New Defects reported by Coverity Scan for LibreOffice

scan-admin at coverity.com scan-admin at coverity.com
Fri Mar 28 19:01:10 UTC 2025 

Hi,

Please find the latest report on new defect(s) introduced to LibreOffice found with Coverity Scan.

6 new defect(s) introduced to LibreOffice found with Coverity Scan.
4 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 6 of 6 defect(s)


** CID 1645532:  Concurrent data access violations  (MISSING_LOCK)
/chart2/source/tools/LifeTime.cxx: 295 in apphelper::CloseableLifeTimeManager::impl_apiCallCountReachedNull(std::unique_lock<std::mutex> &)()


________________________________________________________________________________________________________
*** CID 1645532:  Concurrent data access violations  (MISSING_LOCK)
/chart2/source/tools/LifeTime.cxx: 295 in apphelper::CloseableLifeTimeManager::impl_apiCallCountReachedNull(std::unique_lock<std::mutex> &)()
289     }
290     
291     void CloseableLifeTimeManager::impl_apiCallCountReachedNull(std::unique_lock<std::mutex>& rGuard)
292     {
293         //Mutex needs to be acquired exactly once
294         //mutex will be released inbetween in impl_doClose()
>>>     CID 1645532:  Concurrent data access violations  (MISSING_LOCK)
>>>     Accessing "this->m_bOwnership" without holding lock "apphelper::LifeTimeManager.m_aAccessMutex". Elsewhere, "apphelper::CloseableLifeTimeManager.m_bOwnership" is written to with "LifeTimeManager.m_aAccessMutex" held 3 out of 3 times (1 of these accesses strongly imply that it is necessary).
295         if( m_pCloseable && m_bOwnership )
296             impl_doClose(rGuard);
297     }
298     
299     void CloseableLifeTimeManager::impl_doClose(std::unique_lock<std::mutex>& rGuard)
300     {

** CID 1645531:  Uninitialized members  (UNINIT_CTOR)
/sc/source/ui/view/viewfun5.cxx: 752 in ScViewFunc::PasteDataFormatFormattedText(SotClipboardFormatId, const com::sun::star::uno::Reference<com::sun::star::datatransfer::XTransferable> &, short, int, bool, const TransferableDataHelper &)::[lambda(int) (instance 1)]::lambda([lambda(int) (instance 1)]&&)()


________________________________________________________________________________________________________
*** CID 1645531:  Uninitialized members  (UNINIT_CTOR)
/sc/source/ui/view/viewfun5.cxx: 752 in ScViewFunc::PasteDataFormatFormattedText(SotClipboardFormatId, const com::sun::star::uno::Reference<com::sun::star::datatransfer::XTransferable> &, short, int, bool, const TransferableDataHelper &)::[lambda(int) (instance 1)]::lambda([lambda(int) (instance 1)]&&)()
746                 ScAbstractDialogFactory* pFact = ScAbstractDialogFactory::Create();
747                 VclPtr<AbstractScImportAsciiDlg> pDlg(
748                     pFact->CreateScImportAsciiDlg(pParent ? pParent->GetFrameWeld() : nullptr, OUString(), pStrm.get(), SC_PASTETEXT));
749     
750                 bAllowDialogs = bAllowDialogs && !ScModule::get()->IsInExecuteDrop();
751     
>>>     CID 1645531:  Uninitialized members  (UNINIT_CTOR)
>>>     Non-static class member "this" is not initialized in this constructor nor in any functions that it calls.
752                 pDlg->StartExecuteAsync([this, pDlg, &rDoc, pStrm=std::move(pStrm),
753                                          nFormatId, pStrBuffer=std::move(pStrBuffer),
754                                          pObj=std::move(pObj), bAllowDialogs](sal_Int32 nResult){
755                     bool bShowErrorDialog = bAllowDialogs;
756                     if (RET_OK == nResult)
757                     {

** CID 1645530:  Uninitialized members  (UNINIT_CTOR)
/sc/source/ui/view/viewfun5.cxx: 752 in ScViewFunc::PasteDataFormatFormattedText(SotClipboardFormatId, const com::sun::star::uno::Reference<com::sun::star::datatransfer::XTransferable> &, short, int, bool, const TransferableDataHelper &)::[lambda(int) (instance 1)]::lambda(const [lambda(int) (instance 1)]&)()


________________________________________________________________________________________________________
*** CID 1645530:  Uninitialized members  (UNINIT_CTOR)
/sc/source/ui/view/viewfun5.cxx: 752 in ScViewFunc::PasteDataFormatFormattedText(SotClipboardFormatId, const com::sun::star::uno::Reference<com::sun::star::datatransfer::XTransferable> &, short, int, bool, const TransferableDataHelper &)::[lambda(int) (instance 1)]::lambda(const [lambda(int) (instance 1)]&)()
746                 ScAbstractDialogFactory* pFact = ScAbstractDialogFactory::Create();
747                 VclPtr<AbstractScImportAsciiDlg> pDlg(
748                     pFact->CreateScImportAsciiDlg(pParent ? pParent->GetFrameWeld() : nullptr, OUString(), pStrm.get(), SC_PASTETEXT));
749     
750                 bAllowDialogs = bAllowDialogs && !ScModule::get()->IsInExecuteDrop();
751     
>>>     CID 1645530:  Uninitialized members  (UNINIT_CTOR)
>>>     Non-static class member "this" is not initialized in this constructor nor in any functions that it calls.
752                 pDlg->StartExecuteAsync([this, pDlg, &rDoc, pStrm=std::move(pStrm),
753                                          nFormatId, pStrBuffer=std::move(pStrBuffer),
754                                          pObj=std::move(pObj), bAllowDialogs](sal_Int32 nResult){
755                     bool bShowErrorDialog = bAllowDialogs;
756                     if (RET_OK == nResult)
757                     {

** CID 1645529:  Memory - illegal accesses  (USE_AFTER_FREE)


________________________________________________________________________________________________________
*** CID 1645529:  Memory - illegal accesses  (USE_AFTER_FREE)
/sw/source/core/edit/edredln.cxx: 113 in SwEditShell::ReinstatePaM(const SwRangeRedline &, SwPaM &)()
107             SetMark();
108             *pCursor->GetMark() = *rPaM.Start();
109             rtl::Reference<SwTransferable> pTransfer(new SwTransferable(*pWrtShell));
110             // Copy rich text, but don't strip out text inside delete redlines.
111             pTransfer->Copy(/*bIsCut=*/false, /*bDeleteRedlines=*/false);
112             ClearMark();
>>>     CID 1645529:  Memory - illegal accesses  (USE_AFTER_FREE)
>>>     Calling "GetPoint" dereferences freed pointer "pCursor".
113             *pCursor->GetPoint() = *rPaM.End();
114             TransferableDataHelper aHelper(pTransfer);
115             SwTransferable::Paste(*pWrtShell, aHelper);
116         }
117     }
118     

** CID 1645528:  Null pointer dereferences  (FORWARD_NULL)


________________________________________________________________________________________________________
*** CID 1645528:  Null pointer dereferences  (FORWARD_NULL)
/sd/source/core/drawdoc3.cxx: 766 in SdDrawDocument::insertSelectedPages(const std::vector<rtl::OUString, std::allocator<rtl::OUString>> &, PageInsertionParams &, InsertBookmarkOptions)()
760                         if (rOptions.bPreservePageNames)
761                         {
762                             // Take old slide names for inserted pages
763                             SdPage* pNewNotesPage = static_cast<SdPage*>( GetPage(nActualInsertPos+1));
764     
765                             if (pNewNotesPage)
>>>     CID 1645528:  Null pointer dereferences  (FORWARD_NULL)
>>>     Passing null pointer "pStandardPage->GetRealName()" to "SetName", which dereferences it.
766                                 pNewNotesPage->SetName(pStandardPage->GetRealName());
767                         }
768     
769                         if( rParams.bUndo )
770                             AddUndo(GetSdrUndoFactory().CreateUndoDeletePage(*pNotesPage));
771     

** CID 1645527:  Incorrect expression  (COPY_PASTE_ERROR)
/sd/source/core/drawdoc3.cxx: 881 in SdDrawDocument::updateInsertedPages(PageInsertionParams &, const InsertBookmarkOptions &, DocumentPageCounts &, StyleTransferContext &)()


________________________________________________________________________________________________________
*** CID 1645527:  Incorrect expression  (COPY_PASTE_ERROR)
/sd/source/core/drawdoc3.cxx: 881 in SdDrawDocument::updateInsertedPages(PageInsertionParams &, const InsertBookmarkOptions &, DocumentPageCounts &, StyleTransferContext &)()
875             if (rParams.bUndo)
876                 AddUndo(GetSdrUndoFactory().CreateUndoPageChangeMasterPage(*rParams.mainProps.pPage));
877     
878             if (rParams.bScaleObjects)
879             {
880                 ::tools::Rectangle aBorderRect(rParams.notesProps.left, rParams.notesProps.upper, rParams.notesProps.right, rParams.notesProps.lower);
>>>     CID 1645527:  Incorrect expression  (COPY_PASTE_ERROR)
>>>     "mainProps" in "rParams.mainProps.pPage" looks like a copy-paste error.
881                 rParams.mainProps.pPage->ScaleObjects(rParams.notesProps.size, aBorderRect, true);
882             }
883     
884             rParams.mainProps.pPage->SetSize(rParams.notesProps.size);
885             rParams.mainProps.pPage->SetBorder(rParams.notesProps.left, rParams.notesProps.upper, rParams.notesProps.right, rParams.notesProps.lower);
886             rParams.mainProps.pPage->SetOrientation(rParams.notesProps.orientation);


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/libreoffice?tab=overview

More information about the LibreOffice mailing list