<!DOCTYPE html>
<html>
<head>
  <meta charset="UTF-8">
  <title>New Defects Reported - LibreOffice</title>
  <style>
    body { font-family: Arial, sans-serif; color: #222; line-height: 1.6; }
    .button {
      display: inline-block;
      padding: 10px 20px;
      margin: 20px 0;
      font-size: 16px;
      color: #fff !important;
      background-color: #0056b3;
      text-decoration: none;
      border-radius: 5px;
    }
    pre {
      background: #f8f9fa;
      padding: 10px;
      border-radius: 5px;
      font-size: 14px;
      overflow-x: auto;
    }
  </style>
</head>
<body>
  <p>Hi,</p>

  <p>
    Please find the latest report on new defect(s) introduced to <strong>LibreOffice</strong>
     found with Coverity Scan.
  </p>  

  <ul>
    <li><strong>New Defects Found:</strong> 10</li>
      <li>
        2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
      </li>
    <li><strong>Defects Shown:</strong> Showing 10 of 10 defect(s)</li>
  </ul>

  <h3>Defect Details</h3>
  <pre>
** CID 1659053:       Null pointer dereferences  (FORWARD_NULL)


_____________________________________________________________________________________________
*** CID 1659053:         Null pointer dereferences  (FORWARD_NULL)
/sw/source/ui/fldui/fldref.cxx: 332             in SwFieldRefPage::TypeHdl(weld::TreeView &)()
326             {
327                 // select positions
328                 OUString sName;
329                 sal_uInt16 nFlag = 0;
330     
331                 SwGetRefField* pRefField = dynamic_cast<SwGetRefField*>(GetCurField());
>>>     CID 1659053:         Null pointer dereferences  (FORWARD_NULL)
>>>     Passing null pointer "pRefField" to "GetSubType", which dereferences it.
332                 switch( pRefField->GetSubType() )
333                 {
334                     case ReferencesSubtype::Bookmark:
335                     {
336                         // #i83479#
337                         if ( pRefField->IsRefToHeadingCrossRefBookmark() )

** CID 1659052:       Performance inefficiencies  (COPY_INSTEAD_OF_MOVE)
/sw/source/filter/md/wrtmd.cxx: 180           in <unnamed>::OutFormattingChange(SwMDWriter &, <unnamed>::HintsAtPos &, <unnamed>::HintsAtPos &, int, <unnamed>::FormattingStatus &)()


_____________________________________________________________________________________________
*** CID 1659052:         Performance inefficiencies  (COPY_INSTEAD_OF_MOVE)
/sw/source/filter/md/wrtmd.cxx: 180             in <unnamed>::OutFormattingChange(SwMDWriter &, <unnamed>::HintsAtPos &, <unnamed>::HintsAtPos &, int, <unnamed>::FormattingStatus &)()
174                 rWrt.Strm().WriteUnicodeOrByteText(u"](");
175                 rWrt.Strm().WriteUnicodeOrByteText(url);
176                 rWrt.Strm().WriteUnicodeOrByteText(u")");
177             }
178         }
179     
>>>     CID 1659052:         Performance inefficiencies  (COPY_INSTEAD_OF_MOVE)
>>>     "result" is copied in a call to copy assignment "operator =", when it could be moved instead.
180         current = result;
181     }
182     
183     void OutEscapedChars(SwMDWriter& rWrt, std::u16string_view chars)
184     {
185         for (size_t pos = 0; pos < chars.size();)

** CID 1659051:       Uninitialized members  (UNINIT_CTOR)
/sw/source/filter/md/mdtab.cxx: 42           in MDTable::MDTable(SwMarkdownParser *)()


_____________________________________________________________________________________________
*** CID 1659051:         Uninitialized members  (UNINIT_CTOR)
/sw/source/filter/md/mdtab.cxx: 42             in MDTable::MDTable(SwMarkdownParser *)()
36         MDTable(SwMarkdownParser* pParser)
37             : m_pParser(pParser)
38             , m_nCurRow(-1)
39             , m_nCurCol(-1)
40         {
41             m_pParser->RegisterTable(this);
>>>     CID 1659051:         Uninitialized members  (UNINIT_CTOR)
>>>     Non-static class member "m_nCol" is not initialized in this constructor nor in any functions that it calls.
42         }
43     
44         ~MDTable() { m_pParser->DeRegisterTable(this); }
45     
46         const SwTable* GetTable() { return m_pTable; }
47         sal_Int32 GetCurRow() { return m_nCurRow; }

** CID 1659050:       Uninitialized members  (UNINIT_CTOR)
/sw/source/core/fields/fldbas.cxx: 861           in SwValueField::SwValueField(const SwValueField&)()


_____________________________________________________________________________________________
*** CID 1659050:         Uninitialized members  (UNINIT_CTOR)
/sw/source/core/fields/fldbas.cxx: 861             in SwValueField::SwValueField(const SwValueField&)()
855     }
856     
857     SwValueField::SwValueField( const SwValueField& rField )
858         : SwField(rField)
859         , m_fValue(rField.GetValue())
860     {
>>>     CID 1659050:         Uninitialized members  (UNINIT_CTOR)
>>>     Non-static class member "m_nFormat" is not initialized in this constructor nor in any functions that it calls.
861     }
862     
863     SwValueField::~SwValueField()
864     {
865     }
866     

** CID 1659049:       Resource leaks  (RESOURCE_LEAK)
/sal/osl/unx/profile.cxx: 942           in openFileImpl(const char *, unsigned int)()


_____________________________________________________________________________________________
*** CID 1659049:         Resource leaks  (RESOURCE_LEAK)
/sal/osl/unx/profile.cxx: 942             in openFileImpl(const char *, unsigned int)()
936     {
937         int        Flags;
938         osl_TFile* pFile = static_cast<osl_TFile*>(calloc(1, sizeof(osl_TFile)));
939         bool       bWriteable = false;
940     
941         if ( isForbidden( pszFilename, osl_File_OpenFlag_Write ) )
>>>     CID 1659049:         Resource leaks  (RESOURCE_LEAK)
>>>     Variable "pFile" going out of scope leaks the storage it points to.
942             return nullptr;
943     
944         if ( ProfileFlags & ( osl_Profile_WRITELOCK | osl_Profile_FLUSHWRITE ) )
945         {
946             bWriteable = true;
947         }

** CID 1659048:       Control flow issues  (DEADCODE)
/sw/source/ui/fldui/flddok.cxx: 496           in SwFieldDokPage::FillFormatLB(SwFieldTypesEnum)()


_____________________________________________________________________________________________
*** CID 1659048:         Control flow issues  (DEADCODE)
/sw/source/ui/fldui/flddok.cxx: 496             in SwFieldDokPage::FillFormatLB(SwFieldTypesEnum)()
490         }
491     
492         if (IsFieldEdit())
493         {
494             if (nTypeId == SwFieldTypesEnum::Author)
495             {
>>>     CID 1659048:         Control flow issues  (DEADCODE)
>>>     Execution cannot reach this statement: "nFormat = o3tl::is_typed_fl...".
496                 SwAuthorFormat nFormat = static_cast<const SwAuthorField*>(GetCurField())->GetFormat() & ~SwAuthorFormat::Fixed;
497                 m_xFormatLB->select_id(OUString::number(static_cast<sal_uInt32>(nFormat)));
498             }
499             else if (nTypeId == SwFieldTypesEnum::ExtendedUser)
500             {
501                 SwAuthorFormat nFormat = static_cast<const SwExtUserField*>(GetCurField())->GetFormat() & ~SwAuthorFormat::Fixed;

** CID 1659047:       Security best practices violations  (STRING_OVERFLOW)
/sal/osl/unx/file.cxx: 887           in setAllowedPaths(std::basic_string_view<char16_t, std::char_traits<char16_t>>)()


_____________________________________________________________________________________________
*** CID 1659047:         Security best practices violations  (STRING_OVERFLOW)
/sal/osl/unx/file.cxx: 887             in setAllowedPaths(std::basic_string_view<char16_t, std::char_traits<char16_t>>)()
881                 isResolved = !!realpath(folderPath.getStr(), resolvedPath);
882                 notExists = !isResolved && errno == ENOENT;
883     
884                 if (notExists || !isResolved || strlen(resolvedPath) + aPath.getLength() - n + 1 >= PATH_MAX)
885                     return; // too bad
886                 else
>>>     CID 1659047:         Security best practices violations  (STRING_OVERFLOW)
>>>     You might overrun the 4096-character fixed-size string "resolvedPath" by copying "aPath.getStr() + n" without checking the length.
887                     strcat(resolvedPath, aPath.getStr() + n);
888             }
889     
890             if (isResolved)
891             {
892                 OString aPushPath(resolvedPath, strlen(resolvedPath));

** CID 1659046:       Performance inefficiencies  (COPY_INSTEAD_OF_MOVE)
/sw/source/filter/md/mdtab.cxx: 70           in SwMarkdownParser::StartTable(int, int)()


_____________________________________________________________________________________________
*** CID 1659046:         Performance inefficiencies  (COPY_INSTEAD_OF_MOVE)
/sw/source/filter/md/mdtab.cxx: 70             in SwMarkdownParser::StartTable(int, int)()
64         if (m_pPam->GetPoint()->GetContentIndex())
65             AppendTextNode(AM_SPACE);
66         else
67             AddParSpace();
68     
69         std::shared_ptr<MDTable> xTable = std::make_shared<MDTable>(this);
>>>     CID 1659046:         Performance inefficiencies  (COPY_INSTEAD_OF_MOVE)
>>>     "xTable" is copied in a call to copy assignment "operator =", when it could be moved instead.
70         m_xTable = xTable;
71     
72         const SwTable* pTable
73             = m_xDoc->InsertTable(SwInsertTableOptions(SwInsertTableFlags::All, 1), *m_pPam->GetPoint(),
74                                   nRow, nCol, text::HoriOrientation::FULL);
75         m_xTable->SetTable(pTable, nRow, nCol);

** CID 1659045:       Security best practices violations  (STRING_OVERFLOW)
/sal/osl/unx/file.cxx: 931           in isForbidden(const rtl::OString &, unsigned int)()


_____________________________________________________________________________________________
*** CID 1659045:         Security best practices violations  (STRING_OVERFLOW)
/sal/osl/unx/file.cxx: 931             in isForbidden(const rtl::OString &, unsigned int)()
925             bool notExists = !isResolved && errno == ENOENT;
926             if (notExists) // folder doesn't exist, check parent, in the end of chain checks "."
927                 return isForbidden(folderPath, nFlags);
928             else if (!isResolved || strlen(resolvedPath) + filePath.getLength() - n + 1 >= PATH_MAX)
929                 return true; // too bad
930             else
>>>     CID 1659045:         Security best practices violations  (STRING_OVERFLOW)
>>>     You might overrun the 4096-character fixed-size string "resolvedPath" by copying "filePath->getStr() + n" without checking the length.
931                 strcat(resolvedPath, filePath.getStr() + n);
932         }
933     
934         const std::vector<OString> *pCheckPaths = &allowedPathsRead;
935         if (nFlags & osl_File_OpenFlag_Write ||
936             nFlags & osl_File_OpenFlag_Create)

** CID 1659044:       Resource leaks  (RESOURCE_LEAK)
/sal/osl/unx/pipe.cxx: 211           in osl_psz_createPipe(const char *, unsigned int, void *)()


_____________________________________________________________________________________________
*** CID 1659044:         Resource leaks  (RESOURCE_LEAK)
/sal/osl/unx/pipe.cxx: 211             in osl_psz_createPipe(const char *, unsigned int, void *)()
205     
206         memset(&addr, 0, sizeof(addr));
207     
208         SAL_INFO("sal.osl.pipe", "new pipe on fd " << pPipe->m_Socket << " '" << name << "'");
209     
210         if (isForbidden(name, osl_File_OpenFlag_Create))
>>>     CID 1659044:         Resource leaks  (RESOURCE_LEAK)
>>>     Variable "pPipe" going out of scope leaks the storage it points to.
211             return nullptr;
212     
213         addr.sun_family = AF_UNIX;
214         // coverity[fixed_size_dest : FALSE] - safe, see check above
215         strcpy(addr.sun_path, name.getStr());
216     #if defined(FREEBSD)

  </pre>

  <p>
    <a href="https://scan.coverity.com/projects/libreoffice?tab=overview" class="button">View Defects in Coverity Scan</a>
  </p>

  <p>Best regards,</p>
  <p>The Coverity Scan Admin Team</p>
  <img class="logo" width="140" src="https://scan.coverity.com/assets/BlackDuckLogo-6697adc63e07340464201a2ad534d3d3e44f95d36edda20b140440d34f05372f.svg" />
</body>
</html>