New Defects reported by Coverity Scan for LibreOffice

scan-admin at coverity.com scan-admin at coverity.com
Fri Nov 29 00:17:02 UTC 2024 

Hi,

Please find the latest report on new defect(s) introduced to LibreOffice found with Coverity Scan.

5 new defect(s) introduced to LibreOffice found with Coverity Scan.
5 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 5 of 5 defect(s)


** CID 1635777:  Null pointer dereferences  (FORWARD_NULL)


________________________________________________________________________________________________________
*** CID 1635777:  Null pointer dereferences  (FORWARD_NULL)
/sc/source/filter/xml/xmlexprt.cxx: 2985 in ScXMLExport::WriteTable(int, const com::sun::star::uno::Reference<com::sun::star::sheet::XSpreadsheet> &)()
2979         ScMyCell aCell;
2980         ScMyCell aPrevCell;
2981         while (mpCellsItr->GetNext(aCell, pCellStyles.get()))
2982         {
2983             if (bIsFirst)
2984             {
>>>     CID 1635777:  Null pointer dereferences  (FORWARD_NULL)
>>>     "ExportFormatRanges" dereferences null "this->mpDoc".
2985                 ExportFormatRanges(0, 0, aCell.maCellAddress.Col()-1, aCell.maCellAddress.Row(), nTable);
2986                 aPrevCell = aCell;
2987                 bIsFirst = false;
2988             }
2989             else
2990             {

** CID 1635776:    (INTEGER_OVERFLOW)
/sw/source/core/crsr/crstrvl.cxx: 1406 in SwCursorShell::MakeOutlineSel(unsigned long, unsigned long, bool, bool, SwOutlineNodesInline *)()
/sw/source/core/crsr/crstrvl.cxx: 1420 in SwCursorShell::MakeOutlineSel(unsigned long, unsigned long, bool, bool, SwOutlineNodesInline *)()


________________________________________________________________________________________________________
*** CID 1635776:    (INTEGER_OVERFLOW)
/sw/source/core/crsr/crstrvl.cxx: 1406 in SwCursorShell::MakeOutlineSel(unsigned long, unsigned long, bool, bool, SwOutlineNodesInline *)()
1400         {
1401             const int nLevel = pEndNd->GetTextNode()->GetAttrOutlineLevel() - 1;
1402             pSttNd = const_cast<SwNode*>(SwOutlineNodes::GetRootNode(pSttNd));
1403     
1404             pOutlNdsInline->Seek_Entry( pEndNd, &nEndPosInline );
1405     
>>>     CID 1635776:    (INTEGER_OVERFLOW)
>>>     Expression "++nEndPosInline", which is equal to 0, where "nEndPosInline" is known to be equal to 18446744073709551615, overflows the type that receives it, an unsigned integer 64 bits wide.
1406             for( ++nEndPosInline; nEndPosInline < pOutlNdsInline->size(); ++nEndPosInline )
1407             {
1408                 pEndNd = (*pOutlNdsInline)[ nEndPosInline ];
1409                 const int nNxtLevel = pEndNd->GetTextNode()->GetAttrOutlineLevel()-1;
1410                 if( nNxtLevel <= nLevel )
1411                     break; // EndPos is now on the next one
/sw/source/core/crsr/crstrvl.cxx: 1420 in SwCursorShell::MakeOutlineSel(unsigned long, unsigned long, bool, bool, SwOutlineNodesInline *)()
1414             if ( nEndPosInline < pOutlNdsInline->size() )
1415                 pEndNd = const_cast<SwNode*>(SwOutlineNodes::GetRootNode(pEndNd));
1416         }
1417         // if without children then set onto next one
1418         else if( !pOutlNdsInline && ++nEndPos < rOutlNds.size() )
1419             pEndNd = rOutlNds[ nEndPos ];
>>>     CID 1635776:    (INTEGER_OVERFLOW)
>>>     Expression "++nEndPosInline", which is equal to 0, where "nEndPosInline" is known to be equal to 18446744073709551615, overflows the type that receives it, an unsigned integer 64 bits wide.
1420         else if( pOutlNdsInline && ++nEndPosInline < pOutlNdsInline->size() )
1421             pEndNd = const_cast<SwNode*>(SwOutlineNodes::GetRootNode((*pOutlNdsInline)[nEndPosInline]));
1422     
1423         if( ( pOutlNdsInline && nEndPosInline == pOutlNdsInline->size() ) ||
1424             ( !pOutlNdsInline && nEndPos == rOutlNds.size() ) ) // no end found
1425             pEndNd = &rNds.GetEndOfContent();

** CID 1635775:  Performance inefficiencies  (AUTO_CAUSES_COPY)
/sw/source/core/doc/docnum.cxx: 475 in SwDoc::MoveOutlinePara(const SwPaM &, long, SwOutlineNodesInline *)()


________________________________________________________________________________________________________
*** CID 1635775:  Performance inefficiencies  (AUTO_CAUSES_COPY)
/sw/source/core/doc/docnum.cxx: 475 in SwDoc::MoveOutlinePara(const SwPaM &, long, SwOutlineNodesInline *)()
469         if( pSrch->IsTextNode())
470             nOutLineLevel = static_cast<sal_uInt8>(
471                             pSrch->GetTextNode()->GetAttrOutlineLevel(/*bInlineHeading=*/true)-1);
472     
473         SwNode* pEndSrch = &aEndRg.GetNode();
474     
>>>     CID 1635775:  Performance inefficiencies  (AUTO_CAUSES_COPY)
>>>     Using the "auto" keyword without an "&" causes the copy of an object of type "SwOutlineNodes", even if that object is not read.
475         auto aOutlineNodes = GetNodes().GetOutLineNds();
476         if( !pOutlineNodesInline && !GetNodes().GetOutLineNds().Seek_Entry( pSrch, &nCurrentPos ) )
477         {
478             if( !nCurrentPos )
479                 return false; // Promoting or demoting before the first outline => no.
480             if( --nCurrentPos )

** CID 1635774:    (INTEGER_OVERFLOW)
/sw/source/core/doc/docnum.cxx: 480 in SwDoc::MoveOutlinePara(const SwPaM &, long, SwOutlineNodesInline *)()
/sw/source/core/doc/docnum.cxx: 493 in SwDoc::MoveOutlinePara(const SwPaM &, long, SwOutlineNodesInline *)()


________________________________________________________________________________________________________
*** CID 1635774:    (INTEGER_OVERFLOW)
/sw/source/core/doc/docnum.cxx: 480 in SwDoc::MoveOutlinePara(const SwPaM &, long, SwOutlineNodesInline *)()
474     
475         auto aOutlineNodes = GetNodes().GetOutLineNds();
476         if( !pOutlineNodesInline && !GetNodes().GetOutLineNds().Seek_Entry( pSrch, &nCurrentPos ) )
477         {
478             if( !nCurrentPos )
479                 return false; // Promoting or demoting before the first outline => no.
>>>     CID 1635774:    (INTEGER_OVERFLOW)
>>>     Expression "--nCurrentPos", which is equal to 18446744073709551615, where "nCurrentPos" is known to be equal to 0, underflows the type that receives it, an unsigned integer 64 bits wide.
480             if( --nCurrentPos )
481                 aSttRg = *GetNodes().GetOutLineNds()[ nCurrentPos ];
482             else if( 0 > nOffset )
483                 return false; // Promoting at the top of document?!
484             else
485                 aSttRg = *GetNodes().GetEndOfContent().StartOfSectionNode();
/sw/source/core/doc/docnum.cxx: 493 in SwDoc::MoveOutlinePara(const SwPaM &, long, SwOutlineNodesInline *)()
487         else if ( pOutlineNodesInline )
488         {
489             if ( !pOutlineNodesInline->Seek_Entry_By_Anchor(pSrch, &nCurrentPosInline) )
490             {
491                 if( !nCurrentPosInline )
492                     return false; // Promoting or demoting before the first outline => no.
>>>     CID 1635774:    (INTEGER_OVERFLOW)
>>>     Expression "--nCurrentPosInline", which is equal to 18446744073709551615, where "nCurrentPosInline" is known to be equal to 0, underflows the type that receives it, an unsigned integer 64 bits wide.
493                 if( --nCurrentPosInline )
494                 {
495                     aSttRg = *SwOutlineNodes::GetRootNode((*pOutlineNodesInline)[ nCurrentPosInline ]);
496                 }
497                 else if( 0 > nOffset )
498                     return false; // Promoting at the top of document?!

** CID 1635773:  Null pointer dereferences  (FORWARD_NULL)
/sc/source/filter/xml/xmlexprt.cxx: 3235 in ScXMLExport::WriteCell(ScMyCell &, int)()


________________________________________________________________________________________________________
*** CID 1635773:  Null pointer dereferences  (FORWARD_NULL)
/sc/source/filter/xml/xmlexprt.cxx: 3235 in ScXMLExport::WriteCell(ScMyCell &, int)()
3229                         {
3230                             if (!mpCompileFormulaCxt && mpDoc)
3231                             {
3232                                 const formula::FormulaGrammar::Grammar eGrammar = mpDoc->GetStorageGrammar();
3233                                 mpCompileFormulaCxt.reset(new sc::CompileFormulaContext(*mpDoc, eGrammar));
3234                             }
>>>     CID 1635773:  Null pointer dereferences  (FORWARD_NULL)
>>>     Attempting to access the managed object of an empty smart pointer "this->mpCompileFormulaCxt".
3235                             mpCompileFormulaCxt->setODFSavingVersion(getSaneDefaultVersion());
3236                             OUString aFormula = pFormulaCell->GetFormula(*mpCompileFormulaCxt);
3237                             sal_uInt16 nNamespacePrefix =
3238                                 (mpCompileFormulaCxt->getGrammar() == formula::FormulaGrammar::GRAM_ODFF ? XML_NAMESPACE_OF : XML_NAMESPACE_OOOC);
3239     
3240                             if (!bIsMatrix)


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu6VvXBlQRUbS683tC8265rGNPXqJ1ffcoLZCnTuJFQbNcTEkb4XaEQkzovKhJ5DB3c-3DD8I3_A9M4dSy7guk8NP6DcfgslOyvJRzavztVIKj6nRqYjYpWom7SJFyX0y710bz0kUGtGdXIijC4WszVPjnh7Ge-2BSCryq8wW-2B3VmFd-2F0BjOYCUNIkpCHTXMhnWOPy8TJ0h3a9jiOtLkmYW28Wy1LfdUMhqViIvx8yc0av63kJs9sV-2B0boAgUCx5YmeoP6T7Lbh06XmFzhgxAHJ1qVhc75ypHwdsFgbb9gv7qO5wV7P0-2FFok-3D

More information about the LibreOffice mailing list