Date: prev next · Thread: first prev next last
2016 Archives by date, by thread · List index



Hi,

Please find the latest report on new defect(s) introduced to LibreOffice found with Coverity Scan.

12 new defect(s) introduced to LibreOffice found with Coverity Scan.
30 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by 
Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 12 of 12 defect(s)


** CID 1397207:  Null pointer dereferences  (REVERSE_INULL)
/sw/source/core/draw/dcontact.cxx: 414 in SwFlyDrawContact::GetAnchoredObj(const SdrObject *) 
const()


________________________________________________________________________________________________________
*** CID 1397207:  Null pointer dereferences  (REVERSE_INULL)
/sw/source/core/draw/dcontact.cxx: 414 in SwFlyDrawContact::GetAnchoredObj(const SdrObject *) 
const()
408                 "<SwFlyDrawContact::GetAnchoredObj(..)> - wrong object type object provided" );
409         assert(GetUserCall(_pSdrObj) == this &&
410             "<SwFlyDrawContact::GetAnchoredObj(..)> - provided object doesn't belong to this 
contact");
411     
412         const SwAnchoredObject* pRetAnchoredObj = nullptr;
413     
    CID 1397207:  Null pointer dereferences  (REVERSE_INULL)
    Null-checking "_pSdrObj" suggests that it may be null, but it has already been dereferenced 
on all paths leading to the check.
414         if ( _pSdrObj && dynamic_cast<const SwVirtFlyDrawObj*>( _pSdrObj) !=  nullptr )
415         {
416             pRetAnchoredObj = static_cast<const SwVirtFlyDrawObj*>(_pSdrObj)->GetFlyFrame();
417         }
418     
419         return pRetAnchoredObj;

** CID 1397206:  Resource leaks  (RESOURCE_LEAK)
/sc/source/ui/docshell/dataprovider.cxx: 123 in sc::CSVFetchThread::execute()()


________________________________________________________________________________________________________
*** CID 1397206:  Resource leaks  (RESOURCE_LEAK)
/sc/source/ui/docshell/dataprovider.cxx: 123 in sc::CSVFetchThread::execute()()
117             orcus::csv_parser<CSVHandler> parser(rLine.maLine.getStr(), 
rLine.maLine.getLength(), aHdl, maConfig);
118             parser.parse();
119         }
120     
121         if (!mpStream->good())
122             RequestTerminate();
    CID 1397206:  Resource leaks  (RESOURCE_LEAK)
    Variable "pLines" going out of scope leaks the storage it points to.
123     }
124     
125     CSVDataProvider::CSVDataProvider(const OUString& rURL, const ScRange& rRange):
126         maURL(rURL),
127         mrRange(rRange),
128         mbImportUnderway(false)

** CID 1397205:  Memory - corruptions  (OVERRUN)


________________________________________________________________________________________________________
*** CID 1397205:  Memory - corruptions  (OVERRUN)
/ucb/source/ucp/file/filtask.cxx: 694 in fileaccess::TaskManager::page(int, const rtl::OUString &, 
const com::sun::star::uno::Reference<com::sun::star::io::XOutputStream> &)()
688     
689         do
690         {
691             err = aFile.read( static_cast<void*>(BFF),bfz,nrc );
692             if(  err == osl::FileBase::E_None )
693             {
    CID 1397205:  Memory - corruptions  (OVERRUN)
    Overrunning array "BFF" of 512 8-byte elements by passing it to a function which accesses 
it at element index 4095 (byte offset 32760) using argument "(sal_uInt32)nrc" (which evaluates 
to 4096).
694                 uno::Sequence< sal_Int8 > seq( BFF, (sal_uInt32)nrc );
695                 try
696                 {
697                     xOutputStream->writeBytes( seq );
698                 }
699                 catch (const io::NotConnectedException&)

** CID 1397204:  Null pointer dereferences  (NULL_RETURNS)
/cui/source/options/optlingu.cxx: 225 in lcl_SetCheckButton(SvTreeListEntry *, bool)()


________________________________________________________________________________________________________
*** CID 1397204:  Null pointer dereferences  (NULL_RETURNS)
/cui/source/options/optlingu.cxx: 225 in lcl_SetCheckButton(SvTreeListEntry *, bool)()
219     
220     static void lcl_SetCheckButton( SvTreeListEntry* pEntry, bool bCheck )
221     {
222         SvLBoxButton* pItem = 
static_cast<SvLBoxButton*>(pEntry->GetFirstItem(SvLBoxItemType::Button));
223     
224         DBG_ASSERT(pItem,"SetCheckButton:Item not found");
    CID 1397204:  Null pointer dereferences  (NULL_RETURNS)
    Dereferencing a pointer that might be null "pItem" when calling "GetType". (The dereference 
happens because this is a virtual function call.)
225         if (pItem->GetType() == SvLBoxItemType::Button)
226         {
227             if (bCheck)
228                 pItem->SetStateChecked();
229             else
230                 pItem->SetStateUnchecked();

** CID 1397203:  Null pointer dereferences  (FORWARD_NULL)
/sw/source/core/layout/anchoreddrawobject.cxx: 66 in SwPosNotify::~SwPosNotify()()


________________________________________________________________________________________________________
*** CID 1397203:  Null pointer dereferences  (FORWARD_NULL)
/sw/source/core/layout/anchoreddrawobject.cxx: 66 in SwPosNotify::~SwPosNotify()()
60     }
61     
62     SwPosNotify::~SwPosNotify()
63     {
64         if ( maOldObjRect != mpAnchoredDrawObj->GetObjRect() )
65         {
    CID 1397203:  Null pointer dereferences  (FORWARD_NULL)
    Comparing "this->mpOldPageFrame" to null implies that "this->mpOldPageFrame" might be null.
66             if( maOldObjRect.HasArea() && mpOldPageFrame )
67             {
68                 mpAnchoredDrawObj->NotifyBackground( mpOldPageFrame, maOldObjRect,
69                                                      PREP_FLY_LEAVE );
70             }
71             SwRect aNewObjRect( mpAnchoredDrawObj->GetObjRect() );

** CID 1397202:    (CHECKED_RETURN)
/sc/source/filter/xml/xmlcondformat.cxx: 230 in 
ScXMLDataBarFormatContext::ScXMLDataBarFormatContext(ScXMLImport &, unsigned short, const 
rtl::OUString &, const com::sun::star::uno::Reference<com::sun::star::xml::sax::XAttributeList> &, 
ScConditionalFormat *)()
/sc/source/filter/xml/xmlcondformat.cxx: 269 in 
ScXMLDataBarFormatContext::ScXMLDataBarFormatContext(ScXMLImport &, unsigned short, const 
rtl::OUString &, const com::sun::star::uno::Reference<com::sun::star::xml::sax::XAttributeList> &, 
ScConditionalFormat *)()


________________________________________________________________________________________________________
*** CID 1397202:    (CHECKED_RETURN)
/sc/source/filter/xml/xmlcondformat.cxx: 230 in 
ScXMLDataBarFormatContext::ScXMLDataBarFormatContext(ScXMLImport &, unsigned short, const 
rtl::OUString &, const com::sun::star::uno::Reference<com::sun::star::xml::sax::XAttributeList> &, 
ScConditionalFormat *)()
224         mpDataBarFormat = new ScDataBarFormat(rImport.GetDocument());
225         mpFormatData = new ScDataBarFormatData();
226         mpDataBarFormat->SetDataBarData(mpFormatData);
227         if(!sGradient.isEmpty())
228         {
229             bool bGradient = true;
    CID 1397202:    (CHECKED_RETURN)
    Calling "convertBool" without checking return value (as is done elsewhere 73 out of 81 
times).
230             sax::Converter::convertBool( bGradient, sGradient);
231             mpFormatData->mbGradient = bGradient;
232         }
233     
234         if(!sPositiveColor.isEmpty())
235         {
/sc/source/filter/xml/xmlcondformat.cxx: 269 in 
ScXMLDataBarFormatContext::ScXMLDataBarFormatContext(ScXMLImport &, unsigned short, const 
rtl::OUString &, const com::sun::star::uno::Reference<com::sun::star::xml::sax::XAttributeList> &, 
ScConditionalFormat *)()
263             mpFormatData->maAxisColor = Color(nColor);
264         }
265     
266         if(!sShowValue.isEmpty())
267         {
268             bool bShowValue = true;
    CID 1397202:    (CHECKED_RETURN)
    Calling "convertBool" without checking return value (as is done elsewhere 73 out of 81 
times).
269             sax::Converter::convertBool( bShowValue, sShowValue );
270             mpFormatData->mbOnlyBar = !bShowValue;
271         }
272     
273         if (!sMinLength.isEmpty())
274         {

** CID 1397201:  Error handling issues  (CHECKED_RETURN)
/sc/source/filter/xml/xmlcondformat.cxx: 369 in 
ScXMLIconSetFormatContext::ScXMLIconSetFormatContext(ScXMLImport &, unsigned short, const 
rtl::OUString &, const com::sun::star::uno::Reference<com::sun::star::xml::sax::XAttributeList> &, 
ScConditionalFormat *)()


________________________________________________________________________________________________________
*** CID 1397201:  Error handling issues  (CHECKED_RETURN)
/sc/source/filter/xml/xmlcondformat.cxx: 369 in 
ScXMLIconSetFormatContext::ScXMLIconSetFormatContext(ScXMLImport &, unsigned short, const 
rtl::OUString &, const com::sun::star::uno::Reference<com::sun::star::xml::sax::XAttributeList> &, 
ScConditionalFormat *)()
363         ScIconSetFormat* pIconSetFormat = new ScIconSetFormat(GetScImport().GetDocument());
364         ScIconSetFormatData* pIconSetFormatData = new ScIconSetFormatData;
365     
366         if(!sShowValue.isEmpty())
367         {
368             bool bShowValue = true;
    CID 1397201:  Error handling issues  (CHECKED_RETURN)
    Calling "convertBool" without checking return value (as is done elsewhere 73 out of 81 
times).
369             sax::Converter::convertBool( bShowValue, sShowValue );
370             pIconSetFormatData->mbShowValue = !bShowValue;
371         }
372     
373         pIconSetFormatData->eIconSetType = eType;
374         pIconSetFormat->SetIconSetData(pIconSetFormatData);

** CID 1397200:  Error handling issues  (CHECKED_RETURN)
/sfx2/source/appl/appmisc.cxx: 221 in SfxApplication::GetApplicationLogo(long)()


________________________________________________________________________________________________________
*** CID 1397200:  Error handling issues  (CHECKED_RETURN)
/sfx2/source/appl/appmisc.cxx: 221 in SfxApplication::GetApplicationLogo(long)()
215     
216     /** loads the application logo as used in the impress slideshow pause screen */
217     BitmapEx SfxApplication::GetApplicationLogo(long nWidth)
218     {
219         BitmapEx aBitmap;
220         SfxApplication::loadBrandSvg("flat_logo", aBitmap, nWidth);
    CID 1397200:  Error handling issues  (CHECKED_RETURN)
    Calling "LoadBrandBitmap" without checking return value (as is done elsewhere 4 out of 5 
times).
221         Application::LoadBrandBitmap ("about", aBitmap);
222         return aBitmap;
223     }
224     

** CID 1394416:  Memory - illegal accesses  (OVERRUN)
/sw/source/filter/ww8/ww8scan.cxx: 2538 in WW8PLCFx_Fc_FKP::WW8Fkp::WW8Fkp(const WW8Fib &, SvStream 
*, SvStream *, long, long, ePLCFT, int)()


________________________________________________________________________________________________________
*** CID 1394416:  Memory - illegal accesses  (OVERRUN)
/sw/source/filter/ww8/ww8scan.cxx: 2538 in WW8PLCFx_Fc_FKP::WW8Fkp::WW8Fkp(const WW8Fib &, SvStream 
*, SvStream *, long, long, ePLCFT, int)()
2532                             /*
2533                              If we replace then we throw away the old data, if we
2534                              are expanding, then we tack the old data onto the end
2535                              of the new data
2536                             */
2537                             bool bExpand = IsExpandableSprm(nSpId);
    CID 1394416:  Memory - illegal accesses  (OVERRUN)
    Assigning: "pStartData" = "aEntry.mpData + 2". "pStartData" may now point between bytes 11 
and 512 (inclusive) of "this->maRawData" (which consists of 512 bytes).
2538                             const sal_uInt8* pStartData = aEntry.mpData + 2;
2539                             const sal_uInt8* pLastValidDataPos = maRawData + 512 - 
sizeof(sal_uInt32);
2540                             if ((IsReplaceAllSprm(nSpId) || bExpand) && pStartData <= 
pLastValidDataPos)
2541                             {
2542                                 sal_uInt32 nCurr = pDataSt->Tell();
2543                                 sal_uInt32 nPos = SVBT32ToUInt32(pStartData);

** CID 1374076:  Error handling issues  (UNCAUGHT_EXCEPT)
/xmlsecurity/workben/pdfverify.cxx: 25 in main()


________________________________________________________________________________________________________
*** CID 1374076:  Error handling issues  (UNCAUGHT_EXCEPT)
/xmlsecurity/workben/pdfverify.cxx: 25 in main()
19     #include <sal/main.h>
20     
21     #include <pdfio/pdfdocument.hxx>
22     
23     using namespace com::sun::star;
24     
    CID 1374076:  Error handling issues  (UNCAUGHT_EXCEPT)
    In function "main(int, char **)" an exception of type "std::length_error" is thrown and 
never caught.
25     SAL_IMPLEMENT_MAIN_WITH_ARGS(nArgc, pArgv)
26     {
27         if (nArgc < 2)
28         {
29             SAL_WARN("xmlsecurity.pdfio", "not enough parameters");
30             return 1;

** CID 1374075:  Error handling issues  (UNCAUGHT_EXCEPT)
/xmlsecurity/workben/pdfverify.cxx: 25 in main()


________________________________________________________________________________________________________
*** CID 1374075:  Error handling issues  (UNCAUGHT_EXCEPT)
/xmlsecurity/workben/pdfverify.cxx: 25 in main()
19     #include <sal/main.h>
20     
21     #include <pdfio/pdfdocument.hxx>
22     
23     using namespace com::sun::star;
24     
    CID 1374075:  Error handling issues  (UNCAUGHT_EXCEPT)
    In function "main(int, char **)" an exception of type 
"com::sun::star::uno::DeploymentException" is thrown and never caught.
25     SAL_IMPLEMENT_MAIN_WITH_ARGS(nArgc, pArgv)
26     {
27         if (nArgc < 2)
28         {
29             SAL_WARN("xmlsecurity.pdfio", "not enough parameters");
30             return 1;

** CID 1371220:  Low impact quality  (MISSING_MOVE_ASSIGNMENT)
/include/svl/svdde.hxx: 53 in ()


________________________________________________________________________________________________________
*** CID 1371220:  Low impact quality  (MISSING_MOVE_ASSIGNMENT)
/include/svl/svdde.hxx: 53 in ()
47     
48     typedef ::std::vector< DdeService* > DdeServices;
49     typedef ::std::vector< long > DdeFormats;
50     typedef ::std::vector< Conversation* > ConvList;
51     
52     
    CID 1371220:  Low impact quality  (MISSING_MOVE_ASSIGNMENT)
    Class "DdeData" may benefit from adding a move assignment operator. See other events which 
show the copy assignment operator being applied to rvalue(s), where a move assignment may be 
faster.
53     class SVL_DLLPUBLIC DdeData
54     {
55         friend class    DdeInternal;
56         friend class    DdeService;
57         friend class    DdeConnection;
58         friend class    DdeTransaction;


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, 
https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRZBnDJeNb0HijxaS4JNJPxk3kpyAm2AYqo71yXmnOxB72ibeUH-2F-2F1Lhi9AZq3dRu-2F4-3D_g-2BrHdvqzaBa155F-2F8AmPhpJzY63UzWDisJV95WUBpGhqFw1ICExHG8aMaV2EoFpySWNurGZWaFtY-2BAGgN49CK3AATPFRGtPX0kNty-2BwHMWB7PAeIMj8PEdzK-2FIQnvkeWOgAM3KeVzpMwZO9ZxoSjJqTpH5j6myed0ldre6BaVJLwaItHli5h7d5ABwPzPngyPCH-2B020SNQlSSvMoFyBOm09Q-2BR8kOnOb7RPaaLNxOBk-3D

To manage Coverity Scan email notifications for "libreoffice@lists.freedesktop.org", click 
https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4k1FZJSDV-2FTHi5VQof9xGafB4oBwGYxuHHknceo2QLpCrZ44Ciy7AqBR2QyX6OCB5N5X-2B1MAElavPQhH6nLwozJzqOkt2k8uOkYf2ZoppNa9QVe0T3fEZVQ7Kky1tOkLz_g-2BrHdvqzaBa155F-2F8AmPhpJzY63UzWDisJV95WUBpGhqFw1ICExHG8aMaV2EoFpySWNurGZWaFtY-2BAGgN49CK3trAizMeo9JRei2wiz08IUH8TcmeFMjps3JOrO05yGEPOGJ8sLEl77Qafz1wkPQe-2FeDlJRh-2FMJzXC1dt9y4jT4PtPquN-2BgafApH8kAFam-2FHLGZB5tUej9bCb3fIvGAPXH9DnawuJGVMB1w-2BdLDkkaw-3D


Context


Privacy Policy | Impressum (Legal Info) | Copyright information: Unless otherwise specified, all text and images on this website are licensed under the Creative Commons Attribution-Share Alike 3.0 License. This does not include the source code of LibreOffice, which is licensed under the Mozilla Public License (MPLv2). "LibreOffice" and "The Document Foundation" are registered trademarks of their corresponding registered owners or are in actual use as trademarks in one or more countries. Their respective logos and icons are also subject to international copyright laws. Use thereof is explained in our trademark policy.