 }
103
104 void TextPortionContext::onCharacters( const OUString& rChars )
105 {
106 if (getNamespace(getCurrentElement()) == NMSP_doc && getCurrentElement() != W_TOKEN(t))
/oox/source/vml/vmltextboxcontext.cxx: 101 in oox::vml::TextPortionContext::onCreateContext(int, const oox::AttributeList &)()
95
96 ContextHandlerRef TextPortionContext::onCreateContext( sal_Int32 nElement, const AttributeList& rAttribs )
97 {
98 OSL_ENSURE( nElement != XML_font, "TextPortionContext::onCreateContext - nested <font> elements" );
99 if (getNamespace(getCurrentElement()) == NMSP_doc)
100 return this;
>>> CID 1509299: (UNINIT)
>>> Using uninitialized value "<temporary>.moParaStyleName._M_payload._M_payload" when calling "~TextParagraphModel".
101 return new TextPortionContext( *this, mrTextBox, maParagraph, maFont, nElement, rAttribs );
102 }
103
104 void TextPortionContext::onCharacters( const OUString& rChars )
105 {
106 if (getNamespace(getCurrentElement()) == NMSP_doc && getCurrentElement() != W_TOKEN(t))
** CID 1509298: Uninitialized variables (UNINIT)
________________________________________________________________________________________________________
*** CID 1509298: Uninitialized variables (UNINIT)
/sw/source/core/layout/flycnt.cxx: 1428 in SwFlyAtContentFrame::SetAbsPos(const Point &)()
1422 // re-created. Thus, delete all fly frames except the <this> before the
1423 // anchor attribute is change and re-create them afterwards.
1424 {
1425 SwHandleAnchorNodeChg aHandleAnchorNodeChg( *pFormat, aAnch, this );
1426 pFormat->GetDoc()->SetAttr( aAnch, *pFormat );
1427 }
>>> CID 1509298: Uninitialized variables (UNINIT)
>>> Using uninitialized value "aAnch.m_oContentAnchor._M_payload._M_payload" when calling "~SwFormatAnchor".
1428 }
1429 else if ( pTmpPage && pTmpPage != GetPageFrame() )
1430 GetPageFrame()->MoveFly( this, pTmpPage );
1431
1432 const Point aRelPos = bVert ? Point( -nY, nX ) : Point( nX, nY );
1433 ChgRelPos( aRelPos );
** CID 1509297: Null pointer dereferences (FORWARD_NULL)
________________________________________________________________________________________________________
*** CID 1509297: Null pointer dereferences (FORWARD_NULL)
/sc/source/ui/view/hdrcont.cxx: 876 in ScHeaderControl::MouseMove(const MouseEvent &)()
870 if( !pTabView )
871 return;
872 bool bTmp;
873 SCCOLROW nHitNo = GetMousePos(rMEvt.GetPosPixel(), bTmp);
874 SCTAB nTab = pTabView->GetViewData().GetTabNo();
875 ScTabViewShell* pViewSh = dynamic_cast<ScTabViewShell*>(SfxViewShell::Current());
>>> CID 1509297: Null pointer dereferences (FORWARD_NULL)
>>> Passing null pointer "pViewSh->GetViewData()" to "GetDocument", which dereferences it.
876 ScDocument& rDoc = pViewSh->GetViewData().GetDocument();
877 if( !bVertical )
878 pTabView->UpdateRef( nHitNo, rDoc.MaxRow(), nTab );
879 else
880 pTabView->UpdateRef( rDoc.MaxCol(), nHitNo, nTab );
881
** CID 1509296: Memory - illegal accesses (USE_AFTER_FREE)
________________________________________________________________________________________________________
*** CID 1509296: Memory - illegal accesses (USE_AFTER_FREE)
/formula/source/core/api/FormulaCompiler.cxx: 2057 in formula::FormulaCompiler::IntersectionLine()()
2051 if (isAdjacentOrGapRpnEnd( pc, pCode, pCode1, pCode2) && isIntersectable( pCode1, pCode2))
2052 {
2053 FormulaTokenRef pIntersect( new FormulaByteToken( ocIntersect));
2054 // Replace ocSpaces with ocIntersect so that when switching
2055 // formula syntax the correct operator string is created.
2056 pArr->ReplaceToken( nCodeIndex, pIntersect.get(), FormulaTokenArray::ReplaceMode::CODE_ONLY);
>>> CID 1509296: Memory - illegal accesses (USE_AFTER_FREE)
>>> Calling "PutCode" dereferences freed pointer "pIntersect.px".
2057 PutCode( pIntersect);
2058 }
2059 }
2060 else
2061 {
2062 PutCode(p);
** CID 1509295: (UNINIT)
________________________________________________________________________________________________________
*** CID 1509295: (UNINIT)
/sw/source/core/undo/undobj.cxx: 1050 in SwUndoSaveContent::DelContentIndex(const SwPosition &, const SwPosition &, DelContentType)()
1044 if( rMark.GetNode().GetTextNode() )
1045 {
1046 m_pHistory->AddChangeFlyAnchor(*pFormat);
1047 SwFormatAnchor aAnch( *pAnchor );
1048 aAnch.SetAnchor( &rMark );
1049 pFormat->SetFormatAttr( aAnch );
>>> CID 1509295: (UNINIT)
>>> Using uninitialized value "aAnch.m_oContentAnchor._M_payload._M_payload" when calling "~SwFormatAnchor".
1050 }
1051 }
1052 }
1053 }
1054 break;
1055 case RndStdIds::FLY_AT_FLY:
/sw/source/core/undo/undobj.cxx: 1018 in SwUndoSaveContent::DelContentIndex(const SwPosition &, const SwPosition &, DelContentType)()
1012 {
1013 m_pHistory->AddChangeFlyAnchor(*pFormat);
1014 SwFormatAnchor aAnch( *pAnchor );
1015 SwPosition aPos( rMark.nNode );
1016 aAnch.SetAnchor( &aPos );
1017 pFormat->SetFormatAttr( aAnch );
>>> CID 1509295: (UNINIT)
>>> Using uninitialized value "aAnch.m_oContentAnchor._M_payload._M_payload" when calling "~SwFormatAnchor".
1018 }
1019 }
1020 }
1021 break;
1022 case RndStdIds::FLY_AT_CHAR:
1023 if( nullptr != (pAPos = pAnchor->GetContentAnchor() ) &&
** CID 1509294: Uninitialized variables (USE_AFTER_MOVE)
/basic/source/classes/sbunoobj.cxx: 4679 in SbUnoStructRefObject::Find(const rtl::OUString &, SbxClassType)()
________________________________________________________________________________________________________
*** CID 1509294: Uninitialized variables (USE_AFTER_MOVE)
/basic/source/classes/sbunoobj.cxx: 4679 in SbUnoStructRefObject::Find(const rtl::OUString &, SbxClassType)()
4673 SbxDataType eSbxType;
4674 eSbxType = unoToSbxType( it->second->getTypeClass() );
4675 SbxDataType eRealSbxType = eSbxType;
4676 Property aProp;
4677 aProp.Name = rName;
4678 aProp.Type = css::uno::Type( it->second->getTypeClass(), it->second->getTypeName() );
>>> CID 1509294: Uninitialized variables (USE_AFTER_MOVE)
>>> "aProp" is used after it has been already moved.
4679 SbUnoProperty* pProp = new SbUnoProperty( rName, eSbxType, eRealSbxType, std::move(aProp), 0, false, ( aProp.Type.getTypeClass() == css::uno::TypeClass_STRUCT) );
4680 SbxVariableRef xVarRef = pProp;
4681 QuickInsert( xVarRef.get() );
4682 pRes = xVarRef.get();
4683 }
4684 }
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50ypSs1kiFPuCn2xFdlMIFBirii0zZ9j2-2F9F2XPBcBm2BNgi9duPy3v-2FzgFDd2LJ-2BDKI-3DjTYk_OTq2XUZbbipYjyLSo6GRo-2FpVxQ9OzkDINu9UTS-2FQhSdO0F0jQniitrGlNxDIzPJi2Al1eWpnF53NuWwn1xAUzTaNw0wQ3WGGXZtFLuKhpN99qy8gxZ9jlfymItznvOT-2B3nJtpJFutMVmgVguaiP-2F0gvztJcI6PjG9X1hhZIwppg4AmFEtXJn-2F-2BCubx55EmGAm6xs0hoE01jwHOezpR5nvcY1nc99lhUXbgIBhfveRak-3D
More information about the LibreOffice
mailing list