New Defects reported by Coverity Scan for LibreOffice

scan-admin at coverity.com scan-admin at coverity.com
Sat Aug 23 01:47:30 UTC 2025 

Hi,

Please find the latest report on new defect(s) introduced to LibreOffice found with Coverity Scan.

4 new defect(s) introduced to LibreOffice found with Coverity Scan.
10 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 4 of 4 defect(s)


** CID 1665122:       Integer handling issues  (BAD_SHIFT)
/sw/source/uibase/utlui/content.cxx: 3283           in SwContentTree::Display(bool)()


_____________________________________________________________________________________________
*** CID 1665122:         Integer handling issues  (BAD_SHIFT)
/sw/source/uibase/utlui/content.cxx: 3283             in SwContentTree::Display(bool)()
3277                     if (nCntType == m_nLastSelType)
3278                         xCntTypeEntry = m_xTreeView->make_iterator(xEntry.get());
3279     
3280                     sal_Int32 nExpandOptions = (State::HIDDEN == m_eState)
3281                                                 ? m_nHiddenBlock
3282                                                 : m_nActiveBlock;
>>>     CID 1665122:         Integer handling issues  (BAD_SHIFT)
>>>     In expression "1 << static_cast<int>(nCntType)", shifting by a negative amount has undefined behavior.  The shift amount, "nCntType", is as little as -1.
3283                     if (nExpandOptions & (1 << static_cast<int>(nCntType)))
3284                     {
3285                         // fill contents of to-be expanded entries while frozen
3286                         Expand(*xEntry, &aNodesToExpand);
3287                         m_xTreeView->set_children_on_demand(*xEntry, false);
3288                     }

** CID 1665121:       Integer handling issues  (NEGATIVE_RETURNS)


_____________________________________________________________________________________________
*** CID 1665121:         Integer handling issues  (NEGATIVE_RETURNS)
/sw/source/uibase/utlui/content.cxx: 1894             in SwContentTree::CommandHdl(const CommandEvent &)()
1888                     aIdent = "endnotetracking";
1889                     bRemoveEndnoteTracking = false;
1890                 break;
1891                 default: break;
1892             }
1893             if (!aIdent.isEmpty())
>>>     CID 1665121:         Integer handling issues  (NEGATIVE_RETURNS)
>>>     "nContentType" is passed to a parameter that cannot be negative.
1894                 xPop->set_active(aIdent, mTrackContentType[nContentType]);
1895     
1896             // Edit only if the shown content is coming from the current view.
1897             if (State::HIDDEN != m_eState &&
1898                     (State::ACTIVE == m_eState || (GetActiveView() && m_pActiveShell == GetActiveView()->GetWrtShellPtr()))
1899                     && lcl_IsContent(*xEntry, *m_xTreeView))

** CID 1665120:       Null pointer dereferences  (FORWARD_NULL)


_____________________________________________________________________________________________
*** CID 1665120:         Null pointer dereferences  (FORWARD_NULL)
/cui/source/tabpages/transfrm.cxx: 572             in SvxSlantTabPage::Reset(const SfxItemSet *)()
566         else
567         {
568             pItem = GetItem( *rAttrs, SDRATTR_CORNER_RADIUS );
569     
570             if (const double fUIScale = pItem ? (double(pView->GetModel().GetUIScale())) : 0.0)
571             {
>>>     CID 1665120:         Null pointer dereferences  (FORWARD_NULL)
>>>     Passing null pointer "pItem" to "GetValue", which dereferences it.
572                 const double fTmp(static_cast<double>(static_cast<const SdrMetricItem*>(pItem)->GetValue()) / fUIScale);
573                 SetMetricValue(*m_xMtrRadius, basegfx::fround(fTmp), ePoolUnit);
574             }
575             else
576             {
577                 m_xMtrRadius->set_text(u""_ustr);

** CID 1665119:       Incorrect expression  (DIVIDE_BY_ZERO)
/include/svx/transfrmhelper.hxx: 47           in TransfrmHelper::ScaleRect(basegfx::B2DRange &, const Fraction &)()


_____________________________________________________________________________________________
*** CID 1665119:         Incorrect expression  (DIVIDE_BY_ZERO)
/include/svx/transfrmhelper.hxx: 47             in TransfrmHelper::ScaleRect(basegfx::B2DRange &, const Fraction &)()
41         }
42     
43         inline void ScaleRect(basegfx::B2DRange& rRange, const Fraction& rUIScale)
44         {
45             const double fDivisor(rUIScale);
46             assert(fDivisor != 0 && "divide by zero");
>>>     CID 1665119:         Incorrect expression  (DIVIDE_BY_ZERO)
>>>     In expression "1. / fDivisor", division by expression "fDivisor" which may be zero has undefined behavior.
47             const double fFactor(1.0 / fDivisor);
48             rRange = basegfx::B2DRange(rRange.getMinimum() * fFactor, rRange.getMaximum() * fFactor);
49         }
50     }
51     
52     #endif


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/libreoffice?tab=overview

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/libreoffice/attachments/20250823/9853d1f4/attachment.htm>

More information about the LibreOffice mailing list