New Defects reported by Coverity Scan for LibreOffice

scan-admin at coverity.com scan-admin at coverity.com
Sun Jan 15 11:24:18 UTC 2023 

Hi,

Please find the latest report on new defect(s) introduced to LibreOffice found with Coverity Scan.

6 new defect(s) introduced to LibreOffice found with Coverity Scan.
3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 6 of 6 defect(s)


** CID 1519051:  Null pointer dereferences  (FORWARD_NULL)


________________________________________________________________________________________________________
*** CID 1519051:  Null pointer dereferences  (FORWARD_NULL)
/xmlsecurity/source/xmlsec/nss/seinitializer_nssimpl.cxx: 62 in SEInitializer_NssImpl::createSecurityContext(const rtl::OUString &)()
56         {
57             /* Build XML Security Context */
58             uno::Reference< css::xml::crypto::XXMLSecurityContext > xSecCtx = css::xml::crypto::XMLSecurityContext::create( m_xContext );
59     
60             uno::Reference< css::xml::crypto::XSecurityEnvironment > xSecEnv = css::xml::crypto::SecurityEnvironment::create( m_xContext );
61             SecurityEnvironment_NssImpl* pSecEnv = dynamic_cast<SecurityEnvironment_NssImpl*>(xSecEnv.get());
>>>     CID 1519051:  Null pointer dereferences  (FORWARD_NULL)
>>>     Passing null pointer "pSecEnv" to "setCertDb", which dereferences it.
62             pSecEnv->setCertDb(pCertHandle);
63     
64             sal_Int32 n = xSecCtx->addSecurityEnvironment(xSecEnv);
65             //originally the SecurityEnvironment with the internal slot was set as default
66             xSecCtx->setDefaultSecurityEnvironmentIndex( n );
67             return xSecCtx;

** CID 1519050:    (FORWARD_NULL)


________________________________________________________________________________________________________
*** CID 1519050:    (FORWARD_NULL)
/reportdesign/source/filter/xml/xmlExportDocumentHandler.cxx: 190 in rptxml::ExportDocumentHandler::startElement(const rtl::OUString &, const com::sun::star::uno::Reference<com::sun::star::xml::sax::XAttributeList> &)()
184         }
185         else if ( m_bTableRowsStarted && m_bFirstRowExported && (_sName == "table:table-row" || _sName == "table:table-cell") )
186             bExport = false;
187         else if ( _sName == "chart:plot-area" )
188         {
189             SvXMLAttributeList* pList = dynamic_cast<SvXMLAttributeList*>(xAttribs.get());
>>>     CID 1519050:    (FORWARD_NULL)
>>>     Passing null pointer "pList" to "RemoveAttribute", which dereferences it.
190             pList->RemoveAttribute("table:cell-range-address");
191         }
192         else if ( _sName == "chart:categories" )
193         {
194             static OUString s_sCellAddress(lcl_createAttribute(XML_NP_TABLE,XML_CELL_RANGE_ADDRESS));
195             lcl_correctCellAddress(s_sCellAddress,xAttribs);
/reportdesign/source/filter/xml/xmlExportDocumentHandler.cxx: 206 in rptxml::ExportDocumentHandler::startElement(const rtl::OUString &, const com::sun::star::uno::Reference<com::sun::star::xml::sax::XAttributeList> &)()
200             lcl_correctCellAddress(s_sCellAddress,xAttribs);
201         }
202         else if ( m_bTableRowsStarted && !m_bFirstRowExported && _sName == "table:table-cell" )
203         {
204             SvXMLAttributeList* pList = dynamic_cast<SvXMLAttributeList*>(xAttribs.get());
205             static OUString s_sValue(lcl_createAttribute(XML_NP_OFFICE,XML_VALUE));
>>>     CID 1519050:    (FORWARD_NULL)
>>>     Passing null pointer "pList" to "RemoveAttribute", which dereferences it.
206             pList->RemoveAttribute(s_sValue);
207         }
208         else if ( m_bTableRowsStarted && _sName == "text:p" )
209         {
210             bExport = false;
211         }

** CID 1519049:  Null pointer dereferences  (FORWARD_NULL)


________________________________________________________________________________________________________
*** CID 1519049:  Null pointer dereferences  (FORWARD_NULL)
/sc/source/filter/xml/xmlwrap.cxx: 667 in ScXMLImportWrapper::ExportToComponent(const com::sun::star::uno::Reference<com::sun::star::uno::XComponentContext> &, const com::sun::star::uno::Reference<com::sun::star::frame::XModel> &, const com::sun::star::uno::Reference<com::sun::star::xml::sax::XWriter> &, const com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> &, const rtl::OUString &, const rtl::OUString &, const rtl::OUString &, const com::sun::star::uno::Sequence<com::sun::star::uno::Any> &, std::unique_ptr<ScMySharedData, std::default_delete<ScMySharedData>> &)()
661         if ( xFilter.is() )
662         {
663             ScXMLExport* pExport = static_cast<ScXMLExport*>(dynamic_cast<SvXMLExport*>(xFilter.get()));
664             pExport->SetSharedData(std::move(pSharedData));
665     
666             // if there are sheets to copy, get the source stream
>>>     CID 1519049:  Null pointer dereferences  (FORWARD_NULL)
>>>     Passing null pointer "pExport" to "getExportFlags", which dereferences it.
667             if ( sName == "content.xml" && lcl_HasValidStream(rDoc) && ( pExport->getExportFlags() & SvXMLExportFlags::OASIS ) )
668             {
669                 // old stream is still in this file's storage - open read-only
670     
671                 // #i106854# use the document's storage directly, without a temporary SfxMedium
672                 uno::Reference<embed::XStorage> xTmpStorage = rDoc.GetDocumentShell()->GetStorage();

** CID 1519048:  Error handling issues  (CHECKED_RETURN)
/sw/source/filter/ww8/wrtw8sty.cxx: 327 in StripWWSuffix(const rtl::OUString &)()


________________________________________________________________________________________________________
*** CID 1519048:  Error handling issues  (CHECKED_RETURN)
/sw/source/filter/ww8/wrtw8sty.cxx: 327 in StripWWSuffix(const rtl::OUString &)()
321     }
322     
323     // StyleSheetTable::ConvertStyleName appends the suffix do disambiguate conflicting style names
324     static OUString StripWWSuffix(const OUString& s)
325     {
326         OUString ret = s;
>>>     CID 1519048:  Error handling issues  (CHECKED_RETURN)
>>>     Calling "endsWith" without checking return value (as is done elsewhere 7 out of 8 times).
327         ret.endsWith(" (WW)", &ret);
328         return ret;
329     }
330     
331     void MSWordStyles::BuildWwNames()
332     {

** CID 1519047:  Null pointer dereferences  (FORWARD_NULL)
/reportdesign/source/filter/xml/xmlExportDocumentHandler.cxx: 62 in rptxml::lcl_correctCellAddress(const rtl::OUString &, const com::sun::star::uno::Reference<com::sun::star::xml::sax::XAttributeList> &)()


________________________________________________________________________________________________________
*** CID 1519047:  Null pointer dereferences  (FORWARD_NULL)
/reportdesign/source/filter/xml/xmlExportDocumentHandler.cxx: 62 in rptxml::lcl_correctCellAddress(const rtl::OUString &, const com::sun::star::uno::Reference<com::sun::star::xml::sax::XAttributeList> &)()
56             xmloff::token::GetXMLToken(_eAttribute);
57     }
58     
59     static void lcl_correctCellAddress(const OUString & _sName, const uno::Reference< xml::sax::XAttributeList > & xAttribs)
60     {
61         SvXMLAttributeList* pList = dynamic_cast<SvXMLAttributeList*>(xAttribs.get());
>>>     CID 1519047:  Null pointer dereferences  (FORWARD_NULL)
>>>     Passing null pointer "pList" to "getValueByName", which dereferences it. (The dereference happens because this is a virtual function call.)
62         OUString sCellAddress = pList->getValueByName(_sName);
63         const sal_Int32 nPos = sCellAddress.lastIndexOf('$');
64         if ( nPos != -1 )
65         {
66             sCellAddress = OUString::Concat(sCellAddress.subView(0,nPos)) + "$65535";
67             pList->RemoveAttribute(_sName);

** CID 1519046:    (UNINIT)


________________________________________________________________________________________________________
*** CID 1519046:    (UNINIT)
/svx/source/sidebar/nbdtmg.cxx: 324 in svx::sidebar::BulletsTypeMgr::ReplaceNumRule(SvxNumRule &, unsigned short, unsigned short)()
318             return;
319     
320         pActualBullets[nIndex]->cBulletChar = cChar;
321         if ( pFont )
322             pActualBullets[nIndex]->aFont = *pFont;
323         pActualBullets[nIndex]->bIsCustomized = true;
>>>     CID 1519046:    (UNINIT)
>>>     Using uninitialized value "pFont._M_payload._M_payload" when calling "~optional".
324     }
325     
326     void BulletsTypeMgr::ApplyNumRule(SvxNumRule& aNum, sal_uInt16 nIndex, sal_uInt16 mLevel, bool /*isDefault*/, bool isResetSize)
327     {
328         if ( nIndex >= DEFAULT_BULLET_TYPES )
329             return;
/svx/source/sidebar/nbdtmg.cxx: 318 in svx::sidebar::BulletsTypeMgr::ReplaceNumRule(SvxNumRule &, unsigned short, unsigned short)()
312             return;
313     
314         SvxNumberFormat aFmt(aNum.GetLevel(nActLv));
315         sal_UCS4 cChar = aFmt.GetBulletChar();
316         std::optional<vcl::Font> pFont = aFmt.GetBulletFont();
317         if ( nIndex >= DEFAULT_BULLET_TYPES )
>>>     CID 1519046:    (UNINIT)
>>>     Using uninitialized value "pFont._M_payload._M_payload" when calling "~optional".
318             return;
319     
320         pActualBullets[nIndex]->cBulletChar = cChar;
321         if ( pFont )
322             pActualBullets[nIndex]->aFont = *pFont;
323         pActualBullets[nIndex]->bIsCustomized = true;


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50ypSs1kiFPuCn2xFdlMIFBirii0zZ9j2-2F9F2XPBcBm2BNgi9duPy3v-2FzgFDd2LJ-2BDKI-3DeGIt_OTq2XUZbbipYjyLSo6GRo-2FpVxQ9OzkDINu9UTS-2FQhSdO0F0jQniitrGlNxDIzPJi-2BeqKk8DoPNt9Z4E9K6487RF5L5Z3OSHNNR2jjoPYirtdjiUvKJTTqOtyrKRotF-2Bgab2t7SjJgEAHWsEG5oVg-2FxD1rCn-2BeK53C-2BL8XT6JL1c2DmFMouWoNLrpetvt3ittE2FmR-2B031fZQefrvPnFb5uzzCJxhqVtm-2Bjb8bXc7pYw-3D

More information about the LibreOffice mailing list