Hi,
Please find the latest report on new defect(s) introduced to LibreOffice found with Coverity Scan.
8 new defect(s) introduced to LibreOffice found with Coverity Scan.
10 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by
Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 8 of 8 defect(s)
** CID 1455328: Uninitialized members (UNINIT_CTOR)
/include/basegfx/DrawCommands.hxx: 70 in gfx::LinearGradientInfo::LinearGradientInfo()()
________________________________________________________________________________________________________
*** CID 1455328: Uninitialized members (UNINIT_CTOR)
/include/basegfx/DrawCommands.hxx: 70 in gfx::LinearGradientInfo::LinearGradientInfo()()
64 class LinearGradientInfo : public GradientInfo
65 {
66 public:
67 LinearGradientInfo()
68 : GradientInfo(GradientType::Linear)
69 {
CID 1455328: Uninitialized members (UNINIT_CTOR)
Non-static class member "y2" is not initialized in this constructor nor in any functions
that it calls.
70 }
71
72 double x1;
73 double y1;
74 double x2;
75 double y2;
** CID 1455327: Null pointer dereferences (NULL_RETURNS)
________________________________________________________________________________________________________
*** CID 1455327: Null pointer dereferences (NULL_RETURNS)
/sc/source/ui/navipi/navcitem.cxx: 53 in ScNavigatorControllerItem::StateChanged(unsigned short,
SfxItemState, const SfxPoolItem *)()
47 OSL_ENSURE( pCellPosItem, "SfxStringItem expected!" );
48
49 if ( pCellPosItem )
50 {
51 const OUString& aAddress( pCellPosItem->GetValue() );
52 ScAddress aScAddress;
CID 1455327: Null pointer dereferences (NULL_RETURNS)
Dereferencing a pointer that might be "nullptr" "this->rNavigatorDlg->GetViewData()" when
calling "GetDocument".
53 aScAddress.Parse( aAddress, rNavigatorDlg.GetViewData()->GetDocument() );
54
55 SCCOL nCol = aScAddress.Col()+1;
56 SCROW nRow = aScAddress.Row()+1;
57
58 rNavigatorDlg.UpdateColumn( &nCol );
** CID 1455326: (FORWARD_NULL)
________________________________________________________________________________________________________
*** CID 1455326: (FORWARD_NULL)
/sc/source/core/tool/address.cxx: 2381 in ScRange::MoveSticky(const ScDocument *, short, int,
short, ScRange&)()
2375 dy = 0; // Entire column not to be moved.
2376 if (dx && aStart.Col() == 0 && aEnd.Col() == nMaxCol)
2377 dx = 0; // Entire row not to be moved.
2378 bool b1 = aStart.Move( dx, dy, dz, rErrorRange.aStart );
2379 if (dx && bColRange && aEnd.Col() == nMaxCol)
2380 dx = 0; // End column sticky.
CID 1455326: (FORWARD_NULL)
Passing null pointer "pDoc" to "MaxRow", which dereferences it.
2381 if (dy && bRowRange && aEnd.Row() == pDoc->MaxRow())
2382 dy = 0; // End row sticky.
2383 SCTAB nOldTab = aEnd.Tab();
2384 bool b2 = aEnd.Move( dx, dy, dz, rErrorRange.aEnd );
2385 if (!b2)
2386 {
/sc/source/core/tool/address.cxx: 2374 in ScRange::MoveSticky(const ScDocument *, short, int,
short, ScRange&)()
2368
2369 bool ScRange::MoveSticky( const ScDocument* pDoc, SCCOL dx, SCROW dy, SCTAB dz, ScRange&
rErrorRange )
2370 {
2371 const SCCOL nMaxCol = (pDoc ? pDoc->MaxCol() : MAXCOL);
2372 bool bColRange = (aStart.Col() < aEnd.Col());
2373 bool bRowRange = (aStart.Row() < aEnd.Row());
CID 1455326: (FORWARD_NULL)
Passing null pointer "pDoc" to "MaxRow", which dereferences it.
2374 if (dy && aStart.Row() == 0 && aEnd.Row() == pDoc->MaxRow())
2375 dy = 0; // Entire column not to be moved.
2376 if (dx && aStart.Col() == 0 && aEnd.Col() == nMaxCol)
2377 dx = 0; // Entire row not to be moved.
2378 bool b1 = aStart.Move( dx, dy, dz, rErrorRange.aStart );
2379 if (dx && bColRange && aEnd.Col() == nMaxCol)
** CID 1455325: (FORWARD_NULL)
________________________________________________________________________________________________________
*** CID 1455325: (FORWARD_NULL)
/sc/source/core/tool/address.cxx: 2282 in ScRange::Format(ScRefFlags, const ScDocument *, const
ScAddress::Details &, bool) const()
2276 if( aStart.Row() != aEnd.Row() ||
2277 lcl_RowAbsFlagDiffer( nFlags ) ) {
2278 r.append(":");
2279 lcl_r1c1_append_r( r, aEnd.Row(), (nFlags & ScRefFlags::ROW2_ABS) !=
ScRefFlags::ZERO, rDetails );
2280 }
2281 }
CID 1455325: (FORWARD_NULL)
Passing null pointer "pDoc" to "MaxRow", which dereferences it.
2282 else if( aStart.Row() == 0 && aEnd.Row() >= pDoc->MaxRow() &&
!bFullAddressNotation )
2283 {
2284 lcl_r1c1_append_c( r, aStart.Col(), (nFlags & ScRefFlags::COL_ABS) !=
ScRefFlags::ZERO, rDetails );
2285 if( aStart.Col() != aEnd.Col() ||
2286 lcl_ColAbsFlagDiffer( nFlags )) {
2287 r.append(":");
/sc/source/core/tool/address.cxx: 2249 in ScRange::Format(ScRefFlags, const ScDocument *, const
ScAddress::Details &, bool) const()
2243 {
2244 // Full col refs always require 2 rows (2:2)
2245 lcl_a1_append_r( r, aStart.Row(), (nFlags & ScRefFlags::ROW_ABS) !=
ScRefFlags::ZERO );
2246 r.append(":");
2247 lcl_a1_append_r( r, aEnd.Row(), (nFlags & ScRefFlags::ROW2_ABS) !=
ScRefFlags::ZERO );
2248 }
CID 1455325: (FORWARD_NULL)
Passing null pointer "pDoc" to "MaxRow", which dereferences it.
2249 else if( aStart.Row() == 0 && aEnd.Row() >= pDoc->MaxRow() &&
!bFullAddressNotation )
2250 {
2251 // Full row refs always require 2 cols (A:A)
2252 lcl_a1_append_c( r, aStart.Col(), (nFlags & ScRefFlags::COL_ABS) !=
ScRefFlags::ZERO );
2253 r.append(":");
2254 lcl_a1_append_c( r, aEnd.Col(), (nFlags & ScRefFlags::COL2_ABS) !=
ScRefFlags::ZERO );
** CID 1448502: Insecure data handling (TAINTED_SCALAR)
________________________________________________________________________________________________________
*** CID 1448502: Insecure data handling (TAINTED_SCALAR)
/sc/source/filter/excel/xlpivot.cxx: 874 in operator >>(XclImpStream &, XclPTInfo &)()
868 rInfo.mnDataRows = rStrm.ReaduInt16();
869 rInfo.mnDataCols = rStrm.ReaduInt16();
870 rInfo.mnFlags = rStrm.ReaduInt16();
871 rInfo.mnAutoFmtIdx = rStrm.ReaduInt16();
872 nTabLen = rStrm.ReaduInt16();
873 nDataLen = rStrm.ReaduInt16();
CID 1448502: Insecure data handling (TAINTED_SCALAR)
Passing tainted variable "nTabLen" to a tainted sink.
874 rInfo.maTableName = rStrm.ReadUniString( nTabLen );
875 rInfo.maDataName = rStrm.ReadUniString( nDataLen );
876 return rStrm;
877 }
878
879 XclExpStream& operator<<( XclExpStream& rStrm, const XclPTInfo& rInfo )
** CID 1448374: Insecure data handling (TAINTED_SCALAR)
________________________________________________________________________________________________________
*** CID 1448374: Insecure data handling (TAINTED_SCALAR)
/sc/source/filter/excel/xichart.cxx: 1230 in XclImpChText::ReadChFrLabelProps(XclImpStream &)()
1224 mxLabelProps.reset( new XclChFrLabelProps );
1225 sal_uInt16 nSepLen;
1226 rStrm.Ignore( 12 );
1227 mxLabelProps->mnFlags = rStrm.ReaduInt16();
1228 nSepLen = rStrm.ReaduInt16();
1229 if( nSepLen > 0 )
CID 1448374: Insecure data handling (TAINTED_SCALAR)
Passing tainted variable "nSepLen" to a tainted sink.
1230 mxLabelProps->maSeparator = rStrm.ReadUniString( nSepLen );
1231 }
1232 }
1233
1234 namespace {
1235
** CID 1448371: Insecure data handling (TAINTED_SCALAR)
________________________________________________________________________________________________________
*** CID 1448371: Insecure data handling (TAINTED_SCALAR)
/sc/source/filter/excel/xlpivot.cxx: 408 in operator >>(XclImpStream &, XclPTCachedName &)()
402 sal_uInt16 nStrLen;
403 nStrLen = rStrm.ReaduInt16();
404 rCachedName.mbUseCache = nStrLen == EXC_PT_NOSTRING;
405 if( rCachedName.mbUseCache )
406 rCachedName.maName.clear();
407 else
CID 1448371: Insecure data handling (TAINTED_SCALAR)
Passing tainted variable "nStrLen" to a tainted sink.
408 rCachedName.maName = rStrm.ReadUniString( nStrLen );
409 return rStrm;
410 }
411
412 XclExpStream& operator<<( XclExpStream& rStrm, const XclPTCachedName& rCachedName )
413 {
** CID 1448242: Insecure data handling (TAINTED_SCALAR)
________________________________________________________________________________________________________
*** CID 1448242: Insecure data handling (TAINTED_SCALAR)
/sc/source/filter/excel/xistream.cxx: 902 in XclImpStream::ReadUniString()()
896 {
897 return ReadUniString( nChars, ReaduInt8() );
898 }
899
900 OUString XclImpStream::ReadUniString()
901 {
CID 1448242: Insecure data handling (TAINTED_SCALAR)
Passing tainted variable "this->ReaduInt16()" to a tainted sink.
902 return ReadUniString( ReaduInt16() );
903 }
904
905 void XclImpStream::IgnoreRawUniString( sal_uInt16 nChars, bool b16Bit )
906 {
907 sal_uInt16 nCharsLeft = nChars;
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit,
https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRZBnDJeNb0HijxaS4JNJPxk3kpyAm2AYqo71yXmnOxB73RtgzoPcQtNNP5dkHLuV1E-3D_g-2BrHdvqzaBa155F-2F8AmPhpJzY63UzWDisJV95WUBpGhqFw1ICExHG8aMaV2EoFpyUbHeJv53ur8ib48CsDoT1aiypfQnzYD-2Bb8fRbM9rWTspy-2F-2FfWqE-2FsX6j0S0WLQVu-2FWKmZZXXjnEqMi52P094kauIhg4w-2Bt3mte1LAXrlusgnU2aqshyPmRVMbjh6b0YDJIPdIadbtHBhKLjUuB4wGjT87CNgWFObnW4j9eiwti4-3D
Context
- New Defects reported by Coverity Scan for LibreOffice · scan-admin
Privacy Policy |
Impressum (Legal Info) |
Copyright information: Unless otherwise specified, all text and images
on this website are licensed under the
Creative Commons Attribution-Share Alike 3.0 License.
This does not include the source code of LibreOffice, which is
licensed under the Mozilla Public License (
MPLv2).
"LibreOffice" and "The Document Foundation" are
registered trademarks of their corresponding registered owners or are
in actual use as trademarks in one or more countries. Their respective
logos and icons are also subject to international copyright laws. Use
thereof is explained in our
trademark policy.