Hi,
Please find the latest report on new defect(s) introduced to LibreOffice found with Coverity Scan.
11 new defect(s) introduced to LibreOffice found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by
Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 11 of 11 defect(s)
** CID 1296217: Memory - illegal accesses (USE_AFTER_FREE)
________________________________________________________________________________________________________
*** CID 1296217: Memory - illegal accesses (USE_AFTER_FREE)
/sw/source/core/layout/sectfrm.cxx: 356 in SwSectionFrm::Paste(SwFrm *, SwFrm *)()
350 pSect->SetFollow( static_cast<SwSectionFrm*>(pParent)->GetFollow() );
351 static_cast<SwSectionFrm*>(pParent)->SetFollow( NULL );
352 if( pSect->GetFollow() )
353 pParent->_InvalidateSize();
354
355 InsertGroupBefore( pParent, pSibling, pSect );
CID 1296217: Memory - illegal accesses (USE_AFTER_FREE)
Calling "Init" dereferences freed pointer "pSect".
356 pSect->Init();
357 (pSect->*fnRect->fnMakePos)( pSect->GetUpper(), pSect->GetPrev(), true);
358 if( !static_cast<SwLayoutFrm*>(pParent)->Lower() )
359 {
360 SwSectionFrm::MoveCntntAndDelete( static_cast<SwSectionFrm*>(pParent), false );
361 pParent = this;
** CID 1296216: Error handling issues (UNCAUGHT_EXCEPT)
/chart2/source/controller/chartapiwrapper/DataSeriesPointWrapper.cxx: 639 in
chart::wrapper::DataSeriesPointWrapper::getPropertyState(const rtl::OUString &)()
________________________________________________________________________________________________________
*** CID 1296216: Error handling issues (UNCAUGHT_EXCEPT)
/chart2/source/controller/chartapiwrapper/DataSeriesPointWrapper.cxx: 639 in
chart::wrapper::DataSeriesPointWrapper::getPropertyState(const rtl::OUString &)()
633 return m_spChart2ModelContact->GetPageSize();
634 }
635
636 // WrappedPropertySet
637
638 //XPropertyState
CID 1296216: Error handling issues (UNCAUGHT_EXCEPT)
An exception of type "com::sun::star::lang::WrappedTargetException" is thrown but the throw
list "throw(com::sun::star::uno::RuntimeException,
com::sun::star::beans::UnknownPropertyException, std::exception)" doesn't allow it to be
thrown. This will cause a call to unexpected() which usually calls terminate().
639 beans::PropertyState SAL_CALL DataSeriesPointWrapper::getPropertyState( const OUString&
rPropertyName )
640 throw (beans::UnknownPropertyException,
uno::RuntimeException, std::exception)
641 {
642 beans::PropertyState aState( beans::PropertyState_DIRECT_VALUE );
643 if (rPropertyName == "SymbolBitmapURL")
644 {
** CID 1296215: Null pointer dereferences (REVERSE_INULL)
/vcl/source/window/mouse.cxx: 286 in vcl::Window::ImplGrabFocus(unsigned short)()
________________________________________________________________________________________________________
*** CID 1296215: Null pointer dereferences (REVERSE_INULL)
/vcl/source/window/mouse.cxx: 286 in vcl::Window::ImplGrabFocus(unsigned short)()
280 bMustNotGrabFocus = true;
281 break;
282 }
283 pParent = pParent->mpWindowImpl->mpParent;
284 }
285
CID 1296215: Null pointer dereferences (REVERSE_INULL)
Null-checking "this->mpWindowImpl" suggests that it may be null, but it has already been
dereferenced on all paths leading to the check.
286 if ( ( pSVData->maWinData.mpFocusWin.get() != this &&
287 mpWindowImpl && !mpWindowImpl->mbInDispose ) ||
288 ( bAsyncFocusWaiting && !bHasFocus && !bMustNotGrabFocus ) )
289 {
290 // EndExtTextInput if it is not the same window
291 if ( pSVData->maWinData.mpExtTextInputWin &&
** CID 1296214: Null pointer dereferences (NULL_RETURNS)
/formula/source/core/api/FormulaCompiler.cxx: 1878 in
formula::FormulaCompiler::CreateStringFromToken(rtl::OUStringBuffer &, const formula::FormulaToken
*, bool)()
________________________________________________________________________________________________________
*** CID 1296214: Null pointer dereferences (NULL_RETURNS)
/formula/source/core/api/FormulaCompiler.cxx: 1878 in
formula::FormulaCompiler::CreateStringFromToken(rtl::OUStringBuffer &, const formula::FormulaToken
*, bool)()
1872 {
1873 // Suppress all TableRef related tokens, the resulting
1874 // range was written by CreateStringFromIndex().
1875 const FormulaToken* const p = pArr->PeekNext();
1876 if (p && p->GetOpCode() == ocTableRefOpen)
1877 {
CID 1296214: Null pointer dereferences (NULL_RETURNS)
Assigning: "t" = null return value from "Next".
1878 t = pArr->Next();
1879 int nLevel = 0;
1880 do
1881 {
1882 // Switch cases correspond with those in
1883 // ScCompiler::HandleTableRef()
** CID 1296213: (NO_EFFECT)
/extensions/source/dbpilots/unoautopilot.inl: 70 in dbp::OUnoAutoPilot<dbp::OGridWizard,
dbp::OGridSI>::getSupportedServiceNames_Static()()
/extensions/source/dbpilots/unoautopilot.inl: 70 in dbp::OUnoAutoPilot<dbp::OGroupBoxWizard,
dbp::OGroupBoxSI>::getSupportedServiceNames_Static()()
/extensions/source/dbpilots/unoautopilot.inl: 70 in dbp::OUnoAutoPilot<dbp::OListComboWizard,
dbp::OListComboSI>::getSupportedServiceNames_Static()()
________________________________________________________________________________________________________
*** CID 1296213: (NO_EFFECT)
/extensions/source/dbpilots/unoautopilot.inl: 70 in dbp::OUnoAutoPilot<dbp::OGridWizard,
dbp::OGridSI>::getSupportedServiceNames_Static()()
64 }
65
66
67 template <class TYPE, class SERVICEINFO>
68 ::comphelper::StringSequence OUnoAutoPilot<TYPE,
SERVICEINFO>::getSupportedServiceNames_Static() throw(::com::sun::star::uno::RuntimeException)
69 {
CID 1296213: (NO_EFFECT)
Part "dbp::OGridSI({})" of statement "(dbp::OGridSI({})) , getServiceNames" has no effect
due to the comma.
70 return SERVICEINFO().getServiceNames();
71 }
72
73
74 template <class TYPE, class SERVICEINFO>
75 ::com::sun::star::uno::Reference< ::com::sun::star::beans::XPropertySetInfo > SAL_CALL
OUnoAutoPilot<TYPE, SERVICEINFO>::getPropertySetInfo()
throw(::com::sun::star::uno::RuntimeException, std::exception)
/extensions/source/dbpilots/unoautopilot.inl: 70 in dbp::OUnoAutoPilot<dbp::OGroupBoxWizard,
dbp::OGroupBoxSI>::getSupportedServiceNames_Static()()
64 }
65
66
67 template <class TYPE, class SERVICEINFO>
68 ::comphelper::StringSequence OUnoAutoPilot<TYPE,
SERVICEINFO>::getSupportedServiceNames_Static() throw(::com::sun::star::uno::RuntimeException)
69 {
CID 1296213: (NO_EFFECT)
Part "dbp::OGroupBoxSI({})" of statement "(dbp::OGroupBoxSI({})) , getServiceNames" has no
effect due to the comma.
70 return SERVICEINFO().getServiceNames();
71 }
72
73
74 template <class TYPE, class SERVICEINFO>
75 ::com::sun::star::uno::Reference< ::com::sun::star::beans::XPropertySetInfo > SAL_CALL
OUnoAutoPilot<TYPE, SERVICEINFO>::getPropertySetInfo()
throw(::com::sun::star::uno::RuntimeException, std::exception)
/extensions/source/dbpilots/unoautopilot.inl: 70 in dbp::OUnoAutoPilot<dbp::OListComboWizard,
dbp::OListComboSI>::getSupportedServiceNames_Static()()
64 }
65
66
67 template <class TYPE, class SERVICEINFO>
68 ::comphelper::StringSequence OUnoAutoPilot<TYPE,
SERVICEINFO>::getSupportedServiceNames_Static() throw(::com::sun::star::uno::RuntimeException)
69 {
CID 1296213: (NO_EFFECT)
Part "dbp::OListComboSI({})" of statement "(dbp::OListComboSI({})) , getServiceNames" has
no effect due to the comma.
70 return SERVICEINFO().getServiceNames();
71 }
72
73
74 template <class TYPE, class SERVICEINFO>
75 ::com::sun::star::uno::Reference< ::com::sun::star::beans::XPropertySetInfo > SAL_CALL
OUnoAutoPilot<TYPE, SERVICEINFO>::getPropertySetInfo()
throw(::com::sun::star::uno::RuntimeException, std::exception)
** CID 1296212: (NO_EFFECT)
/extensions/source/dbpilots/unoautopilot.inl: 56 in dbp::OUnoAutoPilot<dbp::OGridWizard,
dbp::OGridSI>::getImplementationName_Static()()
/extensions/source/dbpilots/unoautopilot.inl: 56 in dbp::OUnoAutoPilot<dbp::OGroupBoxWizard,
dbp::OGroupBoxSI>::getImplementationName_Static()()
/extensions/source/dbpilots/unoautopilot.inl: 56 in dbp::OUnoAutoPilot<dbp::OListComboWizard,
dbp::OListComboSI>::getImplementationName_Static()()
________________________________________________________________________________________________________
*** CID 1296212: (NO_EFFECT)
/extensions/source/dbpilots/unoautopilot.inl: 56 in dbp::OUnoAutoPilot<dbp::OGridWizard,
dbp::OGridSI>::getImplementationName_Static()()
50 }
51
52
53 template <class TYPE, class SERVICEINFO>
54 ::rtl::OUString OUnoAutoPilot<TYPE, SERVICEINFO>::getImplementationName_Static()
throw(::com::sun::star::uno::RuntimeException)
55 {
CID 1296212: (NO_EFFECT)
Part "dbp::OGridSI({})" of statement "(dbp::OGridSI({})) , getImplementationName" has no
effect due to the comma.
56 return SERVICEINFO().getImplementationName();
57 }
58
59
60 template <class TYPE, class SERVICEINFO>
61 ::comphelper::StringSequence SAL_CALL OUnoAutoPilot<TYPE,
SERVICEINFO>::getSupportedServiceNames() throw(::com::sun::star::uno::RuntimeException,
std::exception)
/extensions/source/dbpilots/unoautopilot.inl: 56 in dbp::OUnoAutoPilot<dbp::OGroupBoxWizard,
dbp::OGroupBoxSI>::getImplementationName_Static()()
50 }
51
52
53 template <class TYPE, class SERVICEINFO>
54 ::rtl::OUString OUnoAutoPilot<TYPE, SERVICEINFO>::getImplementationName_Static()
throw(::com::sun::star::uno::RuntimeException)
55 {
CID 1296212: (NO_EFFECT)
Part "dbp::OGroupBoxSI({})" of statement "(dbp::OGroupBoxSI({})) , getImplementationName"
has no effect due to the comma.
56 return SERVICEINFO().getImplementationName();
57 }
58
59
60 template <class TYPE, class SERVICEINFO>
61 ::comphelper::StringSequence SAL_CALL OUnoAutoPilot<TYPE,
SERVICEINFO>::getSupportedServiceNames() throw(::com::sun::star::uno::RuntimeException,
std::exception)
/extensions/source/dbpilots/unoautopilot.inl: 56 in dbp::OUnoAutoPilot<dbp::OListComboWizard,
dbp::OListComboSI>::getImplementationName_Static()()
50 }
51
52
53 template <class TYPE, class SERVICEINFO>
54 ::rtl::OUString OUnoAutoPilot<TYPE, SERVICEINFO>::getImplementationName_Static()
throw(::com::sun::star::uno::RuntimeException)
55 {
CID 1296212: (NO_EFFECT)
Part "dbp::OListComboSI({})" of statement "(dbp::OListComboSI({})) , getImplementationName"
has no effect due to the comma.
56 return SERVICEINFO().getImplementationName();
57 }
58
59
60 template <class TYPE, class SERVICEINFO>
61 ::comphelper::StringSequence SAL_CALL OUnoAutoPilot<TYPE,
SERVICEINFO>::getSupportedServiceNames() throw(::com::sun::star::uno::RuntimeException,
std::exception)
** CID 1296211: Null pointer dereferences (FORWARD_NULL)
/basctl/source/basicide/basides1.cxx: 539 in basctl::Shell::ExecuteGlobal(SfxRequest &)()
________________________________________________________________________________________________________
*** CID 1296211: Null pointer dereferences (FORWARD_NULL)
/basctl/source/basicide/basides1.cxx: 539 in basctl::Shell::ExecuteGlobal(SfxRequest &)()
533 DBG_ASSERT( rReq.GetArgs(), "arguments expected" );
534 const SbxItem& rSbxItem = static_cast<const
SbxItem&>(rReq.GetArgs()->Get(SID_BASICIDE_ARG_SBX ));
535 ScriptDocument aDocument( rSbxItem.GetDocument() );
536 OUString aLibName( rSbxItem.GetLibName() );
537 OUString aName( rSbxItem.GetName() );
538 SetCurLib( aDocument, aLibName );
CID 1296211: Null pointer dereferences (FORWARD_NULL)
Assigning: "pWin" = "NULL".
539 BaseWindow* pWin = 0;
540 if ( rSbxItem.GetType() == TYPE_DIALOG )
541 {
542 pWin = FindDlgWin( aDocument, aLibName, aName, true );
543 }
544 else if ( rSbxItem.GetType() == TYPE_MODULE )
** CID 1296210: Null pointer dereferences (FORWARD_NULL)
/sd/source/ui/dlg/dlgass.cxx: 322 in AssistentDlgImpl::AssistentDlgImpl(vcl::Window *, const Link
&, bool)()
________________________________________________________________________________________________________
*** CID 1296210: Null pointer dereferences (FORWARD_NULL)
/sd/source/ui/dlg/dlgass.cxx: 322 in AssistentDlgImpl::AssistentDlgImpl(vcl::Window *, const Link
&, bool)()
316 VclPtr<SdPageListControl> mpPage5PageListCT;
317 VclPtr<CheckBox> mpPage5SummaryCB;
318
319 };
320
321 AssistentDlgImpl::AssistentDlgImpl( vcl::Window* pWindow, const Link& rFinishLink, bool
bAutoPilot ) :
CID 1296210: Null pointer dereferences (FORWARD_NULL)
Assigning: "this->mpTemplateRegion" = "NULL".
322 mpTemplateRegion(NULL),
323 mpLayoutRegion(NULL),
324 mbUserDataDirty(false),
325 xDocShell (NULL),
326 mpWindowUpdater (new WindowUpdater()),
327 mbPreview(true),
** CID 1296209: (DEADCODE)
/sw/source/core/unocore/swunohelper.cxx: 297 in
SWUnoHelper::needToMapFillItemsToSvxBrushItemTypes(const SfxItemSet &, unsigned short)()
/sw/source/core/unocore/swunohelper.cxx: 303 in
SWUnoHelper::needToMapFillItemsToSvxBrushItemTypes(const SfxItemSet &, unsigned short)()
________________________________________________________________________________________________________
*** CID 1296209: (DEADCODE)
/sw/source/core/unocore/swunohelper.cxx: 297 in
SWUnoHelper::needToMapFillItemsToSvxBrushItemTypes(const SfxItemSet &, unsigned short)()
291 case drawing::FillStyle_GRADIENT: // gradient and hatch don't exist in
292 case drawing::FillStyle_HATCH: // SvxBrushItem so average color is emulated
293 switch (nMID)
294 {
295 case MID_BACK_COLOR:
296 // Gradient/Hatch always have emulated color
CID 1296209: (DEADCODE)
Execution cannot reach the expression "SfxItemState::SET == rSet->GetItemState(1015, true,
NULL)" inside this statement: "return com::sun::star::draw...".
297 return (drawing::FillStyle_SOLID != nMID)
298 || SfxItemState::SET == rSet.GetItemState(XATTR_FILLCOLOR)
299 || SfxItemState::SET == rSet.GetItemState(XATTR_FILLTRANSPARENCE)
300 || SfxItemState::SET ==
rSet.GetItemState(XATTR_FILLFLOATTRANSPARENCE);
301 case MID_BACK_COLOR_R_G_B:
302 // Gradient/Hatch always have emulated color
/sw/source/core/unocore/swunohelper.cxx: 303 in
SWUnoHelper::needToMapFillItemsToSvxBrushItemTypes(const SfxItemSet &, unsigned short)()
297 return (drawing::FillStyle_SOLID != nMID)
298 || SfxItemState::SET == rSet.GetItemState(XATTR_FILLCOLOR)
299 || SfxItemState::SET == rSet.GetItemState(XATTR_FILLTRANSPARENCE)
300 || SfxItemState::SET ==
rSet.GetItemState(XATTR_FILLFLOATTRANSPARENCE);
301 case MID_BACK_COLOR_R_G_B:
302 // Gradient/Hatch always have emulated color
CID 1296209: (DEADCODE)
Execution cannot reach the expression "SfxItemState::SET == rSet->GetItemState(1015, true,
NULL)" inside this statement: "return com::sun::star::draw...".
303 return (drawing::FillStyle_SOLID != nMID)
304 || SfxItemState::SET == rSet.GetItemState(XATTR_FILLCOLOR);
305 case MID_BACK_COLOR_TRANSPARENCY:
306 return SfxItemState::SET == rSet.GetItemState(XATTR_FILLTRANSPARENCE)
307 || SfxItemState::SET ==
rSet.GetItemState(XATTR_FILLFLOATTRANSPARENCE);
308 }
** CID 1296208: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
/vcl/source/window/window.cxx: 144 in vcl::Window::dispose()()
________________________________________________________________________________________________________
*** CID 1296208: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
/vcl/source/window/window.cxx: 144 in vcl::Window::dispose()()
138 }
139
140 void Window::dispose()
141 {
142 assert( mpWindowImpl );
143 assert( !mpWindowImpl->mbInDispose ); // should only be called from disposeOnce()
CID 1296208: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
"!this->mpWindowImpl->mpParent.operator bool() ||
!this->mpWindowImpl->mpParent->IsDisposed() || true /* "vcl::Window child should have its
parent disposed first" */" is always true regardless of the values of its operands. This occurs
as the logical first operand of '?:'.
144 assert( !mpWindowImpl->mpParent ||
145 !mpWindowImpl->mpParent->IsDisposed() ||
146 "vcl::Window child should have its parent disposed first" );
147
148 // remove Key and Mouse events issued by Application::PostKey/MouseEvent
149 Application::RemoveMouseAndKeyEvents( this );
** CID 1296207: Error handling issues (CHECKED_RETURN)
/oox/source/ole/olestorage.cxx: 272 in oox::ole::OleStorage::implIsStorage() const()
________________________________________________________________________________________________________
*** CID 1296207: Error handling issues (CHECKED_RETURN)
/oox/source/ole/olestorage.cxx: 272 in oox::ole::OleStorage::implIsStorage() const()
266 {
267 if( mxStorage.is() ) try
268 {
269 /* If this is not an OLE storage, hasElements() of the OLESimpleStorage
270 implementation throws an exception. But we do not return the result
271 of hasElements(), because an empty storage is a valid storage too. */
CID 1296207: Error handling issues (CHECKED_RETURN)
Calling "hasElements" without checking return value (as is done elsewhere 72 out of 90
times).
272 mxStorage->hasElements();
273 return true;
274 }
275 catch(const Exception& )
276 {
277 }
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/211?tab=overview
To manage Coverity Scan email notifications for "libreoffice@lists.freedesktop.org", click
https://scan.coverity.com/subscriptions/edit?email=libreoffice%40lists.freedesktop.org&token=d6481d718a775246b2340f282ebe5939
.
Context
- New Defects reported by Coverity Scan for LibreOffice · scan-admin
Privacy Policy |
Impressum (Legal Info) |
Copyright information: Unless otherwise specified, all text and images
on this website are licensed under the
Creative Commons Attribution-Share Alike 3.0 License.
This does not include the source code of LibreOffice, which is
licensed under the Mozilla Public License (
MPLv2).
"LibreOffice" and "The Document Foundation" are
registered trademarks of their corresponding registered owners or are
in actual use as trademarks in one or more countries. Their respective
logos and icons are also subject to international copyright laws. Use
thereof is explained in our
trademark policy.