New Defects reported by Coverity Scan for LibreOffice
scan-admin at coverity.com
scan-admin at coverity.com
Thu Sep 1 09:53:01 UTC 2022
Hi,
Please find the latest report on new defect(s) introduced to LibreOffice found with Coverity Scan.
8 new defect(s) introduced to LibreOffice found with Coverity Scan.
10 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 8 of 8 defect(s)
** CID 1513474: Null pointer dereferences (FORWARD_NULL)
________________________________________________________________________________________________________
*** CID 1513474: Null pointer dereferences (FORWARD_NULL)
/svx/source/svdraw/svdedtv2.cxx: 1853 in SdrEditView::GroupMarked()()
1847 pSrcLst0=pSrcLst;
1848 }
1849 }
1850 if (pGrp!=nullptr)
1851 {
1852 aNewMark.InsertEntry(SdrMark(pGrp.get(),pPV));
>>> CID 1513474: Null pointer dereferences (FORWARD_NULL)
>>> Passing null pointer "pDstLst" to "GetObjCount", which dereferences it.
1853 const size_t nCount=pDstLst->GetObjCount();
1854 pCurrentLst->InsertObject(pGrp.get(),nInsPos);
1855 if( bUndo )
1856 {
1857 AddUndo(GetModel()->GetSdrUndoFactory().CreateUndoNewObject(*pGrp,true)); // no recalculation!
1858 for (size_t no=0; no<nCount; ++no)
** CID 1513473: Integer handling issues (DIVIDE_BY_ZERO)
/vcl/source/gdi/CommonSalLayout.cxx: 713 in GenericSalLayout::GetCharWidths(std::vector<int, std::allocator<int>> &, const rtl::OUString &) const()
________________________________________________________________________________________________________
*** CID 1513473: Integer handling issues (DIVIDE_BY_ZERO)
/vcl/source/gdi/CommonSalLayout.cxx: 713 in GenericSalLayout::GetCharWidths(std::vector<int, std::allocator<int>> &, const rtl::OUString &) const()
707 if (aGlyphItem.IsRTLGlyph())
708 std::reverse(aWidths.begin(), aWidths.end());
709 }
710 else
711 {
712 // The glyph has no carets, distribute the width evenly.
>>> CID 1513473: Integer handling issues (DIVIDE_BY_ZERO)
>>> In expression "aGlyphItem->newWidth() / nGraphemeCount", division by expression "nGraphemeCount" which may be zero has undefined behavior.
713 auto nWidth = aGlyphItem.newWidth() / nGraphemeCount;
714 std::fill(aWidths.begin(), aWidths.end(), nWidth);
715
716 // Add rounding difference to the last component to maintain
717 // ligature width.
718 aWidths[nGraphemeCount - 1] += aGlyphItem.newWidth() - (nWidth * nGraphemeCount);
** CID 1513472: Null pointer dereferences (NULL_RETURNS)
/sw/source/core/doc/doc.cxx: 1510 in SwDoc::RemoveInvisibleContent()()
________________________________________________________________________________________________________
*** CID 1513472: Null pointer dereferences (NULL_RETURNS)
/sw/source/core/doc/doc.cxx: 1510 in SwDoc::RemoveInvisibleContent()()
1504 {
1505 // only delete the content
1506 SwContentNode* pCNd = GetNodes().GoNext( aPam.GetPoint() );
1507 aPam.SetMark();
1508 aPam.GetPoint()->Assign( *pSectNd->EndOfSectionNode() );
1509 pCNd = SwNodes::GoPrevious( aPam.GetPoint() );
>>> CID 1513472: Null pointer dereferences (NULL_RETURNS)
>>> Dereferencing a pointer that might be "nullptr" "pCNd" when calling "Len". (The dereference happens because this is a virtual function call.)
1510 aPam.GetPoint()->SetContent( pCNd->Len() );
1511
1512 getIDocumentContentOperations().DeleteRange( aPam );
1513 }
1514 else
1515 {
** CID 1513471: Null pointer dereferences (NULL_RETURNS)
/sw/source/core/doc/tblcpy.cxx: 537 in lcl_CpyBox(const SwTable &, const SwTableBox *, SwTable &, SwTableBox *, bool, SwUndoTableCpyTable *)()
________________________________________________________________________________________________________
*** CID 1513471: Null pointer dereferences (NULL_RETURNS)
/sw/source/core/doc/tblcpy.cxx: 537 in lcl_CpyBox(const SwTable &, const SwTableBox *, SwTable &, SwTableBox *, bool, SwUndoTableCpyTable *)()
531 SwNodeIndex aEndNdIdx( *aInsIdx.GetNode().EndOfSectionNode() );
532
533 // Move Bookmarks
534 {
535 SwPosition aMvPos( aInsIdx );
536 SwContentNode* pCNd = SwNodes::GoPrevious( &aMvPos.nNode );
>>> CID 1513471: Null pointer dereferences (NULL_RETURNS)
>>> Dereferencing a pointer that might be "nullptr" "pCNd" when calling "Len". (The dereference happens because this is a virtual function call.)
537 aMvPos.nContent.Assign( pCNd, pCNd->Len() );
538 SwDoc::CorrAbs( aInsIdx, aEndNdIdx, aMvPos );
539 }
540
541 // If we still have FlyFrames hanging around, delete them too
542 for( const auto pFly : *pDoc->GetSpzFrameFormats() )
** CID 1513470: Code maintainability issues (UNUSED_VALUE)
/sw/source/core/doc/DocumentContentOperationsManager.cxx: 2418 in sw::DocumentContentOperationsManager::MoveRange(SwPaM &, SwPosition &, SwMoveFlags)()
________________________________________________________________________________________________________
*** CID 1513470: Code maintainability issues (UNUSED_VALUE)
/sw/source/core/doc/DocumentContentOperationsManager.cxx: 2418 in sw::DocumentContentOperationsManager::MoveRange(SwPaM &, SwPosition &, SwMoveFlags)()
2412 {
2413 if (!pContentStore->Empty())
2414 {
2415 pContentStore->Restore(m_rDoc, pOrigNode->GetIndex()-SwNodeOffset(1), 0, true, false, eMode);
2416 }
2417 });
>>> CID 1513470: Code maintainability issues (UNUSED_VALUE)
>>> Assigning value from "pTNd->SplitContentNode(rPos, &restoreFunc)->GetTextNode()" to "pTNd" here, but that stored value is overwritten before it can be used.
2418 pTNd = pTNd->SplitContentNode(rPos, &restoreFunc)->GetTextNode();
2419
2420 //A new node was inserted before the orig pTNd and the content up to
2421 //rPos moved into it. The old node is returned with the remainder
2422 //of the content in it.
2423 //
** CID 1513469: Null pointer dereferences (NULL_RETURNS)
/sw/source/core/frmedt/fetab.cxx: 997 in SwFEShell::HasBoxSelection() const()
________________________________________________________________________________________________________
*** CID 1513469: Null pointer dereferences (NULL_RETURNS)
/sw/source/core/frmedt/fetab.cxx: 997 in SwFEShell::HasBoxSelection() const()
991 SwContentNode* pCNd = aIdx.GetNode().GetContentNode();
992 if( !pCNd )
993 {
994 pCNd = SwNodes::GoPrevious( &aIdx );
995 OSL_ENSURE( pCNd, "no ContentNode in box ??" );
996 }
>>> CID 1513469: Null pointer dereferences (NULL_RETURNS)
>>> Dereferencing a pointer that might be "nullptr" "pCNd" when calling "Len". (The dereference happens because this is a virtual function call.)
997 if( pPam->GetMark()->GetContentIndex() == pCNd->Len() )
998 {
999 if( bChg )
1000 pPam->Exchange();
1001 return true;
1002 }
** CID 1513468: Null pointer dereferences (NULL_RETURNS)
________________________________________________________________________________________________________
*** CID 1513468: Null pointer dereferences (NULL_RETURNS)
/sw/source/core/doc/doctxm.cxx: 916 in SwTOXBaseSection::Update(const SfxItemSet *, const SwRootFrame *, bool)()
910 ( pSectNd->GetIndex() >
911 (pSectNd->GetNodes().GetEndOfContent().StartOfSectionIndex() + 1) )
912 )
913 {
914 // determine page description of content before table-of-content
915 SwNodeIndex aIdx( *pSectNd );
>>> CID 1513468: Null pointer dereferences (NULL_RETURNS)
>>> Dereferencing a pointer that might be "nullptr" "SwNodes::GoPrevious(&aIdx)" when calling "FindPageDesc".
916 pDefaultPageDesc =
917 SwNodes::GoPrevious( &aIdx )->FindPageDesc();
918
919 }
920 if ( !pDefaultPageDesc )
921 {
** CID 1500519: Uninitialized variables (USE_AFTER_MOVE)
/sd/source/ui/view/OutlinerIterator.cxx: 682 in sd::outliner::ViewIteratorImpl::Reverse()()
________________________________________________________________________________________________________
*** CID 1500519: Uninitialized variables (USE_AFTER_MOVE)
/sd/source/ui/view/OutlinerIterator.cxx: 682 in sd::outliner::ViewIteratorImpl::Reverse()()
676 // Move iterator to the current object.
677 ::unotools::WeakReference<SdrObject> xObject = std::move(maPosition.mxObject);
678
679 if (!mpObjectIterator)
680 return;
681
>>> CID 1500519: Uninitialized variables (USE_AFTER_MOVE)
>>> "this->maPosition.mxObject" is used after it has been already moved.
682 while (mpObjectIterator->IsMore() && maPosition.mxObject.get() != xObject.get())
683 maPosition.mxObject = mpObjectIterator->Next();
684 }
685
686 //===== DocumentIteratorImpl ============================================
687
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50ypSs1kiFPuCn2xFdlMIFBirii0zZ9j2-2F9F2XPBcBm2BNgi9duPy3v-2FzgFDd2LJ-2BDKI-3DWb3X_OTq2XUZbbipYjyLSo6GRo-2FpVxQ9OzkDINu9UTS-2FQhSdO0F0jQniitrGlNxDIzPJij0uE-2FVQHR19LbI4pRufZMTn7jhjxfhtfONkZrFGSWpqEGgKnokqrcuAm-2FgI5Oif6DeSLpZWXliGghTYPmWgcp8lxFVC-2FpywpF5PWOXJQWWaN1YaJjV1XBOhkScZoaGuIolLkLZiJnVnp0UU5jVEl99p8DuEgc4AphoX8mi0zHu4-3D
More information about the LibreOffice
mailing list