Hi,
Please find the latest report on new defect(s) introduced to LibreOffice found with Coverity Scan.
10 new defect(s) introduced to LibreOffice found with Coverity Scan.
4 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by
Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 10 of 10 defect(s)
** CID 1455216: Null pointer dereferences (REVERSE_INULL)
/sw/source/uibase/shells/basesh.cxx: 2367 in SwBaseShell::ExecBckCol(SfxRequest &)()
________________________________________________________________________________________________________
*** CID 1455216: Null pointer dereferences (REVERSE_INULL)
/sw/source/uibase/shells/basesh.cxx: 2367 in SwBaseShell::ExecBckCol(SfxRequest &)()
2361 SvxColorItem aNewColorItem(nSlotId);
2362 aNewColorItem.SetValue(aColor);
2363
2364 GetView().GetViewFrame()->GetBindings().SetState(aNewColorItem);
2365 }
2366 }
CID 1455216: Null pointer dereferences (REVERSE_INULL)
Null-checking "pArgs" suggests that it may be null, but it has already been dereferenced on
all paths leading to the check.
2367 else if(pArgs)
2368 {
2369 const SvxColorItem& rNewColorItem = static_cast<const
SvxColorItem&>(pArgs->Get(nSlotId));
2370 const Color& rNewColor = rNewColorItem.GetValue();
2371 aBrushItem->SetColor(rNewColor);
2372 GetView().GetViewFrame()->GetBindings().SetState(rNewColorItem);
** CID 1455215: Integer handling issues (NEGATIVE_RETURNS)
________________________________________________________________________________________________________
*** CID 1455215: Integer handling issues (NEGATIVE_RETURNS)
/sd/source/filter/eppt/pptx-animations.cxx: 1057 in
<unnamed>::PPTXAnimationExport::WriteAnimationNodeCommonPropsStart()()
1051 sal_Int16 nFill = AnimationExporter::GetFillMode(rXNode, AnimationFill::AUTO);
1052 pFill = convertAnimationFill(nFill);
1053 }
1054
1055 bool bAutoReverse = rXNode->getAutoReverse();
1056
CID 1455215: Integer handling issues (NEGATIVE_RETURNS)
"nPresetSubType" is passed to a parameter that cannot be negative.
1057 mpFS->startElementNS(
1058 XML_p, XML_cTn, XML_id, OString::number(GetNextAnimationNodeId(rXNode)), XML_dur,
1059 fDuration != 0 ? OString::number(static_cast<sal_Int32>(fDuration *
1000.0)).getStr()
1060 : pDuration,
1061 XML_autoRev, bAutoReverse ? "1" : nullptr, XML_restart, pRestart, XML_nodeType,
pNodeType,
1062 XML_fill, pFill, XML_presetClass, pPresetClass, XML_presetID,
** CID 1455214: Uninitialized variables (UNINIT)
________________________________________________________________________________________________________
*** CID 1455214: Uninitialized variables (UNINIT)
/sc/source/filter/rtf/eeimpars.cxx: 336 in ScEEImport::WriteToDocument(bool, double,
SvNumberFormatter *, bool)()
330 aParam.mbDetectNumberFormat = true;
331 aParam.meSetTextNumFormat = ScSetStringParam::SpecialNumberOnly;
332 aParam.mbHandleApostrophe = false;
333 aParam.mbCheckLinkFormula = true;
334
335 if (!aValStr.isEmpty())
CID 1455214: Uninitialized variables (UNINIT)
Using uninitialized value "fVal" when calling "SetValue".
336 mpDoc->SetValue( nCol, nRow, nTab, fVal );
337 else if ( !pE->aSel.HasRange() )
338 {
339 // maybe ALT text of IMG or similar
340 mpDoc->SetString( nCol, nRow, nTab, pE->aAltText, &aParam );
341 // If SelRange is completely empty, the succeeding text can be in the
same paragraph!
** CID 1455213: (FORWARD_NULL)
________________________________________________________________________________________________________
*** CID 1455213: (FORWARD_NULL)
/sc/source/core/tool/address.cxx: 1283 in lcl_ScAddress_Parse_OOo(const char16_t *, const
ScDocument *, ScAddress &, ScRefFlags &, ScAddress::ExternalInfo *, ScRange *, int *, const
rtl::OUString *)()
1277 }
1278 else
1279 {
1280 if (rtl::isAsciiAlpha( *p ))
1281 {
1282 nCol = sal::static_int_cast<SCCOL>( rtl::toAsciiUpperCase( *p++ ) - 'A' );
CID 1455213: (FORWARD_NULL)
Passing null pointer "pDoc" to "MaxCol", which dereferences it.
1283 while (nCol < pDoc->MaxCol() && rtl::isAsciiAlpha(*p))
1284 nCol = sal::static_int_cast<SCCOL>( ((nCol + 1) * 26) +
rtl::toAsciiUpperCase( *p++ ) - 'A' );
1285 }
1286 else
1287 nBits = ScRefFlags::ZERO;
1288
/sc/source/core/tool/address.cxx: 1289 in lcl_ScAddress_Parse_OOo(const char16_t *, const
ScDocument *, ScAddress &, ScRefFlags &, ScAddress::ExternalInfo *, ScRange *, int *, const
rtl::OUString *)()
1283 while (nCol < pDoc->MaxCol() && rtl::isAsciiAlpha(*p))
1284 nCol = sal::static_int_cast<SCCOL>( ((nCol + 1) * 26) +
rtl::toAsciiUpperCase( *p++ ) - 'A' );
1285 }
1286 else
1287 nBits = ScRefFlags::ZERO;
1288
CID 1455213: (FORWARD_NULL)
Passing null pointer "pDoc" to "MaxCol", which dereferences it.
1289 if (nCol > pDoc->MaxCol() || (*p && *p != '$' && !rtl::isAsciiDigit( *p ) &&
1290 (!pErrRef || !lcl_isString( p, *pErrRef))))
1291 nBits = ScRefFlags::ZERO;
1292 if( nBits == ScRefFlags::ZERO )
1293 p = q;
1294 }
/sc/source/core/tool/address.cxx: 1333 in lcl_ScAddress_Parse_OOo(const char16_t *, const
ScDocument *, ScAddress &, ScRefFlags &, ScAddress::ExternalInfo *, ScRange *, int *, const
rtl::OUString *)()
1327 }
1328 else
1329 {
1330 long n = rtl_ustr_toInt32( p, 10 ) - 1;
1331 while (rtl::isAsciiDigit( *p ))
1332 p++;
CID 1455213: (FORWARD_NULL)
Passing null pointer "pDoc" to "MaxRow", which dereferences it.
1333 if( n < 0 || n > pDoc->MaxRow() )
1334 nBits = ScRefFlags::ZERO;
1335 nRow = static_cast<SCROW>(n);
1336 }
1337 if( nBits == ScRefFlags::ZERO )
1338 p = q;
** CID 1455212: Error handling issues (UNCAUGHT_EXCEPT)
/usr/include/c++/8/bits/shared_ptr_base.h: 550 in std::_Sp_counted_ptr_inplace<SfxRequest,
std::allocator<SfxRequest>, (__gnu_cxx::_Lock_policy)2>::_M_dispose()()
________________________________________________________________________________________________________
*** CID 1455212: Error handling issues (UNCAUGHT_EXCEPT)
/usr/include/c++/8/bits/shared_ptr_base.h: 550 in std::_Sp_counted_ptr_inplace<SfxRequest,
std::allocator<SfxRequest>, (__gnu_cxx::_Lock_policy)2>::_M_dispose()()
544 std::forward<_Args>(__args)...); // might throw
545 }
546
547 ~_Sp_counted_ptr_inplace() noexcept { }
548
549 virtual void
CID 1455212: Error handling issues (UNCAUGHT_EXCEPT)
An exception of type "com::sun::star::uno::DeploymentException" is thrown but the throw
list "noexcept" doesn't allow it to be thrown. This will cause a call to unexpected() which
usually calls terminate().
550 _M_dispose() noexcept
551 {
552 allocator_traits<_Alloc>::destroy(_M_impl._M_alloc(), _M_ptr());
553 }
554
555 // Override because the allocator needs to know the dynamic type
** CID 1455211: (FORWARD_NULL)
________________________________________________________________________________________________________
*** CID 1455211: (FORWARD_NULL)
/sw/source/uibase/shells/textsh1.cxx: 1187 in SwTextShell::Execute(SfxRequest &)()
1181
1182 if(pItem)
1183 {
1184 aSet = static_cast<const SvxColorItem*>(pItem)->GetValue();
1185 bHasItem = true;
1186 }
CID 1455211: (FORWARD_NULL)
Passing null pointer "pArgs" to "GetItemState", which dereferences it.
1187 else if(SfxItemState::SET == pArgs->GetItemState(SID_ATTR_COLOR_STR, false,
&pColorStringItem))
1188 {
1189 sColor = static_cast<const SfxStringItem*>(pColorStringItem)->GetValue();
1190 aSet = Color(sColor.toInt32(16));
1191 bHasItem = true;
1192 }
/sw/source/uibase/shells/textsh1.cxx: 1219 in SwTextShell::Execute(SfxRequest &)()
1213 case SID_ATTR_CHAR_COLOR_EXT:
1214 {
1215 Color aSet;
1216 OUString sColor;
1217 const SfxPoolItem* pColorStringItem = nullptr;
1218
CID 1455211: (FORWARD_NULL)
Passing null pointer "pArgs" to "GetItemState", which dereferences it.
1219 if (SfxItemState::SET == pArgs->GetItemState(SID_ATTR_COLOR_STR, false,
&pColorStringItem))
1220 {
1221 sColor = static_cast<const SfxStringItem*>(pColorStringItem)->GetValue();
1222 if (sColor == "transparent")
1223 aSet = COL_TRANSPARENT;
1224 else
** CID 1455210: Null pointer dereferences (REVERSE_INULL)
/sd/source/ui/slidesorter/controller/SlsSlotManager.cxx: 889 in
sd::slidesorter::controller::SlotManager::RenameSlide(const SfxRequest &)()
________________________________________________________________________________________________________
*** CID 1455210: Null pointer dereferences (REVERSE_INULL)
/sd/source/ui/slidesorter/controller/SlsSlotManager.cxx: 889 in
sd::slidesorter::controller::SlotManager::RenameSlide(const SfxRequest &)()
883
884 // tdf#107183 Set different dialog titles when renaming
885 // master slides or normal ones
886 OUString aTitle;
887 if( rRequest.GetSlot() == SID_RENAME_MASTER_PAGE )
888 aTitle = SdResId( STR_TITLE_RENAMEMASTER );
CID 1455210: Null pointer dereferences (REVERSE_INULL)
Null-checking "pDrView" suggests that it may be null, but it has already been dereferenced
on all paths leading to the check.
889 else if (pDrView && pDrView->GetDoc().GetDocumentType() == DocumentType::Draw)
890 aTitle = SdResId( STR_TITLE_RENAMEPAGE );
891 else
892 aTitle = SdResId( STR_TITLE_RENAMESLIDE );
893
894 OUString aDescr( SdResId( STR_DESC_RENAMESLIDE ) );
** CID 1455209: Memory - illegal accesses (WRAPPER_ESCAPE)
/hwpfilter/source/hwpread.cxx: 493 in Picture::Read(HWPFile &)()
________________________________________________________________________________________________________
*** CID 1455209: Memory - illegal accesses (WRAPPER_ESCAPE)
/hwpfilter/source/hwpread.cxx: 493 in Picture::Read(HWPFile &)()
487 }
488 follow_block_size = follow.size();
489
490 if (pictype == PICTYPE_DRAW)
491 {
492 auto
xNewMem(std::make_unique<HMemIODev>(reinterpret_cast<char*>(follow.data()), follow_block_size));
CID 1455209: Memory - illegal accesses (WRAPPER_ESCAPE)
The internal representation of local "xNewMem" escapes, but is destroyed when it exits
scope.
493 auto xGuard(std::make_unique<ChangeMemGuard>(xNewMem.get()));
494 LoadDrawingObjectBlock(this);
495 style.cell = picinfo.picdraw.hdo;
496 xGuard.reset();
497 xNewMem.reset();
498 }
** CID 1455208: Uninitialized members (UNINIT_CTOR)
/sc/source/ui/navipi/navipi.cxx: 75 in ColumnEdit::ColumnEdit(vcl::Window *, long)()
________________________________________________________________________________________________________
*** CID 1455208: Uninitialized members (UNINIT_CTOR)
/sc/source/ui/navipi/navipi.cxx: 75 in ColumnEdit::ColumnEdit(vcl::Window *, long)()
69
70 ColumnEdit::ColumnEdit(Window* pParent, WinBits nWinBits)
71 : SpinField(pParent, nWinBits),
72 nCol(0)
73 {
74 SetMaxTextLen(SCNAV_COLDIGITS); // 1...256...18278 or A...IV...ZZZ
CID 1455208: Uninitialized members (UNINIT_CTOR)
Non-static class member "mpDoc" is not initialized in this constructor nor in any functions
that it calls.
75 }
76
77 ColumnEdit::~ColumnEdit()
78 {
79 disposeOnce();
80 }
** CID 1426874: Null pointer dereferences (FORWARD_NULL)
________________________________________________________________________________________________________
*** CID 1426874: Null pointer dereferences (FORWARD_NULL)
/sw/source/uibase/shells/basesh.cxx: 2348 in SwBaseShell::ExecBckCol(SfxRequest &)()
2342 const SfxPoolItem* pColorStringItem = nullptr;
2343 bool bIsTransparent = false;
2344
2345 aBrushItem->SetGraphicPos(GPOS_NONE);
2346
2347 sal_uInt16 nSlotId = SID_BACKGROUND_COLOR ? SID_BACKGROUND_COLOR :
SID_TABLE_CELL_BACKGROUND_COLOR;
CID 1426874: Null pointer dereferences (FORWARD_NULL)
Passing null pointer "pArgs" to "GetItemState", which dereferences it.
2348 if (SfxItemState::SET == pArgs->GetItemState(SID_ATTR_COLOR_STR, false,
&pColorStringItem))
2349 {
2350 OUString sColor = static_cast<const
SfxStringItem*>(pColorStringItem)->GetValue();
2351 if (sColor == "transparent")
2352 {
2353 bIsTransparent = true;
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit,
https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRZBnDJeNb0HijxaS4JNJPxk3kpyAm2AYqo71yXmnOxB73RtgzoPcQtNNP5dkHLuV1E-3D_g-2BrHdvqzaBa155F-2F8AmPhpJzY63UzWDisJV95WUBpGhqFw1ICExHG8aMaV2EoFpyuSlpLVEctZaZUNqwi-2FZU5qWRu-2F25OG2PjazBVyc9v42T7lJdf45wzh5QTyhT0NzsR8gln5XrVIKret-2Bxf9Kqm56n-2BXwtMdK8hcI-2BsoUaRXUdch8yT-2Fa2hcqdUFFVX9BbdZCjJnWpJhwVil9w4BRBvngl0SZMI9U06OkX77qW1Co-3D
Context
- New Defects reported by Coverity Scan for LibreOffice · scan-admin
Privacy Policy |
Impressum (Legal Info) |
Copyright information: Unless otherwise specified, all text and images
on this website are licensed under the
Creative Commons Attribution-Share Alike 3.0 License.
This does not include the source code of LibreOffice, which is
licensed under the Mozilla Public License (
MPLv2).
"LibreOffice" and "The Document Foundation" are
registered trademarks of their corresponding registered owners or are
in actual use as trademarks in one or more countries. Their respective
logos and icons are also subject to international copyright laws. Use
thereof is explained in our
trademark policy.