New Defects reported by Coverity Scan for LibreOffice
scan-admin at coverity.com
scan-admin at coverity.com
Tue Aug 6 18:00:55 UTC 2024
Hi,
Please find the latest report on new defect(s) introduced to LibreOffice found with Coverity Scan.
6 new defect(s) introduced to LibreOffice found with Coverity Scan.
47 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 6 of 6 defect(s)
** CID 1616075: Sigma (SIGMA.xml_external_entity_enabled)
/xmerge/source/xmerge/java/org/openoffice/xmerge/converter/xml/xslt/DocumentSerializerImpl.java: 73 in org.openoffice.xmerge.converter.xml.xslt.DocumentSerializerImpl::makeFactory()DocumentBuilderFactory()
________________________________________________________________________________________________________
*** CID 1616075: Sigma (SIGMA.xml_external_entity_enabled)
/xmerge/source/xmerge/java/org/openoffice/xmerge/converter/xml/xslt/DocumentSerializerImpl.java: 73 in org.openoffice.xmerge.converter.xml.xslt.DocumentSerializerImpl::makeFactory()DocumentBuilderFactory()
67 /** SXW {@code Document} object that this converter processes. */
68 private final GenericOfficeDocument sxwDoc;
69
70 private final PluginFactoryImpl pluginFactory;
71
72 private static DocumentBuilderFactory makeFactory() {
>>> CID 1616075: Sigma (SIGMA.xml_external_entity_enabled)
>>> Java API for XML processing's `DocumentBuilderFactory` or `SAXParserFactory` class has not been configured to prevent expansion of external entities during XML parsing. External entity expansion may cause a server-side request forgery, denial of service, exposure of sensitive data or unwanted server requests.
73 DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
74
75 String[] featuresToDisable = {
76 "https://u15810271.ct.sendgrid.net/ls/click?upn=u001.flnyKa-2FqvaKqx4fLQsH4bWEp9-2Bcx5oE7sxbHBs0-2F-2BfBjOeAeDPsYG9nynjqF9K3z6KYyOfuOMD1VUBS3epvdAeb8hPgk4-2F4qMnMyJvhywrQ-3DKqcc_A9M4dSy7guk8NP6DcfgslOyvJRzavztVIKj6nRqYjYpWom7SJFyX0y710bz0kUGtEctlXvROnbtLVjfE917VN7qr5KOsMXsBrS95xmxLqjhCeaz2nB0Pb-2Ft5OTVcPSToYOwBm7mGF-2BHqx64vU2UUoo6AVX9ev5eI2HnpTXvSzAb8FySSBPLsf51SkzPeBQUdx8WGH1vKmyMfl7qK46CKMZlZ0mxwmcxYUApEBXPjHTc-3D
77 "https://u15810271.ct.sendgrid.net/ls/click?upn=u001.flnyKa-2FqvaKqx4fLQsH4bWEp9-2Bcx5oE7sxbHBs0-2F-2BfAPoXPnnX-2BTTEurhU1xaSl4MtTRu8aPbxPStTMqpf5YIeo6HzcAkTF4vMhq8Ns-2B840-3DQySv_A9M4dSy7guk8NP6DcfgslOyvJRzavztVIKj6nRqYjYpWom7SJFyX0y710bz0kUGtEctlXvROnbtLVjfE917VNyla3GmgItuFVvqEXudo7Wm44TGSfh1RF70x9HeiiVXAe-2FWwvLmX3DqehJhJ7BdHr0U2y7fBh02xn0XNfi86zq7esUfaCxU0h5cr0-2BDMq9vsSMQpPtF596o-2F5R0O1E56v6xuGTNHhMWam9idBYeOgdc-3D
78 "https://u15810271.ct.sendgrid.net/ls/click?upn=u001.flnyKa-2FqvaKqx4fLQsH4bds-2FqVEBhA4KrcWpyt0ORNsdFvFDwfN-2BgKmx4SsmCqlJr-2FHobFE8Pc-2BW0CFg5dzIk6ZGXD7wJXNuxBHm14w-2BCkA-3DsXHy_A9M4dSy7guk8NP6DcfgslOyvJRzavztVIKj6nRqYjYpWom7SJFyX0y710bz0kUGtEctlXvROnbtLVjfE917VN3jAfX9l8AXiRcgPrev3ECCmfqwpEz-2FIEHMlfuGggRdEB0mQE4FXWkncb95-2Fupx8o-2BICzJjTjmjoDoabGCrpvQlYSbIR0N1oYoUsOgamS7bo-2FiGE5JuWpyyBLJ-2F6X992TuGISn-2BOKyAlStW4qXhMQgg-3D
** CID 1616074: Sigma (SIGMA.xml_external_entity_enabled)
/xmerge/source/xmerge/java/org/openoffice/xmerge/converter/dom/DOMDocument.java: 48 in org.openoffice.xmerge.converter.dom.DOMDocument::makeFactory()DocumentBuilderFactory()
________________________________________________________________________________________________________
*** CID 1616074: Sigma (SIGMA.xml_external_entity_enabled)
/xmerge/source/xmerge/java/org/openoffice/xmerge/converter/dom/DOMDocument.java: 48 in org.openoffice.xmerge.converter.dom.DOMDocument::makeFactory()DocumentBuilderFactory()
42 * An implementation of {@code Document} for StarOffice documents.
43 */
44 public class DOMDocument
45 implements org.openoffice.xmerge.Document {
46
47 private static DocumentBuilderFactory makeFactory() {
>>> CID 1616074: Sigma (SIGMA.xml_external_entity_enabled)
>>> Java API for XML processing's `DocumentBuilderFactory` or `SAXParserFactory` class has not been configured to prevent expansion of external entities during XML parsing. External entity expansion may cause a server-side request forgery, denial of service, exposure of sensitive data or unwanted server requests.
48 DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
49
50 String[] featuresToDisable = {
51 "https://u15810271.ct.sendgrid.net/ls/click?upn=u001.flnyKa-2FqvaKqx4fLQsH4bWEp9-2Bcx5oE7sxbHBs0-2F-2BfBjOeAeDPsYG9nynjqF9K3z6KYyOfuOMD1VUBS3epvdAeb8hPgk4-2F4qMnMyJvhywrQ-3DbQkd_A9M4dSy7guk8NP6DcfgslOyvJRzavztVIKj6nRqYjYpWom7SJFyX0y710bz0kUGtEctlXvROnbtLVjfE917VN-2FRgz3329bMv40YptPL7WCylRLFVw5693Zm4SjPEU6TUwVTT-2FFVEux8R0N-2BGMGx6EqYWugc0DJGElFh9NVW0R2J0F1ly3C4m50XbMKB8PN1v0cFnKQMLsRqBuOMTb-2FFaMINNq8zRoqLGe-2FD9fO-2FYkdo-3D
52 "https://u15810271.ct.sendgrid.net/ls/click?upn=u001.flnyKa-2FqvaKqx4fLQsH4bWEp9-2Bcx5oE7sxbHBs0-2F-2BfAPoXPnnX-2BTTEurhU1xaSl4MtTRu8aPbxPStTMqpf5YIeo6HzcAkTF4vMhq8Ns-2B840-3DHr_x_A9M4dSy7guk8NP6DcfgslOyvJRzavztVIKj6nRqYjYpWom7SJFyX0y710bz0kUGtEctlXvROnbtLVjfE917VN-2BumPSMidoN-2FDQADrYihAwj-2B5cU2Qbg-2BIDsPqCAzduXTvYFxy4v7KRFbSBnP8flAQx-2Bx-2F66AIaYykVKL5qvnZ3obUCdjZcNRvJTvNrbIqmaFnYuyTxWtut-2FEpyfxpvEl3QCkwnzxeI24JahIlNsFTV8-3D
53 "https://u15810271.ct.sendgrid.net/ls/click?upn=u001.flnyKa-2FqvaKqx4fLQsH4bds-2FqVEBhA4KrcWpyt0ORNsdFvFDwfN-2BgKmx4SsmCqlJr-2FHobFE8Pc-2BW0CFg5dzIk6ZGXD7wJXNuxBHm14w-2BCkA-3DdcQR_A9M4dSy7guk8NP6DcfgslOyvJRzavztVIKj6nRqYjYpWom7SJFyX0y710bz0kUGtEctlXvROnbtLVjfE917VN0jA6ivlWUDr0GfstViJaKg3ScwdbvqB-2BVy44n6TS1vgrcZmznQ64y6Awi94YpYIdLEAWdGTxjI4a1D4K2XdCuj5tp5kV-2FTQ70VAQQXxj6JfV5BLFx3djA9jbNeeJNr1-2Bbngxk1ONKXfgwGgO7eD1k8-3D
** CID 1616073: Sigma (SIGMA.xml_external_entity_enabled)
/xmerge/source/xmerge/java/org/openoffice/xmerge/util/registry/ConverterInfoReader.java: 55 in org.openoffice.xmerge.util.registry.ConverterInfoReader::makeFactory()DocumentBuilderFactory()
________________________________________________________________________________________________________
*** CID 1616073: Sigma (SIGMA.xml_external_entity_enabled)
/xmerge/source/xmerge/java/org/openoffice/xmerge/util/registry/ConverterInfoReader.java: 55 in org.openoffice.xmerge.util.registry.ConverterInfoReader::makeFactory()DocumentBuilderFactory()
49 private static final String TAG_XSLT_SERIAL = "converter-xslt-serialize";
50 private final String jarfilename;
51 private final Document document;
52 private final ArrayList<ConverterInfo> converterInfoList;
53
54 private static DocumentBuilderFactory makeFactory() {
>>> CID 1616073: Sigma (SIGMA.xml_external_entity_enabled)
>>> Java API for XML processing's `DocumentBuilderFactory` or `SAXParserFactory` class has not been configured to prevent expansion of external entities during XML parsing. External entity expansion may cause a server-side request forgery, denial of service, exposure of sensitive data or unwanted server requests.
55 DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
56
57 String[] featuresToDisable = {
58 "https://u15810271.ct.sendgrid.net/ls/click?upn=u001.flnyKa-2FqvaKqx4fLQsH4bWEp9-2Bcx5oE7sxbHBs0-2F-2BfBjOeAeDPsYG9nynjqF9K3z6KYyOfuOMD1VUBS3epvdAeb8hPgk4-2F4qMnMyJvhywrQ-3D3MVw_A9M4dSy7guk8NP6DcfgslOyvJRzavztVIKj6nRqYjYpWom7SJFyX0y710bz0kUGtEctlXvROnbtLVjfE917VN1pFRtA2jyad1rPfMbFBA5EMouZlSDn-2BfJ3Tzg8pd-2BNUM4mCclizr6WHfCwnJWdhIUGr66AHceauOg68D5zBn2pN9ZDg4gZk-2BgdshS2vC-2Bv5K8K0CV79sc4-2Fo1XxnfPp2CmVQs-2BP5h4M1-2BBoEtrEpGA-3D
59 "https://u15810271.ct.sendgrid.net/ls/click?upn=u001.flnyKa-2FqvaKqx4fLQsH4bWEp9-2Bcx5oE7sxbHBs0-2F-2BfAPoXPnnX-2BTTEurhU1xaSl4MtTRu8aPbxPStTMqpf5YIeo6HzcAkTF4vMhq8Ns-2B840-3DgbTi_A9M4dSy7guk8NP6DcfgslOyvJRzavztVIKj6nRqYjYpWom7SJFyX0y710bz0kUGtEctlXvROnbtLVjfE917VN52VwCSVJRS7BBVDRqPo-2FAnZo9MlxY6TCkXoa181FOC6eRIC4U73ERzTdwo3wgk-2FZy5eP-2BS4AoVzTmB-2FBl6QUEQXz5H0kxU4TAx5SHPzoBfSLUSURLuo1RLpkh72sh-2FdNmXvKI1PCuoIyvyNpSPLxlE-3D
60 "https://u15810271.ct.sendgrid.net/ls/click?upn=u001.flnyKa-2FqvaKqx4fLQsH4bds-2FqVEBhA4KrcWpyt0ORNsdFvFDwfN-2BgKmx4SsmCqlJr-2FHobFE8Pc-2BW0CFg5dzIk6ZGXD7wJXNuxBHm14w-2BCkA-3DQtw9_A9M4dSy7guk8NP6DcfgslOyvJRzavztVIKj6nRqYjYpWom7SJFyX0y710bz0kUGtEctlXvROnbtLVjfE917VNzyG9OVxTdMwFRjfEsoh4Tyhhg6oD5ZtI4vcwZ1upAsL0nIS3TZNBAff2co-2Ft0t-2F9lGS0qXRfjfD8ji-2BZfaFjAkuOg4z2AR54Q-2B5aHAp4V-2FNCGZt-2F4hmovweFEv5mrO9gEfXX-2BgnvIyglDCeh6NwQrs-3D
** CID 1616072: Memory - corruptions (MULTIPLE_INIT_SMART_PTRS)
________________________________________________________________________________________________________
*** CID 1616072: Memory - corruptions (MULTIPLE_INIT_SMART_PTRS)
/sw/source/core/doc/docbm.cxx: 1241 in sw::mark::MarkManager::deleteMark(const __gnu_cxx::__normal_iterator<sw::mark::MarkBase *const *, std::vector<sw::mark::MarkBase *, std::allocator<sw::mark::MarkBase *>>> &, bool)()
1235 //position as const iterator ppMark was
1236 auto aI = m_vAllMarks.begin();
1237 std::advance(aI, std::distance<container_t::const_iterator>(aI, ppMark));
1238 DdeBookmark* const pDdeBookmark = dynamic_cast<DdeBookmark*>(pMark);
1239 if (pDdeBookmark)
1240 {
>>> CID 1616072: Memory - corruptions (MULTIPLE_INIT_SMART_PTRS)
>>> Function "LazyDdeBookmarkDeleter" sets "<storage from new>->m_pDdeBookmark" with "pDdeBookmark", but it is already managed by another smart pointer.
1241 ret.reset(new LazyDdeBookmarkDeleter(pDdeBookmark, m_rDoc));
1242 }
1243
1244 m_vAllMarks.erase(aI);
1245 // If we don't have a lazy deleter
1246 if (!ret)
** CID 1616071: Sigma (SIGMA.xml_external_entity_enabled)
/xmerge/source/xmerge/java/org/openoffice/xmerge/converter/xml/xslt/DocumentDeserializerImpl.java: 63 in org.openoffice.xmerge.converter.xml.xslt.DocumentDeserializerImpl::makeFactory()DocumentBuilderFactory()
________________________________________________________________________________________________________
*** CID 1616071: Sigma (SIGMA.xml_external_entity_enabled)
/xmerge/source/xmerge/java/org/openoffice/xmerge/converter/xml/xslt/DocumentDeserializerImpl.java: 63 in org.openoffice.xmerge.converter.xml.xslt.DocumentDeserializerImpl::makeFactory()DocumentBuilderFactory()
57
58 /** A {@code ConvertData} object assigned to this object. */
59 private final ConvertData cd;
60 private final PluginFactoryImpl pluginFactory;
61
62 private static DocumentBuilderFactory makeFactory() {
>>> CID 1616071: Sigma (SIGMA.xml_external_entity_enabled)
>>> Java API for XML processing's `DocumentBuilderFactory` or `SAXParserFactory` class has not been configured to prevent expansion of external entities during XML parsing. External entity expansion may cause a server-side request forgery, denial of service, exposure of sensitive data or unwanted server requests.
63 DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
64
65 String[] featuresToDisable = {
66 "https://u15810271.ct.sendgrid.net/ls/click?upn=u001.flnyKa-2FqvaKqx4fLQsH4bWEp9-2Bcx5oE7sxbHBs0-2F-2BfBjOeAeDPsYG9nynjqF9K3z6KYyOfuOMD1VUBS3epvdAeb8hPgk4-2F4qMnMyJvhywrQ-3D1OFh_A9M4dSy7guk8NP6DcfgslOyvJRzavztVIKj6nRqYjYpWom7SJFyX0y710bz0kUGtEctlXvROnbtLVjfE917VN1ceOZ7ZjQAnSl2d7LWb5bSlS2-2FIfcwis8xuSbsr43lnrQqZ4We3hT83s3Tkmf0Lb0DH28tq2TZqnVykXAqbEavHpZeF1L3jJ27F5CrAa7-2BzmBkVHyspEZe0TWor3dlVTJBO3qrMNNc1KIv7BYz9DFs-3D
67 "https://u15810271.ct.sendgrid.net/ls/click?upn=u001.flnyKa-2FqvaKqx4fLQsH4bWEp9-2Bcx5oE7sxbHBs0-2F-2BfAPoXPnnX-2BTTEurhU1xaSl4MtTRu8aPbxPStTMqpf5YIeo6HzcAkTF4vMhq8Ns-2B840-3D9RgC_A9M4dSy7guk8NP6DcfgslOyvJRzavztVIKj6nRqYjYpWom7SJFyX0y710bz0kUGtEctlXvROnbtLVjfE917VN3jbF4YgRsjvQihe0qlkRCQG-2FZnSIid-2Fyd0D2r25rW-2BJYvbl0ab42FooDq3fgo5D80SXZf8n6ccyrE93BL9ZmGeKbKLMcb6Gx6ImkSnF4n8V8aABa9BVjxEdRE4bsyaITED3MIlHM-2BCbrRkfAA4ZU-2Bg-3D
68 "https://u15810271.ct.sendgrid.net/ls/click?upn=u001.flnyKa-2FqvaKqx4fLQsH4bds-2FqVEBhA4KrcWpyt0ORNsdFvFDwfN-2BgKmx4SsmCqlJr-2FHobFE8Pc-2BW0CFg5dzIk6ZGXD7wJXNuxBHm14w-2BCkA-3DImnu_A9M4dSy7guk8NP6DcfgslOyvJRzavztVIKj6nRqYjYpWom7SJFyX0y710bz0kUGtEctlXvROnbtLVjfE917VN0s-2BjySnQho5D77fpXRhLnhZ8DFTfhc0-2FZXHvSYMFebSoOv8MJSGPg8Y4EDVDV2gFnTRXLeA1AQGE9GPCpUWU-2Bn89pUDCd8YyU6lF-2FFFjq6FOHiH8bxTkAM9j0cWpo6jLwwXpKQsbyW48gUe2o9BxYA-3D
** CID 1616070: Sigma (SIGMA.xml_external_entity_enabled)
/xmerge/source/xmerge/java/org/openoffice/xmerge/converter/xml/OfficeDocument.java: 63 in org.openoffice.xmerge.converter.xml.OfficeDocument::makeFactory()DocumentBuilderFactory()
________________________________________________________________________________________________________
*** CID 1616070: Sigma (SIGMA.xml_external_entity_enabled)
/xmerge/source/xmerge/java/org/openoffice/xmerge/converter/xml/OfficeDocument.java: 63 in org.openoffice.xmerge.converter.xml.OfficeDocument::makeFactory()DocumentBuilderFactory()
57 * An implementation of {@code Document} for StarOffice documents.
58 */
59 public abstract class OfficeDocument
60 implements org.openoffice.xmerge.Document, OfficeConstants {
61
62 private static DocumentBuilderFactory makeFactory() {
>>> CID 1616070: Sigma (SIGMA.xml_external_entity_enabled)
>>> Java API for XML processing's `DocumentBuilderFactory` or `SAXParserFactory` class has not been configured to prevent expansion of external entities during XML parsing. External entity expansion may cause a server-side request forgery, denial of service, exposure of sensitive data or unwanted server requests.
63 DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
64
65 String[] featuresToDisable = {
66 "https://u15810271.ct.sendgrid.net/ls/click?upn=u001.flnyKa-2FqvaKqx4fLQsH4bWEp9-2Bcx5oE7sxbHBs0-2F-2BfBjOeAeDPsYG9nynjqF9K3z6KYyOfuOMD1VUBS3epvdAeb8hPgk4-2F4qMnMyJvhywrQ-3DDljs_A9M4dSy7guk8NP6DcfgslOyvJRzavztVIKj6nRqYjYpWom7SJFyX0y710bz0kUGtEctlXvROnbtLVjfE917VN4S2GOhXYJzWTLaUdHD75ZjNOC3OqJJNSh9uku6vT3Hes0QDRaV1qmF-2F86q8P9Jq5qro2ZcfWqfFwoBqZEJk7-2FrVWZYcCzU3hwgw9VJoEEQ18LzbZ2zCQeExZob7spCI5xCzEPa6VU0RgffGW2EJ8ug-3D
67 "https://u15810271.ct.sendgrid.net/ls/click?upn=u001.flnyKa-2FqvaKqx4fLQsH4bWEp9-2Bcx5oE7sxbHBs0-2F-2BfAPoXPnnX-2BTTEurhU1xaSl4MtTRu8aPbxPStTMqpf5YIeo6HzcAkTF4vMhq8Ns-2B840-3DSC0u_A9M4dSy7guk8NP6DcfgslOyvJRzavztVIKj6nRqYjYpWom7SJFyX0y710bz0kUGtEctlXvROnbtLVjfE917VNyVBpiHGFTfmv4n6vsG1cAv8bi1qM7eBBTZHWj0r-2FyDqJvdwpalmD-2FKOfPNR2b0DwQSXsh6a9fs9fZm67BalTMTYjg-2FKRnE90LH63vvN5yY0JGbZJ442on4vY2uIAI6bkQ9vz6UjmescPcWHBGI72E4-3D
68 "https://u15810271.ct.sendgrid.net/ls/click?upn=u001.flnyKa-2FqvaKqx4fLQsH4bds-2FqVEBhA4KrcWpyt0ORNsdFvFDwfN-2BgKmx4SsmCqlJr-2FHobFE8Pc-2BW0CFg5dzIk6ZGXD7wJXNuxBHm14w-2BCkA-3D1INt_A9M4dSy7guk8NP6DcfgslOyvJRzavztVIKj6nRqYjYpWom7SJFyX0y710bz0kUGtEctlXvROnbtLVjfE917VNylX261KZoztOja451eYdBqQN3vetf04-2FzlQMFHfO1XaiNcvVfvIyEf-2BL7NQEUT3wqHo13UGVR8EJ-2BOjbI9xU2LgCIfbqym48Kim8ywv3ZMXQn-2FUGF64cb1Jg6FaK0dQutUuHEm7ML5WfXls3eq0CRM-3D
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu6VvXBlQRUbS683tC8265rGNPXqJ1ffcoLZCnTuJFQbNcTEkb4XaEQkzovKhJ5DB3c-3D0ewv_A9M4dSy7guk8NP6DcfgslOyvJRzavztVIKj6nRqYjYpWom7SJFyX0y710bz0kUGtEctlXvROnbtLVjfE917VN3kZdiYQBKQ9wljnuZ1sISTOg1KXKV4BujKmP7ErhQRGnDMAJ8mc51h10KLaSQJlCmPcaa-2FV61uwUSJED-2FP0MwytEHFhfPGEJwipPw2A12l44fQoiiuySyVcUg1IQFlcifu5g3to57wN4kbXl2oj-2F0w-3D
More information about the LibreOffice
mailing list