New Defects reported by Coverity Scan for LibreOffice

scan-admin -AT- coverity.com
Tue, 20 Nov 2018 15:05:05 +0000 (UTC)

Hi,

Please find the latest report on new defect(s) introduced to LibreOffice found with Coverity Scan.

5 new defect(s) introduced to LibreOffice found with Coverity Scan.
4 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by 
Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 5 of 5 defect(s)


** CID 1441470:  Uninitialized members  (UNINIT_CTOR)
/vcl/unx/gtk3/gtk3gtkinst.cxx: 4133 in GtkInstanceTreeIter::GtkInstanceTreeIter(const 
GtkInstanceTreeIter*)()


________________________________________________________________________________________________________
*** CID 1441470:  Uninitialized members  (UNINIT_CTOR)
/vcl/unx/gtk3/gtk3gtkinst.cxx: 4133 in GtkInstanceTreeIter::GtkInstanceTreeIter(const 
GtkInstanceTreeIter*)()
4127     
4128     struct GtkInstanceTreeIter : public weld::TreeIter
4129     {
4130         GtkInstanceTreeIter(const GtkInstanceTreeIter* pOrig)
4131         {
4132             if (!pOrig)

    CID 1441470:  Uninitialized members  (UNINIT_CTOR)
    Non-static class member field "iter.user_data3" is not initialized in this constructor nor 
in any functions that it calls.

4133                 return;
4134             iter = pOrig->iter;
4135         }
4136         GtkTreeIter iter;
4137     };
4138     

** CID 1441469:  Null pointer dereferences  (NULL_RETURNS)


________________________________________________________________________________________________________
*** CID 1441469:  Null pointer dereferences  (NULL_RETURNS)
/vcl/source/app/salvtables.cxx: 2165 in SalInstanceTreeView::ExpandingHdl(SvTreeListBox *)()
2159         bool bPlaceHolder = false;
2160         if (pEntry->HasChildren())
2161         {
2162             auto pChild = m_xTreeView->FirstChild(pEntry);
2163             if (m_xTreeView->GetEntryText(pChild) == "<dummy>")
2164             {

    CID 1441469:  Null pointer dereferences  (NULL_RETURNS)
    Dereferencing a pointer that might be null "pChild" when calling "RemoveEntry".

2165                 m_xTreeView->RemoveEntry(pChild);
2166                 bPlaceHolder = true;
2167             }
2168         }
2169     
2170         SalInstanceTreeIter aIter(nullptr);

** CID 1441468:  Uninitialized members  (UNINIT_CTOR)
/vcl/source/app/salvtables.cxx: 1758 in SalInstanceTreeIter::SalInstanceTreeIter(const 
SalInstanceTreeIter*)()


________________________________________________________________________________________________________
*** CID 1441468:  Uninitialized members  (UNINIT_CTOR)
/vcl/source/app/salvtables.cxx: 1758 in SalInstanceTreeIter::SalInstanceTreeIter(const 
SalInstanceTreeIter*)()
1752     
1753     struct SalInstanceTreeIter : public weld::TreeIter
1754     {
1755         SalInstanceTreeIter(const SalInstanceTreeIter* pOrig)
1756         {
1757             if (!pOrig)

    CID 1441468:  Uninitialized members  (UNINIT_CTOR)
    Non-static class member "iter" is not initialized in this constructor nor in any functions 
that it calls.

1758                 return;
1759             iter = pOrig->iter;
1760         }
1761         SvTreeListEntry* iter;
1762     };
1763     

** CID 1441467:  Error handling issues  (CHECKED_RETURN)
/vcl/unx/gtk/fpicker/SalGtkFilePicker.cxx: 1236 in 
SalGtkFilePicker::HandleGetListValue(_GtkComboBox *, short)()


________________________________________________________________________________________________________
*** CID 1441467:  Error handling issues  (CHECKED_RETURN)
/vcl/unx/gtk/fpicker/SalGtkFilePicker.cxx: 1236 in 
SalGtkFilePicker::HandleGetListValue(_GtkComboBox *, short)()
1230                         {
1231                             gchar *item;
1232                             gtk_tree_model_get(gtk_combo_box_get_model(pWidget),
1233                                 &iter, 0, &item, -1);
1234                             aItemList[i] = OUString(item, strlen(item), RTL_TEXTENCODING_UTF8);
1235                             g_free(item);

    CID 1441467:  Error handling issues  (CHECKED_RETURN)
    Calling "gtk_tree_model_iter_next" without checking return value (as is done elsewhere 4 
out of 5 times).

1236                             gtk_tree_model_iter_next(pTree, &iter);
1237                         }
1238                     }
1239                     aAny <<= aItemList;
1240                 }
1241                 break;

** CID 1441466:    (TAINTED_SCALAR)
/filter/source/graphicfilter/ipict/ipict.cxx: 1095 in PictReader::ReadPixMapEtc(BitmapEx &, bool, 
bool, tools::Rectangle *, tools::Rectangle *, bool, bool)()
/filter/source/graphicfilter/ipict/ipict.cxx: 1126 in PictReader::ReadPixMapEtc(BitmapEx &, bool, 
bool, tools::Rectangle *, tools::Rectangle *, bool, bool)()


________________________________________________________________________________________________________
*** CID 1441466:    (TAINTED_SCALAR)
/filter/source/graphicfilter/ipict/ipict.cxx: 1095 in PictReader::ReadPixMapEtc(BitmapEx &, bool, 
bool, tools::Rectangle *, tools::Rectangle *, bool, bool)()
1089                         {
1090                             pPict->ReadUChar( nByteCountAsByte );
1091                             nByteCount = nByteCountAsByte;
1092                             nByteCount++;
1093                         }
1094                         size_t i = 0;

    CID 1441466:    (TAINTED_SCALAR)
    Using tainted variable "nByteWidth" as a loop boundary.

1095                         while (i < nByteWidth)
1096                         {
1097                             pPict->ReadUChar( nFlagCounterByte );
1098                             if ( ( nFlagCounterByte & 0x80 ) == 0)
1099                             {
1100                                 nCount = static_cast<sal_uInt16>(nFlagCounterByte) + 1;
/filter/source/graphicfilter/ipict/ipict.cxx: 1126 in PictReader::ReadPixMapEtc(BitmapEx &, bool, 
bool, tools::Rectangle *, tools::Rectangle *, bool, bool)()
1120                                     aScanline[ i++ ] = nDat;
1121                             }
1122                         }
1123                         sal_uInt8* pTmp = aScanline.data();
1124                         if ( nCmpCount == 4 )
1125                             pTmp += nWidth;

    CID 1441466:    (TAINTED_SCALAR)
    Using tainted variable "nWidth" as a loop boundary.

1126                         for (sal_uInt16 nx = 0; nx < nWidth; pTmp++)
1127                             pBitmap->SetPixel(ny, nx++, Color(*pTmp, pTmp[ nWidth ], pTmp[ 2 * 
nWidth ]));
1128                         nDataSize += static_cast<sal_uLong>(nByteCount);
1129                         pPict->Seek( nSrcBitsPos + static_cast<sal_uLong>(nByteCount) );
1130                     }
1131                 }


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, 
https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRZBnDJeNb0HijxaS4JNJPxk3kpyAm2AYqo71yXmnOxB72ibeUH-2F-2F1Lhi9AZq3dRu-2F4-3D_g-2BrHdvqzaBa155F-2F8AmPhpJzY63UzWDisJV95WUBpGhqFw1ICExHG8aMaV2EoFpyQz1mZFaU3QtY8RlAySX8fUu6CkVLuZ6r2pV3inpKznhWiLnouRQZA8-2FpWvZy44kDvenj-2B0PSXHISKojBmN5slzL1qpCVxPUYhLGpjBRYRuONEWsY-2BuQcfDHMhlj2mqXJTfIL4l9I-2B-2FbuuJQCiZ8-2B7ZknxVMaVmsQ-2BrdKy2HeKJc-3D

Context

New Defects reported by Coverity Scan for LibreOffice · scan-admin

Privacy Policy | Impressum (Legal Info) | Copyright information: Unless otherwise specified, all text and images on this website are licensed under the Creative Commons Attribution-Share Alike 3.0 License. This does not include the source code of LibreOffice, which is licensed under the Mozilla Public License (MPLv2). "LibreOffice" and "The Document Foundation" are registered trademarks of their corresponding registered owners or are in actual use as trademarks in one or more countries. Their respective logos and icons are also subject to international copyright laws. Use thereof is explained in our trademark policy.