Hi,
Please find the latest report on new defect(s) introduced to LibreOffice found with Coverity Scan.
3 new defect(s) introduced to LibreOffice found with Coverity Scan.
41 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by
Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 3 of 3 defect(s)
** CID 1399552: Integer handling issues (SIGN_EXTENSION)
/vcl/source/filter/sgfbram.cxx: 297 in SgfFilterBMap(SvStream &, SvStream &, SgfHeader &, SgfEntry
&)()
________________________________________________________________________________________________________
*** CID 1399552: Integer handling issues (SIGN_EXTENSION)
/vcl/source/filter/sgfbram.cxx: 297 in SgfFilterBMap(SvStream &, SvStream &, SgfHeader &, SgfEntry
&)()
291 }
292 } else if (nColors==256) {
293
294 //we're going to loop Ysize * XSize on GetByte, max compression for GetByte is a
run of 63
295 //if we're less than that (and add a generous amount of wriggle room) then its not
going
296 //to fly
CID 1399552: Integer handling issues (SIGN_EXTENSION)
Suspicious implicit sign extension: "rHead.Ysize" with type "sal_uInt16" (16 bits,
unsigned) is promoted in "rHead.Xsize * rHead.Ysize / 128" to type "int" (32 bits, signed),
then sign-extended to type "unsigned long" (64 bits, unsigned). If "rHead.Xsize * rHead.Ysize
/ 128" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
297 const sal_uInt64 nMinBytesPossiblyNeeded = rHead.Xsize * rHead.Ysize / 128;
298 if (rInp.remainingSize() < nMinBytesPossiblyNeeded)
299 return false;
300
301 cRGB[3]=0; // fourth palette entry for BMP
302 for (sal_uInt16 i=0;i<256;i++) { // copy palette
** CID 1399551: Integer handling issues (SIGN_EXTENSION)
/vcl/source/filter/sgfbram.cxx: 297 in SgfFilterBMap(SvStream &, SvStream &, SgfHeader &, SgfEntry
&)()
________________________________________________________________________________________________________
*** CID 1399551: Integer handling issues (SIGN_EXTENSION)
/vcl/source/filter/sgfbram.cxx: 297 in SgfFilterBMap(SvStream &, SvStream &, SgfHeader &, SgfEntry
&)()
291 }
292 } else if (nColors==256) {
293
294 //we're going to loop Ysize * XSize on GetByte, max compression for GetByte is a
run of 63
295 //if we're less than that (and add a generous amount of wriggle room) then its not
going
296 //to fly
CID 1399551: Integer handling issues (SIGN_EXTENSION)
Suspicious implicit sign extension: "rHead.Xsize" with type "sal_uInt16" (16 bits,
unsigned) is promoted in "rHead.Xsize * rHead.Ysize / 128" to type "int" (32 bits, signed),
then sign-extended to type "unsigned long" (64 bits, unsigned). If "rHead.Xsize * rHead.Ysize
/ 128" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
297 const sal_uInt64 nMinBytesPossiblyNeeded = rHead.Xsize * rHead.Ysize / 128;
298 if (rInp.remainingSize() < nMinBytesPossiblyNeeded)
299 return false;
300
301 cRGB[3]=0; // fourth palette entry for BMP
302 for (sal_uInt16 i=0;i<256;i++) { // copy palette
** CID 1399550: Null pointer dereferences (FORWARD_NULL)
/sd/source/ui/unoidl/unopage.cxx: 2706 in SdMasterPage::SdMasterPage(SdXImpressDocument *, SdPage
*)()
________________________________________________________________________________________________________
*** CID 1399550: Null pointer dereferences (FORWARD_NULL)
/sd/source/ui/unoidl/unopage.cxx: 2706 in SdMasterPage::SdMasterPage(SdXImpressDocument *, SdPage
*)()
2700 return Any( Reference< XIndexAccess >( this ) );
2701 }
2702 }
2703
2704 // class SdMasterPage
2705 SdMasterPage::SdMasterPage( SdXImpressDocument* pModel, SdPage* pPage ) throw()
CID 1399550: Null pointer dereferences (FORWARD_NULL)
Comparing "pPage" to null implies that "pPage" might be null.
2706 : SdGenericDrawPage( pModel, pPage, ImplGetMasterPagePropertySet( pPage ?
pPage->GetPageKind() : PageKind::Standard ) )
2707 {
2708 }
2709
2710 SdMasterPage::~SdMasterPage() throw()
2711 {
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit,
https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRZBnDJeNb0HijxaS4JNJPxk3kpyAm2AYqo71yXmnOxB72ibeUH-2F-2F1Lhi9AZq3dRu-2F4-3D_g-2BrHdvqzaBa155F-2F8AmPhpJzY63UzWDisJV95WUBpGhqFw1ICExHG8aMaV2EoFpyto4qO066Rh0hXrp2oBZ4b-2Bxsdz-2FWSMWLQW9tdkWAtJPhX9rQ-2BdJDOkcVNWRxD2LkCdzRYe7U4AUYhcJ46wAl3SSTVnEj-2BY6ugYp4Wp1mcWPhAooe2SPvPdlgXMLUdnv8T3OY4DHD7MjcczCHZAaDqbOZ-2Fl29vhBGGjHNuUrJw6M-3D
To manage Coverity Scan email notifications for "libreoffice@lists.freedesktop.org", click
https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4k1FZJSDV-2FTHi5VQof9xGafB4oBwGYxuHHknceo2QLpCrZ44Ciy7AqBR2QyX6OCB5N5X-2B1MAElavPQhH6nLwozJzqOkt2k8uOkYf2ZoppNa9QVe0T3fEZVQ7Kky1tOkLz_g-2BrHdvqzaBa155F-2F8AmPhpJzY63UzWDisJV95WUBpGhqFw1ICExHG8aMaV2EoFpyto4qO066Rh0hXrp2oBZ4b3D0KqVkUuGGCYkHeQakyfsodAXK2sUR9sBlz1uBsTZLCodXzySSbISNv3HYjWTQk80fb7jVhkLzH3PWefc0i0EO3tPKc4U48mus-2BzFB50gL4o4ctJ-2BYDsg1A8j2Ua0euaW27iJbYwYbqUyqD9xTF-2F0-3D
Context
- New Defects reported by Coverity Scan for LibreOffice · scan-admin
Privacy Policy |
Impressum (Legal Info) |
Copyright information: Unless otherwise specified, all text and images
on this website are licensed under the
Creative Commons Attribution-Share Alike 3.0 License.
This does not include the source code of LibreOffice, which is
licensed under the Mozilla Public License (
MPLv2).
"LibreOffice" and "The Document Foundation" are
registered trademarks of their corresponding registered owners or are
in actual use as trademarks in one or more countries. Their respective
logos and icons are also subject to international copyright laws. Use
thereof is explained in our
trademark policy.