Date: prev next · Thread: first prev next last
2018 Archives by date, by thread · List index


Hi,

Please find the latest report on new defect(s) introduced to LibreOffice found with Coverity Scan.

10 new defect(s) introduced to LibreOffice found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by 
Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 10 of 10 defect(s)


** CID 1439340:  Error handling issues  (CHECKED_RETURN)
/sfx2/qa/cppunit/test_misc.cxx: 190 in <unnamed>::MiscTest::testHardLinks()()


________________________________________________________________________________________________________
*** CID 1439340:  Error handling issues  (CHECKED_RETURN)
/sfx2/qa/cppunit/test_misc.cxx: 190 in <unnamed>::MiscTest::testHardLinks()()
184         int nRet = stat(aOld.getStr(), &buf);
185         CPPUNIT_ASSERT_EQUAL(0, nRet);
186         // This failed: hard link count was 1, the hard link broke on store.
187         CPPUNIT_ASSERT(buf.st_nlink > 1);
188     
189         // Test that symlinks are presreved as well.
    CID 1439340:  Error handling issues  (CHECKED_RETURN)
    Calling "remove(aNew.getStr())" without checking return value. This library function may 
fail and return an error code.
190         remove(aNew.getStr());
191         symlink(aOld.getStr(), aNew.getStr());
192         xStorable->storeToURL(aURL + ".2", {});
193         nRet = lstat(aNew.getStr(), &buf);
194         CPPUNIT_ASSERT_EQUAL(0, nRet);
195         // This failed, the hello.odt.2 symlink was replaced with a real file.

** CID 1439339:  Null pointer dereferences  (NULL_RETURNS)


________________________________________________________________________________________________________
*** CID 1439339:  Null pointer dereferences  (NULL_RETURNS)
/sw/source/ui/envelp/label1.cxx: 684 in SwBusinessDataPage::FillItemSet(SfxItemSet *)()
678             FillItemSet(_pSet);
679         return DeactivateRC::LeavePage;
680     }
681     
682     bool SwBusinessDataPage::FillItemSet(SfxItemSet* rSet)
683     {
    CID 1439339:  Null pointer dereferences  (NULL_RETURNS)
    Dereferencing a pointer that might be null "this->GetDialogExampleSet()" when calling "Get".
684         SwLabItem aItem = static_cast<const SwLabItem&>(GetDialogExampleSet()->Get(FN_LABEL));
685     
686         aItem.m_aCompCompany   = m_xCompanyED->get_text();
687         aItem.m_aCompCompanyExt= m_xCompanyExtED->get_text();
688         aItem.m_aCompSlogan    = m_xSloganED->get_text();
689         aItem.m_aCompStreet    = m_xStreetED->get_text();

** CID 1439338:  Security best practices violations  (TOCTOU)
/sfx2/qa/cppunit/test_misc.cxx: 184 in <unnamed>::MiscTest::testHardLinks()()


________________________________________________________________________________________________________
*** CID 1439338:  Security best practices violations  (TOCTOU)
/sfx2/qa/cppunit/test_misc.cxx: 184 in <unnamed>::MiscTest::testHardLinks()()
178         CPPUNIT_ASSERT(xComponent.is());
179     
180         uno::Reference<frame::XStorable> xStorable(xComponent, uno::UNO_QUERY);
181         xStorable->store();
182     
183         struct stat buf;
    CID 1439338:  Security best practices violations  (TOCTOU)
    Calling function "stat" to perform check on "aOld.getStr()".
184         int nRet = stat(aOld.getStr(), &buf);
185         CPPUNIT_ASSERT_EQUAL(0, nRet);
186         // This failed: hard link count was 1, the hard link broke on store.
187         CPPUNIT_ASSERT(buf.st_nlink > 1);
188     
189         // Test that symlinks are presreved as well.

** CID 1439337:  Uninitialized members  (UNINIT_CTOR)
/svx/source/dialog/svxbmpnumvalueset.cxx: 822 in 
SvxBmpNumValueSet::SvxBmpNumValueSet(std::unique_ptr<weld::ScrolledWindow, 
std::default_delete<weld::ScrolledWindow>>)()


________________________________________________________________________________________________________
*** CID 1439337:  Uninitialized members  (UNINIT_CTOR)
/svx/source/dialog/svxbmpnumvalueset.cxx: 822 in 
SvxBmpNumValueSet::SvxBmpNumValueSet(std::unique_ptr<weld::ScrolledWindow, 
std::default_delete<weld::ScrolledWindow>>)()
816     }
817     
818     SvxBmpNumValueSet::SvxBmpNumValueSet(std::unique_ptr<weld::ScrolledWindow> pScrolledWindow)
819         : NumValueSet(std::move(pScrolledWindow))
820         , aFormatIdle("SvxBmpNumValueSet FormatIdle")
821     {
    CID 1439337:  Uninitialized members  (UNINIT_CTOR)
    Non-static class member "bGrfNotFound" is not initialized in this constructor nor in any 
functions that it calls.
822     }
823     
824     void SvxBmpNumValueSet::init()
825     {
826         NumValueSet::init(NumberingPageType::BITMAP);
827         bGrfNotFound = false;

** CID 1439336:  Resource leaks  (VIRTUAL_DTOR)


________________________________________________________________________________________________________
*** CID 1439336:  Resource leaks  (VIRTUAL_DTOR)

** CID 1439335:  Null pointer dereferences  (FORWARD_NULL)


________________________________________________________________________________________________________
*** CID 1439335:  Null pointer dereferences  (FORWARD_NULL)
/sw/source/core/crsr/findattr.cxx: 631 in SwAttrCheckArr::SetAttrBwd(const SwTextAttr &)()
625                     nFound--;
626                 }
627             }
628             if( pIter )
629             {
630                 nWhch = pIter->NextWhich();
    CID 1439335:  Null pointer dereferences  (FORWARD_NULL)
    Passing null pointer "pSet" to "GetItemState", which dereferences it.
631                 while( nWhch &&
632                     SfxItemState::SET != pSet->GetItemState( nWhch, true, &pTmpItem ) )
633                     nWhch = pIter->NextWhich();
634                 if( !nWhch )
635                     break;
636             }

** CID 1439334:  Null pointer dereferences  (NULL_RETURNS)


________________________________________________________________________________________________________
*** CID 1439334:  Null pointer dereferences  (NULL_RETURNS)
/sw/source/ui/envelp/label1.cxx: 594 in SwPrivateDataPage::FillItemSet(SfxItemSet *)()
588             FillItemSet(_pSet);
589         return DeactivateRC::LeavePage;
590     }
591     
592     bool SwPrivateDataPage::FillItemSet(SfxItemSet* rSet)
593     {
    CID 1439334:  Null pointer dereferences  (NULL_RETURNS)
    Dereferencing a pointer that might be null "this->GetDialogExampleSet()" when calling "Get".
594         SwLabItem aItem = static_cast<const SwLabItem&>(GetDialogExampleSet()->Get(FN_LABEL));
595         aItem.m_aPrivFirstName = m_xFirstNameED->get_text();
596         aItem.m_aPrivName      = m_xNameED->get_text();
597         aItem.m_aPrivShortCut  = m_xShortCutED->get_text();
598         aItem.m_aPrivFirstName2 = m_xFirstName2ED->get_text();
599         aItem.m_aPrivName2     = m_xName2ED->get_text();

** CID 1439333:  Null pointer dereferences  (NULL_RETURNS)


________________________________________________________________________________________________________
*** CID 1439333:  Null pointer dereferences  (NULL_RETURNS)
/sw/qa/extras/ooxmlexport/ooxmlexport2.cxx: 349 in testTable::verify()()
343     //    CHECK_FORMULA( "binom {a} {binom {b} {c}}", getFormula( getRun( getParagraph( 4 ), 1 
)));
344     }
345     
346     DECLARE_OOXMLEXPORT_TEST(testTable, "table.odt")
347     {
348         // Make sure we write qFormat for well-known style names.
    CID 1439333:  Null pointer dereferences  (NULL_RETURNS)
    Dereferencing a pointer that might be null "this->parseExport(rtl::OUString 
const("word/styles.xml", rtl::libreoffice_internal::Dummy()))" when calling "assertXPath".
349         assertXPath(parseExport("word/styles.xml"), "//w:style[@w:styleId='Normal']/w:qFormat", 
1);
350     }
351     
352     struct SingleLineBorders {
353         sal_Int16 top, bottom, left, right;
354         SingleLineBorders(int t=0, int b=0, int l=0, int r=0)

** CID 1439332:  Incorrect expression  (IDENTICAL_BRANCHES)
/sc/source/core/opencl/formulagroupcl.cxx: 2152 in 
sc::opencl::VectorRefFactory<sc::opencl::VectorRef>(const ScCalcConfig &, const 
std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> &, const 
std::shared_ptr<sc::opencl::FormulaTreeNode> &, std::shared_ptr<sc::opencl::SlidingFunctionBase>&, 
int)()


________________________________________________________________________________________________________
*** CID 1439332:  Incorrect expression  (IDENTICAL_BRANCHES)
/sc/source/core/opencl/formulagroupcl.cxx: 2152 in 
sc::opencl::VectorRefFactory<sc::opencl::VectorRef>(const ScCalcConfig &, const 
std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> &, const 
std::shared_ptr<sc::opencl::FormulaTreeNode> &, std::shared_ptr<sc::opencl::SlidingFunctionBase>&, 
int)()
2146         int index )
2147     {
2148         //Black lists ineligible classes here ..
2149         // SUMIFS does not perform parallel reduction at DoubleVectorRef level
2150         if (dynamic_cast<OpSumIfs*>(pCodeGen.get()))
2151         {
    CID 1439332:  Incorrect expression  (IDENTICAL_BRANCHES)
    The same code is executed when the condition "index == 0" is true or false, because the 
code in the if-then branch and after the if statement is identical. Should the if statement be 
removed?
2152             if (index == 0) // the first argument of OpSumIfs cannot be strings anyway
2153                 return new DynamicKernelSlidingArgument<VectorRef>(config, s, ft, pCodeGen, 
index);
2154             return new DynamicKernelSlidingArgument<Base>(config, s, ft, pCodeGen, index);
2155         }
2156         // AVERAGE is not supported yet
2157         //Average has been supported by reduction kernel

** CID 1439331:  Null pointer dereferences  (FORWARD_NULL)


________________________________________________________________________________________________________
*** CID 1439331:  Null pointer dereferences  (FORWARD_NULL)
/sw/source/core/crsr/findattr.cxx: 480 in SwAttrCheckArr::SetAttrFwd(const SwTextAttr &)()
474                     nFound--;
475                 }
476             }
477             if( pIter )
478             {
479                 nWhch = pIter->NextWhich();
    CID 1439331:  Null pointer dereferences  (FORWARD_NULL)
    Passing null pointer "pSet" to "GetItemState", which dereferences it.
480                 while( nWhch &&
481                     SfxItemState::SET != pSet->GetItemState( nWhch, true, &pTmpItem ) )
482                     nWhch = pIter->NextWhich();
483                 if( !nWhch )
484                     break;
485             }


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, 
https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRZBnDJeNb0HijxaS4JNJPxk3kpyAm2AYqo71yXmnOxB72ibeUH-2F-2F1Lhi9AZq3dRu-2F4-3D_g-2BrHdvqzaBa155F-2F8AmPhpJzY63UzWDisJV95WUBpGhqFw1ICExHG8aMaV2EoFpyRHuLWQO1iDYAKLqeTI-2FrWB-2BH0pyUfsnXEQTKIAHgwqeg-2BPlaNQppGcyGza2CEZnr4I4f-2BhlafEhhqWJ-2FGbjZllUmKsHDtuLfmvJYYcNPCZQO8MjGT353a257ALOFfqnmHN5sTtD0eF8915f0-2FQnXu1zRiuHGqTSoOsgC0XcIP7c-3D


Context


Privacy Policy | Impressum (Legal Info) | Copyright information: Unless otherwise specified, all text and images on this website are licensed under the Creative Commons Attribution-Share Alike 3.0 License. This does not include the source code of LibreOffice, which is licensed under the Mozilla Public License (MPLv2). "LibreOffice" and "The Document Foundation" are registered trademarks of their corresponding registered owners or are in actual use as trademarks in one or more countries. Their respective logos and icons are also subject to international copyright laws. Use thereof is explained in our trademark policy.