Hi,
Please find the latest report on new defect(s) introduced to LibreOffice found with Coverity Scan.
12 new defect(s) introduced to LibreOffice found with Coverity Scan.
30 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by
Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 12 of 12 defect(s)
** CID 1397207: Null pointer dereferences (REVERSE_INULL)
/sw/source/core/draw/dcontact.cxx: 414 in SwFlyDrawContact::GetAnchoredObj(const SdrObject *)
const()
________________________________________________________________________________________________________
*** CID 1397207: Null pointer dereferences (REVERSE_INULL)
/sw/source/core/draw/dcontact.cxx: 414 in SwFlyDrawContact::GetAnchoredObj(const SdrObject *)
const()
408 "<SwFlyDrawContact::GetAnchoredObj(..)> - wrong object type object provided" );
409 assert(GetUserCall(_pSdrObj) == this &&
410 "<SwFlyDrawContact::GetAnchoredObj(..)> - provided object doesn't belong to this
contact");
411
412 const SwAnchoredObject* pRetAnchoredObj = nullptr;
413
CID 1397207: Null pointer dereferences (REVERSE_INULL)
Null-checking "_pSdrObj" suggests that it may be null, but it has already been dereferenced
on all paths leading to the check.
414 if ( _pSdrObj && dynamic_cast<const SwVirtFlyDrawObj*>( _pSdrObj) != nullptr )
415 {
416 pRetAnchoredObj = static_cast<const SwVirtFlyDrawObj*>(_pSdrObj)->GetFlyFrame();
417 }
418
419 return pRetAnchoredObj;
** CID 1397206: Resource leaks (RESOURCE_LEAK)
/sc/source/ui/docshell/dataprovider.cxx: 123 in sc::CSVFetchThread::execute()()
________________________________________________________________________________________________________
*** CID 1397206: Resource leaks (RESOURCE_LEAK)
/sc/source/ui/docshell/dataprovider.cxx: 123 in sc::CSVFetchThread::execute()()
117 orcus::csv_parser<CSVHandler> parser(rLine.maLine.getStr(),
rLine.maLine.getLength(), aHdl, maConfig);
118 parser.parse();
119 }
120
121 if (!mpStream->good())
122 RequestTerminate();
CID 1397206: Resource leaks (RESOURCE_LEAK)
Variable "pLines" going out of scope leaks the storage it points to.
123 }
124
125 CSVDataProvider::CSVDataProvider(const OUString& rURL, const ScRange& rRange):
126 maURL(rURL),
127 mrRange(rRange),
128 mbImportUnderway(false)
** CID 1397205: Memory - corruptions (OVERRUN)
________________________________________________________________________________________________________
*** CID 1397205: Memory - corruptions (OVERRUN)
/ucb/source/ucp/file/filtask.cxx: 694 in fileaccess::TaskManager::page(int, const rtl::OUString &,
const com::sun::star::uno::Reference<com::sun::star::io::XOutputStream> &)()
688
689 do
690 {
691 err = aFile.read( static_cast<void*>(BFF),bfz,nrc );
692 if( err == osl::FileBase::E_None )
693 {
CID 1397205: Memory - corruptions (OVERRUN)
Overrunning array "BFF" of 512 8-byte elements by passing it to a function which accesses
it at element index 4095 (byte offset 32760) using argument "(sal_uInt32)nrc" (which evaluates
to 4096).
694 uno::Sequence< sal_Int8 > seq( BFF, (sal_uInt32)nrc );
695 try
696 {
697 xOutputStream->writeBytes( seq );
698 }
699 catch (const io::NotConnectedException&)
** CID 1397204: Null pointer dereferences (NULL_RETURNS)
/cui/source/options/optlingu.cxx: 225 in lcl_SetCheckButton(SvTreeListEntry *, bool)()
________________________________________________________________________________________________________
*** CID 1397204: Null pointer dereferences (NULL_RETURNS)
/cui/source/options/optlingu.cxx: 225 in lcl_SetCheckButton(SvTreeListEntry *, bool)()
219
220 static void lcl_SetCheckButton( SvTreeListEntry* pEntry, bool bCheck )
221 {
222 SvLBoxButton* pItem =
static_cast<SvLBoxButton*>(pEntry->GetFirstItem(SvLBoxItemType::Button));
223
224 DBG_ASSERT(pItem,"SetCheckButton:Item not found");
CID 1397204: Null pointer dereferences (NULL_RETURNS)
Dereferencing a pointer that might be null "pItem" when calling "GetType". (The dereference
happens because this is a virtual function call.)
225 if (pItem->GetType() == SvLBoxItemType::Button)
226 {
227 if (bCheck)
228 pItem->SetStateChecked();
229 else
230 pItem->SetStateUnchecked();
** CID 1397203: Null pointer dereferences (FORWARD_NULL)
/sw/source/core/layout/anchoreddrawobject.cxx: 66 in SwPosNotify::~SwPosNotify()()
________________________________________________________________________________________________________
*** CID 1397203: Null pointer dereferences (FORWARD_NULL)
/sw/source/core/layout/anchoreddrawobject.cxx: 66 in SwPosNotify::~SwPosNotify()()
60 }
61
62 SwPosNotify::~SwPosNotify()
63 {
64 if ( maOldObjRect != mpAnchoredDrawObj->GetObjRect() )
65 {
CID 1397203: Null pointer dereferences (FORWARD_NULL)
Comparing "this->mpOldPageFrame" to null implies that "this->mpOldPageFrame" might be null.
66 if( maOldObjRect.HasArea() && mpOldPageFrame )
67 {
68 mpAnchoredDrawObj->NotifyBackground( mpOldPageFrame, maOldObjRect,
69 PREP_FLY_LEAVE );
70 }
71 SwRect aNewObjRect( mpAnchoredDrawObj->GetObjRect() );
** CID 1397202: (CHECKED_RETURN)
/sc/source/filter/xml/xmlcondformat.cxx: 230 in
ScXMLDataBarFormatContext::ScXMLDataBarFormatContext(ScXMLImport &, unsigned short, const
rtl::OUString &, const com::sun::star::uno::Reference<com::sun::star::xml::sax::XAttributeList> &,
ScConditionalFormat *)()
/sc/source/filter/xml/xmlcondformat.cxx: 269 in
ScXMLDataBarFormatContext::ScXMLDataBarFormatContext(ScXMLImport &, unsigned short, const
rtl::OUString &, const com::sun::star::uno::Reference<com::sun::star::xml::sax::XAttributeList> &,
ScConditionalFormat *)()
________________________________________________________________________________________________________
*** CID 1397202: (CHECKED_RETURN)
/sc/source/filter/xml/xmlcondformat.cxx: 230 in
ScXMLDataBarFormatContext::ScXMLDataBarFormatContext(ScXMLImport &, unsigned short, const
rtl::OUString &, const com::sun::star::uno::Reference<com::sun::star::xml::sax::XAttributeList> &,
ScConditionalFormat *)()
224 mpDataBarFormat = new ScDataBarFormat(rImport.GetDocument());
225 mpFormatData = new ScDataBarFormatData();
226 mpDataBarFormat->SetDataBarData(mpFormatData);
227 if(!sGradient.isEmpty())
228 {
229 bool bGradient = true;
CID 1397202: (CHECKED_RETURN)
Calling "convertBool" without checking return value (as is done elsewhere 73 out of 81
times).
230 sax::Converter::convertBool( bGradient, sGradient);
231 mpFormatData->mbGradient = bGradient;
232 }
233
234 if(!sPositiveColor.isEmpty())
235 {
/sc/source/filter/xml/xmlcondformat.cxx: 269 in
ScXMLDataBarFormatContext::ScXMLDataBarFormatContext(ScXMLImport &, unsigned short, const
rtl::OUString &, const com::sun::star::uno::Reference<com::sun::star::xml::sax::XAttributeList> &,
ScConditionalFormat *)()
263 mpFormatData->maAxisColor = Color(nColor);
264 }
265
266 if(!sShowValue.isEmpty())
267 {
268 bool bShowValue = true;
CID 1397202: (CHECKED_RETURN)
Calling "convertBool" without checking return value (as is done elsewhere 73 out of 81
times).
269 sax::Converter::convertBool( bShowValue, sShowValue );
270 mpFormatData->mbOnlyBar = !bShowValue;
271 }
272
273 if (!sMinLength.isEmpty())
274 {
** CID 1397201: Error handling issues (CHECKED_RETURN)
/sc/source/filter/xml/xmlcondformat.cxx: 369 in
ScXMLIconSetFormatContext::ScXMLIconSetFormatContext(ScXMLImport &, unsigned short, const
rtl::OUString &, const com::sun::star::uno::Reference<com::sun::star::xml::sax::XAttributeList> &,
ScConditionalFormat *)()
________________________________________________________________________________________________________
*** CID 1397201: Error handling issues (CHECKED_RETURN)
/sc/source/filter/xml/xmlcondformat.cxx: 369 in
ScXMLIconSetFormatContext::ScXMLIconSetFormatContext(ScXMLImport &, unsigned short, const
rtl::OUString &, const com::sun::star::uno::Reference<com::sun::star::xml::sax::XAttributeList> &,
ScConditionalFormat *)()
363 ScIconSetFormat* pIconSetFormat = new ScIconSetFormat(GetScImport().GetDocument());
364 ScIconSetFormatData* pIconSetFormatData = new ScIconSetFormatData;
365
366 if(!sShowValue.isEmpty())
367 {
368 bool bShowValue = true;
CID 1397201: Error handling issues (CHECKED_RETURN)
Calling "convertBool" without checking return value (as is done elsewhere 73 out of 81
times).
369 sax::Converter::convertBool( bShowValue, sShowValue );
370 pIconSetFormatData->mbShowValue = !bShowValue;
371 }
372
373 pIconSetFormatData->eIconSetType = eType;
374 pIconSetFormat->SetIconSetData(pIconSetFormatData);
** CID 1397200: Error handling issues (CHECKED_RETURN)
/sfx2/source/appl/appmisc.cxx: 221 in SfxApplication::GetApplicationLogo(long)()
________________________________________________________________________________________________________
*** CID 1397200: Error handling issues (CHECKED_RETURN)
/sfx2/source/appl/appmisc.cxx: 221 in SfxApplication::GetApplicationLogo(long)()
215
216 /** loads the application logo as used in the impress slideshow pause screen */
217 BitmapEx SfxApplication::GetApplicationLogo(long nWidth)
218 {
219 BitmapEx aBitmap;
220 SfxApplication::loadBrandSvg("flat_logo", aBitmap, nWidth);
CID 1397200: Error handling issues (CHECKED_RETURN)
Calling "LoadBrandBitmap" without checking return value (as is done elsewhere 4 out of 5
times).
221 Application::LoadBrandBitmap ("about", aBitmap);
222 return aBitmap;
223 }
224
** CID 1394416: Memory - illegal accesses (OVERRUN)
/sw/source/filter/ww8/ww8scan.cxx: 2538 in WW8PLCFx_Fc_FKP::WW8Fkp::WW8Fkp(const WW8Fib &, SvStream
*, SvStream *, long, long, ePLCFT, int)()
________________________________________________________________________________________________________
*** CID 1394416: Memory - illegal accesses (OVERRUN)
/sw/source/filter/ww8/ww8scan.cxx: 2538 in WW8PLCFx_Fc_FKP::WW8Fkp::WW8Fkp(const WW8Fib &, SvStream
*, SvStream *, long, long, ePLCFT, int)()
2532 /*
2533 If we replace then we throw away the old data, if we
2534 are expanding, then we tack the old data onto the end
2535 of the new data
2536 */
2537 bool bExpand = IsExpandableSprm(nSpId);
CID 1394416: Memory - illegal accesses (OVERRUN)
Assigning: "pStartData" = "aEntry.mpData + 2". "pStartData" may now point between bytes 11
and 512 (inclusive) of "this->maRawData" (which consists of 512 bytes).
2538 const sal_uInt8* pStartData = aEntry.mpData + 2;
2539 const sal_uInt8* pLastValidDataPos = maRawData + 512 -
sizeof(sal_uInt32);
2540 if ((IsReplaceAllSprm(nSpId) || bExpand) && pStartData <=
pLastValidDataPos)
2541 {
2542 sal_uInt32 nCurr = pDataSt->Tell();
2543 sal_uInt32 nPos = SVBT32ToUInt32(pStartData);
** CID 1374076: Error handling issues (UNCAUGHT_EXCEPT)
/xmlsecurity/workben/pdfverify.cxx: 25 in main()
________________________________________________________________________________________________________
*** CID 1374076: Error handling issues (UNCAUGHT_EXCEPT)
/xmlsecurity/workben/pdfverify.cxx: 25 in main()
19 #include <sal/main.h>
20
21 #include <pdfio/pdfdocument.hxx>
22
23 using namespace com::sun::star;
24
CID 1374076: Error handling issues (UNCAUGHT_EXCEPT)
In function "main(int, char **)" an exception of type "std::length_error" is thrown and
never caught.
25 SAL_IMPLEMENT_MAIN_WITH_ARGS(nArgc, pArgv)
26 {
27 if (nArgc < 2)
28 {
29 SAL_WARN("xmlsecurity.pdfio", "not enough parameters");
30 return 1;
** CID 1374075: Error handling issues (UNCAUGHT_EXCEPT)
/xmlsecurity/workben/pdfverify.cxx: 25 in main()
________________________________________________________________________________________________________
*** CID 1374075: Error handling issues (UNCAUGHT_EXCEPT)
/xmlsecurity/workben/pdfverify.cxx: 25 in main()
19 #include <sal/main.h>
20
21 #include <pdfio/pdfdocument.hxx>
22
23 using namespace com::sun::star;
24
CID 1374075: Error handling issues (UNCAUGHT_EXCEPT)
In function "main(int, char **)" an exception of type
"com::sun::star::uno::DeploymentException" is thrown and never caught.
25 SAL_IMPLEMENT_MAIN_WITH_ARGS(nArgc, pArgv)
26 {
27 if (nArgc < 2)
28 {
29 SAL_WARN("xmlsecurity.pdfio", "not enough parameters");
30 return 1;
** CID 1371220: Low impact quality (MISSING_MOVE_ASSIGNMENT)
/include/svl/svdde.hxx: 53 in ()
________________________________________________________________________________________________________
*** CID 1371220: Low impact quality (MISSING_MOVE_ASSIGNMENT)
/include/svl/svdde.hxx: 53 in ()
47
48 typedef ::std::vector< DdeService* > DdeServices;
49 typedef ::std::vector< long > DdeFormats;
50 typedef ::std::vector< Conversation* > ConvList;
51
52
CID 1371220: Low impact quality (MISSING_MOVE_ASSIGNMENT)
Class "DdeData" may benefit from adding a move assignment operator. See other events which
show the copy assignment operator being applied to rvalue(s), where a move assignment may be
faster.
53 class SVL_DLLPUBLIC DdeData
54 {
55 friend class DdeInternal;
56 friend class DdeService;
57 friend class DdeConnection;
58 friend class DdeTransaction;
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit,
https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRZBnDJeNb0HijxaS4JNJPxk3kpyAm2AYqo71yXmnOxB72ibeUH-2F-2F1Lhi9AZq3dRu-2F4-3D_g-2BrHdvqzaBa155F-2F8AmPhpJzY63UzWDisJV95WUBpGhqFw1ICExHG8aMaV2EoFpySWNurGZWaFtY-2BAGgN49CK3AATPFRGtPX0kNty-2BwHMWB7PAeIMj8PEdzK-2FIQnvkeWOgAM3KeVzpMwZO9ZxoSjJqTpH5j6myed0ldre6BaVJLwaItHli5h7d5ABwPzPngyPCH-2B020SNQlSSvMoFyBOm09Q-2BR8kOnOb7RPaaLNxOBk-3D
To manage Coverity Scan email notifications for "libreoffice@lists.freedesktop.org", click
https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4k1FZJSDV-2FTHi5VQof9xGafB4oBwGYxuHHknceo2QLpCrZ44Ciy7AqBR2QyX6OCB5N5X-2B1MAElavPQhH6nLwozJzqOkt2k8uOkYf2ZoppNa9QVe0T3fEZVQ7Kky1tOkLz_g-2BrHdvqzaBa155F-2F8AmPhpJzY63UzWDisJV95WUBpGhqFw1ICExHG8aMaV2EoFpySWNurGZWaFtY-2BAGgN49CK3trAizMeo9JRei2wiz08IUH8TcmeFMjps3JOrO05yGEPOGJ8sLEl77Qafz1wkPQe-2FeDlJRh-2FMJzXC1dt9y4jT4PtPquN-2BgafApH8kAFam-2FHLGZB5tUej9bCb3fIvGAPXH9DnawuJGVMB1w-2BdLDkkaw-3D
Context
- New Defects reported by Coverity Scan for LibreOffice · scan-admin
Privacy Policy |
Impressum (Legal Info) |
Copyright information: Unless otherwise specified, all text and images
on this website are licensed under the
Creative Commons Attribution-Share Alike 3.0 License.
This does not include the source code of LibreOffice, which is
licensed under the Mozilla Public License (
MPLv2).
"LibreOffice" and "The Document Foundation" are
registered trademarks of their corresponding registered owners or are
in actual use as trademarks in one or more countries. Their respective
logos and icons are also subject to international copyright laws. Use
thereof is explained in our
trademark policy.