New Defects reported by Coverity Scan for LibreOffice

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

Please find the latest report on new defect(s) introduced to LibreOffice found with Coverity Scan.

16 new defect(s) introduced to LibreOffice found with Coverity Scan.
4 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 16 of 16 defect(s)


** CID 1438227:  Error handling issues  (NEGATIVE_RETURNS)
/desktop/source/splash/unxsplash.cxx: 98 in desktop::UnxSplashScreen::initialize(const com::sun::star::uno::Sequence<com::sun::star::uno::Any> &)()


________________________________________________________________________________________________________
*** CID 1438227:  Error handling issues  (NEGATIVE_RETURNS)
/desktop/source/splash/unxsplash.cxx: 98 in desktop::UnxSplashScreen::initialize(const com::sun::star::uno::Sequence<com::sun::star::uno::Any> &)()
92             OUString aArg;
93             osl_getCommandArg( i, &aArg.pData );
94             OUString aNum;
95             if ( aArg.startsWithIgnoreAsciiCase("--splash-pipe=", &aNum) )
96             {
97                 int fd = aNum.toInt32();
>>>     CID 1438227:  Error handling issues  (NEGATIVE_RETURNS)
>>>     "fd" is passed to a parameter that cannot be negative.
98                 m_pOutFd = fdopen( fd, "w" );
99                 SAL_INFO("desktop.splash", "Got argument '--splash-pipe=" << fd << " ('"
100                     << aNum << "') ("
101                     << static_cast<void *>(m_pOutFd) << ")");
102             }
103         }

** CID 1438226:  Null pointer dereferences  (FORWARD_NULL)


________________________________________________________________________________________________________
*** CID 1438226:  Null pointer dereferences  (FORWARD_NULL)
/sw/source/core/unocore/unochart.cxx: 425 in GetFormatAndCreateCursorFromRangeRep(const SwDoc *, const rtl::OUString &, SwFrameFormat **, std::shared_ptr<SwUnoCursor> &)()
419                     pUnoCursor->SetMark();
420                     pUnoCursor->GetPoint()->nNode = *pBRBox->GetSttNd();
421                     pUnoCursor->Move( fnMoveForward, GoInNode );
422                     SwUnoTableCursor* pCursor =
423                         dynamic_cast<SwUnoTableCursor*>(pUnoCursor.get());
424                     // HACK: remove pending actions for old style tables
>>>     CID 1438226:  Null pointer dereferences  (FORWARD_NULL)
>>>     Passing null pointer "pCursor" to "UnoActionRemoveContext", which dereferences it.
425                     UnoActionRemoveContext aRemoveContext(*pCursor);
426                     pCursor->MakeBoxSels();
427                     rpUnoCursor = pUnoCursor;
428                 }
429             }
430         }

** CID 1438225:  Integer handling issues  (NEGATIVE_RETURNS)
/sw/source/core/tox/txmsrt.cxx: 677 in SwTOXAuthority::GetLevel() const()


________________________________________________________________________________________________________
*** CID 1438225:  Integer handling issues  (NEGATIVE_RETURNS)
/sw/source/core/tox/txmsrt.cxx: 677 in SwTOXAuthority::GetLevel() const()
671         OUString sText(static_cast<SwAuthorityField*>(m_rField.GetField())->GetFieldText(AUTH_FIELD_AUTHORITY_TYPE));
672         //#i18655# the level '0' is the heading level therefore the values are incremented here
673         sal_uInt16 nRet = 1;
674         if( pTOXIntl->IsNumeric( sText ) )
675         {
676             nRet = static_cast<sal_uInt16>(sText.toInt32());
>>>     CID 1438225:  Integer handling issues  (NEGATIVE_RETURNS)
>>>     Unsigned variable "nRet" is incremented, which might cause an integer overflow.
677             nRet++;
678         }
679         //illegal values are also set to 'ARTICLE' as non-numeric values are
680         if(nRet > AUTH_TYPE_END)
681             nRet = 1;
682         return nRet;

** CID 1438224:  Null pointer dereferences  (NULL_RETURNS)


________________________________________________________________________________________________________
*** CID 1438224:  Null pointer dereferences  (NULL_RETURNS)
/oox/source/drawingml/shape.cxx: 525 in oox::drawingml::lcl_createPresetShape(com::sun::star::uno::Reference<com::sun::star::drawing::XShape> &, const rtl::OUString &, const rtl::OUString &, std::shared_ptr<oox::drawingml::CustomShapeProperties>, std::shared_ptr<oox::drawingml::TextBody>, const oox::GraphicHelper &)()
519                 ParagraphAdjust eAdjust = ParagraphAdjust_LEFT;
520                 if (pParagraph->getProperties().getParaAdjust())
521                     eAdjust = pParagraph->getProperties().getParaAdjust().get();
522                 xSet->setPropertyValue( "ParaAdjust", uno::makeAny( eAdjust ) );
523                 SvxShape* pShape = SvxShape::getImplementation( xShape );
524                 SdrTextHorzAdjust eHorzAdjust = lcl_convertAdjust( eAdjust );
>>>     CID 1438224:  Null pointer dereferences  (NULL_RETURNS)
>>>     Dereferencing a pointer that might be null "pShape" when calling "GetSdrObject".
525                 pShape->GetSdrObject()->SetMergedItem( SdrTextHorzAdjustItem( eHorzAdjust ) );
526             }
527         }
528     
529         // Apply preset shape
530         xDefaulter->createCustomShapeDefaults( rClass );

** CID 1438223:  Error handling issues  (NEGATIVE_RETURNS)
/connectivity/source/commontools/RowFunctionParser.cxx: 234 in connectivity::<unnamed>::UnaryFunctionExpression::evaluate(const std::vector<rtl::Reference<connectivity::ORowSetValueDecorator>, std::allocator<rtl::Reference<connectivity::ORowSetValueDecorator>>> &) const()


________________________________________________________________________________________________________
*** CID 1438223:  Error handling issues  (NEGATIVE_RETURNS)
/connectivity/source/commontools/RowFunctionParser.cxx: 234 in connectivity::<unnamed>::UnaryFunctionExpression::evaluate(const std::vector<rtl::Reference<connectivity::ORowSetValueDecorator>, std::allocator<rtl::Reference<connectivity::ORowSetValueDecorator>>> &) const()
228         explicit UnaryFunctionExpression( const std::shared_ptr<ExpressionNode>& rArg ) :
229             mpArg( rArg )
230         {
231         }
232         virtual ORowSetValueDecoratorRef evaluate(const ODatabaseMetaDataResultSet::ORow& _aRow ) const override
233         {
>>>     CID 1438223:  Error handling issues  (NEGATIVE_RETURNS)
>>>     "connectivity::ORowSetValueDecoratorRef(this->mpArg->evaluate(_aRow))->getValue()->getInt32()" is passed to a parameter that cannot be negative. [Note: The source code implementation of the function has been overridden by a builtin model.]
234             return _aRow[mpArg->evaluate(_aRow )->getValue().getInt32()];
235         }
236         virtual void fill(const ODatabaseMetaDataResultSet::ORow& /*_aRow*/ ) const override
237         {
238         }
239     };

** CID 1438222:  Error handling issues  (NEGATIVE_RETURNS)
/sfx2/source/dialog/mgetempl.cxx: 437 in SfxManageStyleSheetPage::FillItemSet(SfxItemSet *)()


________________________________________________________________________________________________________
*** CID 1438222:  Error handling issues  (NEGATIVE_RETURNS)
/sfx2/source/dialog/mgetempl.cxx: 437 in SfxManageStyleSheetPage::FillItemSet(SfxItemSet *)()
431              m_xFilterLb->get_value_changed_from_saved() &&
432              m_xFilterLb->get_sensitive() )
433         {
434             bModified = true;
435             OSL_ENSURE( pItem, "No Item" );
436             // is only possibly for user templates
>>>     CID 1438222:  Error handling issues  (NEGATIVE_RETURNS)
>>>     "rtl::OUString(this->m_xFilterLb->get_id(nFilterIdx)).toInt32(10)" is passed to a parameter that cannot be negative. [Note: The source code implementation of the function has been overridden by a builtin model.]
437             SfxStyleSearchBits nMask = pItem->GetFilterList()[m_xFilterLb->get_id(nFilterIdx).toInt32()].nFlags | SfxStyleSearchBits::UserDefined;
438             pStyle->SetMask( nMask );
439         }
440         if (m_xAutoCB->get_visible() && m_xAutoCB->get_state_changed_from_saved())
441         {
442             rSet->Put(SfxBoolItem(SID_ATTR_AUTO_STYLE_UPDATE, m_xAutoCB->get_active()));

** CID 1438221:  Error handling issues  (NEGATIVE_RETURNS)
/sw/source/uibase/misc/glosdoc.cxx: 125 in SwGlossaries::FindGroupName(rtl::OUString &)()


________________________________________________________________________________________________________
*** CID 1438221:  Error handling issues  (NEGATIVE_RETURNS)
/sw/source/uibase/misc/glosdoc.cxx: 125 in SwGlossaries::FindGroupName(rtl::OUString &)()
119         const ::utl::TransliterationWrapper& rSCmp = GetAppCmpStrIgnore();
120         for(size_t i = 0; i < nCount; ++i)
121         {
122             const OUString sTemp( GetGroupName( i ));
123             sal_uInt16 nPath = static_cast<sal_uInt16>(sTemp.getToken(1, GLOS_DELIM).toInt32());
124     
>>>     CID 1438221:  Error handling issues  (NEGATIVE_RETURNS)
>>>     "nPath" is passed to a parameter that cannot be negative. [Note: The source code implementation of the function has been overridden by a builtin model.]
125             if (!SWUnoHelper::UCB_IsCaseSensitiveFileName( m_PathArr[nPath] )
126                  && rSCmp.isEqual( rGroup, sTemp.getToken( 0, GLOS_DELIM) ) )
127             {
128                 rGroup = sTemp;
129                 return true;
130             }

** CID 1438220:  Integer handling issues  (NEGATIVE_RETURNS)


________________________________________________________________________________________________________
*** CID 1438220:  Integer handling issues  (NEGATIVE_RETURNS)
/sc/source/ui/view/viewdata.cxx: 2868 in ScViewData::ReadUserData(const rtl::OUString &)()
2862         sal_Unicode cMode = aZoomStr.getToken(2,'/')[0];            // 0 or "0"/"1"
2863         SetPagebreakMode( cMode == '1' );
2864         // SetPagebreakMode must always be called due to CalcPPT / RecalcPixPos()
2865     
2866         // sheet may have become invalid (for instance last version):
2867         SCTAB nNewTab = static_cast<SCTAB>(rData.getToken(1, ';').toInt32());
>>>     CID 1438220:  Integer handling issues  (NEGATIVE_RETURNS)
>>>     "nNewTab" is passed to a parameter that cannot be negative.
2868         if (pDoc->HasTable( nNewTab ))
2869             SetTabNo(nNewTab);
2870     
2871         // if available, get tab bar width:
2872         OUString aTabOpt = rData.getToken(2, ';');
2873     

** CID 1438219:  Null pointer dereferences  (FORWARD_NULL)


________________________________________________________________________________________________________
*** CID 1438219:  Null pointer dereferences  (FORWARD_NULL)
/sw/source/core/unocore/unotbl.cxx: 4197 in SwXTableColumns::removeByIndex(int, int)()
4191         pUnoCursor->SetMark();
4192         pUnoCursor->GetPoint()->nNode = *pTRBox->GetSttNd();
4193         pUnoCursor->Move(fnMoveForward, GoInNode);
4194         SwUnoTableCursor* pCursor = dynamic_cast<SwUnoTableCursor*>(pUnoCursor.get());
4195         {
4196             // HACK: remove pending actions for selecting old style tables
>>>     CID 1438219:  Null pointer dereferences  (FORWARD_NULL)
>>>     Passing null pointer "pCursor" to "UnoActionRemoveContext", which dereferences it.
4197             UnoActionRemoveContext aRemoveContext(*pCursor);
4198         }
4199         pCursor->MakeBoxSels();
4200         {   // these braces are important
4201             UnoActionContext aAction(pFrameFormat->GetDoc());
4202             pFrameFormat->GetDoc()->DeleteCol(*pUnoCursor);

** CID 1438218:  Null pointer dereferences  (FORWARD_NULL)


________________________________________________________________________________________________________
*** CID 1438218:  Null pointer dereferences  (FORWARD_NULL)
/sw/source/core/unocore/unotbl.cxx: 3363 in SwXCellRange::getCellRangeByPosition(int, int, int, int)()
3357                     {
3358                         pUnoCursor->SetMark();
3359                         pUnoCursor->GetPoint()->nNode = *pBRBox->GetSttNd();
3360                         pUnoCursor->Move( fnMoveForward, GoInNode );
3361                         SwUnoTableCursor* pCursor = dynamic_cast<SwUnoTableCursor*>(pUnoCursor.get());
3362                         // HACK: remove pending actions for selecting old style tables
>>>     CID 1438218:  Null pointer dereferences  (FORWARD_NULL)
>>>     Passing null pointer "pCursor" to "UnoActionRemoveContext", which dereferences it.
3363                         UnoActionRemoveContext aRemoveContext(*pCursor);
3364                         pCursor->MakeBoxSels();
3365                         // pUnoCursor will be provided and will not be deleted
3366                         aRet = SwXCellRange::CreateXCellRange(pUnoCursor, *pFormat, aNewDesc).get();
3367                     }
3368                 }

** CID 1438217:    (NEGATIVE_RETURNS)


________________________________________________________________________________________________________
*** CID 1438217:    (NEGATIVE_RETURNS)
/chart2/source/tools/InternalDataProvider.cxx: 869 in chart::InternalDataProvider::getDataByRangeRepresentation(const rtl::OUString &)()
863     {
864         Sequence< uno::Any > aResult;
865     
866         if( aRange.match( lcl_aLabelRangePrefix ) )
867         {
868             sal_Int32 nIndex = aRange.copy( strlen(lcl_aLabelRangePrefix)).toInt32();
>>>     CID 1438217:    (NEGATIVE_RETURNS)
>>>     "nIndex" is passed to a parameter that cannot be negative.
869             vector< uno::Any > aComplexLabel = m_bDataInColumns
870                 ? m_aInternalData.getComplexColumnLabel( nIndex )
871                 : m_aInternalData.getComplexRowLabel( nIndex );
872             if( !aComplexLabel.empty() )
873                 aResult = comphelper::containerToSequence(aComplexLabel);
874         }
/chart2/source/tools/InternalDataProvider.cxx: 878 in chart::InternalDataProvider::getDataByRangeRepresentation(const rtl::OUString &)()
872             if( !aComplexLabel.empty() )
873                 aResult = comphelper::containerToSequence(aComplexLabel);
874         }
875         else if( aRange.match( lcl_aCategoriesPointRangeNamePrefix ) )
876         {
877             sal_Int32 nPointIndex = aRange.copy( strlen(lcl_aCategoriesPointRangeNamePrefix) ).toInt32();
>>>     CID 1438217:    (NEGATIVE_RETURNS)
>>>     "nPointIndex" is passed to a parameter that cannot be negative.
878             vector< uno::Any > aComplexCategory = m_bDataInColumns
879                 ? m_aInternalData.getComplexRowLabel( nPointIndex )
880                 : m_aInternalData.getComplexColumnLabel( nPointIndex );
881             if( !aComplexCategory.empty() )
882                 aResult = comphelper::containerToSequence(aComplexCategory);
883         }

** CID 1438216:  Resource leaks  (RESOURCE_LEAK)
/filter/source/pdf/pdfexport.cxx: 943 in PDFExport::Export(const rtl::OUString &, const com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> &)()


________________________________________________________________________________________________________
*** CID 1438216:  Resource leaks  (RESOURCE_LEAK)
/filter/source/pdf/pdfexport.cxx: 943 in PDFExport::Export(const rtl::OUString &, const com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> &)()
937                         }
938                         catch( const uno::Exception& )
939                         {
940                         }
941                     }
942                 }
>>>     CID 1438216:  Resource leaks  (RESOURCE_LEAK)
>>>     Variable "pXDevice" going out of scope leaks the storage it points to.
943             }
944         }
945     
946         // show eventual errors during export
947         showErrors( aErrors );
948     

** CID 1438215:    (NEGATIVE_RETURNS)
/oox/source/ppt/comments.cxx: 60 in oox::ppt::Comment::setDateTime(const rtl::OUString &)()
/oox/source/ppt/comments.cxx: 55 in oox::ppt::Comment::setDateTime(const rtl::OUString &)()


________________________________________________________________________________________________________
*** CID 1438215:    (NEGATIVE_RETURNS)
/oox/source/ppt/comments.cxx: 60 in oox::ppt::Comment::setDateTime(const rtl::OUString &)()
54             aDateTime.Seconds = 0;
55             ++aDateTime.Minutes;
56         }
57         if (aDateTime.Minutes == 60)
58         {
59             aDateTime.Minutes = 0;
>>>     CID 1438215:    (NEGATIVE_RETURNS)
>>>     Unsigned variable "this->aDateTime.Hours" is incremented, which might cause an integer overflow.
60             ++aDateTime.Hours;
61         }
62         // if overflow goes into date, I give up
63     }
64     
65     OUString Comment::getAuthor ( const CommentAuthorList& list )
/oox/source/ppt/comments.cxx: 55 in oox::ppt::Comment::setDateTime(const rtl::OUString &)()
49             aDateTime.NanoSeconds = 0;
50             ++aDateTime.Seconds;
51         }
52         if (aDateTime.Seconds == secondsOverflow)
53         {
54             aDateTime.Seconds = 0;
>>>     CID 1438215:    (NEGATIVE_RETURNS)
>>>     Unsigned variable "this->aDateTime.Minutes" is incremented, which might cause an integer overflow.
55             ++aDateTime.Minutes;
56         }
57         if (aDateTime.Minutes == 60)
58         {
59             aDateTime.Minutes = 0;
60             ++aDateTime.Hours;

** CID 1438214:  Null pointer dereferences  (FORWARD_NULL)


________________________________________________________________________________________________________
*** CID 1438214:  Null pointer dereferences  (FORWARD_NULL)
/sw/source/core/unocore/unotbl.cxx: 2285 in <unnamed>::GetRangeByName(SwFrameFormat *, const SwTable *, const rtl::OUString &, const rtl::OUString &, const SwRangeDescriptor &)()
2279             return nullptr;
2280         pUnoCursor->SetMark();
2281         pUnoCursor->GetPoint()->nNode = *pBRBox->GetSttNd();
2282         pUnoCursor->Move( fnMoveForward, GoInNode );
2283         SwUnoTableCursor* pCursor = dynamic_cast<SwUnoTableCursor*>(pUnoCursor.get());
2284         // HACK: remove pending actions for selecting old style tables
>>>     CID 1438214:  Null pointer dereferences  (FORWARD_NULL)
>>>     Passing null pointer "pCursor" to "UnoActionRemoveContext", which dereferences it.
2285         UnoActionRemoveContext aRemoveContext(*pCursor);
2286         pCursor->MakeBoxSels();
2287         // pUnoCursor will be provided and will not be deleted
2288         return SwXCellRange::CreateXCellRange(pUnoCursor, *pFormat, rDesc).get();
2289     }
2290     

** CID 1438213:  Error handling issues  (NEGATIVE_RETURNS)
/sw/source/filter/ww8/docxattributeoutput.cxx: 2662 in DocxAttributeOutput::StartURL(const rtl::OUString &, const rtl::OUString &)()


________________________________________________________________________________________________________
*** CID 1438213:  Error handling issues  (NEGATIVE_RETURNS)
/sw/source/filter/ww8/docxattributeoutput.cxx: 2662 in DocxAttributeOutput::StartURL(const rtl::OUString &, const rtl::OUString &)()
2656                         std::map<OUString, std::vector<OString> >::iterator it = m_aSeqBookmarksNames.find(aSequenceName);
2657                         if (it != m_aSeqBookmarksNames.end())
2658                         {
2659                             std::vector<OString>& rNames = it->second;
2660                             if (rNames.size() > nIndex)
2661                                 // We know the bookmark name for this sequence and this index, do the replacement.
>>>     CID 1438213:  Error handling issues  (NEGATIVE_RETURNS)
>>>     "nIndex" is passed to a parameter that cannot be negative. [Note: The source code implementation of the function has been overridden by a builtin model.]
2662                                 sMark = OStringToOUString(rNames[nIndex], RTL_TEXTENCODING_UTF8);
2663                         }
2664                     }
2665                 }
2666                 m_pHyperlinkAttrList->add( FSNS( XML_w, XML_anchor ),
2667                         OUStringToOString( sMark, RTL_TEXTENCODING_UTF8 ).getStr( ) );

** CID 1438212:  Null pointer dereferences  (FORWARD_NULL)


________________________________________________________________________________________________________
*** CID 1438212:  Null pointer dereferences  (FORWARD_NULL)
/sw/source/core/unocore/unotbl.cxx: 4046 in SwXTableRows::removeByIndex(int, int)()
4040         pUnoCursor->SetMark();
4041         pUnoCursor->GetPoint()->nNode = *pBLBox->GetSttNd();
4042         pUnoCursor->Move(fnMoveForward, GoInNode);
4043         SwUnoTableCursor* pCursor = dynamic_cast<SwUnoTableCursor*>(pUnoCursor.get());
4044         {
4045             // HACK: remove pending actions for selecting old style tables
>>>     CID 1438212:  Null pointer dereferences  (FORWARD_NULL)
>>>     Passing null pointer "pCursor" to "UnoActionRemoveContext", which dereferences it.
4046             UnoActionRemoveContext aRemoveContext(*pCursor);
4047         }
4048         pCursor->MakeBoxSels();
4049         {   // these braces are important
4050             UnoActionContext aAction(pFrameFormat->GetDoc());
4051             pFrameFormat->GetDoc()->DeleteRow(*pUnoCursor);


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRZBnDJeNb0HijxaS4JNJPxk3kpyAm2AYqo71yXmnOxB72ibeUH-2F-2F1Lhi9AZq3dRu-2F4-3D_g-2BrHdvqzaBa155F-2F8AmPhpJzY63UzWDisJV95WUBpGhqFw1ICExHG8aMaV2EoFpyloE6GgXS1AjTJ-2FGD71VhITgxWWJLd9O-2FtEKv6BEReocUyNiAgJH9MLKXyaSlFNc7KFNSdM9Nd3x-2F84UvEFAdM95RKjGMHlXsPTV4UW-2BsnfwED0JNhQGeasxKgBc2zGz4SEdVIXNWMfEfBjLao-2F6A2-2B9Ag3IKn05yyLanx7WGe0U-3D



[Index of Archives]     [LARTC]     [Bugtraq]     [Yosemite Forum]     [Photo]

  Powered by Linux