Date: prev next · Thread: first prev next last
2019 Archives by date, by thread · List index


Hi,

Please find the latest report on new defect(s) introduced to LibreOffice found with Coverity Scan.

10 new defect(s) introduced to LibreOffice found with Coverity Scan.
4 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by 
Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 10 of 10 defect(s)


** CID 1455216:  Null pointer dereferences  (REVERSE_INULL)
/sw/source/uibase/shells/basesh.cxx: 2367 in SwBaseShell::ExecBckCol(SfxRequest &)()


________________________________________________________________________________________________________
*** CID 1455216:  Null pointer dereferences  (REVERSE_INULL)
/sw/source/uibase/shells/basesh.cxx: 2367 in SwBaseShell::ExecBckCol(SfxRequest &)()
2361                         SvxColorItem aNewColorItem(nSlotId);
2362                         aNewColorItem.SetValue(aColor);
2363     
2364                         GetView().GetViewFrame()->GetBindings().SetState(aNewColorItem);
2365                     }
2366                 }
    CID 1455216:  Null pointer dereferences  (REVERSE_INULL)
    Null-checking "pArgs" suggests that it may be null, but it has already been dereferenced on 
all paths leading to the check.
2367                 else if(pArgs)
2368                 {
2369                     const SvxColorItem& rNewColorItem = static_cast<const 
SvxColorItem&>(pArgs->Get(nSlotId));
2370                     const Color& rNewColor = rNewColorItem.GetValue();
2371                     aBrushItem->SetColor(rNewColor);
2372                     GetView().GetViewFrame()->GetBindings().SetState(rNewColorItem);

** CID 1455215:  Integer handling issues  (NEGATIVE_RETURNS)


________________________________________________________________________________________________________
*** CID 1455215:  Integer handling issues  (NEGATIVE_RETURNS)
/sd/source/filter/eppt/pptx-animations.cxx: 1057 in 
<unnamed>::PPTXAnimationExport::WriteAnimationNodeCommonPropsStart()()
1051             sal_Int16 nFill = AnimationExporter::GetFillMode(rXNode, AnimationFill::AUTO);
1052             pFill = convertAnimationFill(nFill);
1053         }
1054     
1055         bool bAutoReverse = rXNode->getAutoReverse();
1056     
    CID 1455215:  Integer handling issues  (NEGATIVE_RETURNS)
    "nPresetSubType" is passed to a parameter that cannot be negative.
1057         mpFS->startElementNS(
1058             XML_p, XML_cTn, XML_id, OString::number(GetNextAnimationNodeId(rXNode)), XML_dur,
1059             fDuration != 0 ? OString::number(static_cast<sal_Int32>(fDuration * 
1000.0)).getStr()
1060                            : pDuration,
1061             XML_autoRev, bAutoReverse ? "1" : nullptr, XML_restart, pRestart, XML_nodeType, 
pNodeType,
1062             XML_fill, pFill, XML_presetClass, pPresetClass, XML_presetID,

** CID 1455214:  Uninitialized variables  (UNINIT)


________________________________________________________________________________________________________
*** CID 1455214:  Uninitialized variables  (UNINIT)
/sc/source/filter/rtf/eeimpars.cxx: 336 in ScEEImport::WriteToDocument(bool, double, 
SvNumberFormatter *, bool)()
330                     aParam.mbDetectNumberFormat = true;
331                     aParam.meSetTextNumFormat = ScSetStringParam::SpecialNumberOnly;
332                     aParam.mbHandleApostrophe = false;
333                     aParam.mbCheckLinkFormula = true;
334     
335                     if (!aValStr.isEmpty())
    CID 1455214:  Uninitialized variables  (UNINIT)
    Using uninitialized value "fVal" when calling "SetValue".
336                         mpDoc->SetValue( nCol, nRow, nTab, fVal );
337                     else if ( !pE->aSel.HasRange() )
338                     {
339                         // maybe ALT text of IMG or similar
340                         mpDoc->SetString( nCol, nRow, nTab, pE->aAltText, &aParam );
341                         // If SelRange is completely empty, the succeeding text can be in the 
same paragraph!

** CID 1455213:    (FORWARD_NULL)


________________________________________________________________________________________________________
*** CID 1455213:    (FORWARD_NULL)
/sc/source/core/tool/address.cxx: 1283 in lcl_ScAddress_Parse_OOo(const char16_t *, const 
ScDocument *, ScAddress &, ScRefFlags &, ScAddress::ExternalInfo *, ScRange *, int *, const 
rtl::OUString *)()
1277             }
1278             else
1279             {
1280                 if (rtl::isAsciiAlpha( *p ))
1281                 {
1282                     nCol = sal::static_int_cast<SCCOL>( rtl::toAsciiUpperCase( *p++ ) - 'A' );
    CID 1455213:    (FORWARD_NULL)
    Passing null pointer "pDoc" to "MaxCol", which dereferences it.
1283                     while (nCol < pDoc->MaxCol() && rtl::isAsciiAlpha(*p))
1284                         nCol = sal::static_int_cast<SCCOL>( ((nCol + 1) * 26) + 
rtl::toAsciiUpperCase( *p++ ) - 'A' );
1285                 }
1286                 else
1287                     nBits = ScRefFlags::ZERO;
1288     
/sc/source/core/tool/address.cxx: 1289 in lcl_ScAddress_Parse_OOo(const char16_t *, const 
ScDocument *, ScAddress &, ScRefFlags &, ScAddress::ExternalInfo *, ScRange *, int *, const 
rtl::OUString *)()
1283                     while (nCol < pDoc->MaxCol() && rtl::isAsciiAlpha(*p))
1284                         nCol = sal::static_int_cast<SCCOL>( ((nCol + 1) * 26) + 
rtl::toAsciiUpperCase( *p++ ) - 'A' );
1285                 }
1286                 else
1287                     nBits = ScRefFlags::ZERO;
1288     
    CID 1455213:    (FORWARD_NULL)
    Passing null pointer "pDoc" to "MaxCol", which dereferences it.
1289                 if (nCol > pDoc->MaxCol() || (*p && *p != '$' && !rtl::isAsciiDigit( *p ) &&
1290                             (!pErrRef || !lcl_isString( p, *pErrRef))))
1291                     nBits = ScRefFlags::ZERO;
1292                 if( nBits == ScRefFlags::ZERO )
1293                     p = q;
1294             }
/sc/source/core/tool/address.cxx: 1333 in lcl_ScAddress_Parse_OOo(const char16_t *, const 
ScDocument *, ScAddress &, ScRefFlags &, ScAddress::ExternalInfo *, ScRange *, int *, const 
rtl::OUString *)()
1327                 }
1328                 else
1329                 {
1330                     long n = rtl_ustr_toInt32( p, 10 ) - 1;
1331                     while (rtl::isAsciiDigit( *p ))
1332                         p++;
    CID 1455213:    (FORWARD_NULL)
    Passing null pointer "pDoc" to "MaxRow", which dereferences it.
1333                     if( n < 0 || n > pDoc->MaxRow() )
1334                         nBits = ScRefFlags::ZERO;
1335                     nRow = static_cast<SCROW>(n);
1336                 }
1337                 if( nBits == ScRefFlags::ZERO )
1338                     p = q;

** CID 1455212:  Error handling issues  (UNCAUGHT_EXCEPT)
/usr/include/c++/8/bits/shared_ptr_base.h: 550 in std::_Sp_counted_ptr_inplace<SfxRequest, 
std::allocator<SfxRequest>, (__gnu_cxx::_Lock_policy)2>::_M_dispose()()


________________________________________________________________________________________________________
*** CID 1455212:  Error handling issues  (UNCAUGHT_EXCEPT)
/usr/include/c++/8/bits/shared_ptr_base.h: 550 in std::_Sp_counted_ptr_inplace<SfxRequest, 
std::allocator<SfxRequest>, (__gnu_cxx::_Lock_policy)2>::_M_dispose()()
544                   std::forward<_Args>(__args)...); // might throw
545             }
546     
547           ~_Sp_counted_ptr_inplace() noexcept { }
548     
549           virtual void
    CID 1455212:  Error handling issues  (UNCAUGHT_EXCEPT)
    An exception of type "com::sun::star::uno::DeploymentException" is thrown but the throw 
list "noexcept" doesn't allow it to be thrown. This will cause a call to unexpected() which 
usually calls terminate().
550           _M_dispose() noexcept
551           {
552             allocator_traits<_Alloc>::destroy(_M_impl._M_alloc(), _M_ptr());
553           }
554     
555           // Override because the allocator needs to know the dynamic type

** CID 1455211:    (FORWARD_NULL)


________________________________________________________________________________________________________
*** CID 1455211:    (FORWARD_NULL)
/sw/source/uibase/shells/textsh1.cxx: 1187 in SwTextShell::Execute(SfxRequest &)()
1181     
1182                 if(pItem)
1183                 {
1184                     aSet = static_cast<const SvxColorItem*>(pItem)->GetValue();
1185                     bHasItem = true;
1186                 }
    CID 1455211:    (FORWARD_NULL)
    Passing null pointer "pArgs" to "GetItemState", which dereferences it.
1187                 else if(SfxItemState::SET == pArgs->GetItemState(SID_ATTR_COLOR_STR, false, 
&pColorStringItem))
1188                 {
1189                     sColor = static_cast<const SfxStringItem*>(pColorStringItem)->GetValue();
1190                     aSet = Color(sColor.toInt32(16));
1191                     bHasItem = true;
1192                 }
/sw/source/uibase/shells/textsh1.cxx: 1219 in SwTextShell::Execute(SfxRequest &)()
1213             case SID_ATTR_CHAR_COLOR_EXT:
1214             {
1215                 Color aSet;
1216                 OUString sColor;
1217                 const SfxPoolItem* pColorStringItem = nullptr;
1218     
    CID 1455211:    (FORWARD_NULL)
    Passing null pointer "pArgs" to "GetItemState", which dereferences it.
1219                 if (SfxItemState::SET == pArgs->GetItemState(SID_ATTR_COLOR_STR, false, 
&pColorStringItem))
1220                 {
1221                     sColor = static_cast<const SfxStringItem*>(pColorStringItem)->GetValue();
1222                     if (sColor == "transparent")
1223                         aSet = COL_TRANSPARENT;
1224                     else

** CID 1455210:  Null pointer dereferences  (REVERSE_INULL)
/sd/source/ui/slidesorter/controller/SlsSlotManager.cxx: 889 in 
sd::slidesorter::controller::SlotManager::RenameSlide(const SfxRequest &)()


________________________________________________________________________________________________________
*** CID 1455210:  Null pointer dereferences  (REVERSE_INULL)
/sd/source/ui/slidesorter/controller/SlsSlotManager.cxx: 889 in 
sd::slidesorter::controller::SlotManager::RenameSlide(const SfxRequest &)()
883     
884         // tdf#107183 Set different dialog titles when renaming
885         // master slides or normal ones
886         OUString aTitle;
887         if( rRequest.GetSlot() == SID_RENAME_MASTER_PAGE )
888             aTitle = SdResId( STR_TITLE_RENAMEMASTER );
    CID 1455210:  Null pointer dereferences  (REVERSE_INULL)
    Null-checking "pDrView" suggests that it may be null, but it has already been dereferenced 
on all paths leading to the check.
889         else if (pDrView && pDrView->GetDoc().GetDocumentType() == DocumentType::Draw)
890             aTitle = SdResId( STR_TITLE_RENAMEPAGE );
891         else
892             aTitle = SdResId( STR_TITLE_RENAMESLIDE );
893     
894         OUString aDescr( SdResId( STR_DESC_RENAMESLIDE ) );

** CID 1455209:  Memory - illegal accesses  (WRAPPER_ESCAPE)
/hwpfilter/source/hwpread.cxx: 493 in Picture::Read(HWPFile &)()


________________________________________________________________________________________________________
*** CID 1455209:  Memory - illegal accesses  (WRAPPER_ESCAPE)
/hwpfilter/source/hwpread.cxx: 493 in Picture::Read(HWPFile &)()
487             }
488             follow_block_size = follow.size();
489     
490             if (pictype == PICTYPE_DRAW)
491             {
492                 auto 
xNewMem(std::make_unique<HMemIODev>(reinterpret_cast<char*>(follow.data()), follow_block_size));
    CID 1455209:  Memory - illegal accesses  (WRAPPER_ESCAPE)
    The internal representation of local "xNewMem" escapes, but is destroyed when it exits 
scope.
493                 auto xGuard(std::make_unique<ChangeMemGuard>(xNewMem.get()));
494                 LoadDrawingObjectBlock(this);
495                 style.cell = picinfo.picdraw.hdo;
496                 xGuard.reset();
497                 xNewMem.reset();
498             }

** CID 1455208:  Uninitialized members  (UNINIT_CTOR)
/sc/source/ui/navipi/navipi.cxx: 75 in ColumnEdit::ColumnEdit(vcl::Window *, long)()


________________________________________________________________________________________________________
*** CID 1455208:  Uninitialized members  (UNINIT_CTOR)
/sc/source/ui/navipi/navipi.cxx: 75 in ColumnEdit::ColumnEdit(vcl::Window *, long)()
69     
70     ColumnEdit::ColumnEdit(Window* pParent, WinBits nWinBits)
71         : SpinField(pParent, nWinBits),
72         nCol(0)
73     {
74         SetMaxTextLen(SCNAV_COLDIGITS);   // 1...256...18278 or A...IV...ZZZ
    CID 1455208:  Uninitialized members  (UNINIT_CTOR)
    Non-static class member "mpDoc" is not initialized in this constructor nor in any functions 
that it calls.
75     }
76     
77     ColumnEdit::~ColumnEdit()
78     {
79         disposeOnce();
80     }

** CID 1426874:  Null pointer dereferences  (FORWARD_NULL)


________________________________________________________________________________________________________
*** CID 1426874:  Null pointer dereferences  (FORWARD_NULL)
/sw/source/uibase/shells/basesh.cxx: 2348 in SwBaseShell::ExecBckCol(SfxRequest &)()
2342                 const SfxPoolItem* pColorStringItem = nullptr;
2343                 bool bIsTransparent = false;
2344     
2345                 aBrushItem->SetGraphicPos(GPOS_NONE);
2346     
2347                 sal_uInt16 nSlotId = SID_BACKGROUND_COLOR ? SID_BACKGROUND_COLOR : 
SID_TABLE_CELL_BACKGROUND_COLOR;
    CID 1426874:  Null pointer dereferences  (FORWARD_NULL)
    Passing null pointer "pArgs" to "GetItemState", which dereferences it.
2348                 if (SfxItemState::SET == pArgs->GetItemState(SID_ATTR_COLOR_STR, false, 
&pColorStringItem))
2349                 {
2350                     OUString sColor = static_cast<const 
SfxStringItem*>(pColorStringItem)->GetValue();
2351                     if (sColor == "transparent")
2352                     {
2353                         bIsTransparent = true;


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, 
https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRZBnDJeNb0HijxaS4JNJPxk3kpyAm2AYqo71yXmnOxB73RtgzoPcQtNNP5dkHLuV1E-3D_g-2BrHdvqzaBa155F-2F8AmPhpJzY63UzWDisJV95WUBpGhqFw1ICExHG8aMaV2EoFpyuSlpLVEctZaZUNqwi-2FZU5qWRu-2F25OG2PjazBVyc9v42T7lJdf45wzh5QTyhT0NzsR8gln5XrVIKret-2Bxf9Kqm56n-2BXwtMdK8hcI-2BsoUaRXUdch8yT-2Fa2hcqdUFFVX9BbdZCjJnWpJhwVil9w4BRBvngl0SZMI9U06OkX77qW1Co-3D


Context


Privacy Policy | Impressum (Legal Info) | Copyright information: Unless otherwise specified, all text and images on this website are licensed under the Creative Commons Attribution-Share Alike 3.0 License. This does not include the source code of LibreOffice, which is licensed under the Mozilla Public License (MPLv2). "LibreOffice" and "The Document Foundation" are registered trademarks of their corresponding registered owners or are in actual use as trademarks in one or more countries. Their respective logos and icons are also subject to international copyright laws. Use thereof is explained in our trademark policy.