New Defects reported by Coverity Scan for LibreOffice

scan-admin at coverity.com scan-admin at coverity.com
Mon Sep 5 01:55:32 UTC 2022 

Hi,

Please find the latest report on new defect(s) introduced to LibreOffice found with Coverity Scan.

7 new defect(s) introduced to LibreOffice found with Coverity Scan.
3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 7 of 7 defect(s)


** CID 1513512:  Integer handling issues  (OVERFLOW_BEFORE_WIDEN)
/sc/source/ui/Accessibility/AccessiblePreviewTable.cxx: 370 in ScAccessiblePreviewTable::getAccessibleRow(long)()


________________________________________________________________________________________________________
*** CID 1513512:  Integer handling issues  (OVERFLOW_BEFORE_WIDEN)
/sc/source/ui/Accessibility/AccessiblePreviewTable.cxx: 370 in ScAccessiblePreviewTable::getAccessibleRow(long)()
364     {
365         SolarMutexGuard aGuard;
366         IsObjectValid();
367     
368         FillTableInfo();
369     
>>>     CID 1513512:  Integer handling issues  (OVERFLOW_BEFORE_WIDEN)
>>>     Potentially overflowing expression "static_cast<sal_Int32>(this->mpTableInfo->GetRows()) * this->mpTableInfo->GetCols()" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "sal_Int64" (64 bits, signed).
370         if ( !mpTableInfo || nChildIndex < 0 || nChildIndex >= static_cast<sal_Int32>(mpTableInfo->GetRows()) * mpTableInfo->GetCols() )
371             throw lang::IndexOutOfBoundsException();
372     
373         sal_Int32 nRow = nChildIndex / mpTableInfo->GetCols();
374         return nRow;
375     }

** CID 1513511:  Null pointer dereferences  (REVERSE_INULL)
/svx/source/accessibility/charmapacc.cxx: 102 in svx::SvxShowCharSetAcc::implIsSelected(long)()


________________________________________________________________________________________________________
*** CID 1513511:  Null pointer dereferences  (REVERSE_INULL)
/svx/source/accessibility/charmapacc.cxx: 102 in svx::SvxShowCharSetAcc::implIsSelected(long)()
96     
97     bool SvxShowCharSetAcc::implIsSelected( sal_Int64 nAccessibleChildIndex )
98     {
99         if (nAccessibleChildIndex < 0 || nAccessibleChildIndex >= getAccessibleChildCount())
100             throw IndexOutOfBoundsException();
101     
>>>     CID 1513511:  Null pointer dereferences  (REVERSE_INULL)
>>>     Null-checking "this->m_pParent" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
102         return m_pParent && m_pParent->IsSelected(
103             sal::static_int_cast<sal_uInt16>(nAccessibleChildIndex));
104     }
105     
106             // select the specified child => watch for special ChildIndexes (ACCESSIBLE_SELECTION_CHILD_xxx)
107     void SvxShowCharSetAcc::implSelect(sal_Int64 nAccessibleChildIndex, bool bSelect)

** CID 1513510:  Integer handling issues  (OVERFLOW_BEFORE_WIDEN)
/sc/source/ui/Accessibility/AccessiblePreviewTable.cxx: 384 in ScAccessiblePreviewTable::getAccessibleColumn(long)()


________________________________________________________________________________________________________
*** CID 1513510:  Integer handling issues  (OVERFLOW_BEFORE_WIDEN)
/sc/source/ui/Accessibility/AccessiblePreviewTable.cxx: 384 in ScAccessiblePreviewTable::getAccessibleColumn(long)()
378     {
379         SolarMutexGuard aGuard;
380         IsObjectValid();
381     
382         FillTableInfo();
383     
>>>     CID 1513510:  Integer handling issues  (OVERFLOW_BEFORE_WIDEN)
>>>     Potentially overflowing expression "static_cast<sal_Int32>(this->mpTableInfo->GetRows()) * this->mpTableInfo->GetCols()" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "sal_Int64" (64 bits, signed).
384         if ( !mpTableInfo || nChildIndex < 0 || nChildIndex >= static_cast<sal_Int32>(mpTableInfo->GetRows()) * mpTableInfo->GetCols() )
385             throw lang::IndexOutOfBoundsException();
386     
387         sal_Int32 nCol = nChildIndex % static_cast<sal_Int32>(mpTableInfo->GetCols());
388         return nCol;
389     }

** CID 1513509:  Null pointer dereferences  (FORWARD_NULL)
/sw/source/filter/ww8/wrtw8nds.cxx: 2860 in MSWordExportBase::OutputTextNode(SwTextNode &)()


________________________________________________________________________________________________________
*** CID 1513509:  Null pointer dereferences  (FORWARD_NULL)
/sw/source/filter/ww8/wrtw8nds.cxx: 2860 in MSWordExportBase::OutputTextNode(SwTextNode &)()
2854             {
2855     #ifdef DBG_UTIL
2856                 SAL_INFO( "sw.ww8", pTextNodeInfo->toString());
2857     #endif
2858     
2859                 AttrOutput().TableInfoCell( pTextNodeInfoInner );
>>>     CID 1513509:  Null pointer dereferences  (FORWARD_NULL)
>>>     Attempting to access the managed object of an empty smart pointer "pTextNodeInfoInner".
2860                 if (pTextNodeInfoInner->isFirstInTable())
2861                 {
2862                     const SwTable * pTable = pTextNodeInfoInner->getTable();
2863     
2864                     const SwTableFormat* pTabFormat = pTable->GetFrameFormat();
2865                     if (pTabFormat != nullptr)

** CID 1513508:  Integer handling issues  (OVERFLOW_BEFORE_WIDEN)
/sc/source/ui/Accessibility/AccessibleSpreadsheet.cxx: 1611 in ScAccessibleSpreadsheet::GetChildIndexAddress(long) const()


________________________________________________________________________________________________________
*** CID 1513508:  Integer handling issues  (OVERFLOW_BEFORE_WIDEN)
/sc/source/ui/Accessibility/AccessibleSpreadsheet.cxx: 1611 in ScAccessibleSpreadsheet::GetChildIndexAddress(long) const()
1605     }
1606     
1607     ScAddress ScAccessibleSpreadsheet::GetChildIndexAddress(sal_Int64 nIndex) const
1608     {
1609         sal_Int32 nRowAll = GetRowAll();
1610         sal_uInt16  nColAll = GetColAll();
>>>     CID 1513508:  Integer handling issues  (OVERFLOW_BEFORE_WIDEN)
>>>     Potentially overflowing expression "nRowAll * nColAll" with type "int" (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "sal_Int64" (64 bits, signed).
1611         if (nIndex < 0 || nIndex >=  nRowAll * nColAll )
1612         {
1613             return ScAddress();
1614         }
1615         return ScAddress(
1616             static_cast<SCCOL>((nIndex - nIndex % nRowAll) / nRowAll +  + m_nMinX),

** CID 1513507:  Null pointer dereferences  (REVERSE_INULL)
/svx/source/accessibility/charmapacc.cxx: 112 in svx::SvxShowCharSetAcc::implSelect(long, bool)()


________________________________________________________________________________________________________
*** CID 1513507:  Null pointer dereferences  (REVERSE_INULL)
/svx/source/accessibility/charmapacc.cxx: 112 in svx::SvxShowCharSetAcc::implSelect(long, bool)()
106             // select the specified child => watch for special ChildIndexes (ACCESSIBLE_SELECTION_CHILD_xxx)
107     void SvxShowCharSetAcc::implSelect(sal_Int64 nAccessibleChildIndex, bool bSelect)
108     {
109         if (nAccessibleChildIndex < 0 || nAccessibleChildIndex >= getAccessibleChildCount())
110             throw IndexOutOfBoundsException();
111     
>>>     CID 1513507:  Null pointer dereferences  (REVERSE_INULL)
>>>     Null-checking "this->m_pParent" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
112         if ( m_pParent )
113         {
114             if ( bSelect )
115                 m_pParent->SelectIndex(nAccessibleChildIndex, true);
116             else
117                 m_pParent->DeSelect();

** CID 1513506:  Integer handling issues  (SIGN_EXTENSION)
/sc/source/ui/Accessibility/AccessibleSpreadsheet.cxx: 1611 in ScAccessibleSpreadsheet::GetChildIndexAddress(long) const()


________________________________________________________________________________________________________
*** CID 1513506:  Integer handling issues  (SIGN_EXTENSION)
/sc/source/ui/Accessibility/AccessibleSpreadsheet.cxx: 1611 in ScAccessibleSpreadsheet::GetChildIndexAddress(long) const()
1605     }
1606     
1607     ScAddress ScAccessibleSpreadsheet::GetChildIndexAddress(sal_Int64 nIndex) const
1608     {
1609         sal_Int32 nRowAll = GetRowAll();
1610         sal_uInt16  nColAll = GetColAll();
>>>     CID 1513506:  Integer handling issues  (SIGN_EXTENSION)
>>>     Suspicious implicit sign extension: "nColAll" with type "sal_uInt16" (16 bits, unsigned) is promoted in "nRowAll * nColAll" to type "int" (32 bits, signed), then sign-extended to type "long" (64 bits, signed).  If "nRowAll * nColAll" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
1611         if (nIndex < 0 || nIndex >=  nRowAll * nColAll )
1612         {
1613             return ScAddress();
1614         }
1615         return ScAddress(
1616             static_cast<SCCOL>((nIndex - nIndex % nRowAll) / nRowAll +  + m_nMinX),


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50ypSs1kiFPuCn2xFdlMIFBirii0zZ9j2-2F9F2XPBcBm2BNgi9duPy3v-2FzgFDd2LJ-2BDKI-3DS233_OTq2XUZbbipYjyLSo6GRo-2FpVxQ9OzkDINu9UTS-2FQhSdO0F0jQniitrGlNxDIzPJigteet3D-2B4-2FsYIOEOr1eA-2FiApU-2Fg4H5ZCJOmaG9ViO-2BGyEQ3eIhafXBnwNH8c2wspFKE6KIAJmzMtk7dX5-2BrhyN0KJ3nnRWVbwNYy5BB2ZStWescdRvRYGcgiYI8hBNjwT-2BGheOc97WNVyfxeRDtpedAN3RTDpLsd0KUwViqlSAg-3D

More information about the LibreOffice mailing list