Hi,
Please find the latest report on new defect(s) introduced to LibreOffice found with Coverity Scan.
14 new defect(s) introduced to LibreOffice found with Coverity Scan.
3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by
Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 14 of 14 defect(s)
** CID 1362689: Uninitialized members (UNINIT_CTOR)
/sd/source/filter/eppt/pptx-text.cxx: 70 in PortionObj::PortionObj(const
com::sun::star::uno::Reference<com::sun::star::beans::XPropertySet> &, FontCollection &)()
________________________________________________________________________________________________________
*** CID 1362689: Uninitialized members (UNINIT_CTOR)
/sd/source/filter/eppt/pptx-text.cxx: 70 in PortionObj::PortionObj(const
com::sun::star::uno::Reference<com::sun::star::beans::XPropertySet> &, FontCollection &)()
64 mpText ( nullptr ),
65 mpFieldEntry ( nullptr )
66 {
67 mXPropSet = rXPropSet;
68
69 ImplGetPortionValues( rFontCollection );
CID 1362689: Uninitialized members (UNINIT_CTOR)
Non-static class member "meCharHeight" is not initialized in this constructor nor in any
functions that it calls.
70 }
71
72 PortionObj::PortionObj(css::uno::Reference< css::text::XTextRange > & rXTextRange,
73 bool bLast, FontCollection& rFontCollection)
74 : meCharColor(css::beans::PropertyState_AMBIGUOUS_VALUE)
75 , meCharHeight(css::beans::PropertyState_AMBIGUOUS_VALUE)
** CID 1362688: Uninitialized members (UNINIT_CTOR)
/sw/source/uibase/app/docstyle.cxx: 485 in SwDocStyleSheet::SwDocStyleSheet(SwDoc &, const
rtl::OUString &, SwDocStyleSheetPool *, SfxStyleFamily)()
________________________________________________________________________________________________________
*** CID 1362688: Uninitialized members (UNINIT_CTOR)
/sw/source/uibase/app/docstyle.cxx: 485 in SwDocStyleSheet::SwDocStyleSheet(SwDoc &, const
rtl::OUString &, SwDocStyleSheetPool *, SfxStyleFamily)()
479 FN_PARAM_FTN_INFO, FN_PARAM_FTN_INFO, // [21123
480 FN_COND_COLL, FN_COND_COLL, // [22401
481 0),
482 bPhysical(false)
483 {
484 nHelpId = UCHAR_MAX;
CID 1362688: Uninitialized members (UNINIT_CTOR)
Non-static class member "pBoxFormat" is not initialized in this constructor nor in any
functions that it calls.
485 }
486
487 SwDocStyleSheet::SwDocStyleSheet( const SwDocStyleSheet& rOrg) :
488 SfxStyleSheetBase(rOrg),
489 pCharFormat(rOrg.pCharFormat),
490 pColl(rOrg.pColl),
** CID 1362687: Uninitialized members (UNINIT_CTOR)
/sw/source/uibase/app/docstyle.cxx: 498 in SwDocStyleSheet::SwDocStyleSheet(const
SwDocStyleSheet&)()
________________________________________________________________________________________________________
*** CID 1362687: Uninitialized members (UNINIT_CTOR)
/sw/source/uibase/app/docstyle.cxx: 498 in SwDocStyleSheet::SwDocStyleSheet(const
SwDocStyleSheet&)()
492 pDesc(rOrg.pDesc),
493 pNumRule(rOrg.pNumRule),
494 rDoc(rOrg.rDoc),
495 aCoreSet(rOrg.aCoreSet),
496 bPhysical(rOrg.bPhysical)
497 {
CID 1362687: Uninitialized members (UNINIT_CTOR)
Non-static class member "pBoxFormat" is not initialized in this constructor nor in any
functions that it calls.
498 }
499
500 SwDocStyleSheet::~SwDocStyleSheet()
501 {
502 }
503
** CID 1362686: Uninitialized variables (UNINIT)
/sd/source/filter/eppt/pptx-stylesheet.cxx: 83 in PPTExCharSheet::SetStyleSheet(const
com::sun::star::uno::Reference<com::sun::star::beans::XPropertySet> &, FontCollection &, int)()
________________________________________________________________________________________________________
*** CID 1362686: Uninitialized variables (UNINIT)
/sd/source/filter/eppt/pptx-stylesheet.cxx: 83 in PPTExCharSheet::SetStyleSheet(const
com::sun::star::uno::Reference<com::sun::star::beans::XPropertySet> &, FontCollection &, int)()
77 PPTExCharLevel& rLev = maCharLevel[ nLevel ];
78
79 if ( aPortionObj.meCharColor == css::beans::PropertyState_DIRECT_VALUE )
80 rLev.mnFontColor = aPortionObj.mnCharColor;
81 if ( aPortionObj.meCharEscapement == css::beans::PropertyState_DIRECT_VALUE )
82 rLev.mnEscapement = aPortionObj.mnCharEscapement;
CID 1362686: Uninitialized variables (UNINIT)
Using uninitialized value "aPortionObj.meCharHeight".
83 if ( aPortionObj.meCharHeight == css::beans::PropertyState_DIRECT_VALUE )
84 rLev.mnFontHeight = aPortionObj.mnCharHeight;
85 if ( aPortionObj.meFontName == css::beans::PropertyState_DIRECT_VALUE )
86 rLev.mnFont = aPortionObj.mnFont;
87 if ( aPortionObj.meAsianOrComplexFont == css::beans::PropertyState_DIRECT_VALUE )
88 rLev.mnAsianOrComplexFont = aPortionObj.mnAsianOrComplexFont;
** CID 1362685: Uninitialized variables (UNINIT)
/sc/source/core/data/dpobject.cxx: 1888 in ScDPObject::ParseFilters(rtl::OUString &,
std::vector<com::sun::star::sheet::DataPilotFieldFilter,
std::allocator<com::sun::star::sheet::DataPilotFieldFilter>> &,
std::vector<com::sun::star::sheet::GeneralFunction,
std::allocator<com::sun::star::sheet::GeneralFunction>>&, const rtl::OUString &)()
________________________________________________________________________________________________________
*** CID 1362685: Uninitialized variables (UNINIT)
/sc/source/core/data/dpobject.cxx: 1888 in ScDPObject::ParseFilters(rtl::OUString &,
std::vector<com::sun::star::sheet::DataPilotFieldFilter,
std::allocator<com::sun::star::sheet::DataPilotFieldFilter>> &,
std::vector<com::sun::star::sheet::GeneralFunction,
std::allocator<com::sun::star::sheet::GeneralFunction>>&, const rtl::OUString &)()
1882 {
1883 SvNumberFormatter* pFormatter =
mpTableData->GetCacheTable().getCache().GetNumberFormatter();
1884 if (pFormatter)
1885 {
1886 // Parse possible number from aQueryValueName and format
1887 // locale independent as aQueryValue.
CID 1362685: Uninitialized variables (UNINIT)
Declaring variable "nNumFormat" without initializer.
1888 sal_uInt32 nNumFormat;
1889 double fValue;
1890 if (pFormatter->IsNumberFormat( aQueryValueName, nNumFormat, fValue))
1891 aQueryValue = ScDPCache::GetLocaleIndependentFormattedString(
fValue, *pFormatter, nNumFormat);
1892 }
1893 }
** CID 1362684: Uninitialized variables (UNINIT)
/sc/source/core/tool/interpr2.cxx: 3363 in ScInterpreter::ScGetPivotData()()
________________________________________________________________________________________________________
*** CID 1362684: Uninitialized variables (UNINIT)
/sc/source/core/tool/interpr2.cxx: 3363 in ScInterpreter::ScGetPivotData()()
3357 else
3358 {
3359 aFilters[i].MatchValueName = aSharedString.getString();
3360
3361 // Parse possible number from MatchValueName and format
3362 // locale independent as MatchValue.
CID 1362684: Uninitialized variables (UNINIT)
Declaring variable "nNumFormat" without initializer.
3363 sal_uInt32 nNumFormat;
3364 double fValue;
3365 if (pFormatter->IsNumberFormat( aFilters[i].MatchValueName, nNumFormat,
fValue))
3366 aFilters[i].MatchValue =
ScDPCache::GetLocaleIndependentFormattedString(
3367 fValue, *pFormatter, nNumFormat);
3368 else
** CID 1362682: Insecure data handling (TAINTED_SCALAR)
/lotuswordpro/source/filter/lwpsdwgrouploaderv0102.cxx: 226 in
LwpSdwGroupLoaderV0102::BeginDrawObjects(std::vector<rtl::Reference<XFFrame>,
std::allocator<rtl::Reference<XFFrame>>> *)()
________________________________________________________________________________________________________
*** CID 1362682: Insecure data handling (TAINTED_SCALAR)
/lotuswordpro/source/filter/lwpsdwgrouploaderv0102.cxx: 226 in
LwpSdwGroupLoaderV0102::BeginDrawObjects(std::vector<rtl::Reference<XFFrame>,
std::allocator<rtl::Reference<XFFrame>>> *)()
220 m_aTransformData.fLeftMargin = fLeftMargin;
221 m_aTransformData.fTopMargin = fTopMargin;
222 }
223 }
224
225 //load draw object
CID 1362682: Insecure data handling (TAINTED_SCALAR)
Using tainted variable "nRecCount" as a loop boundary.
226 for (unsigned short i = 0; i < nRecCount; i++)
227 {
228 XFFrame* pXFDrawObj = CreateDrawObject();
229
230 if (pXFDrawObj)
231 {
** CID 1362681: Insecure data handling (TAINTED_SCALAR)
/lotuswordpro/source/filter/lwpsdwgrouploaderv0102.cxx: 279 in
LwpSdwGroupLoaderV0102::CreateDrawGroupObject()()
________________________________________________________________________________________________________
*** CID 1362681: Insecure data handling (TAINTED_SCALAR)
/lotuswordpro/source/filter/lwpsdwgrouploaderv0102.cxx: 279 in
LwpSdwGroupLoaderV0102::CreateDrawGroupObject()()
273 // fileSize
274 m_pStream->SeekRel(2);
275
276 XFDrawGroup* pXFDrawGroup = new XFDrawGroup();
277
278 //load draw object
CID 1362681: Insecure data handling (TAINTED_SCALAR)
Using tainted variable "nRecCount" as a loop boundary.
279 for (unsigned short i = 0; i < nRecCount; i++)
280 {
281 XFFrame* pXFDrawObj = CreateDrawObject();
282
283 if (pXFDrawObj)
284 {
** CID 1362680: (RETURN_LOCAL)
/dbaccess/source/ui/uno/copytablewizard.cxx: 977 in
dbaui::<unnamed>::ValueTransfer::ValueTransfer(int, int, const std::vector<int,
std::allocator<int>> &, const com::sun::star::uno::Reference<com::sun::star::sdbc::XRow> &, const
com::sun::star::uno::Reference<com::sun::star::sdbc::XParameters> &)()
/dbaccess/source/ui/uno/copytablewizard.cxx: 977 in
dbaui::<unnamed>::ValueTransfer::ValueTransfer(int, int, const std::vector<int,
std::allocator<int>> &, const com::sun::star::uno::Reference<com::sun::star::sdbc::XRow> &, const
com::sun::star::uno::Reference<com::sun::star::sdbc::XParameters> &)()
________________________________________________________________________________________________________
*** CID 1362680: (RETURN_LOCAL)
/dbaccess/source/ui/uno/copytablewizard.cxx: 977 in
dbaui::<unnamed>::ValueTransfer::ValueTransfer(int, int, const std::vector<int,
std::allocator<int>> &, const com::sun::star::uno::Reference<com::sun::star::sdbc::XRow> &, const
com::sun::star::uno::Reference<com::sun::star::sdbc::XParameters> &)()
971 :m_rSourcePos( _rSourcePos )
972 ,m_rDestPos( _rDestPos )
973 ,m_rColTypes( _rColTypes )
974 ,m_xSource( _rxSource )
975 ,m_xDest( _rxDest )
976 {
CID 1362680: (RETURN_LOCAL)
Returning here.
977 }
978
979 template< typename VALUE_TYPE >
980 void transferValue( VALUE_TYPE ( SAL_CALL XRow::*_pGetter )( sal_Int32 ),
981 void (SAL_CALL XParameters::*_pSetter)( sal_Int32, VALUE_TYPE ) )
982 {
/dbaccess/source/ui/uno/copytablewizard.cxx: 977 in
dbaui::<unnamed>::ValueTransfer::ValueTransfer(int, int, const std::vector<int,
std::allocator<int>> &, const com::sun::star::uno::Reference<com::sun::star::sdbc::XRow> &, const
com::sun::star::uno::Reference<com::sun::star::sdbc::XParameters> &)()
971 :m_rSourcePos( _rSourcePos )
972 ,m_rDestPos( _rDestPos )
973 ,m_rColTypes( _rColTypes )
974 ,m_xSource( _rxSource )
975 ,m_xDest( _rxDest )
976 {
CID 1362680: (RETURN_LOCAL)
Returning here.
977 }
978
979 template< typename VALUE_TYPE >
980 void transferValue( VALUE_TYPE ( SAL_CALL XRow::*_pGetter )( sal_Int32 ),
981 void (SAL_CALL XParameters::*_pSetter)( sal_Int32, VALUE_TYPE ) )
982 {
** CID 1362679: (FORWARD_NULL)
/editeng/source/editeng/impedit3.cxx: 3091 in ImpEditEngine::Paint(OutputDevice *, Rectangle,
Point, bool, short)()
/editeng/source/editeng/impedit3.cxx: 3440 in ImpEditEngine::Paint(OutputDevice *, Rectangle,
Point, bool, short)()
/editeng/source/editeng/impedit3.cxx: 3063 in ImpEditEngine::Paint(OutputDevice *, Rectangle,
Point, bool, short)()
________________________________________________________________________________________________________
*** CID 1362679: (FORWARD_NULL)
/editeng/source/editeng/impedit3.cxx: 3091 in ImpEditEngine::Paint(OutputDevice *, Rectangle,
Point, bool, short)()
3085
3086 if ( 0x200B == cChar || 0x2060 == cChar )
3087 {
3088 const OUString aBlank( ' ' );
3089 long nHalfBlankWidth =
aTmpFont.QuickGetTextSize( pOutDev, aBlank, 0, 1 ).Width() / 2;
3090
CID 1362679: (FORWARD_NULL)
Dereferencing null pointer "pDXArray".
3091 const long nAdvanceX = ( nTmpIdx ==
nTmpEnd ?
3092
rTextPortion.GetSize().Width() :
3093 pDXArray[ nTmpIdx
- nTextStart ] ) - nHalfBlankWidth;
3094 const long nAdvanceY =
-pLine->GetMaxAscent();
3095
3096 Point aTopLeftRectPos( aTmpPos );
/editeng/source/editeng/impedit3.cxx: 3440 in ImpEditEngine::Paint(OutputDevice *, Rectangle,
Point, bool, short)()
3434 {
3435 aRealOutPos.X() +=
rTextPortion.GetExtraInfos()->nPortionOffsetX;
3436 }
3437
3438 // RTL portions with (#i37132#)
3439 // compressed blank should not paint this blank:
CID 1362679: (FORWARD_NULL)
Dereferencing null pointer "pDXArray".
3440 if ( rTextPortion.IsRightToLeft() && nTextLen >= 2
&&
3441 pDXArray[ nTextLen - 1 ] ==
3442 pDXArray[ nTextLen - 2 ] &&
3443 ' ' == aText[nTextStart + nTextLen - 1] )
3444 --nTextLen;
3445
/editeng/source/editeng/impedit3.cxx: 3063 in ImpEditEngine::Paint(OutputDevice *, Rectangle,
Point, bool, short)()
3057 ImplInitLayoutMode( pOutDev, n, nIndex );
3058 ImplInitDigitMode(pOutDev, aTmpFont.GetLanguage());
3059
3060 OUString aText;
3061 sal_Int32 nTextStart = 0;
3062 sal_Int32 nTextLen = 0;
CID 1362679: (FORWARD_NULL)
Assigning: "pDXArray" = "NULL".
3063 const long* pDXArray = nullptr;
3064 std::unique_ptr<long[]> pTmpDXArray;
3065
3066 if ( rTextPortion.GetKind() == PortionKind::TEXT )
3067 {
3068 aText = pPortion->GetNode()->GetString();
** CID 1362678: Null pointer dereferences (FORWARD_NULL)
/sd/source/ui/slidesorter/shell/SlideSorterViewShell.cxx: 295 in
sd::slidesorter::SlideSorterViewShell::RelocateToParentWindow(vcl::Window *)()
________________________________________________________________________________________________________
*** CID 1362678: Null pointer dereferences (FORWARD_NULL)
/sd/source/ui/slidesorter/shell/SlideSorterViewShell.cxx: 295 in
sd::slidesorter::SlideSorterViewShell::RelocateToParentWindow(vcl::Window *)()
289 bool SlideSorterViewShell::RelocateToParentWindow (vcl::Window* pParentWindow)
290 {
291 OSL_ASSERT(mpSlideSorter);
292 if ( ! mpSlideSorter)
293 return false;
294
CID 1362678: Null pointer dereferences (FORWARD_NULL)
Comparing "pParentWindow" to null implies that "pParentWindow" might be null.
295 if (pParentWindow == nullptr)
296 WriteFrameViewData();
297 const bool bSuccess (mpSlideSorter->RelocateToWindow(pParentWindow));
298 if (pParentWindow != nullptr)
299 ReadFrameViewData(mpFrameView);
300
** CID 1362677: Null pointer dereferences (FORWARD_NULL)
/sfx2/source/control/templateabstractview.cxx: 324 in
TemplateAbstractView::RemoveDefaultTemplateIcon(const rtl::OUString &)()
________________________________________________________________________________________________________
*** CID 1362677: Null pointer dereferences (FORWARD_NULL)
/sfx2/source/control/templateabstractview.cxx: 324 in
TemplateAbstractView::RemoveDefaultTemplateIcon(const rtl::OUString &)()
318 }
319
320 void TemplateAbstractView::RemoveDefaultTemplateIcon(const OUString& rPath)
321 {
322 for (ThumbnailViewItem* pItem : mItemList)
323 {
CID 1362677: Null pointer dereferences (FORWARD_NULL)
Assigning: "pViewItem" = "dynamic_cast <TemplateViewItem *>(pItem)".
324 TemplateViewItem* pViewItem = dynamic_cast<TemplateViewItem*>(pItem);
325 if(pViewItem->getPath().match(rPath))
326 {
327 pViewItem->showDefaultIcon(false);
328 Invalidate();
329 return;
** CID 1362676: Null pointer dereferences (FORWARD_NULL)
/vcl/source/window/paint.cxx: 1463 in vcl::Window::PaintToDevice(OutputDevice *, const Point &,
const Size &)()
________________________________________________________________________________________________________
*** CID 1362676: Null pointer dereferences (FORWARD_NULL)
/vcl/source/window/paint.cxx: 1463 in vcl::Window::PaintToDevice(OutputDevice *, const Point &,
const Size &)()
1457 DBG_ASSERT( ! pDev->IsRTLEnabled(), "PaintToDevice to mirroring device" );
1458
1459 vcl::Window* pRealParent = nullptr;
1460 if( ! mpWindowImpl->mbVisible )
1461 {
1462 vcl::Window* pTempParent = ImplGetDefaultWindow();
CID 1362676: Null pointer dereferences (FORWARD_NULL)
Comparing "pTempParent" to null implies that "pTempParent" might be null.
1463 if( pTempParent )
1464 pTempParent->EnableChildTransparentMode();
1465 pRealParent = GetParent();
1466 SetParent( pTempParent );
1467 // trigger correct visibility flags for children
1468 Show();
** CID 1362675: Null pointer dereferences (FORWARD_NULL)
/ridljar/com/sun/star/lib/uno/typedesc/TypeDescription.java: 499 in
com.sun.star.lib.uno.typedesc.TypeDescription.<init>(com.sun.star.uno.TypeClass, java.lang.String,
java.lang.String, java.lang.Class, com.sun.star.lib.uno.typedesc.TypeDescription[],
com.sun.star.lib.uno.typedesc.TypeDescription)()
________________________________________________________________________________________________________
*** CID 1362675: Null pointer dereferences (FORWARD_NULL)
/ridljar/com/sun/star/lib/uno/typedesc/TypeDescription.java: 499 in
com.sun.star.lib.uno.typedesc.TypeDescription.<init>(com.sun.star.uno.TypeClass, java.lang.String,
java.lang.String, java.lang.Class, com.sun.star.lib.uno.typedesc.TypeDescription[],
com.sun.star.lib.uno.typedesc.TypeDescription)()
493 this.typeName = typeName;
494 this.arrayTypeName = arrayTypeName;
495 this.zClass = zClass;
496 this.superTypes = superTypes;
497 this.componentType = componentType;
498 TypeDescription[] args = calculateTypeArguments();
CID 1362675: Null pointer dereferences (FORWARD_NULL)
Comparing "args" to null implies that "args" might be null.
499 this.hasTypeArguments = args != null;
500 this.fieldDescriptions = calculateFieldDescriptions(args);
501 // methodDescriptions must be initialized lazily, to avoid problems with
502 // circular dependencies (a super-interface that has a sub-interface as
503 // method parameter type; an interface that has a struct as method
504 // parameter type, and the struct has the interface as member type)
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit,
https://scan.coverity.com/projects/libreoffice?tab=overview
To manage Coverity Scan email notifications for "libreoffice@lists.freedesktop.org", click
https://scan.coverity.com/subscriptions/edit?email=libreoffice%40lists.freedesktop.org&token=d6481d718a775246b2340f282ebe5939
Context
- New Defects reported by Coverity Scan for LibreOffice · scan-admin
Privacy Policy |
Impressum (Legal Info) |
Copyright information: Unless otherwise specified, all text and images
on this website are licensed under the
Creative Commons Attribution-Share Alike 3.0 License.
This does not include the source code of LibreOffice, which is
licensed under the Mozilla Public License (
MPLv2).
"LibreOffice" and "The Document Foundation" are
registered trademarks of their corresponding registered owners or are
in actual use as trademarks in one or more countries. Their respective
logos and icons are also subject to international copyright laws. Use
thereof is explained in our
trademark policy.