New Defects reported by Coverity Scan for LibreOffice

Hi,

Please find the latest report on new defect(s) introduced to LibreOffice found with Coverity Scan.

7 new defect(s) introduced to LibreOffice found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by 
Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 7 of 7 defect(s)


** CID 1418341:  Null pointer dereferences  (FORWARD_NULL)
/sc/source/core/data/fillinfo.cxx: 441 in ScDocument::FillInfo(ScTableInfo &, short, int, short, 
int, short, double, double, bool, bool, const ScMarkData *)()


________________________________________________________________________________________________________
*** CID 1418341:  Null pointer dereferences  (FORWARD_NULL)
/sc/source/core/data/fillinfo.cxx: 441 in ScDocument::FillInfo(ScTableInfo &, short, int, short, 
int, short, double, double, bool, bool, const ScMarkData *)()
435         //  to nRotMax due to nRotateDir Flag
436         initCellInfo(pRowInfo, nArrCount, nRotMax, pDefShadow);
437     
438         initColWidths(pRowInfo, this, fColScale, nTab, nCol2, nRotMax);
439     
440         ScConditionalFormatList* pCondFormList = GetCondFormList(nTab);
> > >     CID 1418341:  Null pointer dereferences  (FORWARD_NULL)
> > >     Comparing "pCondFormList" to null implies that "pCondFormList" might be null.
441         if(pCondFormList)
442             pCondFormList->startRendering();
443     
444         for (SCCOL nArrCol=0; nArrCol<=nCol2+2; nArrCol++)                    // left & right + 
1
445         {
446             SCCOL nX = (nArrCol>0) ? nArrCol-1 : MAXCOL+1;                    // negative -> 
invalid

** CID 1418340:  Integer handling issues  (DIVIDE_BY_ZERO)
/sw/source/uibase/docvw/PostItMgr.cxx: 1065 in SwPostItMgr::AutoScroll(const 
sw::annotation::SwAnnotationWin *, unsigned long)()


________________________________________________________________________________________________________
*** CID 1418340:  Integer handling issues  (DIVIDE_BY_ZERO)
/sw/source/uibase/docvw/PostItMgr.cxx: 1065 in SwPostItMgr::AutoScroll(const 
sw::annotation::SwAnnotationWin *, unsigned long)()
1059             if ( !(bBottom && bTop))
1060             {
1061                 const long aDiff = bBottom ? 
mpEditWin->LogicToPixel(Point(0,mPages[aPage-1]->mPageRect.Top() + aSidebarheight)).Y() - 
pPostIt->GetPosPixel().Y() :
1062                                                 
mpEditWin->LogicToPixel(Point(0,mPages[aPage-1]->mPageRect.Bottom() - aSidebarheight)).Y() - 
(pPostIt->GetPosPixel().Y()+pPostIt->GetSizePixel().Height());
1063                 // this just adds the missing value to get the next a* GetScrollSize() after 
aDiff
1064                 // e.g aDiff= 61 POSTIT_SCROLL=50 --> lScroll = 100
> > >     CID 1418340:  Integer handling issues  (DIVIDE_BY_ZERO)
> > >     In expression "aDiff % this->GetScrollSize()", modulo by expression "this->GetScrollSize()" 
> > > which may be zero has undefined behavior.
1065                 const long lScroll = bBottom ? (aDiff + ( GetScrollSize() - (aDiff % 
GetScrollSize()))) : (aDiff - (GetScrollSize() + (aDiff % GetScrollSize())));
1066                 Scroll(lScroll, aPage);
1067             }
1068         }
1069     }
1070     

** CID 1418339:    (RESOURCE_LEAK)
/vcl/unx/generic/printer/cpdmgr.cxx: 424 in psp::CPDManager::createCPDParser(const rtl::OUString 
&)()
/vcl/unx/generic/printer/cpdmgr.cxx: 439 in psp::CPDManager::createCPDParser(const rtl::OUString 
&)()
/vcl/unx/generic/printer/cpdmgr.cxx: 456 in psp::CPDManager::createCPDParser(const rtl::OUString 
&)()


________________________________________________________________________________________________________
*** CID 1418339:    (RESOURCE_LEAK)
/vcl/unx/generic/printer/cpdmgr.cxx: 424 in psp::CPDManager::createCPDParser(const rtl::OUString 
&)()
418                 aValueName = OStringToOUString( "", aEncoding );
419                 pValue = pKey->insertValue( aValueName, eQuoted );
420                 if( pValue )
421                     pValue->m_aValue = aValueName;
422                 pKey -> m_pDefaultValue = pValue;
423     
> > >     CID 1418339:    (RESOURCE_LEAK)
> > >     Overwriting "pKey" in "pKey = new psp::PPDKey(rtl::OUString const("NickName", 
> > > rtl::libreoffice_internal::Dummy({})))" leaks the storage that "pKey" points to.
424                 pKey = new PPDKey("NickName");
425                 aValueName = OStringToOUString( pDest -> name, aEncoding );
426                 pValue = pKey->insertValue( aValueName, eQuoted );
427                 if( pValue )
428                     pValue->m_aValue = aValueName;
429                 pKey -> m_pDefaultValue = pValue;
/vcl/unx/generic/printer/cpdmgr.cxx: 439 in psp::CPDManager::createCPDParser(const rtl::OUString 
&)()
433                 PPDContext& rContext = m_aDefaultContexts[ aPrinter ];
434                 rContext.setParser( pNewParser );
435                 setDefaultPaper( rContext );
436                 std::vector<PPDKey*>::iterator keyit;
437                 std::vector<OUString>::iterator defit;
438                 for (keyit = keys.begin(), defit = default_values.begin(); keyit != keys.end(); 
keyit++, defit++ ) {
> > >     CID 1418339:    (RESOURCE_LEAK)
> > >     Overwriting "pKey" in "pKey = *keyit" leaks the storage that "pKey" points to.
439                     pKey = *keyit;
440                     const PPDValue* p1Value = pKey->getValue( *defit );
441                     if( p1Value )
442                     {
443                         if( p1Value != pKey->getDefaultValue() )
444                         {
/vcl/unx/generic/printer/cpdmgr.cxx: 456 in psp::CPDManager::createCPDParser(const rtl::OUString 
&)()
450                     }
451                 }
452     
453                 rInfo.m_pParser = pNewParser;
454                 rInfo.m_aContext = rContext;
455                 g_variant_unref(ret);
> > >     CID 1418339:    (RESOURCE_LEAK)
> > >     Variable "pKey" going out of scope leaks the storage it points to.
456             }
457             else
458                 SAL_INFO("vcl.unx.print", "CPD GetAllOptions failed, falling back to generic 
driver");
459         }
460         else
461             SAL_INFO("vcl.unx.print", "no dest found for printer " << aPrinter);

** CID 1418338:  Error handling issues  (UNCAUGHT_EXCEPT)
/sw/source/core/text/txtftn.cxx: 1310 in SwFootnoteSave::~SwFootnoteSave()()


________________________________________________________________________________________________________
*** CID 1418338:  Error handling issues  (UNCAUGHT_EXCEPT)
/sw/source/core/text/txtftn.cxx: 1310 in SwFootnoteSave::~SwFootnoteSave()()
1304                 pFnt->SetBackColor( new Color( static_cast<const 
SvxBrushItem*>(pItem)->GetColor() ) );
1305         }
1306         else
1307             pFnt = nullptr;
1308     }
1309     
> > >     CID 1418338:  Error handling issues  (UNCAUGHT_EXCEPT)
> > >     An exception of type 
> > > "boost::exception_detail::clone_impl<boost::exception_detail::error_info_injector<boost::bad_rational>
> > >  >" is thrown but the throw list "throw()" doesn't allow it to be thrown. This will cause a 
> > > call to unexpected() which usually calls terminate().
1310     SwFootnoteSave::~SwFootnoteSave()
1311     {
1312         if( pFnt )
1313         {
1314             // Put back SwFont
1315             *pFnt = *pOld;

** CID 1418337:  Null pointer dereferences  (FORWARD_NULL)
/svx/source/dialog/ClassificationDialog.cxx: 162 in svx::ClassificationDialog::getResult()()


________________________________________________________________________________________________________
*** CID 1418337:  Null pointer dereferences  (FORWARD_NULL)
/svx/source/dialog/ClassificationDialog.cxx: 162 in svx::ClassificationDialog::getResult()()
156             ESelection aSelection(rSection.mnParagraph, rSection.mnStart, rSection.mnParagraph, 
rSection.mnEnd);
157             OUString sString = m_pEditWindow->pEdEngine->GetText(aSelection);
158     
159             if (pFieldItem)
160             {
161                 const ClassificationField* pClassificationField = dynamic_cast<const 
ClassificationField*>(pFieldItem->GetField());
> > >     CID 1418337:  Null pointer dereferences  (FORWARD_NULL)
> > >     Dereferencing null pointer "pClassificationField".
162                 aClassificationResults.push_back({ pClassificationField->meType , sString, 
rSection.mnParagraph });
163             }
164             else
165             {
166                 aClassificationResults.push_back({ ClassificationType::TEXT, sString, 
rSection.mnParagraph });
167             }

** CID 1401307:  Error handling issues  (UNCAUGHT_EXCEPT)
/usr/include/c++/6.3.1/bits/unique_ptr.h: 235 in std::unique_ptr<SwDBManager, 
std::default_delete<SwDBManager>>::~unique_ptr()()


________________________________________________________________________________________________________
*** CID 1401307:  Error handling issues  (UNCAUGHT_EXCEPT)
/usr/include/c++/6.3.1/bits/unique_ptr.h: 235 in std::unique_ptr<SwDBManager, 
std::default_delete<SwDBManager>>::~unique_ptr()()
229           template<typename _Up, typename = _Require<
230                    is_convertible<_Up*, _Tp*>, is_same<_Dp, default_delete<_Tp>>>>
231             unique_ptr(auto_ptr<_Up>&& __u) noexcept;
232     #endif
233     
234           /// Destructor, invokes the deleter if the stored pointer is not null.
> > >     CID 1401307:  Error handling issues  (UNCAUGHT_EXCEPT)
> > >     An exception of type "com::sun::star::uno::DeploymentException" is thrown but the throw 
> > > list "throw()" doesn't allow it to be thrown. This will cause a call to unexpected() which 
> > > usually calls terminate().
235           ~unique_ptr() noexcept
236           {
237             auto& __ptr = std::get<0>(_M_t);
238             if (__ptr != nullptr)
239               get_deleter()(__ptr);
240             __ptr = pointer();

** CID 1399392:  Error handling issues  (UNCAUGHT_EXCEPT)
/sw/source/core/doc/list.cxx: 99 in SwListImpl::~SwListImpl()()


________________________________________________________________________________________________________
*** CID 1399392:  Error handling issues  (UNCAUGHT_EXCEPT)
/sw/source/core/doc/list.cxx: 99 in SwListImpl::~SwListImpl()()
93                 pNode = rNodes[nIndex];
94             }
95         }
96         while ( pNode != &rNodes.GetEndOfContent() );
97     }
98     
> > >     CID 1399392:  Error handling issues  (UNCAUGHT_EXCEPT)
> > >     An exception of type "com::sun::star::uno::RuntimeException" is thrown but the throw list 
> > > "throw()" doesn't allow it to be thrown. This will cause a call to unexpected() which usually 
> > > calls terminate().
99     SwListImpl::~SwListImpl()
100     {
101         tListTrees::iterator aNumberTreeIter;
102         for ( aNumberTreeIter = maListTrees.begin();
103               aNumberTreeIter != maListTrees.end();
104               ++aNumberTreeIter )


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, 
https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRZBnDJeNb0HijxaS4JNJPxk3kpyAm2AYqo71yXmnOxB72ibeUH-2F-2F1Lhi9AZq3dRu-2F4-3D_g-2BrHdvqzaBa155F-2F8AmPhpJzY63UzWDisJV95WUBpGhqFw1ICExHG8aMaV2EoFpyDnBhtDR1RM96ggVK04UQlr32VTBBx6bM4smcNTfraQQ-2BL5qZYnIBSVIwrnhOQj5roYdZINnCu9ytCWEzdzbx-2BpUpyd5kHHdVi0gWmA-2B3PqjENOFa65HzNq-2FtVhUim7dE-2BEkBNERaJNOBFE8Wyt1xuQs7dxwzEbAjf3XRyIfcDN0-3D

To manage Coverity Scan email notifications for "libreoffice@lists.freedesktop.org", click 
https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4k1FZJSDV-2FTHi5VQof9xGafB4oBwGYxuHHknceo2QLpCrZ44Ciy7AqBR2QyX6OCB5lwWgMDuK-2FivqaohkU3M9kT-2Fww10Qt2GoaCJAOQCa0Wv4ijH4oV8jCt0XXa7QeAwh_g-2BrHdvqzaBa155F-2F8AmPhpJzY63UzWDisJV95WUBpGhqFw1ICExHG8aMaV2EoFpyDnBhtDR1RM96ggVK04UQlnBqu1zv7gzi3k1frVpxaNuqFpSomJDDXXbo4Jllic4-2F4LBGHZmGRPJMTUO9FtCYqyU7-2F0jmcO1rGEepZaP8bUM41QydA6es89mdNgL33nthXZoodKGHS4K9BTwV-2BAu1uqJaraDZpZWDQHx5VyRWL6A-3D