<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>New Defects Reported - LibreOffice</title>
<style>
body { font-family: Arial, sans-serif; color: #222; line-height: 1.6; }
.button {
display: inline-block;
padding: 10px 20px;
margin: 20px 0;
font-size: 16px;
color: #fff !important;
background-color: #0056b3;
text-decoration: none;
border-radius: 5px;
}
pre {
background: #f8f9fa;
padding: 10px;
border-radius: 5px;
font-size: 14px;
overflow-x: auto;
}
</style>
</head>
<body>
<p>Hi,</p>
<p>
Please find the latest report on new defect(s) introduced to <strong>LibreOffice</strong>
found with Coverity Scan.
</p>
<ul>
<li><strong>New Defects Found:</strong> 10</li>
<li>
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
</li>
<li><strong>Defects Shown:</strong> Showing 10 of 10 defect(s)</li>
</ul>
<h3>Defect Details</h3>
<pre>
** CID 1659053: Null pointer dereferences (FORWARD_NULL)
_____________________________________________________________________________________________
*** CID 1659053: Null pointer dereferences (FORWARD_NULL)
/sw/source/ui/fldui/fldref.cxx: 332 in SwFieldRefPage::TypeHdl(weld::TreeView &)()
326 {
327 // select positions
328 OUString sName;
329 sal_uInt16 nFlag = 0;
330
331 SwGetRefField* pRefField = dynamic_cast<SwGetRefField*>(GetCurField());
>>> CID 1659053: Null pointer dereferences (FORWARD_NULL)
>>> Passing null pointer "pRefField" to "GetSubType", which dereferences it.
332 switch( pRefField->GetSubType() )
333 {
334 case ReferencesSubtype::Bookmark:
335 {
336 // #i83479#
337 if ( pRefField->IsRefToHeadingCrossRefBookmark() )
** CID 1659052: Performance inefficiencies (COPY_INSTEAD_OF_MOVE)
/sw/source/filter/md/wrtmd.cxx: 180 in <unnamed>::OutFormattingChange(SwMDWriter &, <unnamed>::HintsAtPos &, <unnamed>::HintsAtPos &, int, <unnamed>::FormattingStatus &)()
_____________________________________________________________________________________________
*** CID 1659052: Performance inefficiencies (COPY_INSTEAD_OF_MOVE)
/sw/source/filter/md/wrtmd.cxx: 180 in <unnamed>::OutFormattingChange(SwMDWriter &, <unnamed>::HintsAtPos &, <unnamed>::HintsAtPos &, int, <unnamed>::FormattingStatus &)()
174 rWrt.Strm().WriteUnicodeOrByteText(u"](");
175 rWrt.Strm().WriteUnicodeOrByteText(url);
176 rWrt.Strm().WriteUnicodeOrByteText(u")");
177 }
178 }
179
>>> CID 1659052: Performance inefficiencies (COPY_INSTEAD_OF_MOVE)
>>> "result" is copied in a call to copy assignment "operator =", when it could be moved instead.
180 current = result;
181 }
182
183 void OutEscapedChars(SwMDWriter& rWrt, std::u16string_view chars)
184 {
185 for (size_t pos = 0; pos < chars.size();)
** CID 1659051: Uninitialized members (UNINIT_CTOR)
/sw/source/filter/md/mdtab.cxx: 42 in MDTable::MDTable(SwMarkdownParser *)()
_____________________________________________________________________________________________
*** CID 1659051: Uninitialized members (UNINIT_CTOR)
/sw/source/filter/md/mdtab.cxx: 42 in MDTable::MDTable(SwMarkdownParser *)()
36 MDTable(SwMarkdownParser* pParser)
37 : m_pParser(pParser)
38 , m_nCurRow(-1)
39 , m_nCurCol(-1)
40 {
41 m_pParser->RegisterTable(this);
>>> CID 1659051: Uninitialized members (UNINIT_CTOR)
>>> Non-static class member "m_nCol" is not initialized in this constructor nor in any functions that it calls.
42 }
43
44 ~MDTable() { m_pParser->DeRegisterTable(this); }
45
46 const SwTable* GetTable() { return m_pTable; }
47 sal_Int32 GetCurRow() { return m_nCurRow; }
** CID 1659050: Uninitialized members (UNINIT_CTOR)
/sw/source/core/fields/fldbas.cxx: 861 in SwValueField::SwValueField(const SwValueField&)()
_____________________________________________________________________________________________
*** CID 1659050: Uninitialized members (UNINIT_CTOR)
/sw/source/core/fields/fldbas.cxx: 861 in SwValueField::SwValueField(const SwValueField&)()
855 }
856
857 SwValueField::SwValueField( const SwValueField& rField )
858 : SwField(rField)
859 , m_fValue(rField.GetValue())
860 {
>>> CID 1659050: Uninitialized members (UNINIT_CTOR)
>>> Non-static class member "m_nFormat" is not initialized in this constructor nor in any functions that it calls.
861 }
862
863 SwValueField::~SwValueField()
864 {
865 }
866
** CID 1659049: Resource leaks (RESOURCE_LEAK)
/sal/osl/unx/profile.cxx: 942 in openFileImpl(const char *, unsigned int)()
_____________________________________________________________________________________________
*** CID 1659049: Resource leaks (RESOURCE_LEAK)
/sal/osl/unx/profile.cxx: 942 in openFileImpl(const char *, unsigned int)()
936 {
937 int Flags;
938 osl_TFile* pFile = static_cast<osl_TFile*>(calloc(1, sizeof(osl_TFile)));
939 bool bWriteable = false;
940
941 if ( isForbidden( pszFilename, osl_File_OpenFlag_Write ) )
>>> CID 1659049: Resource leaks (RESOURCE_LEAK)
>>> Variable "pFile" going out of scope leaks the storage it points to.
942 return nullptr;
943
944 if ( ProfileFlags & ( osl_Profile_WRITELOCK | osl_Profile_FLUSHWRITE ) )
945 {
946 bWriteable = true;
947 }
** CID 1659048: Control flow issues (DEADCODE)
/sw/source/ui/fldui/flddok.cxx: 496 in SwFieldDokPage::FillFormatLB(SwFieldTypesEnum)()
_____________________________________________________________________________________________
*** CID 1659048: Control flow issues (DEADCODE)
/sw/source/ui/fldui/flddok.cxx: 496 in SwFieldDokPage::FillFormatLB(SwFieldTypesEnum)()
490 }
491
492 if (IsFieldEdit())
493 {
494 if (nTypeId == SwFieldTypesEnum::Author)
495 {
>>> CID 1659048: Control flow issues (DEADCODE)
>>> Execution cannot reach this statement: "nFormat = o3tl::is_typed_fl...".
496 SwAuthorFormat nFormat = static_cast<const SwAuthorField*>(GetCurField())->GetFormat() & ~SwAuthorFormat::Fixed;
497 m_xFormatLB->select_id(OUString::number(static_cast<sal_uInt32>(nFormat)));
498 }
499 else if (nTypeId == SwFieldTypesEnum::ExtendedUser)
500 {
501 SwAuthorFormat nFormat = static_cast<const SwExtUserField*>(GetCurField())->GetFormat() & ~SwAuthorFormat::Fixed;
** CID 1659047: Security best practices violations (STRING_OVERFLOW)
/sal/osl/unx/file.cxx: 887 in setAllowedPaths(std::basic_string_view<char16_t, std::char_traits<char16_t>>)()
_____________________________________________________________________________________________
*** CID 1659047: Security best practices violations (STRING_OVERFLOW)
/sal/osl/unx/file.cxx: 887 in setAllowedPaths(std::basic_string_view<char16_t, std::char_traits<char16_t>>)()
881 isResolved = !!realpath(folderPath.getStr(), resolvedPath);
882 notExists = !isResolved && errno == ENOENT;
883
884 if (notExists || !isResolved || strlen(resolvedPath) + aPath.getLength() - n + 1 >= PATH_MAX)
885 return; // too bad
886 else
>>> CID 1659047: Security best practices violations (STRING_OVERFLOW)
>>> You might overrun the 4096-character fixed-size string "resolvedPath" by copying "aPath.getStr() + n" without checking the length.
887 strcat(resolvedPath, aPath.getStr() + n);
888 }
889
890 if (isResolved)
891 {
892 OString aPushPath(resolvedPath, strlen(resolvedPath));
** CID 1659046: Performance inefficiencies (COPY_INSTEAD_OF_MOVE)
/sw/source/filter/md/mdtab.cxx: 70 in SwMarkdownParser::StartTable(int, int)()
_____________________________________________________________________________________________
*** CID 1659046: Performance inefficiencies (COPY_INSTEAD_OF_MOVE)
/sw/source/filter/md/mdtab.cxx: 70 in SwMarkdownParser::StartTable(int, int)()
64 if (m_pPam->GetPoint()->GetContentIndex())
65 AppendTextNode(AM_SPACE);
66 else
67 AddParSpace();
68
69 std::shared_ptr<MDTable> xTable = std::make_shared<MDTable>(this);
>>> CID 1659046: Performance inefficiencies (COPY_INSTEAD_OF_MOVE)
>>> "xTable" is copied in a call to copy assignment "operator =", when it could be moved instead.
70 m_xTable = xTable;
71
72 const SwTable* pTable
73 = m_xDoc->InsertTable(SwInsertTableOptions(SwInsertTableFlags::All, 1), *m_pPam->GetPoint(),
74 nRow, nCol, text::HoriOrientation::FULL);
75 m_xTable->SetTable(pTable, nRow, nCol);
** CID 1659045: Security best practices violations (STRING_OVERFLOW)
/sal/osl/unx/file.cxx: 931 in isForbidden(const rtl::OString &, unsigned int)()
_____________________________________________________________________________________________
*** CID 1659045: Security best practices violations (STRING_OVERFLOW)
/sal/osl/unx/file.cxx: 931 in isForbidden(const rtl::OString &, unsigned int)()
925 bool notExists = !isResolved && errno == ENOENT;
926 if (notExists) // folder doesn't exist, check parent, in the end of chain checks "."
927 return isForbidden(folderPath, nFlags);
928 else if (!isResolved || strlen(resolvedPath) + filePath.getLength() - n + 1 >= PATH_MAX)
929 return true; // too bad
930 else
>>> CID 1659045: Security best practices violations (STRING_OVERFLOW)
>>> You might overrun the 4096-character fixed-size string "resolvedPath" by copying "filePath->getStr() + n" without checking the length.
931 strcat(resolvedPath, filePath.getStr() + n);
932 }
933
934 const std::vector<OString> *pCheckPaths = &allowedPathsRead;
935 if (nFlags & osl_File_OpenFlag_Write ||
936 nFlags & osl_File_OpenFlag_Create)
** CID 1659044: Resource leaks (RESOURCE_LEAK)
/sal/osl/unx/pipe.cxx: 211 in osl_psz_createPipe(const char *, unsigned int, void *)()
_____________________________________________________________________________________________
*** CID 1659044: Resource leaks (RESOURCE_LEAK)
/sal/osl/unx/pipe.cxx: 211 in osl_psz_createPipe(const char *, unsigned int, void *)()
205
206 memset(&addr, 0, sizeof(addr));
207
208 SAL_INFO("sal.osl.pipe", "new pipe on fd " << pPipe->m_Socket << " '" << name << "'");
209
210 if (isForbidden(name, osl_File_OpenFlag_Create))
>>> CID 1659044: Resource leaks (RESOURCE_LEAK)
>>> Variable "pPipe" going out of scope leaks the storage it points to.
211 return nullptr;
212
213 addr.sun_family = AF_UNIX;
214 // coverity[fixed_size_dest : FALSE] - safe, see check above
215 strcpy(addr.sun_path, name.getStr());
216 #if defined(FREEBSD)
</pre>
<p>
<a href="https://scan.coverity.com/projects/libreoffice?tab=overview" class="button">View Defects in Coverity Scan</a>
</p>
<p>Best regards,</p>
<p>The Coverity Scan Admin Team</p>
<img class="logo" width="140" src="https://scan.coverity.com/assets/BlackDuckLogo-6697adc63e07340464201a2ad534d3d3e44f95d36edda20b140440d34f05372f.svg" />
</body>
</html>