New Defects reported by Coverity Scan for LibreOffice

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

Please find the latest report on new defect(s) introduced to LibreOffice found with Coverity Scan.

5 new defect(s) introduced to LibreOffice found with Coverity Scan.
4 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 5 of 5 defect(s)


** CID 1441470:  Uninitialized members  (UNINIT_CTOR)
/vcl/unx/gtk3/gtk3gtkinst.cxx: 4133 in GtkInstanceTreeIter::GtkInstanceTreeIter(const GtkInstanceTreeIter*)()


________________________________________________________________________________________________________
*** CID 1441470:  Uninitialized members  (UNINIT_CTOR)
/vcl/unx/gtk3/gtk3gtkinst.cxx: 4133 in GtkInstanceTreeIter::GtkInstanceTreeIter(const GtkInstanceTreeIter*)()
4127     
4128     struct GtkInstanceTreeIter : public weld::TreeIter
4129     {
4130         GtkInstanceTreeIter(const GtkInstanceTreeIter* pOrig)
4131         {
4132             if (!pOrig)
>>>     CID 1441470:  Uninitialized members  (UNINIT_CTOR)
>>>     Non-static class member field "iter.user_data3" is not initialized in this constructor nor in any functions that it calls.
4133                 return;
4134             iter = pOrig->iter;
4135         }
4136         GtkTreeIter iter;
4137     };
4138     

** CID 1441469:  Null pointer dereferences  (NULL_RETURNS)


________________________________________________________________________________________________________
*** CID 1441469:  Null pointer dereferences  (NULL_RETURNS)
/vcl/source/app/salvtables.cxx: 2165 in SalInstanceTreeView::ExpandingHdl(SvTreeListBox *)()
2159         bool bPlaceHolder = false;
2160         if (pEntry->HasChildren())
2161         {
2162             auto pChild = m_xTreeView->FirstChild(pEntry);
2163             if (m_xTreeView->GetEntryText(pChild) == "<dummy>")
2164             {
>>>     CID 1441469:  Null pointer dereferences  (NULL_RETURNS)
>>>     Dereferencing a pointer that might be null "pChild" when calling "RemoveEntry".
2165                 m_xTreeView->RemoveEntry(pChild);
2166                 bPlaceHolder = true;
2167             }
2168         }
2169     
2170         SalInstanceTreeIter aIter(nullptr);

** CID 1441468:  Uninitialized members  (UNINIT_CTOR)
/vcl/source/app/salvtables.cxx: 1758 in SalInstanceTreeIter::SalInstanceTreeIter(const SalInstanceTreeIter*)()


________________________________________________________________________________________________________
*** CID 1441468:  Uninitialized members  (UNINIT_CTOR)
/vcl/source/app/salvtables.cxx: 1758 in SalInstanceTreeIter::SalInstanceTreeIter(const SalInstanceTreeIter*)()
1752     
1753     struct SalInstanceTreeIter : public weld::TreeIter
1754     {
1755         SalInstanceTreeIter(const SalInstanceTreeIter* pOrig)
1756         {
1757             if (!pOrig)
>>>     CID 1441468:  Uninitialized members  (UNINIT_CTOR)
>>>     Non-static class member "iter" is not initialized in this constructor nor in any functions that it calls.
1758                 return;
1759             iter = pOrig->iter;
1760         }
1761         SvTreeListEntry* iter;
1762     };
1763     

** CID 1441467:  Error handling issues  (CHECKED_RETURN)
/vcl/unx/gtk/fpicker/SalGtkFilePicker.cxx: 1236 in SalGtkFilePicker::HandleGetListValue(_GtkComboBox *, short)()


________________________________________________________________________________________________________
*** CID 1441467:  Error handling issues  (CHECKED_RETURN)
/vcl/unx/gtk/fpicker/SalGtkFilePicker.cxx: 1236 in SalGtkFilePicker::HandleGetListValue(_GtkComboBox *, short)()
1230                         {
1231                             gchar *item;
1232                             gtk_tree_model_get(gtk_combo_box_get_model(pWidget),
1233                                 &iter, 0, &item, -1);
1234                             aItemList[i] = OUString(item, strlen(item), RTL_TEXTENCODING_UTF8);
1235                             g_free(item);
>>>     CID 1441467:  Error handling issues  (CHECKED_RETURN)
>>>     Calling "gtk_tree_model_iter_next" without checking return value (as is done elsewhere 4 out of 5 times).
1236                             gtk_tree_model_iter_next(pTree, &iter);
1237                         }
1238                     }
1239                     aAny <<= aItemList;
1240                 }
1241                 break;

** CID 1441466:    (TAINTED_SCALAR)
/filter/source/graphicfilter/ipict/ipict.cxx: 1095 in PictReader::ReadPixMapEtc(BitmapEx &, bool, bool, tools::Rectangle *, tools::Rectangle *, bool, bool)()
/filter/source/graphicfilter/ipict/ipict.cxx: 1126 in PictReader::ReadPixMapEtc(BitmapEx &, bool, bool, tools::Rectangle *, tools::Rectangle *, bool, bool)()


________________________________________________________________________________________________________
*** CID 1441466:    (TAINTED_SCALAR)
/filter/source/graphicfilter/ipict/ipict.cxx: 1095 in PictReader::ReadPixMapEtc(BitmapEx &, bool, bool, tools::Rectangle *, tools::Rectangle *, bool, bool)()
1089                         {
1090                             pPict->ReadUChar( nByteCountAsByte );
1091                             nByteCount = nByteCountAsByte;
1092                             nByteCount++;
1093                         }
1094                         size_t i = 0;
>>>     CID 1441466:    (TAINTED_SCALAR)
>>>     Using tainted variable "nByteWidth" as a loop boundary.
1095                         while (i < nByteWidth)
1096                         {
1097                             pPict->ReadUChar( nFlagCounterByte );
1098                             if ( ( nFlagCounterByte & 0x80 ) == 0)
1099                             {
1100                                 nCount = static_cast<sal_uInt16>(nFlagCounterByte) + 1;
/filter/source/graphicfilter/ipict/ipict.cxx: 1126 in PictReader::ReadPixMapEtc(BitmapEx &, bool, bool, tools::Rectangle *, tools::Rectangle *, bool, bool)()
1120                                     aScanline[ i++ ] = nDat;
1121                             }
1122                         }
1123                         sal_uInt8* pTmp = aScanline.data();
1124                         if ( nCmpCount == 4 )
1125                             pTmp += nWidth;
>>>     CID 1441466:    (TAINTED_SCALAR)
>>>     Using tainted variable "nWidth" as a loop boundary.
1126                         for (sal_uInt16 nx = 0; nx < nWidth; pTmp++)
1127                             pBitmap->SetPixel(ny, nx++, Color(*pTmp, pTmp[ nWidth ], pTmp[ 2 * nWidth ]));
1128                         nDataSize += static_cast<sal_uLong>(nByteCount);
1129                         pPict->Seek( nSrcBitsPos + static_cast<sal_uLong>(nByteCount) );
1130                     }
1131                 }


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRZBnDJeNb0HijxaS4JNJPxk3kpyAm2AYqo71yXmnOxB72ibeUH-2F-2F1Lhi9AZq3dRu-2F4-3D_g-2BrHdvqzaBa155F-2F8AmPhpJzY63UzWDisJV95WUBpGhqFw1ICExHG8aMaV2EoFpyQz1mZFaU3QtY8RlAySX8fUu6CkVLuZ6r2pV3inpKznhWiLnouRQZA8-2FpWvZy44kDvenj-2B0PSXHISKojBmN5slzL1qpCVxPUYhLGpjBRYRuONEWsY-2BuQcfDHMhlj2mqXJTfIL4l9I-2B-2FbuuJQCiZ8-2B7ZknxVMaVmsQ-2BrdKy2HeKJc-3D

_______________________________________________
LibreOffice mailing list
LibreOffice@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/libreoffice
[Index of Archives]     [LARTC]     [Bugtraq]     [Yosemite Forum]     [Photo]

  Powered by Linux