New Defects reported by Coverity Scan for LibreOffice
scan-admin at coverity.com
scan-admin at coverity.com
Tue Jun 13 13:13:20 UTC 2023
Hi,
Please find the latest report on new defect(s) introduced to LibreOffice found with Coverity Scan.
4 new defect(s) introduced to LibreOffice found with Coverity Scan.
7 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 4 of 4 defect(s)
** CID 1532379: Insecure data handling (TAINTED_SCALAR)
/vcl/source/filter/svm/SvmReader.cxx: 1347 in SvmReader::FloatTransparentHandler(ImplMetaReadData *)()
________________________________________________________________________________________________________
*** CID 1532379: Insecure data handling (TAINTED_SCALAR)
/vcl/source/filter/svm/SvmReader.cxx: 1347 in SvmReader::FloatTransparentHandler(ImplMetaReadData *)()
1341 {
1342 basegfx::BColorStops aColorStops;
1343 sal_uInt16 nTmp;
1344 double fOff, fR, fG, fB;
1345 mrStream.ReadUInt16(nTmp);
1346
>>> CID 1532379: Insecure data handling (TAINTED_SCALAR)
>>> Using tainted variable "nTmp" as a loop boundary.
1347 for (sal_uInt16 a(0); a < nTmp; a++)
1348 {
1349 mrStream.ReadDouble(fOff);
1350 mrStream.ReadDouble(fR);
1351 mrStream.ReadDouble(fG);
1352 mrStream.ReadDouble(fB);
** CID 1532378: Insecure data handling (TAINTED_SCALAR)
/filter/source/svg/svgwriter.cxx: 3400 in SVGActionWriter::ImplWriteActions(const GDIMetaFile &, unsigned int, const rtl::OUString &, const com::sun::star::uno::Reference<com::sun::star::drawing::XShape> *, const GDIMetaFile *)()
________________________________________________________________________________________________________
*** CID 1532378: Insecure data handling (TAINTED_SCALAR)
/filter/source/svg/svgwriter.cxx: 3400 in SVGActionWriter::ImplWriteActions(const GDIMetaFile &, unsigned int, const rtl::OUString &, const com::sun::star::uno::Reference<com::sun::star::drawing::XShape> *, const GDIMetaFile *)()
3394 SvMemoryStream aMemStm(const_cast<sal_uInt8 *>(pA->GetData()), pA->GetDataSize(), StreamMode::READ);
3395 VersionCompatRead aCompat(aMemStm);
3396 sal_uInt16 nTmp;
3397 double fOff, fR, fG, fB;
3398 aMemStm.ReadUInt16( nTmp );
3399
>>> CID 1532378: Insecure data handling (TAINTED_SCALAR)
>>> Using tainted variable "nTmp" as a loop boundary.
3400 for (sal_uInt16 a(0); a < nTmp; a++)
3401 {
3402 aMemStm.ReadDouble(fOff);
3403 aMemStm.ReadDouble(fR);
3404 aMemStm.ReadDouble(fG);
3405 aMemStm.ReadDouble(fB);
** CID 1532377: Null pointer dereferences (REVERSE_INULL)
/oox/source/export/drawingml.cxx: 778 in oox::drawingml::DrawingML::WriteGradientFill(const basegfx::BGradient *, int, const basegfx::BGradient *, double)()
________________________________________________________________________________________________________
*** CID 1532377: Null pointer dereferences (REVERSE_INULL)
/oox/source/export/drawingml.cxx: 778 in oox::drawingml::DrawingML::WriteGradientFill(const basegfx::BGradient *, int, const basegfx::BGradient *, double)()
772
773 // synchronize ColorStops and AlphaStops as preparation to export
774 // so also gradients 'coupled' indirectly using the 'FillTransparenceGradient'
775 // method (at import time) will be exported again
776 basegfx::utils::synchronizeColorStops(aColorStops, aAlphaStops, aSingleColor, aSingleAlpha);
777
>>> CID 1532377: Null pointer dereferences (REVERSE_INULL)
>>> Null-checking "pGradient" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
778 if (aColorStops.size() != aAlphaStops.size() || nullptr == pGradient)
779 {
780 // this is an error - synchronizeColorStops above *has* to create that
781 // state, see description there (!)
782 // also an error - see comment in header - is to give neither pColorGradient
783 // nor pTransparenceGradient
** CID 1532376: Performance inefficiencies (PASS_BY_VALUE)
/svx/source/table/tablecontroller.cxx: 966 in sdr::table::SvxTableController::onFormatTable(const SfxRequest &)::[lambda(int) (instance 1)]::operator ()(int) const()
________________________________________________________________________________________________________
*** CID 1532376: Performance inefficiencies (PASS_BY_VALUE)
/svx/source/table/tablecontroller.cxx: 966 in sdr::table::SvxTableController::onFormatTable(const SfxRequest &)::[lambda(int) (instance 1)]::operator ()(int) const()
960 VclPtr<SfxAbstractTabDialog> xDlg( pFact->CreateSvxFormatCellsDialog(
961 rReq.GetFrameWeld(),
962 &aNewAttr,
963 rModel, false) );
964
965 // Even Cancel Button is returning positive(101) value,
>>> CID 1532376: Performance inefficiencies (PASS_BY_VALUE)
>>> Capturing variable "aBoxItem" of type "SvxBoxItem" (size 320 bytes) by value, which exceeds the medium threshold of 256 bytes.
966 xDlg->StartExecuteAsync([xDlg, this, aBoxItem, aBoxInfoItem](int nResult){
967 if (nResult == RET_OK)
968 {
969 SfxItemSet aNewSet(*(xDlg->GetOutputItemSet()));
970
971 //Only properties that were unchanged by the dialog appear in this
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50ypSs1kiFPuCn2xFdlMIFBirii0zZ9j2-2F9F2XPBcBm2BNgi9duPy3v-2FzgFDd2LJ-2BDKI-3DV_zi_OTq2XUZbbipYjyLSo6GRo-2FpVxQ9OzkDINu9UTS-2FQhSdO0F0jQniitrGlNxDIzPJi5GT-2BQNrN4gpx7TZMTRyFuKevHuNi6t5Q2n4qkD0-2FpgjUQa9Bb6Pm3j1Mng-2BnlkwGUMnpnWewh-2FO2NYtsPuc4fMXtrH8xtSYSCAJQd3Sx85NYC5XV9CvmXMZ3NYRTFsYjBxFHkWa4tRnvjvOqgufLF3lGW171SFuGg2rtAuvn7j4-3D
More information about the LibreOffice
mailing list