New Defects reported by Coverity Scan for LibreOffice

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

Please find the latest report on new defect(s) introduced to LibreOffice found with Coverity Scan.

10 new defect(s) introduced to LibreOffice found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 10 of 10 defect(s)


** CID 1439340:  Error handling issues  (CHECKED_RETURN)
/sfx2/qa/cppunit/test_misc.cxx: 190 in <unnamed>::MiscTest::testHardLinks()()


________________________________________________________________________________________________________
*** CID 1439340:  Error handling issues  (CHECKED_RETURN)
/sfx2/qa/cppunit/test_misc.cxx: 190 in <unnamed>::MiscTest::testHardLinks()()
184         int nRet = stat(aOld.getStr(), &buf);
185         CPPUNIT_ASSERT_EQUAL(0, nRet);
186         // This failed: hard link count was 1, the hard link broke on store.
187         CPPUNIT_ASSERT(buf.st_nlink > 1);
188     
189         // Test that symlinks are presreved as well.
>>>     CID 1439340:  Error handling issues  (CHECKED_RETURN)
>>>     Calling "remove(aNew.getStr())" without checking return value. This library function may fail and return an error code.
190         remove(aNew.getStr());
191         symlink(aOld.getStr(), aNew.getStr());
192         xStorable->storeToURL(aURL + ".2", {});
193         nRet = lstat(aNew.getStr(), &buf);
194         CPPUNIT_ASSERT_EQUAL(0, nRet);
195         // This failed, the hello.odt.2 symlink was replaced with a real file.

** CID 1439339:  Null pointer dereferences  (NULL_RETURNS)


________________________________________________________________________________________________________
*** CID 1439339:  Null pointer dereferences  (NULL_RETURNS)
/sw/source/ui/envelp/label1.cxx: 684 in SwBusinessDataPage::FillItemSet(SfxItemSet *)()
678             FillItemSet(_pSet);
679         return DeactivateRC::LeavePage;
680     }
681     
682     bool SwBusinessDataPage::FillItemSet(SfxItemSet* rSet)
683     {
>>>     CID 1439339:  Null pointer dereferences  (NULL_RETURNS)
>>>     Dereferencing a pointer that might be null "this->GetDialogExampleSet()" when calling "Get".
684         SwLabItem aItem = static_cast<const SwLabItem&>(GetDialogExampleSet()->Get(FN_LABEL));
685     
686         aItem.m_aCompCompany   = m_xCompanyED->get_text();
687         aItem.m_aCompCompanyExt= m_xCompanyExtED->get_text();
688         aItem.m_aCompSlogan    = m_xSloganED->get_text();
689         aItem.m_aCompStreet    = m_xStreetED->get_text();

** CID 1439338:  Security best practices violations  (TOCTOU)
/sfx2/qa/cppunit/test_misc.cxx: 184 in <unnamed>::MiscTest::testHardLinks()()


________________________________________________________________________________________________________
*** CID 1439338:  Security best practices violations  (TOCTOU)
/sfx2/qa/cppunit/test_misc.cxx: 184 in <unnamed>::MiscTest::testHardLinks()()
178         CPPUNIT_ASSERT(xComponent.is());
179     
180         uno::Reference<frame::XStorable> xStorable(xComponent, uno::UNO_QUERY);
181         xStorable->store();
182     
183         struct stat buf;
>>>     CID 1439338:  Security best practices violations  (TOCTOU)
>>>     Calling function "stat" to perform check on "aOld.getStr()".
184         int nRet = stat(aOld.getStr(), &buf);
185         CPPUNIT_ASSERT_EQUAL(0, nRet);
186         // This failed: hard link count was 1, the hard link broke on store.
187         CPPUNIT_ASSERT(buf.st_nlink > 1);
188     
189         // Test that symlinks are presreved as well.

** CID 1439337:  Uninitialized members  (UNINIT_CTOR)
/svx/source/dialog/svxbmpnumvalueset.cxx: 822 in SvxBmpNumValueSet::SvxBmpNumValueSet(std::unique_ptr<weld::ScrolledWindow, std::default_delete<weld::ScrolledWindow>>)()


________________________________________________________________________________________________________
*** CID 1439337:  Uninitialized members  (UNINIT_CTOR)
/svx/source/dialog/svxbmpnumvalueset.cxx: 822 in SvxBmpNumValueSet::SvxBmpNumValueSet(std::unique_ptr<weld::ScrolledWindow, std::default_delete<weld::ScrolledWindow>>)()
816     }
817     
818     SvxBmpNumValueSet::SvxBmpNumValueSet(std::unique_ptr<weld::ScrolledWindow> pScrolledWindow)
819         : NumValueSet(std::move(pScrolledWindow))
820         , aFormatIdle("SvxBmpNumValueSet FormatIdle")
821     {
>>>     CID 1439337:  Uninitialized members  (UNINIT_CTOR)
>>>     Non-static class member "bGrfNotFound" is not initialized in this constructor nor in any functions that it calls.
822     }
823     
824     void SvxBmpNumValueSet::init()
825     {
826         NumValueSet::init(NumberingPageType::BITMAP);
827         bGrfNotFound = false;

** CID 1439336:  Resource leaks  (VIRTUAL_DTOR)


________________________________________________________________________________________________________
*** CID 1439336:  Resource leaks  (VIRTUAL_DTOR)

** CID 1439335:  Null pointer dereferences  (FORWARD_NULL)


________________________________________________________________________________________________________
*** CID 1439335:  Null pointer dereferences  (FORWARD_NULL)
/sw/source/core/crsr/findattr.cxx: 631 in SwAttrCheckArr::SetAttrBwd(const SwTextAttr &)()
625                     nFound--;
626                 }
627             }
628             if( pIter )
629             {
630                 nWhch = pIter->NextWhich();
>>>     CID 1439335:  Null pointer dereferences  (FORWARD_NULL)
>>>     Passing null pointer "pSet" to "GetItemState", which dereferences it.
631                 while( nWhch &&
632                     SfxItemState::SET != pSet->GetItemState( nWhch, true, &pTmpItem ) )
633                     nWhch = pIter->NextWhich();
634                 if( !nWhch )
635                     break;
636             }

** CID 1439334:  Null pointer dereferences  (NULL_RETURNS)


________________________________________________________________________________________________________
*** CID 1439334:  Null pointer dereferences  (NULL_RETURNS)
/sw/source/ui/envelp/label1.cxx: 594 in SwPrivateDataPage::FillItemSet(SfxItemSet *)()
588             FillItemSet(_pSet);
589         return DeactivateRC::LeavePage;
590     }
591     
592     bool SwPrivateDataPage::FillItemSet(SfxItemSet* rSet)
593     {
>>>     CID 1439334:  Null pointer dereferences  (NULL_RETURNS)
>>>     Dereferencing a pointer that might be null "this->GetDialogExampleSet()" when calling "Get".
594         SwLabItem aItem = static_cast<const SwLabItem&>(GetDialogExampleSet()->Get(FN_LABEL));
595         aItem.m_aPrivFirstName = m_xFirstNameED->get_text();
596         aItem.m_aPrivName      = m_xNameED->get_text();
597         aItem.m_aPrivShortCut  = m_xShortCutED->get_text();
598         aItem.m_aPrivFirstName2 = m_xFirstName2ED->get_text();
599         aItem.m_aPrivName2     = m_xName2ED->get_text();

** CID 1439333:  Null pointer dereferences  (NULL_RETURNS)


________________________________________________________________________________________________________
*** CID 1439333:  Null pointer dereferences  (NULL_RETURNS)
/sw/qa/extras/ooxmlexport/ooxmlexport2.cxx: 349 in testTable::verify()()
343     //    CHECK_FORMULA( "binom {a} {binom {b} {c}}", getFormula( getRun( getParagraph( 4 ), 1 )));
344     }
345     
346     DECLARE_OOXMLEXPORT_TEST(testTable, "table.odt")
347     {
348         // Make sure we write qFormat for well-known style names.
>>>     CID 1439333:  Null pointer dereferences  (NULL_RETURNS)
>>>     Dereferencing a pointer that might be null "this->parseExport(rtl::OUString const("word/styles.xml", rtl::libreoffice_internal::Dummy()))" when calling "assertXPath".
349         assertXPath(parseExport("word/styles.xml"), "//w:style[@w:styleId='Normal']/w:qFormat", 1);
350     }
351     
352     struct SingleLineBorders {
353         sal_Int16 top, bottom, left, right;
354         SingleLineBorders(int t=0, int b=0, int l=0, int r=0)

** CID 1439332:  Incorrect expression  (IDENTICAL_BRANCHES)
/sc/source/core/opencl/formulagroupcl.cxx: 2152 in sc::opencl::VectorRefFactory<sc::opencl::VectorRef>(const ScCalcConfig &, const std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> &, const std::shared_ptr<sc::opencl::FormulaTreeNode> &, std::shared_ptr<sc::opencl::SlidingFunctionBase>&, int)()


________________________________________________________________________________________________________
*** CID 1439332:  Incorrect expression  (IDENTICAL_BRANCHES)
/sc/source/core/opencl/formulagroupcl.cxx: 2152 in sc::opencl::VectorRefFactory<sc::opencl::VectorRef>(const ScCalcConfig &, const std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>> &, const std::shared_ptr<sc::opencl::FormulaTreeNode> &, std::shared_ptr<sc::opencl::SlidingFunctionBase>&, int)()
2146         int index )
2147     {
2148         //Black lists ineligible classes here ..
2149         // SUMIFS does not perform parallel reduction at DoubleVectorRef level
2150         if (dynamic_cast<OpSumIfs*>(pCodeGen.get()))
2151         {
>>>     CID 1439332:  Incorrect expression  (IDENTICAL_BRANCHES)
>>>     The same code is executed when the condition "index == 0" is true or false, because the code in the if-then branch and after the if statement is identical. Should the if statement be removed?
2152             if (index == 0) // the first argument of OpSumIfs cannot be strings anyway
2153                 return new DynamicKernelSlidingArgument<VectorRef>(config, s, ft, pCodeGen, index);
2154             return new DynamicKernelSlidingArgument<Base>(config, s, ft, pCodeGen, index);
2155         }
2156         // AVERAGE is not supported yet
2157         //Average has been supported by reduction kernel

** CID 1439331:  Null pointer dereferences  (FORWARD_NULL)


________________________________________________________________________________________________________
*** CID 1439331:  Null pointer dereferences  (FORWARD_NULL)
/sw/source/core/crsr/findattr.cxx: 480 in SwAttrCheckArr::SetAttrFwd(const SwTextAttr &)()
474                     nFound--;
475                 }
476             }
477             if( pIter )
478             {
479                 nWhch = pIter->NextWhich();
>>>     CID 1439331:  Null pointer dereferences  (FORWARD_NULL)
>>>     Passing null pointer "pSet" to "GetItemState", which dereferences it.
480                 while( nWhch &&
481                     SfxItemState::SET != pSet->GetItemState( nWhch, true, &pTmpItem ) )
482                     nWhch = pIter->NextWhich();
483                 if( !nWhch )
484                     break;
485             }


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRZBnDJeNb0HijxaS4JNJPxk3kpyAm2AYqo71yXmnOxB72ibeUH-2F-2F1Lhi9AZq3dRu-2F4-3D_g-2BrHdvqzaBa155F-2F8AmPhpJzY63UzWDisJV95WUBpGhqFw1ICExHG8aMaV2EoFpyRHuLWQO1iDYAKLqeTI-2FrWB-2BH0pyUfsnXEQTKIAHgwqeg-2BPlaNQppGcyGza2CEZnr4I4f-2BhlafEhhqWJ-2FGbjZllUmKsHDtuLfmvJYYcNPCZQO8MjGT353a257ALOFfqnmHN5sTtD0eF8915f0-2FQnXu1zRiuHGqTSoOsgC0XcIP7c-3D

_______________________________________________
LibreOffice mailing list
LibreOffice@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/libreoffice




[Index of Archives]     [LARTC]     [Bugtraq]     [Yosemite Forum]     [Photo]

  Powered by Linux