New Defects reported by Coverity Scan for LibreOffice
scan-admin at coverity.com
scan-admin at coverity.com
Fri Sep 29 05:51:42 UTC 2023
Hi,
Please find the latest report on new defect(s) introduced to LibreOffice found with Coverity Scan.
8 new defect(s) introduced to LibreOffice found with Coverity Scan.
1436 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 8 of 8 defect(s)
** CID 1546834: Error handling issues (CHECKED_RETURN)
/pyuno/source/module/pyuno_runtime.cxx: 244 in pyuno::readLoggingConfig(int *, _IO_FILE **)()
________________________________________________________________________________________________________
*** CID 1546834: Error handling issues (CHECKED_RETURN)
/pyuno/source/module/pyuno_runtime.cxx: 244 in pyuno::readLoggingConfig(int *, _IO_FILE **)()
238 else if ( str == "stderr" )
239 *ppFile = stderr;
240 else
241 {
242 oslProcessInfo data;
243 data.Size = sizeof( data );
>>> CID 1546834: Error handling issues (CHECKED_RETURN)
>>> Calling "osl_getProcessInfo" without checking return value (as is done elsewhere 6 out of 7 times).
244 osl_getProcessInfo(
245 nullptr , osl_Process_IDENTIFIER , &data );
246 osl_getSystemPathFromFileURL( str.pData, &str.pData);
247 OString o = OUStringToOString( str, osl_getThreadTextEncoding() );
248 o += ".";
249 o += OString::number( data.Ident );
** CID 1546833: Error handling issues (CHECKED_RETURN)
/sw/source/core/unocore/unoframe.cxx: 2997 in SwXFrame::attachToRange(const com::sun::star::uno::Reference<com::sun::star::text::XTextRange> &, const SwPaM *)()
________________________________________________________________________________________________________
*** CID 1546833: Error handling issues (CHECKED_RETURN)
/sw/source/core/unocore/unoframe.cxx: 2997 in SwXFrame::attachToRange(const com::sun::star::uno::Reference<com::sun::star::text::XTextRange> &, const SwPaM *)()
2991 if(!bSizeFound)
2992 {
2993 //TODO/LATER: how do I transport it to the OLENode?
2994 sal_Int64 nAspect = m_nDrawAspect;
2995
2996 // TODO/LEAN: VisualArea still needs running state
>>> CID 1546833: Error handling issues (CHECKED_RETURN)
>>> Calling "TryRunningState" without checking return value (as is done elsewhere 33 out of 39 times).
2997 svt::EmbeddedObjectRef::TryRunningState( xIPObj );
2998
2999 // set parent to get correct VisArea(in case of object needing parent printer)
3000 uno::Reference < container::XChild > xChild( xIPObj, uno::UNO_QUERY );
3001 if ( xChild.is() )
3002 xChild->setParent( pDoc->GetDocShell()->GetModel() );
** CID 1546832: Sigma (SIGMA.weak_hash_core_java)
/workdir/UnpackedTarball/java_websocket/src/main/java/org/java_websocket/drafts/Draft_6455.java: 837 in org.java_websocket.drafts.Draft_6455::generateFinalKey(org.java_websocket.drafts.Draft_6455, String)()
________________________________________________________________________________________________________
*** CID 1546832: Sigma (SIGMA.weak_hash_core_java)
/workdir/UnpackedTarball/java_websocket/src/main/java/org/java_websocket/drafts/Draft_6455.java: 837 in org.java_websocket.drafts.Draft_6455::generateFinalKey(org.java_websocket.drafts.Draft_6455, String)()
831 */
832 private String generateFinalKey(String in) {
833 String seckey = in.trim();
834 String acc = seckey + "258EAFA5-E914-47DA-95CA-C5AB0DC85B11";
835 MessageDigest sh1;
836 try {
>>> CID 1546832: Sigma (SIGMA.weak_hash_core_java)
>>> This application uses a weak algorithm to create a `MessageDigest`, which may lead to collision attacks.
837 sh1 = MessageDigest.getInstance("SHA1");
838 } catch (NoSuchAlgorithmException e) {
839 throw new IllegalStateException(e);
840 }
841 return Base64.encodeBytes(sh1.digest(acc.getBytes()));
842 }
** CID 1546831: Null pointer dereferences (FORWARD_NULL)
/sfx2/source/view/lokcharthelper.cxx: 178 in LokChartHelper::HitAny(const Point &, bool)()
________________________________________________________________________________________________________
*** CID 1546831: Null pointer dereferences (FORWARD_NULL)
/sfx2/source/view/lokcharthelper.cxx: 178 in LokChartHelper::HitAny(const Point &, bool)()
172 {
173 SfxViewShell* pCurView = SfxViewShell::Current();
174 int nPartForCurView = pCurView ? pCurView->getPart() : -1;
175 SfxViewShell* pViewShell = SfxViewShell::GetFirst();
176 while (pViewShell)
177 {
>>> CID 1546831: Null pointer dereferences (FORWARD_NULL)
>>> Passing null pointer "pCurView" to "GetDocId", which dereferences it. (The dereference happens because this is a virtual function call.)
178 if (pViewShell->GetDocId() == pCurView->GetDocId() && pViewShell->getPart() == nPartForCurView)
179 {
180 LokChartHelper aChartHelper(pViewShell, bNegativeX);
181 if (aChartHelper.Hit(aPos))
182 return true;
183 }
** CID 1546830: Error handling issues (CHECKED_RETURN)
/sw/source/uibase/shells/textsh.cxx: 320 in SwTextShell::ExecInsert(SfxRequest &)()
________________________________________________________________________________________________________
*** CID 1546830: Error handling issues (CHECKED_RETURN)
/sw/source/uibase/shells/textsh.cxx: 320 in SwTextShell::ExecInsert(SfxRequest &)()
314 if(pURLItem) // URL is a _must_
315 {
316 comphelper::EmbeddedObjectContainer aCnt;
317 OUString aName;
318 xObj.Assign( aCnt.CreateEmbeddedObject( SvGlobalName( SO3_IFRAME_CLASSID ).GetByteSequence(), aName ),
319 embed::Aspects::MSOLE_CONTENT );
>>> CID 1546830: Error handling issues (CHECKED_RETURN)
>>> Calling "TryRunningState" without checking return value (as is done elsewhere 33 out of 39 times).
320 svt::EmbeddedObjectRef::TryRunningState( xObj.GetObject() );
321 uno::Reference < beans::XPropertySet > xSet( xObj->getComponent(), uno::UNO_QUERY );
322 if ( xSet.is() )
323 {
324 try
325 {
** CID 1546829: (TAINTED_SCALAR)
________________________________________________________________________________________________________
*** CID 1546829: (TAINTED_SCALAR)
/svx/source/table/cell.cxx: 1267 in sdr::table::Cell::setPropertyValues(const com::sun::star::uno::Sequence<rtl::OUString> &, const com::sun::star::uno::Sequence<com::sun::star::uno::Any> &)()
1261 const Any* pValues = aValues.getConstArray();
1262
1263 for( sal_Int32 nIdx = 0; nIdx < nCount; nIdx++, pNames++, pValues++ )
1264 {
1265 try
1266 {
>>> CID 1546829: (TAINTED_SCALAR)
>>> Passing tainted expression "*pValues->pData" to "setPropertyValue", which uses it as a loop boundary.
1267 setPropertyValue( *pNames, *pValues );
1268 }
1269 catch( UnknownPropertyException& )
1270 {
1271 TOOLS_WARN_EXCEPTION("svx.table", "unknown property!");
1272 }
/svx/source/table/cell.cxx: 1267 in sdr::table::Cell::setPropertyValues(const com::sun::star::uno::Sequence<rtl::OUString> &, const com::sun::star::uno::Sequence<com::sun::star::uno::Any> &)()
1261 const Any* pValues = aValues.getConstArray();
1262
1263 for( sal_Int32 nIdx = 0; nIdx < nCount; nIdx++, pNames++, pValues++ )
1264 {
1265 try
1266 {
>>> CID 1546829: (TAINTED_SCALAR)
>>> Passing tainted expression "*pValues->pData" to "setPropertyValue", which uses it as an allocation size.
1267 setPropertyValue( *pNames, *pValues );
1268 }
1269 catch( UnknownPropertyException& )
1270 {
1271 TOOLS_WARN_EXCEPTION("svx.table", "unknown property!");
1272 }
** CID 1546828: Error handling issues (CHECKED_RETURN)
/reportdesign/source/core/sdr/RptObject.cxx: 947 in rptui::OOle2Obj::OOle2Obj(SdrModel &, const rptui::OOle2Obj&)()
________________________________________________________________________________________________________
*** CID 1546828: Error handling issues (CHECKED_RETURN)
/reportdesign/source/core/sdr/RptObject.cxx: 947 in rptui::OOle2Obj::OOle2Obj(SdrModel &, const rptui::OOle2Obj&)()
941 ,m_nType(rSource.m_nType)
942 ,m_bOnlyOnce(rSource.m_bOnlyOnce)
943 {
944 m_bIsListening = true;
945
946 OReportModel& rRptModel(static_cast< OReportModel& >(getSdrModelFromSdrObject()));
>>> CID 1546828: Error handling issues (CHECKED_RETURN)
>>> Calling "TryRunningState" without checking return value (as is done elsewhere 33 out of 39 times).
947 svt::EmbeddedObjectRef::TryRunningState( GetObjRef() );
948 impl_createDataProvider_nothrow(rRptModel.getReportDefinition());
949
950 uno::Reference< chart2::data::XDatabaseDataProvider > xSource( lcl_getDataProvider(rSource.GetObjRef()) );
951 uno::Reference< chart2::data::XDatabaseDataProvider > xDest( lcl_getDataProvider(GetObjRef()) );
952 if ( xSource.is() && xDest.is() )
** CID 1546827: Error handling issues (CHECKED_RETURN)
/sw/source/filter/html/SwAppletImpl.cxx: 126 in SwApplet_Impl::CreateApplet(const rtl::OUString &, const rtl::OUString &, bool, const rtl::OUString &, std::basic_string_view<char16_t, std::char_traits<char16_t>>)()
________________________________________________________________________________________________________
*** CID 1546827: Error handling issues (CHECKED_RETURN)
/sw/source/filter/html/SwAppletImpl.cxx: 126 in SwApplet_Impl::CreateApplet(const rtl::OUString &, const rtl::OUString &, bool, const rtl::OUString &, std::basic_string_view<char16_t, std::char_traits<char16_t>>)()
120 {
121 comphelper::EmbeddedObjectContainer aCnt;
122 OUString aName;
123
124 // create Applet; it will be in running state
125 m_xApplet = aCnt.CreateEmbeddedObject( SvGlobalName( SO3_APPLET_CLASSID ).GetByteSequence(), aName );
>>> CID 1546827: Error handling issues (CHECKED_RETURN)
>>> Calling "TryRunningState" without checking return value (as is done elsewhere 33 out of 39 times).
126 ::svt::EmbeddedObjectRef::TryRunningState( m_xApplet );
127
128 INetURLObject aUrlBase(rDocumentBaseURL);
129 aUrlBase.removeSegment();
130
131 OUString sDocBase = aUrlBase.GetMainURL(INetURLObject::DecodeMechanism::NONE);
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50ypSs1kiFPuCn2xFdlMIFBirii0zZ9j2-2F9F2XPBcBm2BNgi9duPy3v-2FzgFDd2LJ-2BDKI-3DJJQe_OTq2XUZbbipYjyLSo6GRo-2FpVxQ9OzkDINu9UTS-2FQhSdO0F0jQniitrGlNxDIzPJiYJwZvReeukokQdc6nEo4sF4mv9UAChzal4jwbFXFJ8-2FynCxc-2BAlNKqtWOj79svtIk2OVSYGHfqB-2FPLo2QHJmM8w7g-2FX4ntLIAPUGGLFOTsBzrZ0WumNkOhmLkSeF3-2FXlzUlbntknIZ6XYth5l0BFQZe6ferSPuVfdz-2FJYewBrX8-3D
More information about the LibreOffice
mailing list