Date: prev next · Thread: first prev next last
2017 Archives by date, by thread · List index



Hi,

Please find the latest report on new defect(s) introduced to LibreOffice found with Coverity Scan.

200 new defect(s) introduced to LibreOffice found with Coverity Scan.
6 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by 
Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 20 of 200 defect(s)


** CID 1400341:  Uninitialized members  (UNINIT_CTOR)
/workdir/UnpackedTarball/pdfium/core/fxge/dib/fx_dib_main.cpp: 1476 in 
CFX_ImageRenderer::CFX_ImageRenderer()()


________________________________________________________________________________________________________
*** CID 1400341:  Uninitialized members  (UNINIT_CTOR)
/workdir/UnpackedTarball/pdfium/core/fxge/dib/fx_dib_main.cpp: 1476 in 
CFX_ImageRenderer::CFX_ImageRenderer()()
1470     }
1471     
1472     CFX_ImageRenderer::CFX_ImageRenderer() {
1473       m_Status = 0;
1474       m_bRgbByteOrder = false;
1475       m_BlendType = FXDIB_BLEND_NORMAL;
    CID 1400341:  Uninitialized members  (UNINIT_CTOR)
    Non-static class member "m_pIccTransform" is not initialized in this constructor nor in any 
functions that it calls.
1476     }
1477     
1478     CFX_ImageRenderer::~CFX_ImageRenderer() {}
1479     
1480     bool CFX_ImageRenderer::Start(CFX_DIBitmap* pDevice,
1481                                   const CFX_ClipRgn* pClipRgn,

** CID 1400340:  Uninitialized members  (UNINIT_CTOR)
/workdir/UnpackedTarball/pdfium/core/fpdfapi/render/cpdf_charposlist.cpp: 14 in 
CPDF_CharPosList::CPDF_CharPosList()()


________________________________________________________________________________________________________
*** CID 1400340:  Uninitialized members  (UNINIT_CTOR)
/workdir/UnpackedTarball/pdfium/core/fpdfapi/render/cpdf_charposlist.cpp: 14 in 
CPDF_CharPosList::CPDF_CharPosList()()
8     
9     #include "core/fpdfapi/font/cpdf_cidfont.h"
10     #include "core/fpdfapi/font/cpdf_font.h"
11     
12     CPDF_CharPosList::CPDF_CharPosList() {
13       m_pCharPos = nullptr;
    CID 1400340:  Uninitialized members  (UNINIT_CTOR)
    Non-static class member "m_nChars" is not initialized in this constructor nor in any 
functions that it calls.
14     }
15     
16     CPDF_CharPosList::~CPDF_CharPosList() {
17       FX_Free(m_pCharPos);
18     }
19     

** CID 1400339:  Uninitialized members  (UNINIT_CTOR)
/workdir/UnpackedTarball/pdfium/core/fpdfapi/page/cpdf_streamcontentparser.cpp: 293 in 
CPDF_StreamContentParser::CPDF_StreamContentParser(CPDF_Document *, CPDF_Dictionary *, 
CPDF_Dictionary *, const CFX_Matrix *, CPDF_PageObjectHolder *, CPDF_Dictionary *, CFX_FloatRect *, 
CPDF_AllStates *, int)()


________________________________________________________________________________________________________
*** CID 1400339:  Uninitialized members  (UNINIT_CTOR)
/workdir/UnpackedTarball/pdfium/core/fpdfapi/page/cpdf_streamcontentparser.cpp: 293 in 
CPDF_StreamContentParser::CPDF_StreamContentParser(CPDF_Document *, CPDF_Dictionary *, 
CPDF_Dictionary *, const CFX_Matrix *, CPDF_PageObjectHolder *, CPDF_Dictionary *, CFX_FloatRect *, 
CPDF_AllStates *, int)()
287         m_pCurStates->m_TextState.Emplace();
288         m_pCurStates->m_ColorState.Emplace();
289       }
290       for (size_t i = 0; i < FX_ArraySize(m_Type3Data); ++i) {
291         m_Type3Data[i] = 0.0;
292       }
    CID 1400339:  Uninitialized members  (UNINIT_CTOR)
    Non-static class member "m_PathStartY" is not initialized in this constructor nor in any 
functions that it calls.
293     }
294     
295     CPDF_StreamContentParser::~CPDF_StreamContentParser() {
296       ClearAllParams();
297       FX_Free(m_pPathPoints);
298     }

** CID 1400338:  Uninitialized members  (UNINIT_CTOR)
/workdir/UnpackedTarball/pdfium/core/fxcodec/jbig2/JBig2_Context.cpp: 68 in 
CJBig2_Context::CJBig2_Context(CPDF_StreamAcc *, CPDF_StreamAcc *, 
std::__cxx11::list<std::pair<std::pair<unsigned int, unsigned int>, 
std::unique_ptr<CJBig2_SymbolDict, std::default_delete<CJBig2_SymbolDict>>>, 
std::allocator<std::pair<std::pair<unsigned int, unsigned int>, std::unique_ptr<CJBig2_SymbolDict, 
std::default_delete<CJBig2_SymbolDict>>>>> *, IFX_Pause *, bool)()


________________________________________________________________________________________________________
*** CID 1400338:  Uninitialized members  (UNINIT_CTOR)
/workdir/UnpackedTarball/pdfium/core/fxcodec/jbig2/JBig2_Context.cpp: 68 in 
CJBig2_Context::CJBig2_Context(CPDF_StreamAcc *, CPDF_StreamAcc *, 
std::__cxx11::list<std::pair<std::pair<unsigned int, unsigned int>, 
std::unique_ptr<CJBig2_SymbolDict, std::default_delete<CJBig2_SymbolDict>>>, 
std::allocator<std::pair<std::pair<unsigned int, unsigned int>, std::unique_ptr<CJBig2_SymbolDict, 
std::default_delete<CJBig2_SymbolDict>>>>> *, IFX_Pause *, bool)()
62           m_bIsGlobal(bIsGlobal) {
63       if (pGlobalStream && (pGlobalStream->GetSize() > 0)) {
64         m_pGlobalContext = pdfium::MakeUnique<CJBig2_Context>(
65             nullptr, pGlobalStream, pSymbolDictCache, pPause, true);
66       }
67       m_pStream = pdfium::MakeUnique<CJBig2_BitStream>(pSrcStream);
    CID 1400338:  Uninitialized members  (UNINIT_CTOR)
    Non-static class member field "m_ri.flags" is not initialized in this constructor nor in 
any functions that it calls.
68     }
69     
70     CJBig2_Context::~CJBig2_Context() {}
71     
72     int32_t CJBig2_Context::decode_SquentialOrgnazation(IFX_Pause* pPause) {
73       int32_t nRet;

** CID 1400337:  Uninitialized members  (UNINIT_CTOR)
/workdir/UnpackedTarball/pdfium/core/fxge/dib/fx_dib_composite.cpp: 4017 in 
CFX_ScanlineCompositor::CFX_ScanlineCompositor()()


________________________________________________________________________________________________________
*** CID 1400337:  Uninitialized members  (UNINIT_CTOR)
/workdir/UnpackedTarball/pdfium/core/fxge/dib/fx_dib_composite.cpp: 4017 in 
CFX_ScanlineCompositor::CFX_ScanlineCompositor()()
4011     CFX_ScanlineCompositor::CFX_ScanlineCompositor() {
4012       m_pSrcPalette = nullptr;
4013       m_pCacheScanline = nullptr;
4014       m_CacheSize = 0;
4015       m_bRgbByteOrder = false;
4016       m_BlendType = FXDIB_BLEND_NORMAL;
    CID 1400337:  Uninitialized members  (UNINIT_CTOR)
    Non-static class member "m_pIccTransform" is not initialized in this constructor nor in any 
functions that it calls.
4017     }
4018     
4019     CFX_ScanlineCompositor::~CFX_ScanlineCompositor() {
4020       FX_Free(m_pSrcPalette);
4021       FX_Free(m_pCacheScanline);
4022     }

** CID 1400336:  Uninitialized members  (UNINIT_CTOR)
/workdir/UnpackedTarball/pdfium/third_party/agg23/agg_scanline_u.h: 54 in agg::scanline_u<unsigned 
char>::scanline_u()()


________________________________________________________________________________________________________
*** CID 1400336:  Uninitialized members  (UNINIT_CTOR)
/workdir/UnpackedTarball/pdfium/third_party/agg23/agg_scanline_u.h: 54 in agg::scanline_u<unsigned 
char>::scanline_u()()
48             m_min_x(0),
49             m_max_len(0),
50             m_last_x(0x7FFFFFF0),
51             m_covers(0),
52             m_spans(0),
53             m_cur_span(0)
    CID 1400336:  Uninitialized members  (UNINIT_CTOR)
    Non-static class member "m_y" is not initialized in this constructor nor in any functions 
that it calls.
54         {}
55         void reset(int min_x, int max_x)
56         {
57             unsigned max_len = max_x - min_x + 2;
58             if(max_len > m_max_len) {
59                 FX_Free(m_spans);

** CID 1400335:  Uninitialized members  (UNINIT_CTOR)
/workdir/UnpackedTarball/pdfium/core/fpdfapi/parser/cpdf_data_avail.cpp: 81 in 
CPDF_DataAvail::CPDF_DataAvail(CPDF_DataAvail::FileAvail *, const 
CFX_RetainPtr<IFX_SeekableReadStream> &, bool)()


________________________________________________________________________________________________________
*** CID 1400335:  Uninitialized members  (UNINIT_CTOR)
/workdir/UnpackedTarball/pdfium/core/fpdfapi/parser/cpdf_data_avail.cpp: 81 in 
CPDF_DataAvail::CPDF_DataAvail(CPDF_DataAvail::FileAvail *, const 
CFX_RetainPtr<IFX_SeekableReadStream> &, bool)()
75       m_pPageResource = nullptr;
76       m_docStatus = PDF_DATAAVAIL_HEADER;
77       m_bTotalLoadPageTree = false;
78       m_bCurPageDictLoadOK = false;
79       m_bLinearedDataOK = false;
80       m_bSupportHintTable = bSupportHintTable;
    CID 1400335:  Uninitialized members  (UNINIT_CTOR)
    Non-static class member "m_dwTrailerOffset" is not initialized in this constructor nor in 
any functions that it calls.
81     }
82     
83     CPDF_DataAvail::~CPDF_DataAvail() {
84       m_pHintTables.reset();
85       for (CPDF_Object* pObject : m_arrayAcroforms)
86         delete pObject;

** CID 1400334:  Uninitialized members  (UNINIT_CTOR)
/workdir/UnpackedTarball/pdfium/core/fxcrt/fx_xml_parser.cpp: 724 in 
CXML_Element::CXML_Element(const CFX_StringCTemplate<char> &, const CFX_StringCTemplate<char> &)()


________________________________________________________________________________________________________
*** CID 1400334:  Uninitialized members  (UNINIT_CTOR)
/workdir/UnpackedTarball/pdfium/core/fxcrt/fx_xml_parser.cpp: 724 in 
CXML_Element::CXML_Element(const CFX_StringCTemplate<char> &, const CFX_StringCTemplate<char> &)()
718     CXML_Element::CXML_Element() : m_QSpaceName(), m_TagName(), m_AttrMap() {}
719     CXML_Element::CXML_Element(const CFX_ByteStringC& qSpace,
720                                const CFX_ByteStringC& tagName)
721         : m_QSpaceName(), m_TagName(), m_AttrMap() {
722       m_QSpaceName = qSpace;
723       m_TagName = tagName;
    CID 1400334:  Uninitialized members  (UNINIT_CTOR)
    Non-static class member "m_pParent" is not initialized in this constructor nor in any 
functions that it calls.
724     }
725     CXML_Element::CXML_Element(const CFX_ByteStringC& qTagName)
726         : m_pParent(nullptr), m_QSpaceName(), m_TagName(), m_AttrMap() {
727       SetTag(qTagName);
728     }
729     CXML_Element::~CXML_Element() {

** CID 1400333:    (UNINIT)
/workdir/UnpackedTarball/pdfium/fpdfsdk/cpdfsdk_baannot.cpp: 124 in 
CPDFSDK_BAAnnot::SetModifiedDate(const FX_SYSTEMTIME &)()
/workdir/UnpackedTarball/pdfium/fpdfsdk/cpdfsdk_baannot.cpp: 124 in 
CPDFSDK_BAAnnot::SetModifiedDate(const FX_SYSTEMTIME &)()


________________________________________________________________________________________________________
*** CID 1400333:    (UNINIT)
/workdir/UnpackedTarball/pdfium/fpdfsdk/cpdfsdk_baannot.cpp: 124 in 
CPDFSDK_BAAnnot::SetModifiedDate(const FX_SYSTEMTIME &)()
118     
119     CFX_WideString CPDFSDK_BAAnnot::GetAnnotName() const {
120       return m_pAnnot->GetAnnotDict()->GetUnicodeTextFor("NM");
121     }
122     
123     void CPDFSDK_BAAnnot::SetModifiedDate(const FX_SYSTEMTIME& st) {
    CID 1400333:    (UNINIT)
    Declaring variable "dt".
124       CPDFSDK_DateTime dt(st);
125       CFX_ByteString str = dt.ToPDFDateTimeString();
126       if (str.IsEmpty())
127         m_pAnnot->GetAnnotDict()->RemoveFor("M");
128       else
129         m_pAnnot->GetAnnotDict()->SetNewFor<CPDF_String>("M", str, false);
/workdir/UnpackedTarball/pdfium/fpdfsdk/cpdfsdk_baannot.cpp: 124 in 
CPDFSDK_BAAnnot::SetModifiedDate(const FX_SYSTEMTIME &)()
118     
119     CFX_WideString CPDFSDK_BAAnnot::GetAnnotName() const {
120       return m_pAnnot->GetAnnotDict()->GetUnicodeTextFor("NM");
121     }
122     
123     void CPDFSDK_BAAnnot::SetModifiedDate(const FX_SYSTEMTIME& st) {
    CID 1400333:    (UNINIT)
    Declaring variable "dt".
124       CPDFSDK_DateTime dt(st);
125       CFX_ByteString str = dt.ToPDFDateTimeString();
126       if (str.IsEmpty())
127         m_pAnnot->GetAnnotDict()->RemoveFor("M");
128       else
129         m_pAnnot->GetAnnotDict()->SetNewFor<CPDF_String>("M", str, false);

** CID 1400332:  Insecure data handling  (TAINTED_SCALAR)
/workdir/UnpackedTarball/pdfium/core/fxge/ge/cfx_folderfontinfo.cpp: 52 in 
<unnamed>::FPDF_LoadTableFromTT(_IO_FILE *, const unsigned char *, unsigned int, unsigned int)()


________________________________________________________________________________________________________
*** CID 1400332:  Insecure data handling  (TAINTED_SCALAR)
/workdir/UnpackedTarball/pdfium/core/fxge/ge/cfx_folderfontinfo.cpp: 52 in 
<unnamed>::FPDF_LoadTableFromTT(_IO_FILE *, const unsigned char *, unsigned int, unsigned int)()
46                                         uint32_t nTables,
47                                         uint32_t tag) {
48       for (uint32_t i = 0; i < nTables; i++) {
49         const uint8_t* p = pTables + i * 16;
50         if (GET_TT_LONG(p) == tag) {
51           uint32_t offset = GET_TT_LONG(p + 8);
    CID 1400332:  Insecure data handling  (TAINTED_SCALAR)
    Assigning: "size" = "(uint32_t)((p + 12[0] << 24) | (p + 12[1] << 16) | (p + 12[2] << 8) | 
p + 12[3])". Both are now tainted.
52           uint32_t size = GET_TT_LONG(p + 12);
53           FXSYS_fseek(pFile, offset, FXSYS_SEEK_SET);
54           return FPDF_ReadStringFromFile(pFile, size);
55         }
56       }
57       return CFX_ByteString();

** CID 1400331:    (TAINTED_SCALAR)
/workdir/UnpackedTarball/pdfium/core/fpdfapi/font/ttgsubtable.cpp: 254 in 
CFX_CTTGSUBTable::ParseScriptList(const unsigned char *, CFX_CTTGSUBTable::TScriptList *)()
/workdir/UnpackedTarball/pdfium/core/fpdfapi/font/ttgsubtable.cpp: 254 in 
CFX_CTTGSUBTable::ParseScriptList(const unsigned char *, CFX_CTTGSUBTable::TScriptList *)()


________________________________________________________________________________________________________
*** CID 1400331:    (TAINTED_SCALAR)
/workdir/UnpackedTarball/pdfium/core/fpdfapi/font/ttgsubtable.cpp: 254 in 
CFX_CTTGSUBTable::ParseScriptList(const unsigned char *, CFX_CTTGSUBTable::TScriptList *)()
248       int i;
249       FT_Bytes sp = raw;
250       rec->ScriptCount = GetUInt16(sp);
251       if (rec->ScriptCount <= 0) {
252         return;
253       }
    CID 1400331:    (TAINTED_SCALAR)
    Passing tainted variable "<new (context.alloc) allocation size>" to a tainted sink.
254       rec->ScriptRecord.reset(new TScriptRecord[rec->ScriptCount]);
255       for (i = 0; i < rec->ScriptCount; i++) {
256         rec->ScriptRecord[i].ScriptTag = GetUInt32(sp);
257         uint16_t offset = GetUInt16(sp);
258         ParseScript(&raw[offset], &rec->ScriptRecord[i].Script);
259       }
/workdir/UnpackedTarball/pdfium/core/fpdfapi/font/ttgsubtable.cpp: 254 in 
CFX_CTTGSUBTable::ParseScriptList(const unsigned char *, CFX_CTTGSUBTable::TScriptList *)()
248       int i;
249       FT_Bytes sp = raw;
250       rec->ScriptCount = GetUInt16(sp);
251       if (rec->ScriptCount <= 0) {
252         return;
253       }
    CID 1400331:    (TAINTED_SCALAR)
    Using tainted variable "<new (context.alloc) [] element count>" as a loop boundary.
254       rec->ScriptRecord.reset(new TScriptRecord[rec->ScriptCount]);
255       for (i = 0; i < rec->ScriptCount; i++) {
256         rec->ScriptRecord[i].ScriptTag = GetUInt32(sp);
257         uint16_t offset = GetUInt16(sp);
258         ParseScript(&raw[offset], &rec->ScriptRecord[i].Script);
259       }

** CID 1400330:    (TAINTED_SCALAR)


________________________________________________________________________________________________________
*** CID 1400330:    (TAINTED_SCALAR)
/workdir/UnpackedTarball/pdfium/core/fxcodec/jbig2/JBig2_Context.cpp: 1027 in 
CJBig2_Context::parseHalftoneRegion(CJBig2_Segment *, IFX_Pause *)()
1021         const size_t size = GetHuffContextSize(pHRD->HTEMPLATE);
1022         std::unique_ptr<JBig2ArithCtx, FxFreeDeleter> gbContext(
1023             FX_Alloc(JBig2ArithCtx, size));
1024         JBIG2_memset(gbContext.get(), 0, sizeof(JBig2ArithCtx) * size);
1025         std::unique_ptr<CJBig2_ArithDecoder> pArithDecoder(
1026             new CJBig2_ArithDecoder(m_pStream.get()));
    CID 1400330:    (TAINTED_SCALAR)
    Passing tainted variable "pHRD->HGH" to a tainted sink.
1027         pSegment->m_Result.im =
1028             pHRD->decode_Arith(pArithDecoder.get(), gbContext.get(), pPause);
1029         if (!pSegment->m_Result.im)
1030           return JBIG2_ERROR_FATAL;
1031     
1032         m_pStream->alignByte();
/workdir/UnpackedTarball/pdfium/core/fxcodec/jbig2/JBig2_Context.cpp: 1035 in 
CJBig2_Context::parseHalftoneRegion(CJBig2_Segment *, IFX_Pause *)()
1029         if (!pSegment->m_Result.im)
1030           return JBIG2_ERROR_FATAL;
1031     
1032         m_pStream->alignByte();
1033         m_pStream->offset(2);
1034       } else {
    CID 1400330:    (TAINTED_SCALAR)
    Passing tainted variable "pHRD->HGH" to a tainted sink.
1035         pSegment->m_Result.im = pHRD->decode_MMR(m_pStream.get(), pPause);
1036         if (!pSegment->m_Result.im)
1037           return JBIG2_ERROR_FATAL;
1038         m_pStream->alignByte();
1039       }
1040       if (pSegment->m_cFlags.s.type != 20) {
/workdir/UnpackedTarball/pdfium/core/fxcodec/jbig2/JBig2_Context.cpp: 1027 in 
CJBig2_Context::parseHalftoneRegion(CJBig2_Segment *, IFX_Pause *)()
1021         const size_t size = GetHuffContextSize(pHRD->HTEMPLATE);
1022         std::unique_ptr<JBig2ArithCtx, FxFreeDeleter> gbContext(
1023             FX_Alloc(JBig2ArithCtx, size));
1024         JBIG2_memset(gbContext.get(), 0, sizeof(JBig2ArithCtx) * size);
1025         std::unique_ptr<CJBig2_ArithDecoder> pArithDecoder(
1026             new CJBig2_ArithDecoder(m_pStream.get()));
    CID 1400330:    (TAINTED_SCALAR)
    Passing tainted variable "pHRD->HGW" to a tainted sink.
1027         pSegment->m_Result.im =
1028             pHRD->decode_Arith(pArithDecoder.get(), gbContext.get(), pPause);
1029         if (!pSegment->m_Result.im)
1030           return JBIG2_ERROR_FATAL;
1031     
1032         m_pStream->alignByte();
/workdir/UnpackedTarball/pdfium/core/fxcodec/jbig2/JBig2_Context.cpp: 1027 in 
CJBig2_Context::parseHalftoneRegion(CJBig2_Segment *, IFX_Pause *)()
1021         const size_t size = GetHuffContextSize(pHRD->HTEMPLATE);
1022         std::unique_ptr<JBig2ArithCtx, FxFreeDeleter> gbContext(
1023             FX_Alloc(JBig2ArithCtx, size));
1024         JBIG2_memset(gbContext.get(), 0, sizeof(JBig2ArithCtx) * size);
1025         std::unique_ptr<CJBig2_ArithDecoder> pArithDecoder(
1026             new CJBig2_ArithDecoder(m_pStream.get()));
    CID 1400330:    (TAINTED_SCALAR)
    Passing tainted variable "pHRD->HGW" to a tainted sink.
1027         pSegment->m_Result.im =
1028             pHRD->decode_Arith(pArithDecoder.get(), gbContext.get(), pPause);
1029         if (!pSegment->m_Result.im)
1030           return JBIG2_ERROR_FATAL;
1031     
1032         m_pStream->alignByte();
/workdir/UnpackedTarball/pdfium/core/fxcodec/jbig2/JBig2_Context.cpp: 1035 in 
CJBig2_Context::parseHalftoneRegion(CJBig2_Segment *, IFX_Pause *)()
1029         if (!pSegment->m_Result.im)
1030           return JBIG2_ERROR_FATAL;
1031     
1032         m_pStream->alignByte();
1033         m_pStream->offset(2);
1034       } else {
    CID 1400330:    (TAINTED_SCALAR)
    Passing tainted variable "pHRD->HGW" to a tainted sink.
1035         pSegment->m_Result.im = pHRD->decode_MMR(m_pStream.get(), pPause);
1036         if (!pSegment->m_Result.im)
1037           return JBIG2_ERROR_FATAL;
1038         m_pStream->alignByte();
1039       }
1040       if (pSegment->m_cFlags.s.type != 20) {

** CID 1400329:    (TAINTED_SCALAR)
/workdir/UnpackedTarball/pdfium/core/fxge/ge/cfx_folderfontinfo.cpp: 202 in 
CFX_FolderFontInfo::ReportFace(const CFX_ByteString &, _IO_FILE *, unsigned int, unsigned int)()
/workdir/UnpackedTarball/pdfium/core/fxge/ge/cfx_folderfontinfo.cpp: 202 in 
CFX_FolderFontInfo::ReportFace(const CFX_ByteString &, _IO_FILE *, unsigned int, unsigned int)()
/workdir/UnpackedTarball/pdfium/core/fxge/ge/cfx_folderfontinfo.cpp: 202 in 
CFX_FolderFontInfo::ReportFace(const CFX_ByteString &, _IO_FILE *, unsigned int, unsigned int)()


________________________________________________________________________________________________________
*** CID 1400329:    (TAINTED_SCALAR)
/workdir/UnpackedTarball/pdfium/core/fxge/ge/cfx_folderfontinfo.cpp: 202 in 
CFX_FolderFontInfo::ReportFace(const CFX_ByteString &, _IO_FILE *, unsigned int, unsigned int)()
196                                         uint32_t offset) {
197       FXSYS_fseek(pFile, offset, FXSYS_SEEK_SET);
198       char buffer[16];
199       if (!FXSYS_fread(buffer, 12, 1, pFile))
200         return;
201     
    CID 1400329:    (TAINTED_SCALAR)
    Assigning: "nTables" = "(uint16_t)((&buffer[4][0] << 8) | &buffer[4][1])". Both are now 
tainted.
202       uint32_t nTables = GET_TT_SHORT(buffer + 4);
203       CFX_ByteString tables = FPDF_ReadStringFromFile(pFile, nTables * 16);
204       if (tables.IsEmpty())
205         return;
206     
207       CFX_ByteString names =
/workdir/UnpackedTarball/pdfium/core/fxge/ge/cfx_folderfontinfo.cpp: 202 in 
CFX_FolderFontInfo::ReportFace(const CFX_ByteString &, _IO_FILE *, unsigned int, unsigned int)()
196                                         uint32_t offset) {
197       FXSYS_fseek(pFile, offset, FXSYS_SEEK_SET);
198       char buffer[16];
199       if (!FXSYS_fread(buffer, 12, 1, pFile))
200         return;
201     
    CID 1400329:    (TAINTED_SCALAR)
    Assigning: "nTables" = "(uint16_t)((&buffer[4][0] << 8) | &buffer[4][1])". Both are now 
tainted.
202       uint32_t nTables = GET_TT_SHORT(buffer + 4);
203       CFX_ByteString tables = FPDF_ReadStringFromFile(pFile, nTables * 16);
204       if (tables.IsEmpty())
205         return;
206     
207       CFX_ByteString names =
/workdir/UnpackedTarball/pdfium/core/fxge/ge/cfx_folderfontinfo.cpp: 202 in 
CFX_FolderFontInfo::ReportFace(const CFX_ByteString &, _IO_FILE *, unsigned int, unsigned int)()
196                                         uint32_t offset) {
197       FXSYS_fseek(pFile, offset, FXSYS_SEEK_SET);
198       char buffer[16];
199       if (!FXSYS_fread(buffer, 12, 1, pFile))
200         return;
201     
    CID 1400329:    (TAINTED_SCALAR)
    Assigning: "nTables" = "(uint16_t)((&buffer[4][0] << 8) | &buffer[4][1])". Both are now 
tainted.
202       uint32_t nTables = GET_TT_SHORT(buffer + 4);
203       CFX_ByteString tables = FPDF_ReadStringFromFile(pFile, nTables * 16);
204       if (tables.IsEmpty())
205         return;
206     
207       CFX_ByteString names =

** CID 1400328:  Insecure data handling  (TAINTED_SCALAR)
/workdir/UnpackedTarball/pdfium/core/fxge/ge/cfx_fontmgr.cpp: 72 in <unnamed>::GetTTCIndex(const 
unsigned char *, unsigned int, unsigned int)()


________________________________________________________________________________________________________
*** CID 1400328:  Insecure data handling  (TAINTED_SCALAR)
/workdir/UnpackedTarball/pdfium/core/fxge/ge/cfx_fontmgr.cpp: 72 in <unnamed>::GetTTCIndex(const 
unsigned char *, unsigned int, unsigned int)()
66                     uint32_t ttc_size,
67                     uint32_t font_offset) {
68       int face_index = 0;
69       const uint8_t* p = pFontData + 8;
70       uint32_t nfont = GET_TT_LONG(p);
71       uint32_t index;
    CID 1400328:  Insecure data handling  (TAINTED_SCALAR)
    Using tainted variable "nfont" as a loop boundary.
72       for (index = 0; index < nfont; index++) {
73         p = pFontData + 12 + index * 4;
74         if (GET_TT_LONG(p) == font_offset)
75           break;
76       }
77       if (index >= nfont)

** CID 1400327:  Insecure data handling  (TAINTED_SCALAR)
/workdir/UnpackedTarball/pdfium/core/fxge/dib/fx_dib_composite.cpp: 3082 in 
<unnamed>::CompositeRow_Rgb2Argb_Blend_NoClip_RgbByteOrder(unsigned char *, const unsigned char *, 
int, int, int)()


________________________________________________________________________________________________________
*** CID 1400327:  Insecure data handling  (TAINTED_SCALAR)
/workdir/UnpackedTarball/pdfium/core/fxge/dib/fx_dib_composite.cpp: 3082 in 
<unnamed>::CompositeRow_Rgb2Argb_Blend_NoClip_RgbByteOrder(unsigned char *, const unsigned char *, 
int, int, int)()
3076           dest_scan_o[2] = dest_scan[0];
3077           RGB_Blend(blend_type, src_scan, dest_scan_o, blended_colors);
3078         }
3079         for (int color = 0; color < 3; color++) {
3080           int index = 2 - color;
3081           int src_color = *src_scan;
    CID 1400327:  Insecure data handling  (TAINTED_SCALAR)
    Casting narrower unsigned "dest_scan[index]" to wider signed type "int" effectively tests 
its lower bound.
3082           int blended = bNonseparableBlend
3083                             ? blended_colors[color]
3084                             : Blend(blend_type, dest_scan[index], src_color);
3085           dest_scan[index] = FXDIB_ALPHA_MERGE(src_color, blended, back_alpha);
3086           src_scan++;
3087         }

** CID 1400326:    (TAINTED_SCALAR)
/workdir/UnpackedTarball/pdfium/core/fpdfapi/font/ttgsubtable.cpp: 83 in 
CFX_CTTGSUBTable::LoadGSUBTable(const unsigned char *)()
/workdir/UnpackedTarball/pdfium/core/fpdfapi/font/ttgsubtable.cpp: 83 in 
CFX_CTTGSUBTable::LoadGSUBTable(const unsigned char *)()
/workdir/UnpackedTarball/pdfium/core/fpdfapi/font/ttgsubtable.cpp: 83 in 
CFX_CTTGSUBTable::LoadGSUBTable(const unsigned char *)()
/workdir/UnpackedTarball/pdfium/core/fpdfapi/font/ttgsubtable.cpp: 83 in 
CFX_CTTGSUBTable::LoadGSUBTable(const unsigned char *)()


________________________________________________________________________________________________________
*** CID 1400326:    (TAINTED_SCALAR)
/workdir/UnpackedTarball/pdfium/core/fpdfapi/font/ttgsubtable.cpp: 83 in 
CFX_CTTGSUBTable::LoadGSUBTable(const unsigned char *)()
77       header.Version = gsub[0] << 24 | gsub[1] << 16 | gsub[2] << 8 | gsub[3];
78       if (header.Version != 0x00010000) {
79         return false;
80       }
81       header.ScriptList = gsub[4] << 8 | gsub[5];
82       header.FeatureList = gsub[6] << 8 | gsub[7];
    CID 1400326:    (TAINTED_SCALAR)
    Performing a byte swapping operation on "gsub" implies that it came from an external 
source, and is therefore tainted.
83       header.LookupList = gsub[8] << 8 | gsub[9];
84       return Parse(&gsub[header.ScriptList], &gsub[header.FeatureList],
85                    &gsub[header.LookupList]);
86     }
87     
88     bool CFX_CTTGSUBTable::GetVerticalGlyph(uint32_t glyphnum,
/workdir/UnpackedTarball/pdfium/core/fpdfapi/font/ttgsubtable.cpp: 83 in 
CFX_CTTGSUBTable::LoadGSUBTable(const unsigned char *)()
77       header.Version = gsub[0] << 24 | gsub[1] << 16 | gsub[2] << 8 | gsub[3];
78       if (header.Version != 0x00010000) {
79         return false;
80       }
81       header.ScriptList = gsub[4] << 8 | gsub[5];
82       header.FeatureList = gsub[6] << 8 | gsub[7];
    CID 1400326:    (TAINTED_SCALAR)
    Performing a byte swapping operation on "gsub" implies that it came from an external 
source, and is therefore tainted.
83       header.LookupList = gsub[8] << 8 | gsub[9];
84       return Parse(&gsub[header.ScriptList], &gsub[header.FeatureList],
85                    &gsub[header.LookupList]);
86     }
87     
88     bool CFX_CTTGSUBTable::GetVerticalGlyph(uint32_t glyphnum,
/workdir/UnpackedTarball/pdfium/core/fpdfapi/font/ttgsubtable.cpp: 83 in 
CFX_CTTGSUBTable::LoadGSUBTable(const unsigned char *)()
77       header.Version = gsub[0] << 24 | gsub[1] << 16 | gsub[2] << 8 | gsub[3];
78       if (header.Version != 0x00010000) {
79         return false;
80       }
81       header.ScriptList = gsub[4] << 8 | gsub[5];
82       header.FeatureList = gsub[6] << 8 | gsub[7];
    CID 1400326:    (TAINTED_SCALAR)
    Performing a byte swapping operation on "gsub" implies that it came from an external 
source, and is therefore tainted.
83       header.LookupList = gsub[8] << 8 | gsub[9];
84       return Parse(&gsub[header.ScriptList], &gsub[header.FeatureList],
85                    &gsub[header.LookupList]);
86     }
87     
88     bool CFX_CTTGSUBTable::GetVerticalGlyph(uint32_t glyphnum,
/workdir/UnpackedTarball/pdfium/core/fpdfapi/font/ttgsubtable.cpp: 83 in 
CFX_CTTGSUBTable::LoadGSUBTable(const unsigned char *)()
77       header.Version = gsub[0] << 24 | gsub[1] << 16 | gsub[2] << 8 | gsub[3];
78       if (header.Version != 0x00010000) {
79         return false;
80       }
81       header.ScriptList = gsub[4] << 8 | gsub[5];
82       header.FeatureList = gsub[6] << 8 | gsub[7];
    CID 1400326:    (TAINTED_SCALAR)
    Performing a byte swapping operation on "gsub" implies that it came from an external 
source, and is therefore tainted.
83       header.LookupList = gsub[8] << 8 | gsub[9];
84       return Parse(&gsub[header.ScriptList], &gsub[header.FeatureList],
85                    &gsub[header.LookupList]);
86     }
87     
88     bool CFX_CTTGSUBTable::GetVerticalGlyph(uint32_t glyphnum,

** CID 1400325:  Insecure data handling  (TAINTED_SCALAR)
/workdir/UnpackedTarball/pdfium/core/fxge/dib/fx_dib_composite.cpp: 1021 in 
<unnamed>::CompositeRow_Rgb2Argb_Blend_NoClip(unsigned char *, const unsigned char *, int, int, 
int, unsigned char *)()


________________________________________________________________________________________________________
*** CID 1400325:  Insecure data handling  (TAINTED_SCALAR)
/workdir/UnpackedTarball/pdfium/core/fxge/dib/fx_dib_composite.cpp: 1021 in 
<unnamed>::CompositeRow_Rgb2Argb_Blend_NoClip(unsigned char *, const unsigned char *, int, int, 
int, unsigned char *)()
1015           dest_scan[3] = 0xff;
1016           if (bNonseparableBlend) {
1017             RGB_Blend(blend_type, src_scan, dest_scan, blended_colors);
1018           }
1019           for (int color = 0; color < 3; color++) {
1020             int src_color = *src_scan;
    CID 1400325:  Insecure data handling  (TAINTED_SCALAR)
    Casting narrower unsigned "*dest_scan" to wider signed type "int" effectively tests its 
lower bound.
1021             int blended = bNonseparableBlend
1022                               ? blended_colors[color]
1023                               : Blend(blend_type, *dest_scan, src_color);
1024             *dest_scan = FXDIB_ALPHA_MERGE(src_color, blended, back_alpha);
1025             dest_scan++;
1026             src_scan++;

** CID 1400324:    (TAINTED_SCALAR)
/workdir/UnpackedTarball/pdfium/core/fpdfapi/font/ttgsubtable.cpp: 383 in 
CFX_CTTGSUBTable::ParseCoverageFormat1(const unsigned char *, CFX_CTTGSUBTable::TCoverageFormat1 
*)()
/workdir/UnpackedTarball/pdfium/core/fpdfapi/font/ttgsubtable.cpp: 384 in 
CFX_CTTGSUBTable::ParseCoverageFormat1(const unsigned char *, CFX_CTTGSUBTable::TCoverageFormat1 
*)()


________________________________________________________________________________________________________
*** CID 1400324:    (TAINTED_SCALAR)
/workdir/UnpackedTarball/pdfium/core/fpdfapi/font/ttgsubtable.cpp: 383 in 
CFX_CTTGSUBTable::ParseCoverageFormat1(const unsigned char *, CFX_CTTGSUBTable::TCoverageFormat1 
*)()
377       FT_Bytes sp = raw;
378       GetUInt16(sp);
379       rec->GlyphCount = GetUInt16(sp);
380       if (rec->GlyphCount <= 0) {
381         return;
382       }
    CID 1400324:    (TAINTED_SCALAR)
    Passing tainted variable "rec->GlyphCount * 2UL" to a tainted sink.
383       rec->GlyphArray.reset(new uint16_t[rec->GlyphCount]);
384       for (i = 0; i < rec->GlyphCount; i++) {
385         rec->GlyphArray[i] = GetUInt16(sp);
386       }
387     }
388     
/workdir/UnpackedTarball/pdfium/core/fpdfapi/font/ttgsubtable.cpp: 384 in 
CFX_CTTGSUBTable::ParseCoverageFormat1(const unsigned char *, CFX_CTTGSUBTable::TCoverageFormat1 
*)()
378       GetUInt16(sp);
379       rec->GlyphCount = GetUInt16(sp);
380       if (rec->GlyphCount <= 0) {
381         return;
382       }
383       rec->GlyphArray.reset(new uint16_t[rec->GlyphCount]);
    CID 1400324:    (TAINTED_SCALAR)
    Using tainted variable "rec->GlyphCount" as a loop boundary.
384       for (i = 0; i < rec->GlyphCount; i++) {
385         rec->GlyphArray[i] = GetUInt16(sp);
386       }
387     }
388     
389     void CFX_CTTGSUBTable::ParseCoverageFormat2(FT_Bytes raw,

** CID 1400323:    (TAINTED_SCALAR)
/workdir/UnpackedTarball/pdfium/core/fpdfapi/font/ttgsubtable.cpp: 398 in 
CFX_CTTGSUBTable::ParseCoverageFormat2(const unsigned char *, CFX_CTTGSUBTable::TCoverageFormat2 
*)()
/workdir/UnpackedTarball/pdfium/core/fpdfapi/font/ttgsubtable.cpp: 398 in 
CFX_CTTGSUBTable::ParseCoverageFormat2(const unsigned char *, CFX_CTTGSUBTable::TCoverageFormat2 
*)()


________________________________________________________________________________________________________
*** CID 1400323:    (TAINTED_SCALAR)
/workdir/UnpackedTarball/pdfium/core/fpdfapi/font/ttgsubtable.cpp: 398 in 
CFX_CTTGSUBTable::ParseCoverageFormat2(const unsigned char *, CFX_CTTGSUBTable::TCoverageFormat2 
*)()
392       FT_Bytes sp = raw;
393       GetUInt16(sp);
394       rec->RangeCount = GetUInt16(sp);
395       if (rec->RangeCount <= 0) {
396         return;
397       }
    CID 1400323:    (TAINTED_SCALAR)
    Passing tainted variable "<new (context.alloc) [] element count> * 6UL" to a tainted sink.
398       rec->RangeRecord.reset(new TRangeRecord[rec->RangeCount]);
399       for (i = 0; i < rec->RangeCount; i++) {
400         rec->RangeRecord[i].Start = GetUInt16(sp);
401         rec->RangeRecord[i].End = GetUInt16(sp);
402         rec->RangeRecord[i].StartCoverageIndex = GetUInt16(sp);
403       }
/workdir/UnpackedTarball/pdfium/core/fpdfapi/font/ttgsubtable.cpp: 398 in 
CFX_CTTGSUBTable::ParseCoverageFormat2(const unsigned char *, CFX_CTTGSUBTable::TCoverageFormat2 
*)()
392       FT_Bytes sp = raw;
393       GetUInt16(sp);
394       rec->RangeCount = GetUInt16(sp);
395       if (rec->RangeCount <= 0) {
396         return;
397       }
    CID 1400323:    (TAINTED_SCALAR)
    Using tainted variable "<new (context.alloc) [] element count>" as a loop boundary.
398       rec->RangeRecord.reset(new TRangeRecord[rec->RangeCount]);
399       for (i = 0; i < rec->RangeCount; i++) {
400         rec->RangeRecord[i].Start = GetUInt16(sp);
401         rec->RangeRecord[i].End = GetUInt16(sp);
402         rec->RangeRecord[i].StartCoverageIndex = GetUInt16(sp);
403       }

** CID 1400322:    (TAINTED_SCALAR)
/workdir/UnpackedTarball/pdfium/core/fpdfapi/font/ttgsubtable.cpp: 330 in 
CFX_CTTGSUBTable::ParseLookupList(const unsigned char *, CFX_CTTGSUBTable::TLookupList *)()
/workdir/UnpackedTarball/pdfium/core/fpdfapi/font/ttgsubtable.cpp: 330 in 
CFX_CTTGSUBTable::ParseLookupList(const unsigned char *, CFX_CTTGSUBTable::TLookupList *)()


________________________________________________________________________________________________________
*** CID 1400322:    (TAINTED_SCALAR)
/workdir/UnpackedTarball/pdfium/core/fpdfapi/font/ttgsubtable.cpp: 330 in 
CFX_CTTGSUBTable::ParseLookupList(const unsigned char *, CFX_CTTGSUBTable::TLookupList *)()
324       int i;
325       FT_Bytes sp = raw;
326       rec->LookupCount = GetUInt16(sp);
327       if (rec->LookupCount <= 0) {
328         return;
329       }
    CID 1400322:    (TAINTED_SCALAR)
    Passing tainted variable "<new (context.alloc) allocation size>" to a tainted sink.
330       rec->Lookup.reset(new TLookup[rec->LookupCount]);
331       for (i = 0; i < rec->LookupCount; i++) {
332         uint16_t offset = GetUInt16(sp);
333         ParseLookup(&raw[offset], &rec->Lookup[i]);
334       }
335     }
/workdir/UnpackedTarball/pdfium/core/fpdfapi/font/ttgsubtable.cpp: 330 in 
CFX_CTTGSUBTable::ParseLookupList(const unsigned char *, CFX_CTTGSUBTable::TLookupList *)()
324       int i;
325       FT_Bytes sp = raw;
326       rec->LookupCount = GetUInt16(sp);
327       if (rec->LookupCount <= 0) {
328         return;
329       }
    CID 1400322:    (TAINTED_SCALAR)
    Using tainted variable "<new (context.alloc) [] element count>" as a loop boundary.
330       rec->Lookup.reset(new TLookup[rec->LookupCount]);
331       for (i = 0; i < rec->LookupCount; i++) {
332         uint16_t offset = GetUInt16(sp);
333         ParseLookup(&raw[offset], &rec->Lookup[i]);
334       }
335     }


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, 
https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRZBnDJeNb0HijxaS4JNJPxk3kpyAm2AYqo71yXmnOxB72ibeUH-2F-2F1Lhi9AZq3dRu-2F4-3D_g-2BrHdvqzaBa155F-2F8AmPhpJzY63UzWDisJV95WUBpGhqFw1ICExHG8aMaV2EoFpyywhefoAuHQyOhLJueyBjWDngLKWlmb6PAKHSkejLvg9-2FRaszJcax2mAogsinIr439I10jsid3tZG-2Bq-2B52OBOhpo3tkRRRYT9oo-2BC24GZfIaV6rgpOFtZx9E7PblSJSHkQRj-2BdICP8-2BvBCcjHooFDCN8oC9-2BD3y-2BzC87DsyZdB-2F8-3D

To manage Coverity Scan email notifications for "libreoffice@lists.freedesktop.org", click 
https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4k1FZJSDV-2FTHi5VQof9xGafB4oBwGYxuHHknceo2QLpCrZ44Ciy7AqBR2QyX6OCB5N5X-2B1MAElavPQhH6nLwozJzqOkt2k8uOkYf2ZoppNa9QVe0T3fEZVQ7Kky1tOkLz_g-2BrHdvqzaBa155F-2F8AmPhpJzY63UzWDisJV95WUBpGhqFw1ICExHG8aMaV2EoFpyywhefoAuHQyOhLJueyBjWJcnM-2FgsS2uueBEJiePk1SYfiNzhWAcvHGxDqEJYZU0vFXLel8d8mK7INFWSp5Jk1M4hGp5JDOUP7IRvO1HuiBzUck9HYHM3K62h2OA5fqUmkGHRsqVGkK3qZOdlOfit1Fk860KHIIC2TrRL6HZfoOo-3D


Context


Privacy Policy | Impressum (Legal Info) | Copyright information: Unless otherwise specified, all text and images on this website are licensed under the Creative Commons Attribution-Share Alike 3.0 License. This does not include the source code of LibreOffice, which is licensed under the Mozilla Public License (MPLv2). "LibreOffice" and "The Document Foundation" are registered trademarks of their corresponding registered owners or are in actual use as trademarks in one or more countries. Their respective logos and icons are also subject to international copyright laws. Use thereof is explained in our trademark policy.