New Defects reported by Coverity Scan for LibreOffice

Fri Aug 4 23:58:41 UTC 2023

Hi,

Please find the latest report on new defect(s) introduced to LibreOffice found with Coverity Scan.

4 new defect(s) introduced to LibreOffice found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 4 of 4 defect(s)

** CID 1539504:  Integer handling issues  (DIVIDE_BY_ZERO)
/reportdesign/source/ui/report/DesignView.cxx: 253 in rptui::ODesignView::resizeDocumentView(tools::Rectangle &)()

________________________________________________________________________________________________________
*** CID 1539504:  Integer handling issues  (DIVIDE_BY_ZERO)
/reportdesign/source/ui/report/DesignView.cxx: 253 in rptui::ODesignView::resizeDocumentView(tools::Rectangle &)()
247                     {
248                         aTaskPanePos.setX( aPlaygroundSize.Width() - nMinWidth );
249                     }
250                     nSplitPos = aTaskPanePos.X() - nSplitterWidth;
251                     getController().setSplitPos(nSplitPos);
252     
>>>     CID 1539504:  Integer handling issues  (DIVIDE_BY_ZERO)
>>>     In expression "(aPlaygroundSize.Width() - aTaskPanePos.X()) * 100L / aPlaygroundSize.Width()", division by expression "aPlaygroundSize.Width()" which may be zero has undefined behavior.
253                     const tools::Long nTaskPaneSize = static_cast<tools::Long>((aPlaygroundSize.Width() - aTaskPanePos.X())*100/aPlaygroundSize.Width());
254                     if ( m_aSplitWin->GetItemSize( TASKPANE_ID ) != nTaskPaneSize )
255                     {
256                         m_aSplitWin->SetItemSize( REPORT_ID, 99 - nTaskPaneSize );
257                         m_aSplitWin->SetItemSize( TASKPANE_ID, nTaskPaneSize );
258                     }

** CID 1539503:  Null pointer dereferences  (FORWARD_NULL)
/sw/source/core/unocore/unotext.cxx: 497 in SwXText::insertControlCharacter(const com::sun::star::uno::Reference<com::sun::star::text::XTextRange> &, short, unsigned char)()

________________________________________________________________________________________________________
*** CID 1539503:  Null pointer dereferences  (FORWARD_NULL)
/sw/source/core/unocore/unotext.cxx: 497 in SwXText::insertControlCharacter(const com::sun::star::uno::Reference<com::sun::star::text::XTextRange> &, short, unsigned char)()
491         if (pRange)
492         {
493             pRange->SetPositions(aCursor);
494         }
495         else
496         {
>>>     CID 1539503:  Null pointer dereferences  (FORWARD_NULL)
>>>     Passing null pointer "pCursor" to "GetPaM", which dereferences it. (The dereference happens because this is a virtual function call.)
497             SwPaM *const pUnoCursor = pCursor->GetPaM();
498             *pUnoCursor->GetPoint() = *aCursor.GetPoint();
499             if (aCursor.HasMark())
500             {
501                 pUnoCursor->SetMark();
502                 *pUnoCursor->GetMark() = *aCursor.GetMark();

** CID 1539502:  Null pointer dereferences  (REVERSE_INULL)
/sw/source/filter/html/wrthtml.cxx: 546 in SwHTMLWriter::WriteStream()()

________________________________________________________________________________________________________
*** CID 1539502:  Null pointer dereferences  (REVERSE_INULL)
/sw/source/filter/html/wrthtml.cxx: 546 in SwHTMLWriter::WriteStream()()
540         // create table of the floating frames, but only when the whole
541         // document is saved
542         m_aHTMLPosFlyFrames.clear();
543         CollectFlyFrames();
544         m_nLastParaToken = HtmlTokenId::NONE;
545     
>>>     CID 1539502:  Null pointer dereferences  (REVERSE_INULL)
>>>     Null-checking "this->m_pCurrentPam" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
546         if (mbReqIF && !m_bWriteAll && m_pCurrentPam
547             && *m_pCurrentPam->GetPoint() == *m_pCurrentPam->GetMark()
548             && m_pCurrentPam->GetPoint()->GetNode().IsOLENode() && m_aHTMLPosFlyFrames.size() == 1)
549         {
550             // A single OLE object selection must be output: do it directly (without replacement)
551             OutHTML_FrameFormatOLENodeGrf(*this, m_aHTMLPosFlyFrames[0]->GetFormat(), true, false);

** CID 1539501:  Null pointer dereferences  (FORWARD_NULL)

________________________________________________________________________________________________________
*** CID 1539501:  Null pointer dereferences  (FORWARD_NULL)
/sd/source/ui/unoidl/unomodel.cxx: 2337 in SdXImpressDocument::getViewRenderState(SfxViewShell *)()
2331         OStringBuffer aState;
2332         DrawViewShell* pView = nullptr;
2333     
2334         if (pViewShell)
2335         {
2336             ViewShellBase* pShellBase = dynamic_cast<ViewShellBase*>(pViewShell);
>>>     CID 1539501:  Null pointer dereferences  (FORWARD_NULL)
>>>     Passing null pointer "pShellBase" to "GetMainViewShell", which dereferences it.
2337             pView = dynamic_cast<DrawViewShell*>(pShellBase->GetMainViewShell().get());
2338         }
2339         else
2340         {
2341             pView = GetViewShell();
2342         }

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50ypSs1kiFPuCn2xFdlMIFBirii0zZ9j2-2F9F2XPBcBm2BNgi9duPy3v-2FzgFDd2LJ-2BDKI-3DCNk1_OTq2XUZbbipYjyLSo6GRo-2FpVxQ9OzkDINu9UTS-2FQhSdO0F0jQniitrGlNxDIzPJideMKX27FEL8C-2FKqvoLMOpAPLQSXW2OvZaEvv0sSo4CvyPByoIppX3Vw6EVhmOSyRm2IDp2y7jjpOpNTcjTJDJlkuOJaDVnJZajrp6tgnk3j800Jo-2BpCZhPJ4gwLGsGYh9cT19HikkBy7yhFObPsaMpN1qMbmjy-2F6rSgyGUiQC2o-3D