New Defects reported by Coverity Scan for LibreOffice

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

Please find the latest report on new defect(s) introduced to LibreOffice found with Coverity Scan.

4 new defect(s) introduced to LibreOffice found with Coverity Scan.
5 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 4 of 4 defect(s)


** CID 1441444:  Integer handling issues  (SIGN_EXTENSION)
/sc/source/filter/inc/ftools.hxx: 104 in insert_value<unsigned short, unsigned short>(T1 &, T2, unsigned char, unsigned char)()


________________________________________________________________________________________________________
*** CID 1441444:  Integer handling issues  (SIGN_EXTENSION)
/sc/source/filter/inc/ftools.hxx: 104 in insert_value<unsigned short, unsigned short>(T1 &, T2, unsigned char, unsigned char)()
98         there at bit nStartBit. Other contents of rnBitField keep unchanged. */
99     template< typename Type, typename InsertType >
100     void insert_value( Type& rnBitField, InsertType nValue, sal_uInt8 nStartBit, sal_uInt8 nBitCount )
101     {
102         unsigned long nMask = ((1UL << nBitCount) - 1);
103         Type nNewValue = static_cast< Type >( nValue & nMask );
>>>     CID 1441444:  Integer handling issues  (SIGN_EXTENSION)
>>>     Suspicious implicit sign extension: "nNewValue" with type "sal_uInt16" (16 bits, unsigned) is promoted in "nNewValue << nStartBit" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned).  If "nNewValue << nStartBit" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
104         rnBitField = (rnBitField & ~(nMask << nStartBit)) | (nNewValue << nStartBit);
105     }
106     
107     class Color;
108     class SfxPoolItem;
109     class SfxItemSet;

** CID 1441443:  Null pointer dereferences  (REVERSE_INULL)
/sw/source/core/text/txtfrm.cxx: 3310 in SwTextFrame::CalcAdditionalFirstLineOffset()()


________________________________________________________________________________________________________
*** CID 1441443:  Null pointer dereferences  (REVERSE_INULL)
/sw/source/core/text/txtfrm.cxx: 3310 in SwTextFrame::CalcAdditionalFirstLineOffset()()
3304         // reset additional first line offset
3305         mnAdditionalFirstLineOffset = 0;
3306     
3307         const SwTextNode* pTextNode( GetTextNodeForParaProps() );
3308         // sw_redlinehide: check that pParaPropsNode is the correct one
3309         assert(pTextNode->IsNumbered(getRootFrame()) == pTextNode->IsNumbered(nullptr));
>>>     CID 1441443:  Null pointer dereferences  (REVERSE_INULL)
>>>     Null-checking "pTextNode" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
3310         if (pTextNode && pTextNode->IsNumbered(getRootFrame()) &&
3311             pTextNode->IsCountedInList() && pTextNode->GetNumRule())
3312         {
3313             int nListLevel = pTextNode->GetActualListLevel();
3314     
3315             if (nListLevel < 0)

** CID 1441442:  Integer handling issues  (SIGN_EXTENSION)
/sc/source/filter/inc/ftools.hxx: 104 in insert_value<unsigned short, unsigned char>(T1 &, T2, unsigned char, unsigned char)()


________________________________________________________________________________________________________
*** CID 1441442:  Integer handling issues  (SIGN_EXTENSION)
/sc/source/filter/inc/ftools.hxx: 104 in insert_value<unsigned short, unsigned char>(T1 &, T2, unsigned char, unsigned char)()
98         there at bit nStartBit. Other contents of rnBitField keep unchanged. */
99     template< typename Type, typename InsertType >
100     void insert_value( Type& rnBitField, InsertType nValue, sal_uInt8 nStartBit, sal_uInt8 nBitCount )
101     {
102         unsigned long nMask = ((1UL << nBitCount) - 1);
103         Type nNewValue = static_cast< Type >( nValue & nMask );
>>>     CID 1441442:  Integer handling issues  (SIGN_EXTENSION)
>>>     Suspicious implicit sign extension: "nNewValue" with type "sal_uInt16" (16 bits, unsigned) is promoted in "nNewValue << nStartBit" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned).  If "nNewValue << nStartBit" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
104         rnBitField = (rnBitField & ~(nMask << nStartBit)) | (nNewValue << nStartBit);
105     }
106     
107     class Color;
108     class SfxPoolItem;
109     class SfxItemSet;

** CID 1441441:  Error handling issues  (UNCAUGHT_EXCEPT)
/sc/source/core/data/formulacell.cxx: 1505 in <unnamed>::TemporaryCellGroupMaker::~TemporaryCellGroupMaker()()


________________________________________________________________________________________________________
*** CID 1441441:  Error handling issues  (UNCAUGHT_EXCEPT)
/sc/source/core/data/formulacell.cxx: 1505 in <unnamed>::TemporaryCellGroupMaker::~TemporaryCellGroupMaker()()
1499             if( mEnabled && mCell->GetCellGroup() == nullptr )
1500             {
1501                 mCell->CreateCellGroup( 1, false );
1502                 mCell->GetDocument()->GetRecursionHelper().AddTemporaryGroupCell( mCell );
1503             }
1504         }
>>>     CID 1441441:  Error handling issues  (UNCAUGHT_EXCEPT)
>>>     An exception of type "com::sun::star::uno::RuntimeException" is thrown but the throw list "throw()" doesn't allow it to be thrown. This will cause a call to unexpected() which usually calls terminate().
1505         ~TemporaryCellGroupMaker()
1506         {
1507             if( mEnabled )
1508                 mCell->GetDocument()->GetRecursionHelper().CleanTemporaryGroupCells();
1509         }
1510         ScFormulaCell* mCell;


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRZBnDJeNb0HijxaS4JNJPxk3kpyAm2AYqo71yXmnOxB72ibeUH-2F-2F1Lhi9AZq3dRu-2F4-3D_g-2BrHdvqzaBa155F-2F8AmPhpJzY63UzWDisJV95WUBpGhqFw1ICExHG8aMaV2EoFpySMbMX2y55vHGEqQWTnXUisR-2FXw3NRtZfMbeYNwrUl19KCNRklO4ozfB8onH8eFJKWaw-2B5G-2BZoQJgzd0ZryT1uC3NRgveG6BH4LoGSd7-2FUSfVygRQQZSAabrn8qq3OZxjmMt0dmDFJfsg1cUZBRyHF5x-2BFBXdHe8P40KeaUsrOtY-3D

_______________________________________________
LibreOffice mailing list
LibreOffice@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/libreoffice




[Index of Archives]     [LARTC]     [Bugtraq]     [Yosemite Forum]     [Photo]

  Powered by Linux