<!DOCTYPE html> <html> <head> <meta charset="UTF-8"> <title>New Defects Reported - LibreOffice</title> <style> body { font-family: Arial, sans-serif; color: #222; line-height: 1.6; } .button { display: inline-block; padding: 10px 20px; margin: 20px 0; font-size: 16px; color: #fff !important; background-color: #0056b3; text-decoration: none; border-radius: 5px; } pre { background: #f8f9fa; padding: 10px; border-radius: 5px; font-size: 14px; overflow-x: auto; } </style> </head> <body> Hi, Please find the latest report on new defect(s) introduced to LibreOffice found with Coverity Scan. <ul> <li>New Defects Found: 4</li> <li> 13 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. </li> <li>Defects Shown: Showing 4 of 4 defect(s)</li> </ul> <h3>Defect Details</h3> <pre> ** CID 1665118: Insecure data handling (INTEGER_OVERFLOW) /include/o3tl/unit_conversion.hxx: 105 in o3tl::detail::MulDivSaturate<int>(T1, long, long)() _____________________________________________________________________________________________ *** CID 1665118: Insecure data handling (INTEGER_OVERFLOW) /include/o3tl/unit_conversion.hxx: 105 in o3tl::detail::MulDivSaturate<int>(T1, long, long)() 99 if (sal_Int64 d_2 = d / 2; !isBetween(n, (SAL_MIN_INT64 + d_2) / m, (SAL_MAX_INT64 - d_2) / m)) 100 { 101 if (n >= 0) 102 { 103 if (m > d && std::make_unsigned_t(n) > sal_uInt64(SAL_MAX_INT64 / m * d - d_2)) 104 return SAL_MAX_INT64; // saturate >>> CID 1665118: Insecure data handling (INTEGER_OVERFLOW) >>> "o3tl::saturating_add(n, d_2) / d * m", which might have overflowed, is returned from the function. 105 return saturating_add<sal_uInt64>(n, d_2) / d * m; // divide before multiplication 106 } 107 else if constexpr (std::is_signed_v) // n < 0; don't compile for unsigned n 108 { 109 if (m > d && n < SAL_MIN_INT64 / m * d + d_2) 110 return SAL_MIN_INT64; // saturate ** CID 1665116: Insecure data handling (INTEGER_OVERFLOW) /include/o3tl/unit_conversion.hxx: 105 in o3tl::detail::MulDivSaturate<long>(T1, long, long)() _____________________________________________________________________________________________ *** CID 1665116: Insecure data handling (INTEGER_OVERFLOW) /include/o3tl/unit_conversion.hxx: 105 in o3tl::detail::MulDivSaturate<long>(T1, long, long)() 99 if (sal_Int64 d_2 = d / 2; !isBetween(n, (SAL_MIN_INT64 + d_2) / m, (SAL_MAX_INT64 - d_2) / m)) 100 { 101 if (n >= 0) 102 { 103 if (m > d && std::make_unsigned_t(n) > sal_uInt64(SAL_MAX_INT64 / m * d - d_2)) 104 return SAL_MAX_INT64; // saturate >>> CID 1665116: Insecure data handling (INTEGER_OVERFLOW) >>> "o3tl::saturating_add(n, d_2) / d * m", which might have overflowed, is returned from the function. 105 return saturating_add<sal_uInt64>(n, d_2) / d * m; // divide before multiplication 106 } 107 else if constexpr (std::is_signed_v) // n < 0; don't compile for unsigned n 108 { 109 if (m > d && n < SAL_MIN_INT64 / m * d + d_2) 110 return SAL_MIN_INT64; // saturate ** CID 1665115: Performance inefficiencies (COPY_INSTEAD_OF_MOVE) _____________________________________________________________________________________________ *** CID 1665115: Performance inefficiencies (COPY_INSTEAD_OF_MOVE) /drawinglayer/source/processor2d/cairopixelprocessor2d.cxx: 2121 in drawinglayer::processor2d::CairoPixelProcessor2D::processMarkerArrayPrimitive2D(const drawinglayer::primitive2d::MarkerArrayPrimitive2D &)() 2115 Bitmap aBitmap2(rMarker.GetSizePixel(), vcl::PixelFormat::N24_BPP); 2116 aBitmap2.Erase(Color(aReplacementColor)); 2117 2118 if (rMarker.HasAlpha()) 2119 aBitmap = Bitmap(BitmapEx(aBitmap2, rMarker.CreateAlphaMask())); 2120 else >>> CID 1665115: Performance inefficiencies (COPY_INSTEAD_OF_MOVE) >>> "aBitmap2" is copied in call to copy assignment for class "Bitmap", when it could be moved instead. 2121 aBitmap = aBitmap2; 2122 } 2123 2124 maBColorModifierStack.pop(); 2125 } 2126 ** CID 1665114: Performance inefficiencies (COPY_INSTEAD_OF_MOVE) /sd/inc/sdpage.hxx: 381 in SdPage::setLinkAnnotations(std::vector<std::pair<basegfx::B2DRange, rtl::OUString>, std::allocator<std::pair<basegfx::B2DRange, rtl::OUString>>>)() _____________________________________________________________________________________________ *** CID 1665114: Performance inefficiencies (COPY_INSTEAD_OF_MOVE) /sd/inc/sdpage.hxx: 381 in SdPage::setLinkAnnotations(std::vector<std::pair<basegfx::B2DRange, rtl::OUString>, std::allocator<std::pair<basegfx::B2DRange, rtl::OUString>>>)() 375 376 SD_DLLPUBLIC void removeAnnotation(rtl::Reference<sdr::annotation::Annotation> const& xAnnotation) override; 377 void removeAnnotationNoNotify(rtl::Reference<sdr::annotation::Annotation> const& xAnnotation) override; 378 379 void setLinkAnnotations(std::vector<std::pair<basegfx::B2DRectangle, OUString>> aLinks) 380 { >>> CID 1665114: Performance inefficiencies (COPY_INSTEAD_OF_MOVE) >>> "aLinks" is copied in call to copy assignment for class "std::vector<std::pair<basegfx::B2DRange, rtl::OUString>, std::allocator<std::pair<basegfx::B2DRange, rtl::OUString> > >", when it could be moved instead. 381 maLinkAnnotations = aLinks; 382 } 383 const std::vector<std::pair<basegfx::B2DRectangle, OUString>>& getLinkAnnotations() const 384 { 385 return maLinkAnnotations; 386 } </pre> <a href="https://scan.coverity.com/projects/libreoffice?tab=overview" class="button">View Defects in Coverity Scan</a> Best regards, The Coverity Scan Admin Team <img class="logo" width="140" src="https://scan.coverity.com/assets/BlackDuckLogo-6697adc63e07340464201a2ad534d3d3e44f95d36edda20b140440d34f05372f.svg" /> </body> </html>