New Defects reported by Coverity Scan for LibreOffice
scan-admin at coverity.com
scan-admin at coverity.com
Sat Feb 3 06:02:11 UTC 2024
Hi,
Please find the latest report on new defect(s) introduced to LibreOffice found with Coverity Scan.
16 new defect(s) introduced to LibreOffice found with Coverity Scan.
5 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 16 of 16 defect(s)
** CID 1591496: Null pointer dereferences (NULL_RETURNS)
________________________________________________________________________________________________________
*** CID 1591496: Null pointer dereferences (NULL_RETURNS)
/sw/source/core/layout/atrfrm.cxx: 2637 in SwFrameFormat::SetFormatName(const rtl::OUString &, bool)()
2631 if (!aHint.m_sOld.isEmpty() && aHint.m_sOld != aHint.m_sNew)
2632 {
2633 if (SwFlyFrame* pSFly = SwIterator<SwFlyFrame, SwFormat>(*this).First())
2634 {
2635 if (pSFly->Lower() && !pSFly->Lower()->IsNoTextFrame())
2636 {
>>> CID 1591496: Null pointer dereferences (NULL_RETURNS)
>>> Dereferencing a pointer that might be "nullptr" "static_cast<SwTextFrame *>(pSFly->ContainsContent())" when calling "GetTextNodeFirst".
2637 if (SwTextNode* pSwTxtNode = static_cast<SwTextFrame*>(pSFly->ContainsContent())->GetTextNodeFirst())
2638 pSwTxtNode->resetAndQueueAccessibilityCheck(true);
2639 }
2640 else
2641 {
2642 if (SwNode* pSwNode = static_cast<SwNoTextFrame*>(pSFly->Lower())->GetNode())
** CID 1591495: Resource leaks (RESOURCE_LEAK)
/test/source/xmltesttools.cxx: 306 in XmlTestTools::assertXPathNodeName(const std::unique_ptr<_xmlDoc, xmlDocDeleter> &, const rtl::OString &, const rtl::OString &)()
________________________________________________________________________________________________________
*** CID 1591495: Resource leaks (RESOURCE_LEAK)
/test/source/xmltesttools.cxx: 306 in XmlTestTools::assertXPathNodeName(const std::unique_ptr<_xmlDoc, xmlDocDeleter> &, const rtl::OString &, const rtl::OString &)()
300 CPPUNIT_ASSERT_EQUAL_MESSAGE(OString(OString::Concat("In <") + pXmlDoc->name + ">, XPath '" + rXPath + "' number of nodes is incorrect").getStr(),
301 1,
302 xmlXPathNodeSetGetLength(pXmlNodes));
303 xmlNodePtr pXmlNode = pXmlNodes->nodeTab[0];
304 CPPUNIT_ASSERT_EQUAL_MESSAGE(OString(OString::Concat("In XPath '" + rXPath + "' name of node is incorrect")).getStr(),
305 rExpectedName, oconvert(pXmlNode->name));
>>> CID 1591495: Resource leaks (RESOURCE_LEAK)
>>> Variable "pXmlObj" going out of scope leaks the storage it points to.
306 }
307
308 void XmlTestTools::registerODFNamespaces(xmlXPathContextPtr& pXmlXpathCtx)
309 {
310 xmlXPathRegisterNs(pXmlXpathCtx, BAD_CAST("manifest"),
311 BAD_CAST("urn:oasis:names:tc:opendocument:xmlns:manifest:1.0"));
** CID 1591494: Null pointer dereferences (NULL_RETURNS)
________________________________________________________________________________________________________
*** CID 1591494: Null pointer dereferences (NULL_RETURNS)
/sw/source/core/layout/trvlfrm.cxx: 1533 in SwRootFrame::GetNextPrevContentPos(const Point &, bool) const()
1527 while ( !pCnt )
1528 {
1529 pPage = static_cast<const SwLayoutFrame*>(pPage->GetPrev());
1530 if ( pPage )
1531 pCnt = pPage->ContainsContent();
1532 else
>>> CID 1591494: Null pointer dereferences (NULL_RETURNS)
>>> Dereferencing a pointer that might be "nullptr" "this->ContainsContent()" when calling "UnionFrame".
1533 return ContainsContent()->UnionFrame().Pos();
1534 }
1535 pCnt->Calc(pRenderContext);
1536 }
1537 }
1538
** CID 1591493: Error handling issues (CHECKED_RETURN)
/comphelper/source/xml/xmltools.cxx: 79 in comphelper::xml::makeXMLChaff()()
________________________________________________________________________________________________________
*** CID 1591493: Error handling issues (CHECKED_RETURN)
/comphelper/source/xml/xmltools.cxx: 79 in comphelper::xml::makeXMLChaff()()
73 {
74 OString makeXMLChaff()
75 {
76 rtlRandomPool pool = rtl_random_createPool();
77
78 sal_Int8 n;
>>> CID 1591493: Error handling issues (CHECKED_RETURN)
>>> Calling "rtl_random_getBytes" without checking return value (as is done elsewhere 13 out of 16 times).
79 rtl_random_getBytes(pool, &n, 1);
80
81 sal_Int32 nLength = 1024+n;
82 // coverity[tainted_data] - 1024 deliberate random minus max -127/plus max 128
83 std::vector<sal_uInt8> aChaff(nLength);
84 rtl_random_getBytes(pool, aChaff.data(), nLength);
** CID 1591492: Performance inefficiencies (COPY_INSTEAD_OF_MOVE)
/sc/source/ui/view/viewfunc.cxx: 730 in ScViewFunc::EnterData(short, int, short, const rtl::OUString &, const EditTextObject *, bool)()
________________________________________________________________________________________________________
*** CID 1591492: Performance inefficiencies (COPY_INSTEAD_OF_MOVE)
/sc/source/ui/view/viewfunc.cxx: 730 in ScViewFunc::EnterData(short, int, short, const rtl::OUString &, const EditTextObject *, bool)()
724 aCompPtr->SetExtendedErrorDetection( ScCompiler::EXTENDED_ERROR_DETECTION_NAME_BREAK );
725 }
726
727 OUString aFormula( rString );
728 std::shared_ptr< ScTokenArray > pArr;
729
>>> CID 1591492: Performance inefficiencies (COPY_INSTEAD_OF_MOVE)
>>> "pArr" is copied in call to copy constructor "std::shared_ptr<ScTokenArray>", when it could be moved instead.
730 FormulaProcessingContext context_instance{
731 aPosPtr, aCompPtr, xModificator, pArr, nullptr, pData,
732 rMark, *this, OUString(), aFormula, rString, nCol,
733 nRow, nTab, bMatrixExpand, bNumFmtChanged, bRecord
734 };
735
** CID 1591491: Performance inefficiencies (PASS_BY_VALUE)
/sw/source/uibase/docvw/PostItMgr.cxx: 1726 in SwPostItMgr::ExecuteFormatAllDialog(SwView &)::[lambda(int) (instance 1)]::operator ()(int) const()
________________________________________________________________________________________________________
*** CID 1591491: Performance inefficiencies (PASS_BY_VALUE)
/sw/source/uibase/docvw/PostItMgr.cxx: 1726 in SwPostItMgr::ExecuteFormatAllDialog(SwView &)::[lambda(int) (instance 1)]::operator ()(int) const()
1720 SfxItemPool* pPool(SwAnnotationShell::GetAnnotationPool(rView));
1721 SfxItemSetFixed<XATTR_FILLSTYLE, XATTR_FILLCOLOR, EE_ITEMS_START, EE_ITEMS_END> aDlgAttr(*pPool);
1722 aDlgAttr.Put(aEditAttr);
1723 SwAbstractDialogFactory* pFact = SwAbstractDialogFactory::Create();
1724 VclPtr<SfxAbstractTabDialog> pDlg(pFact->CreateSwCharDlg(rView.GetFrameWeld(), rView, aDlgAttr, SwCharDlgMode::Ann));
1725 pDlg->StartExecuteAsync(
>>> CID 1591491: Performance inefficiencies (PASS_BY_VALUE)
>>> Capturing variable "aDlgAttr" of type "SfxItemSetFixed<(unsigned short)1014, (unsigned short)1015, (unsigned short)4009, (unsigned short)4064>" (size 560 bytes) by value, which exceeds the high threshold of 512 bytes.
1726 [this, pDlg, aDlgAttr, pOrigActiveWin] (sal_Int32 nResult)->void
1727 {
1728 if (nResult == RET_OK)
1729 {
1730 auto aNewAttr = aDlgAttr;
1731 aNewAttr.Put(*pDlg->GetOutputItemSet());
** CID 1591490: Error handling issues (CHECKED_RETURN)
/binaryurp/source/bridge.cxx: 78 in binaryurp::<unnamed>::random()()
________________________________________________________________________________________________________
*** CID 1591490: Error handling issues (CHECKED_RETURN)
/binaryurp/source/bridge.cxx: 78 in binaryurp::<unnamed>::random()()
72
73 namespace {
74
75 sal_Int32 random() {
76 sal_Int32 n;
77 rtlRandomPool pool = rtl_random_createPool();
>>> CID 1591490: Error handling issues (CHECKED_RETURN)
>>> Calling "rtl_random_getBytes" without checking return value (as is done elsewhere 13 out of 16 times).
78 rtl_random_getBytes(pool, &n, sizeof n);
79 rtl_random_destroyPool(pool);
80 return n;
81 }
82
83 OUString toString(css::uno::TypeDescription const & type) {
** CID 1591489: Performance inefficiencies (COPY_INSTEAD_OF_MOVE)
/sw/source/uibase/shells/annotsh.cxx: 493 in SwAnnotationShell::Exec(SfxRequest &)()
________________________________________________________________________________________________________
*** CID 1591489: Performance inefficiencies (COPY_INSTEAD_OF_MOVE)
/sw/source/uibase/shells/annotsh.cxx: 493 in SwAnnotationShell::Exec(SfxRequest &)()
487 pDlg->SetCurPageId(pItem->GetValue());
488 }
489
490 auto xRequest = std::make_shared<SfxRequest>(rReq);
491 rReq.Ignore(); // the 'old' request is not relevant any more
492 pDlg->StartExecuteAsync(
>>> CID 1591489: Performance inefficiencies (COPY_INSTEAD_OF_MOVE)
>>> "xRequest" is copied in call to copy constructor "std::shared_ptr<SfxRequest>", when it could be moved instead.
493 [this, pDlg, xRequest, nEEWhich, aNewAttr2=aNewAttr, pOLV] (sal_Int32 nResult) mutable ->void
494 {
495 if (nResult == RET_OK)
496 {
497 xRequest->Done( *( pDlg->GetOutputItemSet() ) );
498 aNewAttr2.Put(*pDlg->GetOutputItemSet());
** CID 1591488: Performance inefficiencies (COPY_INSTEAD_OF_MOVE)
/sw/source/uibase/shells/drwtxtex.cxx: 370 in SwDrawTextShell::Execute(SfxRequest &)()
________________________________________________________________________________________________________
*** CID 1591488: Performance inefficiencies (COPY_INSTEAD_OF_MOVE)
/sw/source/uibase/shells/drwtxtex.cxx: 370 in SwDrawTextShell::Execute(SfxRequest &)()
364 pDlg->SetCurPageId(pItem->GetValue());
365 }
366
367 auto xRequest = std::make_shared<SfxRequest>(rReq);
368 rReq.Ignore(); // the 'old' request is not relevant any more
369 pDlg->StartExecuteAsync(
>>> CID 1591488: Performance inefficiencies (COPY_INSTEAD_OF_MOVE)
>>> "xRequest" is copied in call to copy constructor "std::shared_ptr<SfxRequest>", when it could be moved instead.
370 [this, pDlg, xRequest, nEEWhich, aNewAttr2=aNewAttr, pOLV, bRestoreSelection, aOldSelection] (sal_Int32 nResult) mutable ->void
371 {
372 if (nResult == RET_OK)
373 {
374 xRequest->Done( *( pDlg->GetOutputItemSet() ) );
375 aNewAttr2.Put(*pDlg->GetOutputItemSet());
** CID 1591487: Null pointer dereferences (FORWARD_NULL)
________________________________________________________________________________________________________
*** CID 1591487: Null pointer dereferences (FORWARD_NULL)
/sc/source/ui/view/tabvwsha.cxx: 1067 in ScTabViewShell::ExecStyle(SfxRequest &)()
1061 bool bWaterCan = pScMod->GetIsWaterCan();
1062
1063 if( !bWaterCan )
1064 {
1065 const SfxPoolItem* pItem;
1066
>>> CID 1591487: Null pointer dereferences (FORWARD_NULL)
>>> Passing null pointer "pArgs" to "GetItemState", which dereferences it.
1067 if ( SfxItemState::SET ==
1068 pArgs->GetItemState( nSlotId, true, &pItem ) )
1069 {
1070 const SfxStringItem* pStrItem = dynamic_cast< const SfxStringItem *>( pItem );
1071 if ( pStrItem )
1072 {
** CID 1591486: Control flow issues (DEADCODE)
/cui/source/factory/dlgfact.cxx: 843 in AbstractDialogFactory_Impl::CreateVclDialog(weld::Window *, unsigned int)()
________________________________________________________________________________________________________
*** CID 1591486: Control flow issues (DEADCODE)
/cui/source/factory/dlgfact.cxx: 843 in AbstractDialogFactory_Impl::CreateVclDialog(weld::Window *, unsigned int)()
837 if (nResId == SID_OPTIONS_TREEDIALOG)
838 bActivateLastSelection = true;
839 Reference< frame::XFrame > xFrame;
840 auto xDlg = std::make_unique<OfaTreeOptionsDialog>(pParent, xFrame, bActivateLastSelection);
841 if (nResId == SID_OPTIONS_DATABASES)
842 {
>>> CID 1591486: Control flow issues (DEADCODE)
>>> Execution cannot reach this statement: "xDlg->ActivatePage(10349);".
843 xDlg->ActivatePage(SID_SB_DBREGISTEROPTIONS);
844 }
845 else if (nResId == SID_LANGUAGE_OPTIONS)
846 {
847 //open the tab page "tools/options/languages"
848 xDlg->ActivatePage(OFA_TP_LANGUAGES_FOR_SET_DOCUMENT_LANGUAGE);
** CID 1591485: Performance inefficiencies (COPY_INSTEAD_OF_MOVE)
/sc/source/ui/docshell/docsh4.cxx: 1440 in ScDocShell::ExecuteChartSource(SfxRequest &)()
________________________________________________________________________________________________________
*** CID 1591485: Performance inefficiencies (COPY_INSTEAD_OF_MOVE)
/sc/source/ui/docshell/docsh4.cxx: 1440 in ScDocShell::ExecuteChartSource(SfxRequest &)()
1434
1435 auto xRequest = std::make_shared<SfxRequest>(rReq);
1436 rReq.Ignore(); // the 'old' request is not relevant any more
1437 ScAbstractDialogFactory* pFact = ScAbstractDialogFactory::Create();
1438 VclPtr<AbstractScColRowLabelDlg> pDlg(pFact->CreateScColRowLabelDlg(pParent, bRowHeaders, bColHeaders));
1439 pDlg->StartExecuteAsync(
>>> CID 1591485: Performance inefficiencies (COPY_INSTEAD_OF_MOVE)
>>> "xRequest" is copied in call to copy constructor "std::shared_ptr<SfxRequest>", when it could be moved instead.
1440 [this, pDlg, xRequest, bUndo, bMultiRange, aChartName, aRangeListRef, bAddRange,
1441 nCol1, nRow1, nCol2, nRow2, nTab] (sal_Int32 nResult)->void
1442 {
1443 if (nResult == RET_OK)
1444 {
1445 bool bColHeaders2 = pDlg->IsRow();
** CID 1591484: (FORWARD_NULL)
/sw/source/core/layout/trvlfrm.cxx: 247 in SwPageFrame::GetModelPositionForViewPoint(SwPosition *, Point &, SwCursorMoveState *, bool) const()
________________________________________________________________________________________________________
*** CID 1591484: (FORWARD_NULL)
/sw/source/core/layout/trvlfrm.cxx: 244 in SwPageFrame::GetModelPositionForViewPoint(SwPosition *, Point &, SwCursorMoveState *, bool) const()
238 if ( pCMS && pCMS->m_bStop )
239 return false;
240
241 bool bTextRet = false;
242
243 OSL_ENSURE( pCnt, "Cursor is gone to a Black hole" );
>>> CID 1591484: (FORWARD_NULL)
>>> Passing null pointer "pCnt" to "IsTextFrame", which dereferences it.
244 if( pCMS && pCMS->m_pFill && pCnt->IsTextFrame() )
245 bTextRet = pCnt->GetModelPositionForViewPoint( &aTextPos, rPoint, pCMS );
246 else
247 bTextRet = pCnt->GetModelPositionForViewPoint( &aTextPos, aPoint, pCMS );
248
249 if ( !bTextRet )
/sw/source/core/layout/trvlfrm.cxx: 247 in SwPageFrame::GetModelPositionForViewPoint(SwPosition *, Point &, SwCursorMoveState *, bool) const()
241 bool bTextRet = false;
242
243 OSL_ENSURE( pCnt, "Cursor is gone to a Black hole" );
244 if( pCMS && pCMS->m_pFill && pCnt->IsTextFrame() )
245 bTextRet = pCnt->GetModelPositionForViewPoint( &aTextPos, rPoint, pCMS );
246 else
>>> CID 1591484: (FORWARD_NULL)
>>> Passing null pointer "pCnt" to "GetModelPositionForViewPoint", which dereferences it. (The dereference happens because this is a virtual function call.)
247 bTextRet = pCnt->GetModelPositionForViewPoint( &aTextPos, aPoint, pCMS );
248
249 if ( !bTextRet )
250 {
251 // Set point to pCnt, delete mark
252 // this may happen, if pCnt is hidden
** CID 1591483: Performance inefficiencies (COPY_INSTEAD_OF_MOVE)
/sc/source/ui/view/tabvwsha.cxx: 1585 in ScTabViewShell::ExecuteStyleEdit(SfxRequest &, SfxStyleSheetBase *, unsigned short, unsigned short, bool, bool, ScStyleSaveData &, ScStyleSaveData &, SfxStyleFamily, bool, bool, SdrObject *, ESelection)()
________________________________________________________________________________________________________
*** CID 1591483: Performance inefficiencies (COPY_INSTEAD_OF_MOVE)
/sc/source/ui/view/tabvwsha.cxx: 1585 in ScTabViewShell::ExecuteStyleEdit(SfxRequest &, SfxStyleSheetBase *, unsigned short, unsigned short, bool, bool, ScStyleSaveData &, ScStyleSaveData &, SfxStyleFamily, bool, bool, SdrObject *, ESelection)()
1579 else
1580 pDlg = pFact->CreateScStyleDlg(pDialogParent, *pStyleSheet, bPage);
1581
1582 auto xRequest = std::make_shared<SfxRequest>(rReq);
1583 rReq.Ignore(); // the 'old' request is not relevant any more
1584 pDlg->StartExecuteAsync(
>>> CID 1591483: Performance inefficiencies (COPY_INSTEAD_OF_MOVE)
>>> "xRequest" is copied in call to copy constructor "std::shared_ptr<SfxRequest>", when it could be moved instead.
1585 [this, pDlg, xRequest, pStyleSheet, nRetMask, xOldSet, nSlotId, bAddUndo, bUndo,
1586 aOldData=rOldData, aNewData=rNewData, aOldName, eFamily, bStyleToMarked, bListAction,
1587 pEditObject, aSelection]
1588 (sal_Int32 nResult) mutable -> void
1589 {
1590 SetInFormatDialog(false);
** CID 1591482: Performance inefficiencies (COPY_INSTEAD_OF_MOVE)
/sc/source/ui/view/viewfunc.cxx: 738 in ScViewFunc::EnterData(short, int, short, const rtl::OUString &, const EditTextObject *, bool)()
________________________________________________________________________________________________________
*** CID 1591482: Performance inefficiencies (COPY_INSTEAD_OF_MOVE)
/sc/source/ui/view/viewfunc.cxx: 738 in ScViewFunc::EnterData(short, int, short, const rtl::OUString &, const EditTextObject *, bool)()
732 rMark, *this, OUString(), aFormula, rString, nCol,
733 nRow, nTab, bMatrixExpand, bNumFmtChanged, bRecord
734 };
735
736 std::shared_ptr<FormulaProcessingContext> context = std::make_shared<FormulaProcessingContext>(context_instance);
737
>>> CID 1591482: Performance inefficiencies (COPY_INSTEAD_OF_MOVE)
>>> "context" is passed-by-value as parameter to "parseAndCorrectFormula" when it could be moved instead.
738 parseAndCorrectFormula(context);
739 }
740 else
741 {
742 ScFieldEditEngine& rEngine = rDoc.GetEditEngine();
743 for (const auto& rTab : rMark)
** CID 1591481: Null pointer dereferences (FORWARD_NULL)
/sw/source/core/frmedt/tblsel.cxx: 1721 in lcl_FindStartEndCol(const SwLayoutFrame *&, const SwLayoutFrame *&, bool)()
________________________________________________________________________________________________________
*** CID 1591481: Null pointer dereferences (FORWARD_NULL)
/sw/source/core/frmedt/tblsel.cxx: 1721 in lcl_FindStartEndCol(const SwLayoutFrame *&, const SwLayoutFrame *&, bool)()
1715
1716 if( !bChkProtected ) // check for protected cell ?
1717 return;
1718
1719 // Beginning and end should not be in protected cells.
1720 // If necessary we should search backwards again
>>> CID 1591481: Null pointer dereferences (FORWARD_NULL)
>>> Passing null pointer "rpStart" to "GetFormat", which dereferences it. (The dereference happens because this is a virtual function call.)
1721 while ( rpStart->GetFormat()->GetProtect().IsContentProtected() )
1722 {
1723 const SwLayoutFrame *pTmpLeaf = rpStart->GetNextLayoutLeaf();
1724 while ( pTmpLeaf && aRectFnSet.GetLeft(pTmpLeaf->getFrameArea()) > nEX ) // first skip line
1725 pTmpLeaf = pTmpLeaf->GetNextLayoutLeaf();
1726 while ( pTmpLeaf && aRectFnSet.GetLeft(pTmpLeaf->getFrameArea()) < nSX &&
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50ypSs1kiFPuCn2xFdlMIFBirii0zZ9j2-2F9F2XPBcBm2BNnPiSHxWPOELPnIxzXoBNaw-3DQv7q_OTq2XUZbbipYjyLSo6GRo-2FpVxQ9OzkDINu9UTS-2FQhSdO0F0jQniitrGlNxDIzPJiMWh7Bc4Jco3Cf-2FxCBHI-2FTdOj6lco5e1q5ihQvKNaNcEUY6SEAY1V7SVQE5WxqSJv6-2BRxJtm-2Bz5aHA7ZF8X9aLtg1WDmFoc3dFuf5krtVt9rk2RZsqN4Qa8J0raliIgzJSdHkXGrVdBPFOnyzXRoawaZSR0pxiclc8RGm5UXFaBQ-3D
More information about the LibreOffice
mailing list