Hi,
Please find the latest report on new defect(s) introduced to LibreOffice found with Coverity Scan.
200 new defect(s) introduced to LibreOffice found with Coverity Scan.
6 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by
Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 20 of 200 defect(s)
** CID 1400341: Uninitialized members (UNINIT_CTOR)
/workdir/UnpackedTarball/pdfium/core/fxge/dib/fx_dib_main.cpp: 1476 in
CFX_ImageRenderer::CFX_ImageRenderer()()
________________________________________________________________________________________________________
*** CID 1400341: Uninitialized members (UNINIT_CTOR)
/workdir/UnpackedTarball/pdfium/core/fxge/dib/fx_dib_main.cpp: 1476 in
CFX_ImageRenderer::CFX_ImageRenderer()()
1470 }
1471
1472 CFX_ImageRenderer::CFX_ImageRenderer() {
1473 m_Status = 0;
1474 m_bRgbByteOrder = false;
1475 m_BlendType = FXDIB_BLEND_NORMAL;
CID 1400341: Uninitialized members (UNINIT_CTOR)
Non-static class member "m_pIccTransform" is not initialized in this constructor nor in any
functions that it calls.
1476 }
1477
1478 CFX_ImageRenderer::~CFX_ImageRenderer() {}
1479
1480 bool CFX_ImageRenderer::Start(CFX_DIBitmap* pDevice,
1481 const CFX_ClipRgn* pClipRgn,
** CID 1400340: Uninitialized members (UNINIT_CTOR)
/workdir/UnpackedTarball/pdfium/core/fpdfapi/render/cpdf_charposlist.cpp: 14 in
CPDF_CharPosList::CPDF_CharPosList()()
________________________________________________________________________________________________________
*** CID 1400340: Uninitialized members (UNINIT_CTOR)
/workdir/UnpackedTarball/pdfium/core/fpdfapi/render/cpdf_charposlist.cpp: 14 in
CPDF_CharPosList::CPDF_CharPosList()()
8
9 #include "core/fpdfapi/font/cpdf_cidfont.h"
10 #include "core/fpdfapi/font/cpdf_font.h"
11
12 CPDF_CharPosList::CPDF_CharPosList() {
13 m_pCharPos = nullptr;
CID 1400340: Uninitialized members (UNINIT_CTOR)
Non-static class member "m_nChars" is not initialized in this constructor nor in any
functions that it calls.
14 }
15
16 CPDF_CharPosList::~CPDF_CharPosList() {
17 FX_Free(m_pCharPos);
18 }
19
** CID 1400339: Uninitialized members (UNINIT_CTOR)
/workdir/UnpackedTarball/pdfium/core/fpdfapi/page/cpdf_streamcontentparser.cpp: 293 in
CPDF_StreamContentParser::CPDF_StreamContentParser(CPDF_Document *, CPDF_Dictionary *,
CPDF_Dictionary *, const CFX_Matrix *, CPDF_PageObjectHolder *, CPDF_Dictionary *, CFX_FloatRect *,
CPDF_AllStates *, int)()
________________________________________________________________________________________________________
*** CID 1400339: Uninitialized members (UNINIT_CTOR)
/workdir/UnpackedTarball/pdfium/core/fpdfapi/page/cpdf_streamcontentparser.cpp: 293 in
CPDF_StreamContentParser::CPDF_StreamContentParser(CPDF_Document *, CPDF_Dictionary *,
CPDF_Dictionary *, const CFX_Matrix *, CPDF_PageObjectHolder *, CPDF_Dictionary *, CFX_FloatRect *,
CPDF_AllStates *, int)()
287 m_pCurStates->m_TextState.Emplace();
288 m_pCurStates->m_ColorState.Emplace();
289 }
290 for (size_t i = 0; i < FX_ArraySize(m_Type3Data); ++i) {
291 m_Type3Data[i] = 0.0;
292 }
CID 1400339: Uninitialized members (UNINIT_CTOR)
Non-static class member "m_PathStartY" is not initialized in this constructor nor in any
functions that it calls.
293 }
294
295 CPDF_StreamContentParser::~CPDF_StreamContentParser() {
296 ClearAllParams();
297 FX_Free(m_pPathPoints);
298 }
** CID 1400338: Uninitialized members (UNINIT_CTOR)
/workdir/UnpackedTarball/pdfium/core/fxcodec/jbig2/JBig2_Context.cpp: 68 in
CJBig2_Context::CJBig2_Context(CPDF_StreamAcc *, CPDF_StreamAcc *,
std::__cxx11::list<std::pair<std::pair<unsigned int, unsigned int>,
std::unique_ptr<CJBig2_SymbolDict, std::default_delete<CJBig2_SymbolDict>>>,
std::allocator<std::pair<std::pair<unsigned int, unsigned int>, std::unique_ptr<CJBig2_SymbolDict,
std::default_delete<CJBig2_SymbolDict>>>>> *, IFX_Pause *, bool)()
________________________________________________________________________________________________________
*** CID 1400338: Uninitialized members (UNINIT_CTOR)
/workdir/UnpackedTarball/pdfium/core/fxcodec/jbig2/JBig2_Context.cpp: 68 in
CJBig2_Context::CJBig2_Context(CPDF_StreamAcc *, CPDF_StreamAcc *,
std::__cxx11::list<std::pair<std::pair<unsigned int, unsigned int>,
std::unique_ptr<CJBig2_SymbolDict, std::default_delete<CJBig2_SymbolDict>>>,
std::allocator<std::pair<std::pair<unsigned int, unsigned int>, std::unique_ptr<CJBig2_SymbolDict,
std::default_delete<CJBig2_SymbolDict>>>>> *, IFX_Pause *, bool)()
62 m_bIsGlobal(bIsGlobal) {
63 if (pGlobalStream && (pGlobalStream->GetSize() > 0)) {
64 m_pGlobalContext = pdfium::MakeUnique<CJBig2_Context>(
65 nullptr, pGlobalStream, pSymbolDictCache, pPause, true);
66 }
67 m_pStream = pdfium::MakeUnique<CJBig2_BitStream>(pSrcStream);
CID 1400338: Uninitialized members (UNINIT_CTOR)
Non-static class member field "m_ri.flags" is not initialized in this constructor nor in
any functions that it calls.
68 }
69
70 CJBig2_Context::~CJBig2_Context() {}
71
72 int32_t CJBig2_Context::decode_SquentialOrgnazation(IFX_Pause* pPause) {
73 int32_t nRet;
** CID 1400337: Uninitialized members (UNINIT_CTOR)
/workdir/UnpackedTarball/pdfium/core/fxge/dib/fx_dib_composite.cpp: 4017 in
CFX_ScanlineCompositor::CFX_ScanlineCompositor()()
________________________________________________________________________________________________________
*** CID 1400337: Uninitialized members (UNINIT_CTOR)
/workdir/UnpackedTarball/pdfium/core/fxge/dib/fx_dib_composite.cpp: 4017 in
CFX_ScanlineCompositor::CFX_ScanlineCompositor()()
4011 CFX_ScanlineCompositor::CFX_ScanlineCompositor() {
4012 m_pSrcPalette = nullptr;
4013 m_pCacheScanline = nullptr;
4014 m_CacheSize = 0;
4015 m_bRgbByteOrder = false;
4016 m_BlendType = FXDIB_BLEND_NORMAL;
CID 1400337: Uninitialized members (UNINIT_CTOR)
Non-static class member "m_pIccTransform" is not initialized in this constructor nor in any
functions that it calls.
4017 }
4018
4019 CFX_ScanlineCompositor::~CFX_ScanlineCompositor() {
4020 FX_Free(m_pSrcPalette);
4021 FX_Free(m_pCacheScanline);
4022 }
** CID 1400336: Uninitialized members (UNINIT_CTOR)
/workdir/UnpackedTarball/pdfium/third_party/agg23/agg_scanline_u.h: 54 in agg::scanline_u<unsigned
char>::scanline_u()()
________________________________________________________________________________________________________
*** CID 1400336: Uninitialized members (UNINIT_CTOR)
/workdir/UnpackedTarball/pdfium/third_party/agg23/agg_scanline_u.h: 54 in agg::scanline_u<unsigned
char>::scanline_u()()
48 m_min_x(0),
49 m_max_len(0),
50 m_last_x(0x7FFFFFF0),
51 m_covers(0),
52 m_spans(0),
53 m_cur_span(0)
CID 1400336: Uninitialized members (UNINIT_CTOR)
Non-static class member "m_y" is not initialized in this constructor nor in any functions
that it calls.
54 {}
55 void reset(int min_x, int max_x)
56 {
57 unsigned max_len = max_x - min_x + 2;
58 if(max_len > m_max_len) {
59 FX_Free(m_spans);
** CID 1400335: Uninitialized members (UNINIT_CTOR)
/workdir/UnpackedTarball/pdfium/core/fpdfapi/parser/cpdf_data_avail.cpp: 81 in
CPDF_DataAvail::CPDF_DataAvail(CPDF_DataAvail::FileAvail *, const
CFX_RetainPtr<IFX_SeekableReadStream> &, bool)()
________________________________________________________________________________________________________
*** CID 1400335: Uninitialized members (UNINIT_CTOR)
/workdir/UnpackedTarball/pdfium/core/fpdfapi/parser/cpdf_data_avail.cpp: 81 in
CPDF_DataAvail::CPDF_DataAvail(CPDF_DataAvail::FileAvail *, const
CFX_RetainPtr<IFX_SeekableReadStream> &, bool)()
75 m_pPageResource = nullptr;
76 m_docStatus = PDF_DATAAVAIL_HEADER;
77 m_bTotalLoadPageTree = false;
78 m_bCurPageDictLoadOK = false;
79 m_bLinearedDataOK = false;
80 m_bSupportHintTable = bSupportHintTable;
CID 1400335: Uninitialized members (UNINIT_CTOR)
Non-static class member "m_dwTrailerOffset" is not initialized in this constructor nor in
any functions that it calls.
81 }
82
83 CPDF_DataAvail::~CPDF_DataAvail() {
84 m_pHintTables.reset();
85 for (CPDF_Object* pObject : m_arrayAcroforms)
86 delete pObject;
** CID 1400334: Uninitialized members (UNINIT_CTOR)
/workdir/UnpackedTarball/pdfium/core/fxcrt/fx_xml_parser.cpp: 724 in
CXML_Element::CXML_Element(const CFX_StringCTemplate<char> &, const CFX_StringCTemplate<char> &)()
________________________________________________________________________________________________________
*** CID 1400334: Uninitialized members (UNINIT_CTOR)
/workdir/UnpackedTarball/pdfium/core/fxcrt/fx_xml_parser.cpp: 724 in
CXML_Element::CXML_Element(const CFX_StringCTemplate<char> &, const CFX_StringCTemplate<char> &)()
718 CXML_Element::CXML_Element() : m_QSpaceName(), m_TagName(), m_AttrMap() {}
719 CXML_Element::CXML_Element(const CFX_ByteStringC& qSpace,
720 const CFX_ByteStringC& tagName)
721 : m_QSpaceName(), m_TagName(), m_AttrMap() {
722 m_QSpaceName = qSpace;
723 m_TagName = tagName;
CID 1400334: Uninitialized members (UNINIT_CTOR)
Non-static class member "m_pParent" is not initialized in this constructor nor in any
functions that it calls.
724 }
725 CXML_Element::CXML_Element(const CFX_ByteStringC& qTagName)
726 : m_pParent(nullptr), m_QSpaceName(), m_TagName(), m_AttrMap() {
727 SetTag(qTagName);
728 }
729 CXML_Element::~CXML_Element() {
** CID 1400333: (UNINIT)
/workdir/UnpackedTarball/pdfium/fpdfsdk/cpdfsdk_baannot.cpp: 124 in
CPDFSDK_BAAnnot::SetModifiedDate(const FX_SYSTEMTIME &)()
/workdir/UnpackedTarball/pdfium/fpdfsdk/cpdfsdk_baannot.cpp: 124 in
CPDFSDK_BAAnnot::SetModifiedDate(const FX_SYSTEMTIME &)()
________________________________________________________________________________________________________
*** CID 1400333: (UNINIT)
/workdir/UnpackedTarball/pdfium/fpdfsdk/cpdfsdk_baannot.cpp: 124 in
CPDFSDK_BAAnnot::SetModifiedDate(const FX_SYSTEMTIME &)()
118
119 CFX_WideString CPDFSDK_BAAnnot::GetAnnotName() const {
120 return m_pAnnot->GetAnnotDict()->GetUnicodeTextFor("NM");
121 }
122
123 void CPDFSDK_BAAnnot::SetModifiedDate(const FX_SYSTEMTIME& st) {
CID 1400333: (UNINIT)
Declaring variable "dt".
124 CPDFSDK_DateTime dt(st);
125 CFX_ByteString str = dt.ToPDFDateTimeString();
126 if (str.IsEmpty())
127 m_pAnnot->GetAnnotDict()->RemoveFor("M");
128 else
129 m_pAnnot->GetAnnotDict()->SetNewFor<CPDF_String>("M", str, false);
/workdir/UnpackedTarball/pdfium/fpdfsdk/cpdfsdk_baannot.cpp: 124 in
CPDFSDK_BAAnnot::SetModifiedDate(const FX_SYSTEMTIME &)()
118
119 CFX_WideString CPDFSDK_BAAnnot::GetAnnotName() const {
120 return m_pAnnot->GetAnnotDict()->GetUnicodeTextFor("NM");
121 }
122
123 void CPDFSDK_BAAnnot::SetModifiedDate(const FX_SYSTEMTIME& st) {
CID 1400333: (UNINIT)
Declaring variable "dt".
124 CPDFSDK_DateTime dt(st);
125 CFX_ByteString str = dt.ToPDFDateTimeString();
126 if (str.IsEmpty())
127 m_pAnnot->GetAnnotDict()->RemoveFor("M");
128 else
129 m_pAnnot->GetAnnotDict()->SetNewFor<CPDF_String>("M", str, false);
** CID 1400332: Insecure data handling (TAINTED_SCALAR)
/workdir/UnpackedTarball/pdfium/core/fxge/ge/cfx_folderfontinfo.cpp: 52 in
<unnamed>::FPDF_LoadTableFromTT(_IO_FILE *, const unsigned char *, unsigned int, unsigned int)()
________________________________________________________________________________________________________
*** CID 1400332: Insecure data handling (TAINTED_SCALAR)
/workdir/UnpackedTarball/pdfium/core/fxge/ge/cfx_folderfontinfo.cpp: 52 in
<unnamed>::FPDF_LoadTableFromTT(_IO_FILE *, const unsigned char *, unsigned int, unsigned int)()
46 uint32_t nTables,
47 uint32_t tag) {
48 for (uint32_t i = 0; i < nTables; i++) {
49 const uint8_t* p = pTables + i * 16;
50 if (GET_TT_LONG(p) == tag) {
51 uint32_t offset = GET_TT_LONG(p + 8);
CID 1400332: Insecure data handling (TAINTED_SCALAR)
Assigning: "size" = "(uint32_t)((p + 12[0] << 24) | (p + 12[1] << 16) | (p + 12[2] << 8) |
p + 12[3])". Both are now tainted.
52 uint32_t size = GET_TT_LONG(p + 12);
53 FXSYS_fseek(pFile, offset, FXSYS_SEEK_SET);
54 return FPDF_ReadStringFromFile(pFile, size);
55 }
56 }
57 return CFX_ByteString();
** CID 1400331: (TAINTED_SCALAR)
/workdir/UnpackedTarball/pdfium/core/fpdfapi/font/ttgsubtable.cpp: 254 in
CFX_CTTGSUBTable::ParseScriptList(const unsigned char *, CFX_CTTGSUBTable::TScriptList *)()
/workdir/UnpackedTarball/pdfium/core/fpdfapi/font/ttgsubtable.cpp: 254 in
CFX_CTTGSUBTable::ParseScriptList(const unsigned char *, CFX_CTTGSUBTable::TScriptList *)()
________________________________________________________________________________________________________
*** CID 1400331: (TAINTED_SCALAR)
/workdir/UnpackedTarball/pdfium/core/fpdfapi/font/ttgsubtable.cpp: 254 in
CFX_CTTGSUBTable::ParseScriptList(const unsigned char *, CFX_CTTGSUBTable::TScriptList *)()
248 int i;
249 FT_Bytes sp = raw;
250 rec->ScriptCount = GetUInt16(sp);
251 if (rec->ScriptCount <= 0) {
252 return;
253 }
CID 1400331: (TAINTED_SCALAR)
Passing tainted variable "<new (context.alloc) allocation size>" to a tainted sink.
254 rec->ScriptRecord.reset(new TScriptRecord[rec->ScriptCount]);
255 for (i = 0; i < rec->ScriptCount; i++) {
256 rec->ScriptRecord[i].ScriptTag = GetUInt32(sp);
257 uint16_t offset = GetUInt16(sp);
258 ParseScript(&raw[offset], &rec->ScriptRecord[i].Script);
259 }
/workdir/UnpackedTarball/pdfium/core/fpdfapi/font/ttgsubtable.cpp: 254 in
CFX_CTTGSUBTable::ParseScriptList(const unsigned char *, CFX_CTTGSUBTable::TScriptList *)()
248 int i;
249 FT_Bytes sp = raw;
250 rec->ScriptCount = GetUInt16(sp);
251 if (rec->ScriptCount <= 0) {
252 return;
253 }
CID 1400331: (TAINTED_SCALAR)
Using tainted variable "<new (context.alloc) [] element count>" as a loop boundary.
254 rec->ScriptRecord.reset(new TScriptRecord[rec->ScriptCount]);
255 for (i = 0; i < rec->ScriptCount; i++) {
256 rec->ScriptRecord[i].ScriptTag = GetUInt32(sp);
257 uint16_t offset = GetUInt16(sp);
258 ParseScript(&raw[offset], &rec->ScriptRecord[i].Script);
259 }
** CID 1400330: (TAINTED_SCALAR)
________________________________________________________________________________________________________
*** CID 1400330: (TAINTED_SCALAR)
/workdir/UnpackedTarball/pdfium/core/fxcodec/jbig2/JBig2_Context.cpp: 1027 in
CJBig2_Context::parseHalftoneRegion(CJBig2_Segment *, IFX_Pause *)()
1021 const size_t size = GetHuffContextSize(pHRD->HTEMPLATE);
1022 std::unique_ptr<JBig2ArithCtx, FxFreeDeleter> gbContext(
1023 FX_Alloc(JBig2ArithCtx, size));
1024 JBIG2_memset(gbContext.get(), 0, sizeof(JBig2ArithCtx) * size);
1025 std::unique_ptr<CJBig2_ArithDecoder> pArithDecoder(
1026 new CJBig2_ArithDecoder(m_pStream.get()));
CID 1400330: (TAINTED_SCALAR)
Passing tainted variable "pHRD->HGH" to a tainted sink.
1027 pSegment->m_Result.im =
1028 pHRD->decode_Arith(pArithDecoder.get(), gbContext.get(), pPause);
1029 if (!pSegment->m_Result.im)
1030 return JBIG2_ERROR_FATAL;
1031
1032 m_pStream->alignByte();
/workdir/UnpackedTarball/pdfium/core/fxcodec/jbig2/JBig2_Context.cpp: 1035 in
CJBig2_Context::parseHalftoneRegion(CJBig2_Segment *, IFX_Pause *)()
1029 if (!pSegment->m_Result.im)
1030 return JBIG2_ERROR_FATAL;
1031
1032 m_pStream->alignByte();
1033 m_pStream->offset(2);
1034 } else {
CID 1400330: (TAINTED_SCALAR)
Passing tainted variable "pHRD->HGH" to a tainted sink.
1035 pSegment->m_Result.im = pHRD->decode_MMR(m_pStream.get(), pPause);
1036 if (!pSegment->m_Result.im)
1037 return JBIG2_ERROR_FATAL;
1038 m_pStream->alignByte();
1039 }
1040 if (pSegment->m_cFlags.s.type != 20) {
/workdir/UnpackedTarball/pdfium/core/fxcodec/jbig2/JBig2_Context.cpp: 1027 in
CJBig2_Context::parseHalftoneRegion(CJBig2_Segment *, IFX_Pause *)()
1021 const size_t size = GetHuffContextSize(pHRD->HTEMPLATE);
1022 std::unique_ptr<JBig2ArithCtx, FxFreeDeleter> gbContext(
1023 FX_Alloc(JBig2ArithCtx, size));
1024 JBIG2_memset(gbContext.get(), 0, sizeof(JBig2ArithCtx) * size);
1025 std::unique_ptr<CJBig2_ArithDecoder> pArithDecoder(
1026 new CJBig2_ArithDecoder(m_pStream.get()));
CID 1400330: (TAINTED_SCALAR)
Passing tainted variable "pHRD->HGW" to a tainted sink.
1027 pSegment->m_Result.im =
1028 pHRD->decode_Arith(pArithDecoder.get(), gbContext.get(), pPause);
1029 if (!pSegment->m_Result.im)
1030 return JBIG2_ERROR_FATAL;
1031
1032 m_pStream->alignByte();
/workdir/UnpackedTarball/pdfium/core/fxcodec/jbig2/JBig2_Context.cpp: 1027 in
CJBig2_Context::parseHalftoneRegion(CJBig2_Segment *, IFX_Pause *)()
1021 const size_t size = GetHuffContextSize(pHRD->HTEMPLATE);
1022 std::unique_ptr<JBig2ArithCtx, FxFreeDeleter> gbContext(
1023 FX_Alloc(JBig2ArithCtx, size));
1024 JBIG2_memset(gbContext.get(), 0, sizeof(JBig2ArithCtx) * size);
1025 std::unique_ptr<CJBig2_ArithDecoder> pArithDecoder(
1026 new CJBig2_ArithDecoder(m_pStream.get()));
CID 1400330: (TAINTED_SCALAR)
Passing tainted variable "pHRD->HGW" to a tainted sink.
1027 pSegment->m_Result.im =
1028 pHRD->decode_Arith(pArithDecoder.get(), gbContext.get(), pPause);
1029 if (!pSegment->m_Result.im)
1030 return JBIG2_ERROR_FATAL;
1031
1032 m_pStream->alignByte();
/workdir/UnpackedTarball/pdfium/core/fxcodec/jbig2/JBig2_Context.cpp: 1035 in
CJBig2_Context::parseHalftoneRegion(CJBig2_Segment *, IFX_Pause *)()
1029 if (!pSegment->m_Result.im)
1030 return JBIG2_ERROR_FATAL;
1031
1032 m_pStream->alignByte();
1033 m_pStream->offset(2);
1034 } else {
CID 1400330: (TAINTED_SCALAR)
Passing tainted variable "pHRD->HGW" to a tainted sink.
1035 pSegment->m_Result.im = pHRD->decode_MMR(m_pStream.get(), pPause);
1036 if (!pSegment->m_Result.im)
1037 return JBIG2_ERROR_FATAL;
1038 m_pStream->alignByte();
1039 }
1040 if (pSegment->m_cFlags.s.type != 20) {
** CID 1400329: (TAINTED_SCALAR)
/workdir/UnpackedTarball/pdfium/core/fxge/ge/cfx_folderfontinfo.cpp: 202 in
CFX_FolderFontInfo::ReportFace(const CFX_ByteString &, _IO_FILE *, unsigned int, unsigned int)()
/workdir/UnpackedTarball/pdfium/core/fxge/ge/cfx_folderfontinfo.cpp: 202 in
CFX_FolderFontInfo::ReportFace(const CFX_ByteString &, _IO_FILE *, unsigned int, unsigned int)()
/workdir/UnpackedTarball/pdfium/core/fxge/ge/cfx_folderfontinfo.cpp: 202 in
CFX_FolderFontInfo::ReportFace(const CFX_ByteString &, _IO_FILE *, unsigned int, unsigned int)()
________________________________________________________________________________________________________
*** CID 1400329: (TAINTED_SCALAR)
/workdir/UnpackedTarball/pdfium/core/fxge/ge/cfx_folderfontinfo.cpp: 202 in
CFX_FolderFontInfo::ReportFace(const CFX_ByteString &, _IO_FILE *, unsigned int, unsigned int)()
196 uint32_t offset) {
197 FXSYS_fseek(pFile, offset, FXSYS_SEEK_SET);
198 char buffer[16];
199 if (!FXSYS_fread(buffer, 12, 1, pFile))
200 return;
201
CID 1400329: (TAINTED_SCALAR)
Assigning: "nTables" = "(uint16_t)((&buffer[4][0] << 8) | &buffer[4][1])". Both are now
tainted.
202 uint32_t nTables = GET_TT_SHORT(buffer + 4);
203 CFX_ByteString tables = FPDF_ReadStringFromFile(pFile, nTables * 16);
204 if (tables.IsEmpty())
205 return;
206
207 CFX_ByteString names =
/workdir/UnpackedTarball/pdfium/core/fxge/ge/cfx_folderfontinfo.cpp: 202 in
CFX_FolderFontInfo::ReportFace(const CFX_ByteString &, _IO_FILE *, unsigned int, unsigned int)()
196 uint32_t offset) {
197 FXSYS_fseek(pFile, offset, FXSYS_SEEK_SET);
198 char buffer[16];
199 if (!FXSYS_fread(buffer, 12, 1, pFile))
200 return;
201
CID 1400329: (TAINTED_SCALAR)
Assigning: "nTables" = "(uint16_t)((&buffer[4][0] << 8) | &buffer[4][1])". Both are now
tainted.
202 uint32_t nTables = GET_TT_SHORT(buffer + 4);
203 CFX_ByteString tables = FPDF_ReadStringFromFile(pFile, nTables * 16);
204 if (tables.IsEmpty())
205 return;
206
207 CFX_ByteString names =
/workdir/UnpackedTarball/pdfium/core/fxge/ge/cfx_folderfontinfo.cpp: 202 in
CFX_FolderFontInfo::ReportFace(const CFX_ByteString &, _IO_FILE *, unsigned int, unsigned int)()
196 uint32_t offset) {
197 FXSYS_fseek(pFile, offset, FXSYS_SEEK_SET);
198 char buffer[16];
199 if (!FXSYS_fread(buffer, 12, 1, pFile))
200 return;
201
CID 1400329: (TAINTED_SCALAR)
Assigning: "nTables" = "(uint16_t)((&buffer[4][0] << 8) | &buffer[4][1])". Both are now
tainted.
202 uint32_t nTables = GET_TT_SHORT(buffer + 4);
203 CFX_ByteString tables = FPDF_ReadStringFromFile(pFile, nTables * 16);
204 if (tables.IsEmpty())
205 return;
206
207 CFX_ByteString names =
** CID 1400328: Insecure data handling (TAINTED_SCALAR)
/workdir/UnpackedTarball/pdfium/core/fxge/ge/cfx_fontmgr.cpp: 72 in <unnamed>::GetTTCIndex(const
unsigned char *, unsigned int, unsigned int)()
________________________________________________________________________________________________________
*** CID 1400328: Insecure data handling (TAINTED_SCALAR)
/workdir/UnpackedTarball/pdfium/core/fxge/ge/cfx_fontmgr.cpp: 72 in <unnamed>::GetTTCIndex(const
unsigned char *, unsigned int, unsigned int)()
66 uint32_t ttc_size,
67 uint32_t font_offset) {
68 int face_index = 0;
69 const uint8_t* p = pFontData + 8;
70 uint32_t nfont = GET_TT_LONG(p);
71 uint32_t index;
CID 1400328: Insecure data handling (TAINTED_SCALAR)
Using tainted variable "nfont" as a loop boundary.
72 for (index = 0; index < nfont; index++) {
73 p = pFontData + 12 + index * 4;
74 if (GET_TT_LONG(p) == font_offset)
75 break;
76 }
77 if (index >= nfont)
** CID 1400327: Insecure data handling (TAINTED_SCALAR)
/workdir/UnpackedTarball/pdfium/core/fxge/dib/fx_dib_composite.cpp: 3082 in
<unnamed>::CompositeRow_Rgb2Argb_Blend_NoClip_RgbByteOrder(unsigned char *, const unsigned char *,
int, int, int)()
________________________________________________________________________________________________________
*** CID 1400327: Insecure data handling (TAINTED_SCALAR)
/workdir/UnpackedTarball/pdfium/core/fxge/dib/fx_dib_composite.cpp: 3082 in
<unnamed>::CompositeRow_Rgb2Argb_Blend_NoClip_RgbByteOrder(unsigned char *, const unsigned char *,
int, int, int)()
3076 dest_scan_o[2] = dest_scan[0];
3077 RGB_Blend(blend_type, src_scan, dest_scan_o, blended_colors);
3078 }
3079 for (int color = 0; color < 3; color++) {
3080 int index = 2 - color;
3081 int src_color = *src_scan;
CID 1400327: Insecure data handling (TAINTED_SCALAR)
Casting narrower unsigned "dest_scan[index]" to wider signed type "int" effectively tests
its lower bound.
3082 int blended = bNonseparableBlend
3083 ? blended_colors[color]
3084 : Blend(blend_type, dest_scan[index], src_color);
3085 dest_scan[index] = FXDIB_ALPHA_MERGE(src_color, blended, back_alpha);
3086 src_scan++;
3087 }
** CID 1400326: (TAINTED_SCALAR)
/workdir/UnpackedTarball/pdfium/core/fpdfapi/font/ttgsubtable.cpp: 83 in
CFX_CTTGSUBTable::LoadGSUBTable(const unsigned char *)()
/workdir/UnpackedTarball/pdfium/core/fpdfapi/font/ttgsubtable.cpp: 83 in
CFX_CTTGSUBTable::LoadGSUBTable(const unsigned char *)()
/workdir/UnpackedTarball/pdfium/core/fpdfapi/font/ttgsubtable.cpp: 83 in
CFX_CTTGSUBTable::LoadGSUBTable(const unsigned char *)()
/workdir/UnpackedTarball/pdfium/core/fpdfapi/font/ttgsubtable.cpp: 83 in
CFX_CTTGSUBTable::LoadGSUBTable(const unsigned char *)()
________________________________________________________________________________________________________
*** CID 1400326: (TAINTED_SCALAR)
/workdir/UnpackedTarball/pdfium/core/fpdfapi/font/ttgsubtable.cpp: 83 in
CFX_CTTGSUBTable::LoadGSUBTable(const unsigned char *)()
77 header.Version = gsub[0] << 24 | gsub[1] << 16 | gsub[2] << 8 | gsub[3];
78 if (header.Version != 0x00010000) {
79 return false;
80 }
81 header.ScriptList = gsub[4] << 8 | gsub[5];
82 header.FeatureList = gsub[6] << 8 | gsub[7];
CID 1400326: (TAINTED_SCALAR)
Performing a byte swapping operation on "gsub" implies that it came from an external
source, and is therefore tainted.
83 header.LookupList = gsub[8] << 8 | gsub[9];
84 return Parse(&gsub[header.ScriptList], &gsub[header.FeatureList],
85 &gsub[header.LookupList]);
86 }
87
88 bool CFX_CTTGSUBTable::GetVerticalGlyph(uint32_t glyphnum,
/workdir/UnpackedTarball/pdfium/core/fpdfapi/font/ttgsubtable.cpp: 83 in
CFX_CTTGSUBTable::LoadGSUBTable(const unsigned char *)()
77 header.Version = gsub[0] << 24 | gsub[1] << 16 | gsub[2] << 8 | gsub[3];
78 if (header.Version != 0x00010000) {
79 return false;
80 }
81 header.ScriptList = gsub[4] << 8 | gsub[5];
82 header.FeatureList = gsub[6] << 8 | gsub[7];
CID 1400326: (TAINTED_SCALAR)
Performing a byte swapping operation on "gsub" implies that it came from an external
source, and is therefore tainted.
83 header.LookupList = gsub[8] << 8 | gsub[9];
84 return Parse(&gsub[header.ScriptList], &gsub[header.FeatureList],
85 &gsub[header.LookupList]);
86 }
87
88 bool CFX_CTTGSUBTable::GetVerticalGlyph(uint32_t glyphnum,
/workdir/UnpackedTarball/pdfium/core/fpdfapi/font/ttgsubtable.cpp: 83 in
CFX_CTTGSUBTable::LoadGSUBTable(const unsigned char *)()
77 header.Version = gsub[0] << 24 | gsub[1] << 16 | gsub[2] << 8 | gsub[3];
78 if (header.Version != 0x00010000) {
79 return false;
80 }
81 header.ScriptList = gsub[4] << 8 | gsub[5];
82 header.FeatureList = gsub[6] << 8 | gsub[7];
CID 1400326: (TAINTED_SCALAR)
Performing a byte swapping operation on "gsub" implies that it came from an external
source, and is therefore tainted.
83 header.LookupList = gsub[8] << 8 | gsub[9];
84 return Parse(&gsub[header.ScriptList], &gsub[header.FeatureList],
85 &gsub[header.LookupList]);
86 }
87
88 bool CFX_CTTGSUBTable::GetVerticalGlyph(uint32_t glyphnum,
/workdir/UnpackedTarball/pdfium/core/fpdfapi/font/ttgsubtable.cpp: 83 in
CFX_CTTGSUBTable::LoadGSUBTable(const unsigned char *)()
77 header.Version = gsub[0] << 24 | gsub[1] << 16 | gsub[2] << 8 | gsub[3];
78 if (header.Version != 0x00010000) {
79 return false;
80 }
81 header.ScriptList = gsub[4] << 8 | gsub[5];
82 header.FeatureList = gsub[6] << 8 | gsub[7];
CID 1400326: (TAINTED_SCALAR)
Performing a byte swapping operation on "gsub" implies that it came from an external
source, and is therefore tainted.
83 header.LookupList = gsub[8] << 8 | gsub[9];
84 return Parse(&gsub[header.ScriptList], &gsub[header.FeatureList],
85 &gsub[header.LookupList]);
86 }
87
88 bool CFX_CTTGSUBTable::GetVerticalGlyph(uint32_t glyphnum,
** CID 1400325: Insecure data handling (TAINTED_SCALAR)
/workdir/UnpackedTarball/pdfium/core/fxge/dib/fx_dib_composite.cpp: 1021 in
<unnamed>::CompositeRow_Rgb2Argb_Blend_NoClip(unsigned char *, const unsigned char *, int, int,
int, unsigned char *)()
________________________________________________________________________________________________________
*** CID 1400325: Insecure data handling (TAINTED_SCALAR)
/workdir/UnpackedTarball/pdfium/core/fxge/dib/fx_dib_composite.cpp: 1021 in
<unnamed>::CompositeRow_Rgb2Argb_Blend_NoClip(unsigned char *, const unsigned char *, int, int,
int, unsigned char *)()
1015 dest_scan[3] = 0xff;
1016 if (bNonseparableBlend) {
1017 RGB_Blend(blend_type, src_scan, dest_scan, blended_colors);
1018 }
1019 for (int color = 0; color < 3; color++) {
1020 int src_color = *src_scan;
CID 1400325: Insecure data handling (TAINTED_SCALAR)
Casting narrower unsigned "*dest_scan" to wider signed type "int" effectively tests its
lower bound.
1021 int blended = bNonseparableBlend
1022 ? blended_colors[color]
1023 : Blend(blend_type, *dest_scan, src_color);
1024 *dest_scan = FXDIB_ALPHA_MERGE(src_color, blended, back_alpha);
1025 dest_scan++;
1026 src_scan++;
** CID 1400324: (TAINTED_SCALAR)
/workdir/UnpackedTarball/pdfium/core/fpdfapi/font/ttgsubtable.cpp: 383 in
CFX_CTTGSUBTable::ParseCoverageFormat1(const unsigned char *, CFX_CTTGSUBTable::TCoverageFormat1
*)()
/workdir/UnpackedTarball/pdfium/core/fpdfapi/font/ttgsubtable.cpp: 384 in
CFX_CTTGSUBTable::ParseCoverageFormat1(const unsigned char *, CFX_CTTGSUBTable::TCoverageFormat1
*)()
________________________________________________________________________________________________________
*** CID 1400324: (TAINTED_SCALAR)
/workdir/UnpackedTarball/pdfium/core/fpdfapi/font/ttgsubtable.cpp: 383 in
CFX_CTTGSUBTable::ParseCoverageFormat1(const unsigned char *, CFX_CTTGSUBTable::TCoverageFormat1
*)()
377 FT_Bytes sp = raw;
378 GetUInt16(sp);
379 rec->GlyphCount = GetUInt16(sp);
380 if (rec->GlyphCount <= 0) {
381 return;
382 }
CID 1400324: (TAINTED_SCALAR)
Passing tainted variable "rec->GlyphCount * 2UL" to a tainted sink.
383 rec->GlyphArray.reset(new uint16_t[rec->GlyphCount]);
384 for (i = 0; i < rec->GlyphCount; i++) {
385 rec->GlyphArray[i] = GetUInt16(sp);
386 }
387 }
388
/workdir/UnpackedTarball/pdfium/core/fpdfapi/font/ttgsubtable.cpp: 384 in
CFX_CTTGSUBTable::ParseCoverageFormat1(const unsigned char *, CFX_CTTGSUBTable::TCoverageFormat1
*)()
378 GetUInt16(sp);
379 rec->GlyphCount = GetUInt16(sp);
380 if (rec->GlyphCount <= 0) {
381 return;
382 }
383 rec->GlyphArray.reset(new uint16_t[rec->GlyphCount]);
CID 1400324: (TAINTED_SCALAR)
Using tainted variable "rec->GlyphCount" as a loop boundary.
384 for (i = 0; i < rec->GlyphCount; i++) {
385 rec->GlyphArray[i] = GetUInt16(sp);
386 }
387 }
388
389 void CFX_CTTGSUBTable::ParseCoverageFormat2(FT_Bytes raw,
** CID 1400323: (TAINTED_SCALAR)
/workdir/UnpackedTarball/pdfium/core/fpdfapi/font/ttgsubtable.cpp: 398 in
CFX_CTTGSUBTable::ParseCoverageFormat2(const unsigned char *, CFX_CTTGSUBTable::TCoverageFormat2
*)()
/workdir/UnpackedTarball/pdfium/core/fpdfapi/font/ttgsubtable.cpp: 398 in
CFX_CTTGSUBTable::ParseCoverageFormat2(const unsigned char *, CFX_CTTGSUBTable::TCoverageFormat2
*)()
________________________________________________________________________________________________________
*** CID 1400323: (TAINTED_SCALAR)
/workdir/UnpackedTarball/pdfium/core/fpdfapi/font/ttgsubtable.cpp: 398 in
CFX_CTTGSUBTable::ParseCoverageFormat2(const unsigned char *, CFX_CTTGSUBTable::TCoverageFormat2
*)()
392 FT_Bytes sp = raw;
393 GetUInt16(sp);
394 rec->RangeCount = GetUInt16(sp);
395 if (rec->RangeCount <= 0) {
396 return;
397 }
CID 1400323: (TAINTED_SCALAR)
Passing tainted variable "<new (context.alloc) [] element count> * 6UL" to a tainted sink.
398 rec->RangeRecord.reset(new TRangeRecord[rec->RangeCount]);
399 for (i = 0; i < rec->RangeCount; i++) {
400 rec->RangeRecord[i].Start = GetUInt16(sp);
401 rec->RangeRecord[i].End = GetUInt16(sp);
402 rec->RangeRecord[i].StartCoverageIndex = GetUInt16(sp);
403 }
/workdir/UnpackedTarball/pdfium/core/fpdfapi/font/ttgsubtable.cpp: 398 in
CFX_CTTGSUBTable::ParseCoverageFormat2(const unsigned char *, CFX_CTTGSUBTable::TCoverageFormat2
*)()
392 FT_Bytes sp = raw;
393 GetUInt16(sp);
394 rec->RangeCount = GetUInt16(sp);
395 if (rec->RangeCount <= 0) {
396 return;
397 }
CID 1400323: (TAINTED_SCALAR)
Using tainted variable "<new (context.alloc) [] element count>" as a loop boundary.
398 rec->RangeRecord.reset(new TRangeRecord[rec->RangeCount]);
399 for (i = 0; i < rec->RangeCount; i++) {
400 rec->RangeRecord[i].Start = GetUInt16(sp);
401 rec->RangeRecord[i].End = GetUInt16(sp);
402 rec->RangeRecord[i].StartCoverageIndex = GetUInt16(sp);
403 }
** CID 1400322: (TAINTED_SCALAR)
/workdir/UnpackedTarball/pdfium/core/fpdfapi/font/ttgsubtable.cpp: 330 in
CFX_CTTGSUBTable::ParseLookupList(const unsigned char *, CFX_CTTGSUBTable::TLookupList *)()
/workdir/UnpackedTarball/pdfium/core/fpdfapi/font/ttgsubtable.cpp: 330 in
CFX_CTTGSUBTable::ParseLookupList(const unsigned char *, CFX_CTTGSUBTable::TLookupList *)()
________________________________________________________________________________________________________
*** CID 1400322: (TAINTED_SCALAR)
/workdir/UnpackedTarball/pdfium/core/fpdfapi/font/ttgsubtable.cpp: 330 in
CFX_CTTGSUBTable::ParseLookupList(const unsigned char *, CFX_CTTGSUBTable::TLookupList *)()
324 int i;
325 FT_Bytes sp = raw;
326 rec->LookupCount = GetUInt16(sp);
327 if (rec->LookupCount <= 0) {
328 return;
329 }
CID 1400322: (TAINTED_SCALAR)
Passing tainted variable "<new (context.alloc) allocation size>" to a tainted sink.
330 rec->Lookup.reset(new TLookup[rec->LookupCount]);
331 for (i = 0; i < rec->LookupCount; i++) {
332 uint16_t offset = GetUInt16(sp);
333 ParseLookup(&raw[offset], &rec->Lookup[i]);
334 }
335 }
/workdir/UnpackedTarball/pdfium/core/fpdfapi/font/ttgsubtable.cpp: 330 in
CFX_CTTGSUBTable::ParseLookupList(const unsigned char *, CFX_CTTGSUBTable::TLookupList *)()
324 int i;
325 FT_Bytes sp = raw;
326 rec->LookupCount = GetUInt16(sp);
327 if (rec->LookupCount <= 0) {
328 return;
329 }
CID 1400322: (TAINTED_SCALAR)
Using tainted variable "<new (context.alloc) [] element count>" as a loop boundary.
330 rec->Lookup.reset(new TLookup[rec->LookupCount]);
331 for (i = 0; i < rec->LookupCount; i++) {
332 uint16_t offset = GetUInt16(sp);
333 ParseLookup(&raw[offset], &rec->Lookup[i]);
334 }
335 }
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit,
https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRZBnDJeNb0HijxaS4JNJPxk3kpyAm2AYqo71yXmnOxB72ibeUH-2F-2F1Lhi9AZq3dRu-2F4-3D_g-2BrHdvqzaBa155F-2F8AmPhpJzY63UzWDisJV95WUBpGhqFw1ICExHG8aMaV2EoFpyywhefoAuHQyOhLJueyBjWDngLKWlmb6PAKHSkejLvg9-2FRaszJcax2mAogsinIr439I10jsid3tZG-2Bq-2B52OBOhpo3tkRRRYT9oo-2BC24GZfIaV6rgpOFtZx9E7PblSJSHkQRj-2BdICP8-2BvBCcjHooFDCN8oC9-2BD3y-2BzC87DsyZdB-2F8-3D
To manage Coverity Scan email notifications for "libreoffice@lists.freedesktop.org", click
https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4k1FZJSDV-2FTHi5VQof9xGafB4oBwGYxuHHknceo2QLpCrZ44Ciy7AqBR2QyX6OCB5N5X-2B1MAElavPQhH6nLwozJzqOkt2k8uOkYf2ZoppNa9QVe0T3fEZVQ7Kky1tOkLz_g-2BrHdvqzaBa155F-2F8AmPhpJzY63UzWDisJV95WUBpGhqFw1ICExHG8aMaV2EoFpyywhefoAuHQyOhLJueyBjWJcnM-2FgsS2uueBEJiePk1SYfiNzhWAcvHGxDqEJYZU0vFXLel8d8mK7INFWSp5Jk1M4hGp5JDOUP7IRvO1HuiBzUck9HYHM3K62h2OA5fqUmkGHRsqVGkK3qZOdlOfit1Fk860KHIIC2TrRL6HZfoOo-3D
Context
- New Defects reported by Coverity Scan for LibreOffice · scan-admin
Privacy Policy |
Impressum (Legal Info) |
Copyright information: Unless otherwise specified, all text and images
on this website are licensed under the
Creative Commons Attribution-Share Alike 3.0 License.
This does not include the source code of LibreOffice, which is
licensed under the Mozilla Public License (
MPLv2).
"LibreOffice" and "The Document Foundation" are
registered trademarks of their corresponding registered owners or are
in actual use as trademarks in one or more countries. Their respective
logos and icons are also subject to international copyright laws. Use
thereof is explained in our
trademark policy.