New Defects reported by Coverity Scan for LibreOffice
scan-admin at coverity.com
scan-admin at coverity.com
Sun Nov 27 12:19:56 UTC 2022
Hi,
Please find the latest report on new defect(s) introduced to LibreOffice found with Coverity Scan.
7 new defect(s) introduced to LibreOffice found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 7 of 7 defect(s)
** CID 1517060: Error handling issues (CHECKED_RETURN)
/cui/source/customize/cfgutil.cxx: 1352 in SvxScriptSelectorDialog::LoadLastUsedMacro()()
________________________________________________________________________________________________________
*** CID 1517060: Error handling issues (CHECKED_RETURN)
/cui/source/customize/cfgutil.cxx: 1352 in SvxScriptSelectorDialog::LoadLastUsedMacro()()
1346 if (bIsIterValid)
1347 {
1348 xCategories.expand_row(*xIter);
1349 nOpenedNodes++;
1350 }
1351 if (xCategories.iter_has_child(*xIter))
>>> CID 1517060: Error handling issues (CHECKED_RETURN)
>>> Calling "iter_children" without checking return value (as is done elsewhere 59 out of 61 times).
1352 xCategories.iter_children(*xIter);
1353 else if (nOpenedNodes < nInfoParts - 1)
1354 // If the number of levels in the tree is smaller than the
1355 // number of parts in the macro info string, then return
1356 return;
1357 }
** CID 1517059: Integer handling issues (NEGATIVE_RETURNS)
________________________________________________________________________________________________________
*** CID 1517059: Integer handling issues (NEGATIVE_RETURNS)
/sw/source/ui/vba/vbacontentcontrols.cxx: 182 in <unnamed>::ContentControlCollectionHelper::hasByName(const rtl::OUString &)()
176 new SwVbaContentControl(mxParent, mxContext, mxTextDocument, *m_pCache)));
177 }
178
179 sal_Bool SAL_CALL hasByName(const OUString& aName) override
180 {
181 sal_Int32 nCount = -1;
>>> CID 1517059: Integer handling issues (NEGATIVE_RETURNS)
>>> "nCount" is passed to a parameter that cannot be negative.
182 m_pCache = lcl_getContentControl(aName, m_sTag, m_sTitle, nCount, mxTextDocument);
183 return m_pCache != nullptr;
184 }
185
186 // XElementAccess
187 uno::Type SAL_CALL getElementType() override
** CID 1517058: Null pointer dereferences (FORWARD_NULL)
________________________________________________________________________________________________________
*** CID 1517058: Null pointer dereferences (FORWARD_NULL)
/sc/source/filter/xcl97/xcl97rec.cxx: 247 in <unnamed>::SaveDrawingMLObjects(XclExpObjList &, XclExpXmlStream &)()
241 else
242 --nSkipObj;
243
244 if (rxObj->GetObjType() == 0) // group (it can be a subgroup)
245 {
246 XclObjAny* pObj = dynamic_cast<XclObjAny*>(rxObj.get());
>>> CID 1517058: Null pointer dereferences (FORWARD_NULL)
>>> Passing null pointer "pObj->GetShape()" to "Reference", which dereferences it.
247 css::uno::Reference<css::drawing::XShapes> mXShapes(pObj->GetShape(), UNO_QUERY);
248 // skip (also) the objects of this group
249 nSkipObj += mXShapes->getCount();
250 }
251 }
252
** CID 1517057: Null pointer dereferences (REVERSE_INULL)
/sdext/source/pdfimport/tree/drawtreevisiting.cxx: 761 in pdfi::DrawXmlOptimizer::optimizeTextElements(pdfi::Element &)()
________________________________________________________________________________________________________
*** CID 1517057: Null pointer dereferences (REVERSE_INULL)
/sdext/source/pdfimport/tree/drawtreevisiting.cxx: 761 in pdfi::DrawXmlOptimizer::optimizeTextElements(pdfi::Element &)()
755 for(int i=0; i< str.getLength(); i++)
756 {
757 sal_Int16 nType = GetBreakIterator()->getScriptType( str, i );
758 if (nType == css::i18n::ScriptType::COMPLEX)
759 isComplex = true;
760 }
>>> CID 1517057: Null pointer dereferences (REVERSE_INULL)
>>> Null-checking "pPara" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
761 if (bPara && pPara && isComplex)
762 pPara->bRtl = true;
763 // append eventual children to current element
764 // and clear children (else the children just
765 // appended to pCur would be destroyed)
766 pCur->Children.splice( pCur->Children.end(), pNext->Children );
** CID 1517056: Null pointer dereferences (FORWARD_NULL)
/sw/source/core/crsr/bookmark.cxx: 824 in sw::mark::DropDownFieldmark::AddContent(const rtl::OUString &, int *)()
________________________________________________________________________________________________________
*** CID 1517056: Null pointer dereferences (FORWARD_NULL)
/sw/source/core/crsr/bookmark.cxx: 824 in sw::mark::DropDownFieldmark::AddContent(const rtl::OUString &, int *)()
818
819 auto aList = comphelper::sequenceToContainer<std::vector<OUString>>(aSeq);
820 if (nNewPos < nLen)
821 aList.insert(aList.begin() + nNewPos, rText);
822 else
823 {
>>> CID 1517056: Null pointer dereferences (FORWARD_NULL)
>>> Dereferencing null pointer "pIndex".
824 *pIndex = nLen;
825 aList.push_back(rText);
826 }
827
828 (*pParameters)[ODF_FORMDROPDOWN_LISTENTRY] <<= comphelper::containerToSequence(aList);
829 Invalidate();
** CID 1517055: Null pointer dereferences (REVERSE_INULL)
/vcl/source/window/bubblewindow.cxx: 535 in MenuBarUpdateIconManager::AddMenuBarIcon(SystemWindow *, bool)()
________________________________________________________________________________________________________
*** CID 1517055: Null pointer dereferences (REVERSE_INULL)
/vcl/source/window/bubblewindow.cxx: 535 in MenuBarUpdateIconManager::AddMenuBarIcon(SystemWindow *, bool)()
529 LINK( this, MenuBarUpdateIconManager, ClickHdl ),
530 aBuf.makeStringAndClear() );
531 maIconMBars.push_back(pActiveMBar);
532 maIconIDs.push_back(nIconID);
533 }
534
>>> CID 1517055: Null pointer dereferences (REVERSE_INULL)
>>> Null-checking "pSysWin" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
535 if (bAddEventHdl && pSysWin)
536 pSysWin->AddEventListener( maWindowEventHdl );
537 }
538
539 if (mpActiveMBar != pActiveMBar)
540 {
** CID 1517054: Control flow issues (DEADCODE)
/vcl/headless/CairoCommon.cxx: 738 in CairoCommon::drawPolyLine(_cairo *, basegfx::B2DRange *, const Color &, bool, const basegfx::B2DHomMatrix &, const basegfx::B2DPolygon &, double, double, const std::vector<double, std::allocator<double>> *, basegfx::B2DLineJoin, com::sun::star::drawing::LineCap, double, bool)()
________________________________________________________________________________________________________
*** CID 1517054: Control flow issues (DEADCODE)
/vcl/headless/CairoCommon.cxx: 738 in CairoCommon::drawPolyLine(_cairo *, basegfx::B2DRange *, const Color &, bool, const basegfx::B2DHomMatrix &, const basegfx::B2DPolygon &, double, double, const std::vector<double, std::allocator<double>> *, basegfx::B2DLineJoin, com::sun::star::drawing::LineCap, double, bool)()
732 {
733 SAL_WARN("vcl.gdi", "drawPolyLine, suspicious input line width of: "
734 << fLineWidth << ", will be " << fLineWidthPixel
735 << " pixels thick");
736 if (bFuzzing)
737 {
>>> CID 1517054: Control flow issues (DEADCODE)
>>> Execution cannot reach this statement: "aObjectToDeviceInv.B2DHomMa...".
738 basegfx::B2DHomMatrix aObjectToDeviceInv(rObjectToDevice);
739 aObjectToDeviceInv.invert();
740 fLineWidth
741 = (aObjectToDeviceInv * basegfx::B2DVector(MaxNormalLineWidth, 0)).getLength();
742 }
743 }
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50ypSs1kiFPuCn2xFdlMIFBirii0zZ9j2-2F9F2XPBcBm2BNgi9duPy3v-2FzgFDd2LJ-2BDKI-3DW6Og_OTq2XUZbbipYjyLSo6GRo-2FpVxQ9OzkDINu9UTS-2FQhSdO0F0jQniitrGlNxDIzPJiKrCse1h-2BnRwGOk50ynxFkFdufQej79C3ZH-2BdKCk2YZIzzgchvaeXWH8Cu-2Bb7XzVZODnizk4c-2BDDSDrX8NliW-2FHCDsm1cGAt2-2FHJksk-2B6Gban-2FV-2FyDhYB4zkZvAprXz91dTTRRO5Ex6kMIe3n3uKL9-2BsADNUIOJCko1wyQED2zKw-3D
More information about the LibreOffice
mailing list