Hi,
Please find the latest report on new defect(s) introduced to LibreOffice found with Coverity Scan.
6 new defect(s) introduced to LibreOffice found with Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 6 of 6 defect(s)
** CID 1458020: Insecure data handling (TAINTED_SCALAR)
/svl/source/items/macitem.cxx: 110 in SvxMacroTableDtor::Read(SvStream &)()
________________________________________________________________________________________________________
*** CID 1458020: Insecure data handling (TAINTED_SCALAR)
/svl/source/items/macitem.cxx: 110 in SvxMacroTableDtor::Read(SvStream &)()
104 {
105 SAL_WARN("editeng", "Parsing error: " << nMaxRecords <<
106 " max possible entries, but " << nMacro<< " claimed, truncating");
107 nMacro = nMaxRecords;
108 }
109
CID 1458020: Insecure data handling (TAINTED_SCALAR)
Using tainted variable "nMacro" as a loop boundary.
110 for (short i = 0; i < nMacro; ++i)
111 {
112 sal_uInt16 nCurKey, eType = STARBASIC;
113 OUString aLibName, aMacName;
114 rStrm.ReadUInt16( nCurKey );
115 aLibName = readByteString(rStrm);
** CID 1458019: Memory - corruptions (OVERRUN)
/svl/source/numbers/zforscan.cxx: 1645 in ImpSvNumberformatScan::InsertSymbol(unsigned short &,
svt::NfSymbolType, const rtl::OUString &)()
________________________________________________________________________________________________________
*** CID 1458019: Memory - corruptions (OVERRUN)
/svl/source/numbers/zforscan.cxx: 1645 in ImpSvNumberformatScan::InsertSymbol(unsigned short &,
svt::NfSymbolType, const rtl::OUString &)()
1639 {
1640 return false;
1641 }
1642 ++nStringsCnt;
1643 for (size_t i = nStringsCnt; i > nPos; --i)
1644 {
CID 1458019: Memory - corruptions (OVERRUN)
Overrunning array "this->nTypeArray" of 100 2-byte elements at element index 100 (byte
offset 201) using index "i" (which evaluates to 100).
1645 nTypeArray[i] = nTypeArray[i-1];
1646 sStrArray[i] = sStrArray[i-1];
1647 }
1648 }
1649 ++nResultStringsCnt;
1650 nTypeArray[nPos] = static_cast<short>(eType);
** CID 1458018: Insecure data handling (TAINTED_SCALAR)
/filter/source/msfilter/svdfppt.cxx: 1231 in SdrEscherImport::ProcessObj(SvStream &, DffObjData &,
SvxMSDffClientData &, tools::Rectangle &, SdrObject *)()
________________________________________________________________________________________________________
*** CID 1458018: Insecure data handling (TAINTED_SCALAR)
/filter/source/msfilter/svdfppt.cxx: 1231 in SdrEscherImport::ProcessObj(SvStream &, DffObjData &,
SvxMSDffClientData &, tools::Rectangle &, SdrObject *)()
1225 }
1226 if (nRowCount > 0)
1227 {
1228 std::unique_ptr<sal_uInt32[]> pTableArry(new sal_uInt32[ nRowCount
+ 2 ]);
1229 pTableArry[ 0 ] = nTableProperties;
1230 pTableArry[ 1 ] = nRowCount;
CID 1458018: Insecure data handling (TAINTED_SCALAR)
Using tainted variable "nRowCount" as a loop boundary.
1231 for ( i = 0; i < nRowCount; i++ )
1232 rSt.ReadUInt32( pTableArry[ i + 2 ] );
1233 rData.pTableRowProperties = std::move(pTableArry);
1234 }
1235 }
1236 }
** CID 1458017: Memory - illegal accesses (OVERRUN)
/svl/source/numbers/zforscan.cxx: 1646 in ImpSvNumberformatScan::InsertSymbol(unsigned short &,
svt::NfSymbolType, const rtl::OUString &)()
________________________________________________________________________________________________________
*** CID 1458017: Memory - illegal accesses (OVERRUN)
/svl/source/numbers/zforscan.cxx: 1646 in ImpSvNumberformatScan::InsertSymbol(unsigned short &,
svt::NfSymbolType, const rtl::OUString &)()
1640 return false;
1641 }
1642 ++nStringsCnt;
1643 for (size_t i = nStringsCnt; i > nPos; --i)
1644 {
1645 nTypeArray[i] = nTypeArray[i-1];
CID 1458017: Memory - illegal accesses (OVERRUN)
Overrunning array "this->sStrArray" of 100 8-byte elements at element index 100 (byte
offset 807) using index "i" (which evaluates to 100).
1646 sStrArray[i] = sStrArray[i-1];
1647 }
1648 }
1649 ++nResultStringsCnt;
1650 nTypeArray[nPos] = static_cast<short>(eType);
1651 sStrArray[nPos] = rStr;
** CID 1458016: Uninitialized members (UNINIT_CTOR)
/sw/source/core/access/AccessibilityIssue.cxx: 22 in
sw::AccessibilityIssue::AccessibilityIssue(sfx::AccessibilityIssueID)()
________________________________________________________________________________________________________
*** CID 1458016: Uninitialized members (UNINIT_CTOR)
/sw/source/core/access/AccessibilityIssue.cxx: 22 in
sw::AccessibilityIssue::AccessibilityIssue(sfx::AccessibilityIssueID)()
16 {
17 AccessibilityIssue::AccessibilityIssue(sfx::AccessibilityIssueID eIssueID)
18 : sfx::AccessibilityIssue(eIssueID)
19 , m_eIssueObject(IssueObject::UNKNOWN)
20 , m_pDoc(nullptr)
21 {
CID 1458016: Uninitialized members (UNINIT_CTOR)
Non-static class member "m_nEnd" is not initialized in this constructor nor in any
functions that it calls.
22 }
23
24 void AccessibilityIssue::setIssueObject(IssueObject eIssueObject) { m_eIssueObject =
eIssueObject; }
25
26 void AccessibilityIssue::setDoc(SwDoc* pDoc) { m_pDoc = pDoc; }
27
** CID 1401342: Error handling issues (UNCAUGHT_EXCEPT)
/usr/include/c++/8/bits/shared_ptr_base.h: 550 in
std::_Sp_counted_ptr_inplace<sd::GraphicViewShell, std::allocator<sd::GraphicViewShell>,
(__gnu_cxx::_Lock_policy)2>::_M_dispose()()
________________________________________________________________________________________________________
*** CID 1401342: Error handling issues (UNCAUGHT_EXCEPT)
/usr/include/c++/8/bits/shared_ptr_base.h: 550 in
std::_Sp_counted_ptr_inplace<sd::GraphicViewShell, std::allocator<sd::GraphicViewShell>,
(__gnu_cxx::_Lock_policy)2>::_M_dispose()()
544 std::forward<_Args>(__args)...); // might throw
545 }
546
547 ~_Sp_counted_ptr_inplace() noexcept { }
548
549 virtual void
CID 1401342: Error handling issues (UNCAUGHT_EXCEPT)
An exception of type "com::sun::star::uno::RuntimeException" is thrown but the throw list
"noexcept" doesn't allow it to be thrown. This will cause a call to unexpected() which usually
calls terminate().
550 _M_dispose() noexcept
551 {
552 allocator_traits<_Alloc>::destroy(_M_impl._M_alloc(), _M_ptr());
553 }
554
555 // Override because the allocator needs to know the dynamic type
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit,
https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRZBnDJeNb0HijxaS4JNJPxk3kpyAm2AYqo71yXmnOxB73RtgzoPcQtNNP5dkHLuV1E-3D_g-2BrHdvqzaBa155F-2F8AmPhpJzY63UzWDisJV95WUBpGhqFw1ICExHG8aMaV2EoFpyjKrxDz-2F9L9r15q7dApjlxu2GwAMYV4stHx4FPcftcsP0RtoWHWoTgs-2BZFPKxuGEZzXoOOpKEY-2BhNG-2BVjXaGVJo-2F3MCwCwvyBnBkClQwtTDTscU7oS9AUXao-2BDEENmuEsGzYIhsmA-2Bc1efaQTNWTgubTEjCS6-2BAJH-2Bw5rfXXltI1hFbwkTz1WlgE9a52PNTfr
Context
- New Defects reported by Coverity Scan for LibreOffice · scan-admin
Privacy Policy |
Impressum (Legal Info) |
Copyright information: Unless otherwise specified, all text and images
on this website are licensed under the
Creative Commons Attribution-Share Alike 3.0 License.
This does not include the source code of LibreOffice, which is
licensed under the Mozilla Public License (
MPLv2).
"LibreOffice" and "The Document Foundation" are
registered trademarks of their corresponding registered owners or are
in actual use as trademarks in one or more countries. Their respective
logos and icons are also subject to international copyright laws. Use
thereof is explained in our
trademark policy.