Hi,
Please find the latest report on new defect(s) introduced to LibreOffice found with Coverity Scan.
16 new defect(s) introduced to LibreOffice found with Coverity Scan.
4 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by
Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 16 of 16 defect(s)
** CID 1438227: Error handling issues (NEGATIVE_RETURNS)
/desktop/source/splash/unxsplash.cxx: 98 in desktop::UnxSplashScreen::initialize(const
com::sun::star::uno::Sequence<com::sun::star::uno::Any> &)()
________________________________________________________________________________________________________
*** CID 1438227: Error handling issues (NEGATIVE_RETURNS)
/desktop/source/splash/unxsplash.cxx: 98 in desktop::UnxSplashScreen::initialize(const
com::sun::star::uno::Sequence<com::sun::star::uno::Any> &)()
92 OUString aArg;
93 osl_getCommandArg( i, &aArg.pData );
94 OUString aNum;
95 if ( aArg.startsWithIgnoreAsciiCase("--splash-pipe=", &aNum) )
96 {
97 int fd = aNum.toInt32();
CID 1438227: Error handling issues (NEGATIVE_RETURNS)
"fd" is passed to a parameter that cannot be negative.
98 m_pOutFd = fdopen( fd, "w" );
99 SAL_INFO("desktop.splash", "Got argument '--splash-pipe=" << fd << " ('"
100 << aNum << "') ("
101 << static_cast<void *>(m_pOutFd) << ")");
102 }
103 }
** CID 1438226: Null pointer dereferences (FORWARD_NULL)
________________________________________________________________________________________________________
*** CID 1438226: Null pointer dereferences (FORWARD_NULL)
/sw/source/core/unocore/unochart.cxx: 425 in GetFormatAndCreateCursorFromRangeRep(const SwDoc *,
const rtl::OUString &, SwFrameFormat **, std::shared_ptr<SwUnoCursor> &)()
419 pUnoCursor->SetMark();
420 pUnoCursor->GetPoint()->nNode = *pBRBox->GetSttNd();
421 pUnoCursor->Move( fnMoveForward, GoInNode );
422 SwUnoTableCursor* pCursor =
423 dynamic_cast<SwUnoTableCursor*>(pUnoCursor.get());
424 // HACK: remove pending actions for old style tables
CID 1438226: Null pointer dereferences (FORWARD_NULL)
Passing null pointer "pCursor" to "UnoActionRemoveContext", which dereferences it.
425 UnoActionRemoveContext aRemoveContext(*pCursor);
426 pCursor->MakeBoxSels();
427 rpUnoCursor = pUnoCursor;
428 }
429 }
430 }
** CID 1438225: Integer handling issues (NEGATIVE_RETURNS)
/sw/source/core/tox/txmsrt.cxx: 677 in SwTOXAuthority::GetLevel() const()
________________________________________________________________________________________________________
*** CID 1438225: Integer handling issues (NEGATIVE_RETURNS)
/sw/source/core/tox/txmsrt.cxx: 677 in SwTOXAuthority::GetLevel() const()
671 OUString
sText(static_cast<SwAuthorityField*>(m_rField.GetField())->GetFieldText(AUTH_FIELD_AUTHORITY_TYPE));
672 //#i18655# the level '0' is the heading level therefore the values are incremented here
673 sal_uInt16 nRet = 1;
674 if( pTOXIntl->IsNumeric( sText ) )
675 {
676 nRet = static_cast<sal_uInt16>(sText.toInt32());
CID 1438225: Integer handling issues (NEGATIVE_RETURNS)
Unsigned variable "nRet" is incremented, which might cause an integer overflow.
677 nRet++;
678 }
679 //illegal values are also set to 'ARTICLE' as non-numeric values are
680 if(nRet > AUTH_TYPE_END)
681 nRet = 1;
682 return nRet;
** CID 1438224: Null pointer dereferences (NULL_RETURNS)
________________________________________________________________________________________________________
*** CID 1438224: Null pointer dereferences (NULL_RETURNS)
/oox/source/drawingml/shape.cxx: 525 in
oox::drawingml::lcl_createPresetShape(com::sun::star::uno::Reference<com::sun::star::drawing::XShape>
&, const rtl::OUString &, const rtl::OUString &,
std::shared_ptr<oox::drawingml::CustomShapeProperties>, std::shared_ptr<oox::drawingml::TextBody>,
const oox::GraphicHelper &)()
519 ParagraphAdjust eAdjust = ParagraphAdjust_LEFT;
520 if (pParagraph->getProperties().getParaAdjust())
521 eAdjust = pParagraph->getProperties().getParaAdjust().get();
522 xSet->setPropertyValue( "ParaAdjust", uno::makeAny( eAdjust ) );
523 SvxShape* pShape = SvxShape::getImplementation( xShape );
524 SdrTextHorzAdjust eHorzAdjust = lcl_convertAdjust( eAdjust );
CID 1438224: Null pointer dereferences (NULL_RETURNS)
Dereferencing a pointer that might be null "pShape" when calling "GetSdrObject".
525 pShape->GetSdrObject()->SetMergedItem( SdrTextHorzAdjustItem( eHorzAdjust ) );
526 }
527 }
528
529 // Apply preset shape
530 xDefaulter->createCustomShapeDefaults( rClass );
** CID 1438223: Error handling issues (NEGATIVE_RETURNS)
/connectivity/source/commontools/RowFunctionParser.cxx: 234 in
connectivity::<unnamed>::UnaryFunctionExpression::evaluate(const
std::vector<rtl::Reference<connectivity::ORowSetValueDecorator>,
std::allocator<rtl::Reference<connectivity::ORowSetValueDecorator>>> &) const()
________________________________________________________________________________________________________
*** CID 1438223: Error handling issues (NEGATIVE_RETURNS)
/connectivity/source/commontools/RowFunctionParser.cxx: 234 in
connectivity::<unnamed>::UnaryFunctionExpression::evaluate(const
std::vector<rtl::Reference<connectivity::ORowSetValueDecorator>,
std::allocator<rtl::Reference<connectivity::ORowSetValueDecorator>>> &) const()
228 explicit UnaryFunctionExpression( const std::shared_ptr<ExpressionNode>& rArg ) :
229 mpArg( rArg )
230 {
231 }
232 virtual ORowSetValueDecoratorRef evaluate(const ODatabaseMetaDataResultSet::ORow& _aRow
) const override
233 {
CID 1438223: Error handling issues (NEGATIVE_RETURNS)
"connectivity::ORowSetValueDecoratorRef(this->mpArg->evaluate(_aRow))->getValue()->getInt32()"
is passed to a parameter that cannot be negative. [Note: The source code implementation of the
function has been overridden by a builtin model.]
234 return _aRow[mpArg->evaluate(_aRow )->getValue().getInt32()];
235 }
236 virtual void fill(const ODatabaseMetaDataResultSet::ORow& /*_aRow*/ ) const override
237 {
238 }
239 };
** CID 1438222: Error handling issues (NEGATIVE_RETURNS)
/sfx2/source/dialog/mgetempl.cxx: 437 in SfxManageStyleSheetPage::FillItemSet(SfxItemSet *)()
________________________________________________________________________________________________________
*** CID 1438222: Error handling issues (NEGATIVE_RETURNS)
/sfx2/source/dialog/mgetempl.cxx: 437 in SfxManageStyleSheetPage::FillItemSet(SfxItemSet *)()
431 m_xFilterLb->get_value_changed_from_saved() &&
432 m_xFilterLb->get_sensitive() )
433 {
434 bModified = true;
435 OSL_ENSURE( pItem, "No Item" );
436 // is only possibly for user templates
CID 1438222: Error handling issues (NEGATIVE_RETURNS)
"rtl::OUString(this->m_xFilterLb->get_id(nFilterIdx)).toInt32(10)" is passed to a parameter
that cannot be negative. [Note: The source code implementation of the function has been
overridden by a builtin model.]
437 SfxStyleSearchBits nMask =
pItem->GetFilterList()[m_xFilterLb->get_id(nFilterIdx).toInt32()].nFlags |
SfxStyleSearchBits::UserDefined;
438 pStyle->SetMask( nMask );
439 }
440 if (m_xAutoCB->get_visible() && m_xAutoCB->get_state_changed_from_saved())
441 {
442 rSet->Put(SfxBoolItem(SID_ATTR_AUTO_STYLE_UPDATE, m_xAutoCB->get_active()));
** CID 1438221: Error handling issues (NEGATIVE_RETURNS)
/sw/source/uibase/misc/glosdoc.cxx: 125 in SwGlossaries::FindGroupName(rtl::OUString &)()
________________________________________________________________________________________________________
*** CID 1438221: Error handling issues (NEGATIVE_RETURNS)
/sw/source/uibase/misc/glosdoc.cxx: 125 in SwGlossaries::FindGroupName(rtl::OUString &)()
119 const ::utl::TransliterationWrapper& rSCmp = GetAppCmpStrIgnore();
120 for(size_t i = 0; i < nCount; ++i)
121 {
122 const OUString sTemp( GetGroupName( i ));
123 sal_uInt16 nPath = static_cast<sal_uInt16>(sTemp.getToken(1, GLOS_DELIM).toInt32());
124
CID 1438221: Error handling issues (NEGATIVE_RETURNS)
"nPath" is passed to a parameter that cannot be negative. [Note: The source code
implementation of the function has been overridden by a builtin model.]
125 if (!SWUnoHelper::UCB_IsCaseSensitiveFileName( m_PathArr[nPath] )
126 && rSCmp.isEqual( rGroup, sTemp.getToken( 0, GLOS_DELIM) ) )
127 {
128 rGroup = sTemp;
129 return true;
130 }
** CID 1438220: Integer handling issues (NEGATIVE_RETURNS)
________________________________________________________________________________________________________
*** CID 1438220: Integer handling issues (NEGATIVE_RETURNS)
/sc/source/ui/view/viewdata.cxx: 2868 in ScViewData::ReadUserData(const rtl::OUString &)()
2862 sal_Unicode cMode = aZoomStr.getToken(2,'/')[0]; // 0 or "0"/"1"
2863 SetPagebreakMode( cMode == '1' );
2864 // SetPagebreakMode must always be called due to CalcPPT / RecalcPixPos()
2865
2866 // sheet may have become invalid (for instance last version):
2867 SCTAB nNewTab = static_cast<SCTAB>(rData.getToken(1, ';').toInt32());
CID 1438220: Integer handling issues (NEGATIVE_RETURNS)
"nNewTab" is passed to a parameter that cannot be negative.
2868 if (pDoc->HasTable( nNewTab ))
2869 SetTabNo(nNewTab);
2870
2871 // if available, get tab bar width:
2872 OUString aTabOpt = rData.getToken(2, ';');
2873
** CID 1438219: Null pointer dereferences (FORWARD_NULL)
________________________________________________________________________________________________________
*** CID 1438219: Null pointer dereferences (FORWARD_NULL)
/sw/source/core/unocore/unotbl.cxx: 4197 in SwXTableColumns::removeByIndex(int, int)()
4191 pUnoCursor->SetMark();
4192 pUnoCursor->GetPoint()->nNode = *pTRBox->GetSttNd();
4193 pUnoCursor->Move(fnMoveForward, GoInNode);
4194 SwUnoTableCursor* pCursor = dynamic_cast<SwUnoTableCursor*>(pUnoCursor.get());
4195 {
4196 // HACK: remove pending actions for selecting old style tables
CID 1438219: Null pointer dereferences (FORWARD_NULL)
Passing null pointer "pCursor" to "UnoActionRemoveContext", which dereferences it.
4197 UnoActionRemoveContext aRemoveContext(*pCursor);
4198 }
4199 pCursor->MakeBoxSels();
4200 { // these braces are important
4201 UnoActionContext aAction(pFrameFormat->GetDoc());
4202 pFrameFormat->GetDoc()->DeleteCol(*pUnoCursor);
** CID 1438218: Null pointer dereferences (FORWARD_NULL)
________________________________________________________________________________________________________
*** CID 1438218: Null pointer dereferences (FORWARD_NULL)
/sw/source/core/unocore/unotbl.cxx: 3363 in SwXCellRange::getCellRangeByPosition(int, int, int,
int)()
3357 {
3358 pUnoCursor->SetMark();
3359 pUnoCursor->GetPoint()->nNode = *pBRBox->GetSttNd();
3360 pUnoCursor->Move( fnMoveForward, GoInNode );
3361 SwUnoTableCursor* pCursor =
dynamic_cast<SwUnoTableCursor*>(pUnoCursor.get());
3362 // HACK: remove pending actions for selecting old style tables
CID 1438218: Null pointer dereferences (FORWARD_NULL)
Passing null pointer "pCursor" to "UnoActionRemoveContext", which dereferences it.
3363 UnoActionRemoveContext aRemoveContext(*pCursor);
3364 pCursor->MakeBoxSels();
3365 // pUnoCursor will be provided and will not be deleted
3366 aRet = SwXCellRange::CreateXCellRange(pUnoCursor, *pFormat,
aNewDesc).get();
3367 }
3368 }
** CID 1438217: (NEGATIVE_RETURNS)
________________________________________________________________________________________________________
*** CID 1438217: (NEGATIVE_RETURNS)
/chart2/source/tools/InternalDataProvider.cxx: 869 in
chart::InternalDataProvider::getDataByRangeRepresentation(const rtl::OUString &)()
863 {
864 Sequence< uno::Any > aResult;
865
866 if( aRange.match( lcl_aLabelRangePrefix ) )
867 {
868 sal_Int32 nIndex = aRange.copy( strlen(lcl_aLabelRangePrefix)).toInt32();
CID 1438217: (NEGATIVE_RETURNS)
"nIndex" is passed to a parameter that cannot be negative.
869 vector< uno::Any > aComplexLabel = m_bDataInColumns
870 ? m_aInternalData.getComplexColumnLabel( nIndex )
871 : m_aInternalData.getComplexRowLabel( nIndex );
872 if( !aComplexLabel.empty() )
873 aResult = comphelper::containerToSequence(aComplexLabel);
874 }
/chart2/source/tools/InternalDataProvider.cxx: 878 in
chart::InternalDataProvider::getDataByRangeRepresentation(const rtl::OUString &)()
872 if( !aComplexLabel.empty() )
873 aResult = comphelper::containerToSequence(aComplexLabel);
874 }
875 else if( aRange.match( lcl_aCategoriesPointRangeNamePrefix ) )
876 {
877 sal_Int32 nPointIndex = aRange.copy( strlen(lcl_aCategoriesPointRangeNamePrefix)
).toInt32();
CID 1438217: (NEGATIVE_RETURNS)
"nPointIndex" is passed to a parameter that cannot be negative.
878 vector< uno::Any > aComplexCategory = m_bDataInColumns
879 ? m_aInternalData.getComplexRowLabel( nPointIndex )
880 : m_aInternalData.getComplexColumnLabel( nPointIndex );
881 if( !aComplexCategory.empty() )
882 aResult = comphelper::containerToSequence(aComplexCategory);
883 }
** CID 1438216: Resource leaks (RESOURCE_LEAK)
/filter/source/pdf/pdfexport.cxx: 943 in PDFExport::Export(const rtl::OUString &, const
com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> &)()
________________________________________________________________________________________________________
*** CID 1438216: Resource leaks (RESOURCE_LEAK)
/filter/source/pdf/pdfexport.cxx: 943 in PDFExport::Export(const rtl::OUString &, const
com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> &)()
937 }
938 catch( const uno::Exception& )
939 {
940 }
941 }
942 }
CID 1438216: Resource leaks (RESOURCE_LEAK)
Variable "pXDevice" going out of scope leaks the storage it points to.
943 }
944 }
945
946 // show eventual errors during export
947 showErrors( aErrors );
948
** CID 1438215: (NEGATIVE_RETURNS)
/oox/source/ppt/comments.cxx: 60 in oox::ppt::Comment::setDateTime(const rtl::OUString &)()
/oox/source/ppt/comments.cxx: 55 in oox::ppt::Comment::setDateTime(const rtl::OUString &)()
________________________________________________________________________________________________________
*** CID 1438215: (NEGATIVE_RETURNS)
/oox/source/ppt/comments.cxx: 60 in oox::ppt::Comment::setDateTime(const rtl::OUString &)()
54 aDateTime.Seconds = 0;
55 ++aDateTime.Minutes;
56 }
57 if (aDateTime.Minutes == 60)
58 {
59 aDateTime.Minutes = 0;
CID 1438215: (NEGATIVE_RETURNS)
Unsigned variable "this->aDateTime.Hours" is incremented, which might cause an integer
overflow.
60 ++aDateTime.Hours;
61 }
62 // if overflow goes into date, I give up
63 }
64
65 OUString Comment::getAuthor ( const CommentAuthorList& list )
/oox/source/ppt/comments.cxx: 55 in oox::ppt::Comment::setDateTime(const rtl::OUString &)()
49 aDateTime.NanoSeconds = 0;
50 ++aDateTime.Seconds;
51 }
52 if (aDateTime.Seconds == secondsOverflow)
53 {
54 aDateTime.Seconds = 0;
CID 1438215: (NEGATIVE_RETURNS)
Unsigned variable "this->aDateTime.Minutes" is incremented, which might cause an integer
overflow.
55 ++aDateTime.Minutes;
56 }
57 if (aDateTime.Minutes == 60)
58 {
59 aDateTime.Minutes = 0;
60 ++aDateTime.Hours;
** CID 1438214: Null pointer dereferences (FORWARD_NULL)
________________________________________________________________________________________________________
*** CID 1438214: Null pointer dereferences (FORWARD_NULL)
/sw/source/core/unocore/unotbl.cxx: 2285 in <unnamed>::GetRangeByName(SwFrameFormat *, const
SwTable *, const rtl::OUString &, const rtl::OUString &, const SwRangeDescriptor &)()
2279 return nullptr;
2280 pUnoCursor->SetMark();
2281 pUnoCursor->GetPoint()->nNode = *pBRBox->GetSttNd();
2282 pUnoCursor->Move( fnMoveForward, GoInNode );
2283 SwUnoTableCursor* pCursor = dynamic_cast<SwUnoTableCursor*>(pUnoCursor.get());
2284 // HACK: remove pending actions for selecting old style tables
CID 1438214: Null pointer dereferences (FORWARD_NULL)
Passing null pointer "pCursor" to "UnoActionRemoveContext", which dereferences it.
2285 UnoActionRemoveContext aRemoveContext(*pCursor);
2286 pCursor->MakeBoxSels();
2287 // pUnoCursor will be provided and will not be deleted
2288 return SwXCellRange::CreateXCellRange(pUnoCursor, *pFormat, rDesc).get();
2289 }
2290
** CID 1438213: Error handling issues (NEGATIVE_RETURNS)
/sw/source/filter/ww8/docxattributeoutput.cxx: 2662 in DocxAttributeOutput::StartURL(const
rtl::OUString &, const rtl::OUString &)()
________________________________________________________________________________________________________
*** CID 1438213: Error handling issues (NEGATIVE_RETURNS)
/sw/source/filter/ww8/docxattributeoutput.cxx: 2662 in DocxAttributeOutput::StartURL(const
rtl::OUString &, const rtl::OUString &)()
2656 std::map<OUString, std::vector<OString> >::iterator it =
m_aSeqBookmarksNames.find(aSequenceName);
2657 if (it != m_aSeqBookmarksNames.end())
2658 {
2659 std::vector<OString>& rNames = it->second;
2660 if (rNames.size() > nIndex)
2661 // We know the bookmark name for this sequence and this index,
do the replacement.
CID 1438213: Error handling issues (NEGATIVE_RETURNS)
"nIndex" is passed to a parameter that cannot be negative. [Note: The source code
implementation of the function has been overridden by a builtin model.]
2662 sMark = OStringToOUString(rNames[nIndex],
RTL_TEXTENCODING_UTF8);
2663 }
2664 }
2665 }
2666 m_pHyperlinkAttrList->add( FSNS( XML_w, XML_anchor ),
2667 OUStringToOString( sMark, RTL_TEXTENCODING_UTF8 ).getStr( ) );
** CID 1438212: Null pointer dereferences (FORWARD_NULL)
________________________________________________________________________________________________________
*** CID 1438212: Null pointer dereferences (FORWARD_NULL)
/sw/source/core/unocore/unotbl.cxx: 4046 in SwXTableRows::removeByIndex(int, int)()
4040 pUnoCursor->SetMark();
4041 pUnoCursor->GetPoint()->nNode = *pBLBox->GetSttNd();
4042 pUnoCursor->Move(fnMoveForward, GoInNode);
4043 SwUnoTableCursor* pCursor = dynamic_cast<SwUnoTableCursor*>(pUnoCursor.get());
4044 {
4045 // HACK: remove pending actions for selecting old style tables
CID 1438212: Null pointer dereferences (FORWARD_NULL)
Passing null pointer "pCursor" to "UnoActionRemoveContext", which dereferences it.
4046 UnoActionRemoveContext aRemoveContext(*pCursor);
4047 }
4048 pCursor->MakeBoxSels();
4049 { // these braces are important
4050 UnoActionContext aAction(pFrameFormat->GetDoc());
4051 pFrameFormat->GetDoc()->DeleteRow(*pUnoCursor);
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit,
https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRZBnDJeNb0HijxaS4JNJPxk3kpyAm2AYqo71yXmnOxB72ibeUH-2F-2F1Lhi9AZq3dRu-2F4-3D_g-2BrHdvqzaBa155F-2F8AmPhpJzY63UzWDisJV95WUBpGhqFw1ICExHG8aMaV2EoFpyloE6GgXS1AjTJ-2FGD71VhITgxWWJLd9O-2FtEKv6BEReocUyNiAgJH9MLKXyaSlFNc7KFNSdM9Nd3x-2F84UvEFAdM95RKjGMHlXsPTV4UW-2BsnfwED0JNhQGeasxKgBc2zGz4SEdVIXNWMfEfBjLao-2F6A2-2B9Ag3IKn05yyLanx7WGe0U-3D
Context
- New Defects reported by Coverity Scan for LibreOffice · scan-admin
Privacy Policy |
Impressum (Legal Info) |
Copyright information: Unless otherwise specified, all text and images
on this website are licensed under the
Creative Commons Attribution-Share Alike 3.0 License.
This does not include the source code of LibreOffice, which is
licensed under the Mozilla Public License (
MPLv2).
"LibreOffice" and "The Document Foundation" are
registered trademarks of their corresponding registered owners or are
in actual use as trademarks in one or more countries. Their respective
logos and icons are also subject to international copyright laws. Use
thereof is explained in our
trademark policy.