Hi,
Please find the latest report on new defect(s) introduced to LibreOffice found with Coverity Scan.
10 new defect(s) introduced to LibreOffice found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by
Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 10 of 10 defect(s)
** CID 1439340: Error handling issues (CHECKED_RETURN)
/sfx2/qa/cppunit/test_misc.cxx: 190 in <unnamed>::MiscTest::testHardLinks()()
________________________________________________________________________________________________________
*** CID 1439340: Error handling issues (CHECKED_RETURN)
/sfx2/qa/cppunit/test_misc.cxx: 190 in <unnamed>::MiscTest::testHardLinks()()
184 int nRet = stat(aOld.getStr(), &buf);
185 CPPUNIT_ASSERT_EQUAL(0, nRet);
186 // This failed: hard link count was 1, the hard link broke on store.
187 CPPUNIT_ASSERT(buf.st_nlink > 1);
188
189 // Test that symlinks are presreved as well.
CID 1439340: Error handling issues (CHECKED_RETURN)
Calling "remove(aNew.getStr())" without checking return value. This library function may
fail and return an error code.
190 remove(aNew.getStr());
191 symlink(aOld.getStr(), aNew.getStr());
192 xStorable->storeToURL(aURL + ".2", {});
193 nRet = lstat(aNew.getStr(), &buf);
194 CPPUNIT_ASSERT_EQUAL(0, nRet);
195 // This failed, the hello.odt.2 symlink was replaced with a real file.
** CID 1439339: Null pointer dereferences (NULL_RETURNS)
________________________________________________________________________________________________________
*** CID 1439339: Null pointer dereferences (NULL_RETURNS)
/sw/source/ui/envelp/label1.cxx: 684 in SwBusinessDataPage::FillItemSet(SfxItemSet *)()
678 FillItemSet(_pSet);
679 return DeactivateRC::LeavePage;
680 }
681
682 bool SwBusinessDataPage::FillItemSet(SfxItemSet* rSet)
683 {
CID 1439339: Null pointer dereferences (NULL_RETURNS)
Dereferencing a pointer that might be null "this->GetDialogExampleSet()" when calling "Get".
684 SwLabItem aItem = static_cast<const SwLabItem&>(GetDialogExampleSet()->Get(FN_LABEL));
685
686 aItem.m_aCompCompany = m_xCompanyED->get_text();
687 aItem.m_aCompCompanyExt= m_xCompanyExtED->get_text();
688 aItem.m_aCompSlogan = m_xSloganED->get_text();
689 aItem.m_aCompStreet = m_xStreetED->get_text();
** CID 1439338: Security best practices violations (TOCTOU)
/sfx2/qa/cppunit/test_misc.cxx: 184 in <unnamed>::MiscTest::testHardLinks()()
________________________________________________________________________________________________________
*** CID 1439338: Security best practices violations (TOCTOU)
/sfx2/qa/cppunit/test_misc.cxx: 184 in <unnamed>::MiscTest::testHardLinks()()
178 CPPUNIT_ASSERT(xComponent.is());
179
180 uno::Reference<frame::XStorable> xStorable(xComponent, uno::UNO_QUERY);
181 xStorable->store();
182
183 struct stat buf;
CID 1439338: Security best practices violations (TOCTOU)
Calling function "stat" to perform check on "aOld.getStr()".
184 int nRet = stat(aOld.getStr(), &buf);
185 CPPUNIT_ASSERT_EQUAL(0, nRet);
186 // This failed: hard link count was 1, the hard link broke on store.
187 CPPUNIT_ASSERT(buf.st_nlink > 1);
188
189 // Test that symlinks are presreved as well.
** CID 1439337: Uninitialized members (UNINIT_CTOR)
/svx/source/dialog/svxbmpnumvalueset.cxx: 822 in
SvxBmpNumValueSet::SvxBmpNumValueSet(std::unique_ptr<weld::ScrolledWindow,
std::default_delete<weld::ScrolledWindow>>)()
________________________________________________________________________________________________________
*** CID 1439337: Uninitialized members (UNINIT_CTOR)
/svx/source/dialog/svxbmpnumvalueset.cxx: 822 in
SvxBmpNumValueSet::SvxBmpNumValueSet(std::unique_ptr<weld::ScrolledWindow,
std::default_delete<weld::ScrolledWindow>>)()
816 }
817
818 SvxBmpNumValueSet::SvxBmpNumValueSet(std::unique_ptr<weld::ScrolledWindow> pScrolledWindow)
819 : NumValueSet(std::move(pScrolledWindow))
820 , aFormatIdle("SvxBmpNumValueSet FormatIdle")
821 {
CID 1439337: Uninitialized members (UNINIT_CTOR)
Non-static class member "bGrfNotFound" is not initialized in this constructor nor in any
functions that it calls.
822 }
823
824 void SvxBmpNumValueSet::init()
825 {
826 NumValueSet::init(NumberingPageType::BITMAP);
827 bGrfNotFound = false;
** CID 1439336: Resource leaks (VIRTUAL_DTOR)
________________________________________________________________________________________________________
*** CID 1439336: Resource leaks (VIRTUAL_DTOR)
** CID 1439335: Null pointer dereferences (FORWARD_NULL)
________________________________________________________________________________________________________
*** CID 1439335: Null pointer dereferences (FORWARD_NULL)
/sw/source/core/crsr/findattr.cxx: 631 in SwAttrCheckArr::SetAttrBwd(const SwTextAttr &)()
625 nFound--;
626 }
627 }
628 if( pIter )
629 {
630 nWhch = pIter->NextWhich();
CID 1439335: Null pointer dereferences (FORWARD_NULL)
Passing null pointer "pSet" to "GetItemState", which dereferences it.
631 while( nWhch &&
632 SfxItemState::SET != pSet->GetItemState( nWhch, true, &pTmpItem ) )
633 nWhch = pIter->NextWhich();
634 if( !nWhch )
635 break;
636 }
** CID 1439334: Null pointer dereferences (NULL_RETURNS)
________________________________________________________________________________________________________
*** CID 1439334: Null pointer dereferences (NULL_RETURNS)
/sw/source/ui/envelp/label1.cxx: 594 in SwPrivateDataPage::FillItemSet(SfxItemSet *)()
588 FillItemSet(_pSet);
589 return DeactivateRC::LeavePage;
590 }
591
592 bool SwPrivateDataPage::FillItemSet(SfxItemSet* rSet)
593 {
CID 1439334: Null pointer dereferences (NULL_RETURNS)
Dereferencing a pointer that might be null "this->GetDialogExampleSet()" when calling "Get".
594 SwLabItem aItem = static_cast<const SwLabItem&>(GetDialogExampleSet()->Get(FN_LABEL));
595 aItem.m_aPrivFirstName = m_xFirstNameED->get_text();
596 aItem.m_aPrivName = m_xNameED->get_text();
597 aItem.m_aPrivShortCut = m_xShortCutED->get_text();
598 aItem.m_aPrivFirstName2 = m_xFirstName2ED->get_text();
599 aItem.m_aPrivName2 = m_xName2ED->get_text();
** CID 1439333: Null pointer dereferences (NULL_RETURNS)
________________________________________________________________________________________________________
*** CID 1439333: Null pointer dereferences (NULL_RETURNS)
/sw/qa/extras/ooxmlexport/ooxmlexport2.cxx: 349 in testTable::verify()()
343 // CHECK_FORMULA( "binom {a} {binom {b} {c}}", getFormula( getRun( getParagraph( 4 ), 1
)));
344 }
345
346 DECLARE_OOXMLEXPORT_TEST(testTable, "table.odt")
347 {
348 // Make sure we write qFormat for well-known style names.
CID 1439333: Null pointer dereferences (NULL_RETURNS)
Dereferencing a pointer that might be null "this->parseExport(rtl::OUString
const("word/styles.xml", rtl::libreoffice_internal::Dummy()))" when calling "assertXPath".
349 assertXPath(parseExport("word/styles.xml"), "//w:style[@w:styleId='Normal']/w:qFormat",
1);
350 }
351
352 struct SingleLineBorders {
353 sal_Int16 top, bottom, left, right;
354 SingleLineBorders(int t=0, int b=0, int l=0, int r=0)
** CID 1439332: Incorrect expression (IDENTICAL_BRANCHES)
/sc/source/core/opencl/formulagroupcl.cxx: 2152 in
sc::opencl::VectorRefFactory<sc::opencl::VectorRef>(const ScCalcConfig &, const
std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> &, const
std::shared_ptr<sc::opencl::FormulaTreeNode> &, std::shared_ptr<sc::opencl::SlidingFunctionBase>&,
int)()
________________________________________________________________________________________________________
*** CID 1439332: Incorrect expression (IDENTICAL_BRANCHES)
/sc/source/core/opencl/formulagroupcl.cxx: 2152 in
sc::opencl::VectorRefFactory<sc::opencl::VectorRef>(const ScCalcConfig &, const
std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> &, const
std::shared_ptr<sc::opencl::FormulaTreeNode> &, std::shared_ptr<sc::opencl::SlidingFunctionBase>&,
int)()
2146 int index )
2147 {
2148 //Black lists ineligible classes here ..
2149 // SUMIFS does not perform parallel reduction at DoubleVectorRef level
2150 if (dynamic_cast<OpSumIfs*>(pCodeGen.get()))
2151 {
CID 1439332: Incorrect expression (IDENTICAL_BRANCHES)
The same code is executed when the condition "index == 0" is true or false, because the
code in the if-then branch and after the if statement is identical. Should the if statement be
removed?
2152 if (index == 0) // the first argument of OpSumIfs cannot be strings anyway
2153 return new DynamicKernelSlidingArgument<VectorRef>(config, s, ft, pCodeGen,
index);
2154 return new DynamicKernelSlidingArgument<Base>(config, s, ft, pCodeGen, index);
2155 }
2156 // AVERAGE is not supported yet
2157 //Average has been supported by reduction kernel
** CID 1439331: Null pointer dereferences (FORWARD_NULL)
________________________________________________________________________________________________________
*** CID 1439331: Null pointer dereferences (FORWARD_NULL)
/sw/source/core/crsr/findattr.cxx: 480 in SwAttrCheckArr::SetAttrFwd(const SwTextAttr &)()
474 nFound--;
475 }
476 }
477 if( pIter )
478 {
479 nWhch = pIter->NextWhich();
CID 1439331: Null pointer dereferences (FORWARD_NULL)
Passing null pointer "pSet" to "GetItemState", which dereferences it.
480 while( nWhch &&
481 SfxItemState::SET != pSet->GetItemState( nWhch, true, &pTmpItem ) )
482 nWhch = pIter->NextWhich();
483 if( !nWhch )
484 break;
485 }
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit,
https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRZBnDJeNb0HijxaS4JNJPxk3kpyAm2AYqo71yXmnOxB72ibeUH-2F-2F1Lhi9AZq3dRu-2F4-3D_g-2BrHdvqzaBa155F-2F8AmPhpJzY63UzWDisJV95WUBpGhqFw1ICExHG8aMaV2EoFpyRHuLWQO1iDYAKLqeTI-2FrWB-2BH0pyUfsnXEQTKIAHgwqeg-2BPlaNQppGcyGza2CEZnr4I4f-2BhlafEhhqWJ-2FGbjZllUmKsHDtuLfmvJYYcNPCZQO8MjGT353a257ALOFfqnmHN5sTtD0eF8915f0-2FQnXu1zRiuHGqTSoOsgC0XcIP7c-3D
Context
- New Defects reported by Coverity Scan for LibreOffice · scan-admin
Privacy Policy |
Impressum (Legal Info) |
Copyright information: Unless otherwise specified, all text and images
on this website are licensed under the
Creative Commons Attribution-Share Alike 3.0 License.
This does not include the source code of LibreOffice, which is
licensed under the Mozilla Public License (
MPLv2).
"LibreOffice" and "The Document Foundation" are
registered trademarks of their corresponding registered owners or are
in actual use as trademarks in one or more countries. Their respective
logos and icons are also subject to international copyright laws. Use
thereof is explained in our
trademark policy.