Hi,
Please find the latest report on new defect(s) introduced to LibreOffice found with Coverity Scan.
8 new defect(s) introduced to LibreOffice found with Coverity Scan.
10 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 8 of 8 defect(s)
** CID 1455328: Uninitialized members (UNINIT_CTOR)
/include/basegfx/DrawCommands.hxx: 70 in gfx::LinearGradientInfo::LinearGradientInfo()()
________________________________________________________________________________________________________
*** CID 1455328: Uninitialized members (UNINIT_CTOR)
/include/basegfx/DrawCommands.hxx: 70 in gfx::LinearGradientInfo::LinearGradientInfo()()
64 class LinearGradientInfo : public GradientInfo
65 {
66 public:
67 LinearGradientInfo()
68 : GradientInfo(GradientType::Linear)
69 {
>>> CID 1455328: Uninitialized members (UNINIT_CTOR)
>>> Non-static class member "y2" is not initialized in this constructor nor in any functions that it calls.
70 }
71
72 double x1;
73 double y1;
74 double x2;
75 double y2;
** CID 1455327: Null pointer dereferences (NULL_RETURNS)
________________________________________________________________________________________________________
*** CID 1455327: Null pointer dereferences (NULL_RETURNS)
/sc/source/ui/navipi/navcitem.cxx: 53 in ScNavigatorControllerItem::StateChanged(unsigned short, SfxItemState, const SfxPoolItem *)()
47 OSL_ENSURE( pCellPosItem, "SfxStringItem expected!" );
48
49 if ( pCellPosItem )
50 {
51 const OUString& aAddress( pCellPosItem->GetValue() );
52 ScAddress aScAddress;
>>> CID 1455327: Null pointer dereferences (NULL_RETURNS)
>>> Dereferencing a pointer that might be "nullptr" "this->rNavigatorDlg->GetViewData()" when calling "GetDocument".
53 aScAddress.Parse( aAddress, rNavigatorDlg.GetViewData()->GetDocument() );
54
55 SCCOL nCol = aScAddress.Col()+1;
56 SCROW nRow = aScAddress.Row()+1;
57
58 rNavigatorDlg.UpdateColumn( &nCol );
** CID 1455326: (FORWARD_NULL)
________________________________________________________________________________________________________
*** CID 1455326: (FORWARD_NULL)
/sc/source/core/tool/address.cxx: 2381 in ScRange::MoveSticky(const ScDocument *, short, int, short, ScRange&)()
2375 dy = 0; // Entire column not to be moved.
2376 if (dx && aStart.Col() == 0 && aEnd.Col() == nMaxCol)
2377 dx = 0; // Entire row not to be moved.
2378 bool b1 = aStart.Move( dx, dy, dz, rErrorRange.aStart );
2379 if (dx && bColRange && aEnd.Col() == nMaxCol)
2380 dx = 0; // End column sticky.
>>> CID 1455326: (FORWARD_NULL)
>>> Passing null pointer "pDoc" to "MaxRow", which dereferences it.
2381 if (dy && bRowRange && aEnd.Row() == pDoc->MaxRow())
2382 dy = 0; // End row sticky.
2383 SCTAB nOldTab = aEnd.Tab();
2384 bool b2 = aEnd.Move( dx, dy, dz, rErrorRange.aEnd );
2385 if (!b2)
2386 {
/sc/source/core/tool/address.cxx: 2374 in ScRange::MoveSticky(const ScDocument *, short, int, short, ScRange&)()
2368
2369 bool ScRange::MoveSticky( const ScDocument* pDoc, SCCOL dx, SCROW dy, SCTAB dz, ScRange& rErrorRange )
2370 {
2371 const SCCOL nMaxCol = (pDoc ? pDoc->MaxCol() : MAXCOL);
2372 bool bColRange = (aStart.Col() < aEnd.Col());
2373 bool bRowRange = (aStart.Row() < aEnd.Row());
>>> CID 1455326: (FORWARD_NULL)
>>> Passing null pointer "pDoc" to "MaxRow", which dereferences it.
2374 if (dy && aStart.Row() == 0 && aEnd.Row() == pDoc->MaxRow())
2375 dy = 0; // Entire column not to be moved.
2376 if (dx && aStart.Col() == 0 && aEnd.Col() == nMaxCol)
2377 dx = 0; // Entire row not to be moved.
2378 bool b1 = aStart.Move( dx, dy, dz, rErrorRange.aStart );
2379 if (dx && bColRange && aEnd.Col() == nMaxCol)
** CID 1455325: (FORWARD_NULL)
________________________________________________________________________________________________________
*** CID 1455325: (FORWARD_NULL)
/sc/source/core/tool/address.cxx: 2282 in ScRange::Format(ScRefFlags, const ScDocument *, const ScAddress::Details &, bool) const()
2276 if( aStart.Row() != aEnd.Row() ||
2277 lcl_RowAbsFlagDiffer( nFlags ) ) {
2278 r.append(":");
2279 lcl_r1c1_append_r( r, aEnd.Row(), (nFlags & ScRefFlags::ROW2_ABS) != ScRefFlags::ZERO, rDetails );
2280 }
2281 }
>>> CID 1455325: (FORWARD_NULL)
>>> Passing null pointer "pDoc" to "MaxRow", which dereferences it.
2282 else if( aStart.Row() == 0 && aEnd.Row() >= pDoc->MaxRow() && !bFullAddressNotation )
2283 {
2284 lcl_r1c1_append_c( r, aStart.Col(), (nFlags & ScRefFlags::COL_ABS) != ScRefFlags::ZERO, rDetails );
2285 if( aStart.Col() != aEnd.Col() ||
2286 lcl_ColAbsFlagDiffer( nFlags )) {
2287 r.append(":");
/sc/source/core/tool/address.cxx: 2249 in ScRange::Format(ScRefFlags, const ScDocument *, const ScAddress::Details &, bool) const()
2243 {
2244 // Full col refs always require 2 rows (2:2)
2245 lcl_a1_append_r( r, aStart.Row(), (nFlags & ScRefFlags::ROW_ABS) != ScRefFlags::ZERO );
2246 r.append(":");
2247 lcl_a1_append_r( r, aEnd.Row(), (nFlags & ScRefFlags::ROW2_ABS) != ScRefFlags::ZERO );
2248 }
>>> CID 1455325: (FORWARD_NULL)
>>> Passing null pointer "pDoc" to "MaxRow", which dereferences it.
2249 else if( aStart.Row() == 0 && aEnd.Row() >= pDoc->MaxRow() && !bFullAddressNotation )
2250 {
2251 // Full row refs always require 2 cols (A:A)
2252 lcl_a1_append_c( r, aStart.Col(), (nFlags & ScRefFlags::COL_ABS) != ScRefFlags::ZERO );
2253 r.append(":");
2254 lcl_a1_append_c( r, aEnd.Col(), (nFlags & ScRefFlags::COL2_ABS) != ScRefFlags::ZERO );
** CID 1448502: Insecure data handling (TAINTED_SCALAR)
________________________________________________________________________________________________________
*** CID 1448502: Insecure data handling (TAINTED_SCALAR)
/sc/source/filter/excel/xlpivot.cxx: 874 in operator >>(XclImpStream &, XclPTInfo &)()
868 rInfo.mnDataRows = rStrm.ReaduInt16();
869 rInfo.mnDataCols = rStrm.ReaduInt16();
870 rInfo.mnFlags = rStrm.ReaduInt16();
871 rInfo.mnAutoFmtIdx = rStrm.ReaduInt16();
872 nTabLen = rStrm.ReaduInt16();
873 nDataLen = rStrm.ReaduInt16();
>>> CID 1448502: Insecure data handling (TAINTED_SCALAR)
>>> Passing tainted variable "nTabLen" to a tainted sink.
874 rInfo.maTableName = rStrm.ReadUniString( nTabLen );
875 rInfo.maDataName = rStrm.ReadUniString( nDataLen );
876 return rStrm;
877 }
878
879 XclExpStream& operator<<( XclExpStream& rStrm, const XclPTInfo& rInfo )
** CID 1448374: Insecure data handling (TAINTED_SCALAR)
________________________________________________________________________________________________________
*** CID 1448374: Insecure data handling (TAINTED_SCALAR)
/sc/source/filter/excel/xichart.cxx: 1230 in XclImpChText::ReadChFrLabelProps(XclImpStream &)()
1224 mxLabelProps.reset( new XclChFrLabelProps );
1225 sal_uInt16 nSepLen;
1226 rStrm.Ignore( 12 );
1227 mxLabelProps->mnFlags = rStrm.ReaduInt16();
1228 nSepLen = rStrm.ReaduInt16();
1229 if( nSepLen > 0 )
>>> CID 1448374: Insecure data handling (TAINTED_SCALAR)
>>> Passing tainted variable "nSepLen" to a tainted sink.
1230 mxLabelProps->maSeparator = rStrm.ReadUniString( nSepLen );
1231 }
1232 }
1233
1234 namespace {
1235
** CID 1448371: Insecure data handling (TAINTED_SCALAR)
________________________________________________________________________________________________________
*** CID 1448371: Insecure data handling (TAINTED_SCALAR)
/sc/source/filter/excel/xlpivot.cxx: 408 in operator >>(XclImpStream &, XclPTCachedName &)()
402 sal_uInt16 nStrLen;
403 nStrLen = rStrm.ReaduInt16();
404 rCachedName.mbUseCache = nStrLen == EXC_PT_NOSTRING;
405 if( rCachedName.mbUseCache )
406 rCachedName.maName.clear();
407 else
>>> CID 1448371: Insecure data handling (TAINTED_SCALAR)
>>> Passing tainted variable "nStrLen" to a tainted sink.
408 rCachedName.maName = rStrm.ReadUniString( nStrLen );
409 return rStrm;
410 }
411
412 XclExpStream& operator<<( XclExpStream& rStrm, const XclPTCachedName& rCachedName )
413 {
** CID 1448242: Insecure data handling (TAINTED_SCALAR)
________________________________________________________________________________________________________
*** CID 1448242: Insecure data handling (TAINTED_SCALAR)
/sc/source/filter/excel/xistream.cxx: 902 in XclImpStream::ReadUniString()()
896 {
897 return ReadUniString( nChars, ReaduInt8() );
898 }
899
900 OUString XclImpStream::ReadUniString()
901 {
>>> CID 1448242: Insecure data handling (TAINTED_SCALAR)
>>> Passing tainted variable "this->ReaduInt16()" to a tainted sink.
902 return ReadUniString( ReaduInt16() );
903 }
904
905 void XclImpStream::IgnoreRawUniString( sal_uInt16 nChars, bool b16Bit )
906 {
907 sal_uInt16 nCharsLeft = nChars;
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRZBnDJeNb0HijxaS4JNJPxk3kpyAm2AYqo71yXmnOxB73RtgzoPcQtNNP5dkHLuV1E-3D_g-2BrHdvqzaBa155F-2F8AmPhpJzY63UzWDisJV95WUBpGhqFw1ICExHG8aMaV2EoFpyUbHeJv53ur8ib48CsDoT1aiypfQnzYD-2Bb8fRbM9rWTspy-2F-2FfWqE-2FsX6j0S0WLQVu-2FWKmZZXXjnEqMi52P094kauIhg4w-2Bt3mte1LAXrlusgnU2aqshyPmRVMbjh6b0YDJIPdIadbtHBhKLjUuB4wGjT87CNgWFObnW4j9eiwti4-3D
_______________________________________________
LibreOffice mailing list
LibreOffice@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/libreoffice
New Defects reported by Coverity Scan for LibreOffice
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: New Defects reported by Coverity Scan for LibreOffice
- From: scan-admin@xxxxxxxxxxxx
- Date: Sun, 10 Nov 2019 05:59:48 +0000 (UTC)
- Prev by Date: CppCheck Report Update
- Next by Date: arawat license statement
- Previous by thread: New Defects reported by Coverity Scan for LibreOffice
- Next by thread: New Defects reported by Coverity Scan for LibreOffice
- Index(es):
 |