New Defects reported by Coverity Scan for LibreOffice

scan-admin at coverity.com scan-admin at coverity.com
Thu Sep 1 09:53:01 UTC 2022


Hi,

Please find the latest report on new defect(s) introduced to LibreOffice found with Coverity Scan.

8 new defect(s) introduced to LibreOffice found with Coverity Scan.
10 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 8 of 8 defect(s)


** CID 1513474:  Null pointer dereferences  (FORWARD_NULL)


________________________________________________________________________________________________________
*** CID 1513474:  Null pointer dereferences  (FORWARD_NULL)
/svx/source/svdraw/svdedtv2.cxx: 1853 in SdrEditView::GroupMarked()()
1847                     pSrcLst0=pSrcLst;
1848                 }
1849             }
1850             if (pGrp!=nullptr)
1851             {
1852                 aNewMark.InsertEntry(SdrMark(pGrp.get(),pPV));
>>>     CID 1513474:  Null pointer dereferences  (FORWARD_NULL)
>>>     Passing null pointer "pDstLst" to "GetObjCount", which dereferences it.
1853                 const size_t nCount=pDstLst->GetObjCount();
1854                 pCurrentLst->InsertObject(pGrp.get(),nInsPos);
1855                 if( bUndo )
1856                 {
1857                     AddUndo(GetModel()->GetSdrUndoFactory().CreateUndoNewObject(*pGrp,true)); // no recalculation!
1858                     for (size_t no=0; no<nCount; ++no)

** CID 1513473:  Integer handling issues  (DIVIDE_BY_ZERO)
/vcl/source/gdi/CommonSalLayout.cxx: 713 in GenericSalLayout::GetCharWidths(std::vector<int, std::allocator<int>> &, const rtl::OUString &) const()


________________________________________________________________________________________________________
*** CID 1513473:  Integer handling issues  (DIVIDE_BY_ZERO)
/vcl/source/gdi/CommonSalLayout.cxx: 713 in GenericSalLayout::GetCharWidths(std::vector<int, std::allocator<int>> &, const rtl::OUString &) const()
707                     if (aGlyphItem.IsRTLGlyph())
708                         std::reverse(aWidths.begin(), aWidths.end());
709                 }
710                 else
711                 {
712                     // The glyph has no carets, distribute the width evenly.
>>>     CID 1513473:  Integer handling issues  (DIVIDE_BY_ZERO)
>>>     In expression "aGlyphItem->newWidth() / nGraphemeCount", division by expression "nGraphemeCount" which may be zero has undefined behavior.
713                     auto nWidth = aGlyphItem.newWidth() / nGraphemeCount;
714                     std::fill(aWidths.begin(), aWidths.end(), nWidth);
715     
716                     // Add rounding difference to the last component to maintain
717                     // ligature width.
718                     aWidths[nGraphemeCount - 1] += aGlyphItem.newWidth() - (nWidth * nGraphemeCount);

** CID 1513472:  Null pointer dereferences  (NULL_RETURNS)
/sw/source/core/doc/doc.cxx: 1510 in SwDoc::RemoveInvisibleContent()()


________________________________________________________________________________________________________
*** CID 1513472:  Null pointer dereferences  (NULL_RETURNS)
/sw/source/core/doc/doc.cxx: 1510 in SwDoc::RemoveInvisibleContent()()
1504                         {
1505                             // only delete the content
1506                             SwContentNode* pCNd = GetNodes().GoNext( aPam.GetPoint() );
1507                             aPam.SetMark();
1508                             aPam.GetPoint()->Assign( *pSectNd->EndOfSectionNode() );
1509                             pCNd = SwNodes::GoPrevious( aPam.GetPoint() );
>>>     CID 1513472:  Null pointer dereferences  (NULL_RETURNS)
>>>     Dereferencing a pointer that might be "nullptr" "pCNd" when calling "Len". (The dereference happens because this is a virtual function call.)
1510                             aPam.GetPoint()->SetContent( pCNd->Len() );
1511     
1512                             getIDocumentContentOperations().DeleteRange( aPam );
1513                         }
1514                         else
1515                         {

** CID 1513471:  Null pointer dereferences  (NULL_RETURNS)
/sw/source/core/doc/tblcpy.cxx: 537 in lcl_CpyBox(const SwTable &, const SwTableBox *, SwTable &, SwTableBox *, bool, SwUndoTableCpyTable *)()


________________________________________________________________________________________________________
*** CID 1513471:  Null pointer dereferences  (NULL_RETURNS)
/sw/source/core/doc/tblcpy.cxx: 537 in lcl_CpyBox(const SwTable &, const SwTableBox *, SwTable &, SwTableBox *, bool, SwUndoTableCpyTable *)()
531             SwNodeIndex aEndNdIdx( *aInsIdx.GetNode().EndOfSectionNode() );
532     
533             // Move Bookmarks
534             {
535                 SwPosition aMvPos( aInsIdx );
536                 SwContentNode* pCNd = SwNodes::GoPrevious( &aMvPos.nNode );
>>>     CID 1513471:  Null pointer dereferences  (NULL_RETURNS)
>>>     Dereferencing a pointer that might be "nullptr" "pCNd" when calling "Len". (The dereference happens because this is a virtual function call.)
537                 aMvPos.nContent.Assign( pCNd, pCNd->Len() );
538                 SwDoc::CorrAbs( aInsIdx, aEndNdIdx, aMvPos );
539             }
540     
541             // If we still have FlyFrames hanging around, delete them too
542             for( const auto pFly : *pDoc->GetSpzFrameFormats() )

** CID 1513470:  Code maintainability issues  (UNUSED_VALUE)
/sw/source/core/doc/DocumentContentOperationsManager.cxx: 2418 in sw::DocumentContentOperationsManager::MoveRange(SwPaM &, SwPosition &, SwMoveFlags)()


________________________________________________________________________________________________________
*** CID 1513470:  Code maintainability issues  (UNUSED_VALUE)
/sw/source/core/doc/DocumentContentOperationsManager.cxx: 2418 in sw::DocumentContentOperationsManager::MoveRange(SwPaM &, SwPosition &, SwMoveFlags)()
2412                 {
2413                     if (!pContentStore->Empty())
2414                     {
2415                         pContentStore->Restore(m_rDoc, pOrigNode->GetIndex()-SwNodeOffset(1), 0, true, false, eMode);
2416                     }
2417                 });
>>>     CID 1513470:  Code maintainability issues  (UNUSED_VALUE)
>>>     Assigning value from "pTNd->SplitContentNode(rPos, &restoreFunc)->GetTextNode()" to "pTNd" here, but that stored value is overwritten before it can be used.
2418             pTNd = pTNd->SplitContentNode(rPos, &restoreFunc)->GetTextNode();
2419     
2420             //A new node was inserted before the orig pTNd and the content up to
2421             //rPos moved into it. The old node is returned with the remainder
2422             //of the content in it.
2423             //

** CID 1513469:  Null pointer dereferences  (NULL_RETURNS)
/sw/source/core/frmedt/fetab.cxx: 997 in SwFEShell::HasBoxSelection() const()


________________________________________________________________________________________________________
*** CID 1513469:  Null pointer dereferences  (NULL_RETURNS)
/sw/source/core/frmedt/fetab.cxx: 997 in SwFEShell::HasBoxSelection() const()
991                 SwContentNode* pCNd = aIdx.GetNode().GetContentNode();
992                 if( !pCNd )
993                 {
994                     pCNd = SwNodes::GoPrevious( &aIdx );
995                     OSL_ENSURE( pCNd, "no ContentNode in box ??" );
996                 }
>>>     CID 1513469:  Null pointer dereferences  (NULL_RETURNS)
>>>     Dereferencing a pointer that might be "nullptr" "pCNd" when calling "Len". (The dereference happens because this is a virtual function call.)
997                 if( pPam->GetMark()->GetContentIndex() == pCNd->Len() )
998                 {
999                     if( bChg )
1000                         pPam->Exchange();
1001                     return true;
1002                 }

** CID 1513468:  Null pointer dereferences  (NULL_RETURNS)


________________________________________________________________________________________________________
*** CID 1513468:  Null pointer dereferences  (NULL_RETURNS)
/sw/source/core/doc/doctxm.cxx: 916 in SwTOXBaseSection::Update(const SfxItemSet *, const SwRootFrame *, bool)()
910                  ( pSectNd->GetIndex() >
911                      (pSectNd->GetNodes().GetEndOfContent().StartOfSectionIndex() + 1) )
912                )
913             {
914                 // determine page description of content before table-of-content
915                 SwNodeIndex aIdx( *pSectNd );
>>>     CID 1513468:  Null pointer dereferences  (NULL_RETURNS)
>>>     Dereferencing a pointer that might be "nullptr" "SwNodes::GoPrevious(&aIdx)" when calling "FindPageDesc".
916                 pDefaultPageDesc =
917                     SwNodes::GoPrevious( &aIdx )->FindPageDesc();
918     
919             }
920             if ( !pDefaultPageDesc )
921             {

** CID 1500519:  Uninitialized variables  (USE_AFTER_MOVE)
/sd/source/ui/view/OutlinerIterator.cxx: 682 in sd::outliner::ViewIteratorImpl::Reverse()()


________________________________________________________________________________________________________
*** CID 1500519:  Uninitialized variables  (USE_AFTER_MOVE)
/sd/source/ui/view/OutlinerIterator.cxx: 682 in sd::outliner::ViewIteratorImpl::Reverse()()
676         // Move iterator to the current object.
677         ::unotools::WeakReference<SdrObject> xObject = std::move(maPosition.mxObject);
678     
679         if (!mpObjectIterator)
680             return;
681     
>>>     CID 1500519:  Uninitialized variables  (USE_AFTER_MOVE)
>>>     "this->maPosition.mxObject" is used after it has been already moved.
682         while (mpObjectIterator->IsMore() && maPosition.mxObject.get() != xObject.get())
683             maPosition.mxObject = mpObjectIterator->Next();
684     }
685     
686     //===== DocumentIteratorImpl ============================================
687     


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50ypSs1kiFPuCn2xFdlMIFBirii0zZ9j2-2F9F2XPBcBm2BNgi9duPy3v-2FzgFDd2LJ-2BDKI-3DWb3X_OTq2XUZbbipYjyLSo6GRo-2FpVxQ9OzkDINu9UTS-2FQhSdO0F0jQniitrGlNxDIzPJij0uE-2FVQHR19LbI4pRufZMTn7jhjxfhtfONkZrFGSWpqEGgKnokqrcuAm-2FgI5Oif6DeSLpZWXliGghTYPmWgcp8lxFVC-2FpywpF5PWOXJQWWaN1YaJjV1XBOhkScZoaGuIolLkLZiJnVnp0UU5jVEl99p8DuEgc4AphoX8mi0zHu4-3D



More information about the LibreOffice mailing list