Hi,
Please find the latest report on new defect(s) introduced to LibreOffice found with Coverity Scan.
13 new defect(s) introduced to LibreOffice found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 13 of 13 defect(s)
** CID 1456612: Null pointer dereferences (NULL_RETURNS)
________________________________________________________________________________________________________
*** CID 1456612: Null pointer dereferences (NULL_RETURNS)
/sw/source/core/access/AccessibilityCheck.cxx: 353 in sw::<unnamed>::TextContrastCheck::checkTextRange(const com::sun::star::uno::Reference<com::sun::star::text::XTextRange> &, const com::sun::star::uno::Reference<com::sun::star::text::XTextContent> &, SwTextNode *)()
347 const SwAttrSet& rPageSet = rPageFormat.GetAttrSet();
348
349 const XFillStyleItem* pXFillStyleItem(
350 rPageSet.GetItem<XFillStyleItem>(XATTR_FILLSTYLE, false));
351 Color aPageBackground;
352
>>> CID 1456612: Null pointer dereferences (NULL_RETURNS)
>>> Dereferencing a pointer that might be "nullptr" "pXFillStyleItem" when calling "GetValue".
353 if (pXFillStyleItem->GetValue() == css::drawing::FillStyle_SOLID)
354 {
355 const XFillColorItem* rXFillColorItem
356 = rPageSet.GetItem<XFillColorItem>(XATTR_FILLCOLOR, false);
357 aPageBackground = rXFillColorItem->GetColorValue();
358 }
** CID 1456611: Error handling issues (UNCAUGHT_EXCEPT)
/sc/source/ui/docshell/docsh.cxx: 1716 in ScDocShell::PrepareSaveGuard::~PrepareSaveGuard()()
________________________________________________________________________________________________________
*** CID 1456611: Error handling issues (UNCAUGHT_EXCEPT)
/sc/source/ui/docshell/docsh.cxx: 1716 in ScDocShell::PrepareSaveGuard::~PrepareSaveGuard()()
1710 }
1711 }
1712 if (mrDocShell.GetCreateMode()== SfxObjectCreateMode::STANDARD)
1713 mrDocShell.SfxObjectShell::SetVisArea( tools::Rectangle() ); // "Normally" worked on => no VisArea.
1714 }
1715
>>> CID 1456611: Error handling issues (UNCAUGHT_EXCEPT)
>>> An exception of type "com::sun::star::uno::RuntimeException" is thrown but the throw list "noexcept" doesn't allow it to be thrown. This will cause a call to unexpected() which usually calls terminate().
1716 ScDocShell::PrepareSaveGuard::~PrepareSaveGuard()
1717 {
1718 if (mrDocShell.m_aDocument.HasExternalRefManager())
1719 {
1720 ScExternalRefManager* pRefMgr = mrDocShell.m_aDocument.GetExternalRefManager();
1721 if (pRefMgr && pRefMgr->hasExternalData())
** CID 1456610: Uninitialized members (UNINIT_CTOR)
/include/vcl/pdfwriter.hxx: 640 in vcl::PDFWriter::PDFWriterContext::PDFWriterContext()()
________________________________________________________________________________________________________
*** CID 1456610: Uninitialized members (UNINIT_CTOR)
/include/vcl/pdfwriter.hxx: 640 in vcl::PDFWriter::PDFWriterContext::PDFWriterContext()()
634 Encryption(),
635 SignPDF( false ),
636 DPIx( 0 ),
637 DPIy( 0 ),
638 ColorMode( PDFWriter::DrawColor ),
639 UseReferenceXObject( false )
>>> CID 1456610: Uninitialized members (UNINIT_CTOR)
>>> Non-static class member "UniversalAccessibilityCompliance" is not initialized in this constructor nor in any functions that it calls.
640 {}
641 };
642
643 PDFWriter( const PDFWriterContext& rContext, const css::uno::Reference< css::beans::XMaterialHolder >& );
644 ~PDFWriter();
645
** CID 1456609: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
/drawinglayer/source/tools/emfppath.cxx: 31 in emfplushelper::GetEmfPlusInteger(int)()
________________________________________________________________________________________________________
*** CID 1456609: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
/drawinglayer/source/tools/emfppath.cxx: 31 in emfplushelper::GetEmfPlusInteger(int)()
25
26 namespace emfplushelper
27 {
28 static sal_Int16 GetEmfPlusInteger(sal_Int32 nInt)
29 {
30 if (nInt & 0x80000000)
>>> CID 1456609: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
>>> "(nInt & 0x7fff) >> 16" is 0 regardless of the values of its operands. This occurs as a return value.
31 return (nInt & 0x7FFF) >> 16;
32
33 return nInt >> 24;
34 }
35
36 EMFPPath::EMFPPath (sal_Int32 _nPoints, bool bLines)
** CID 1456608: Null pointer dereferences (FORWARD_NULL)
________________________________________________________________________________________________________
*** CID 1456608: Null pointer dereferences (FORWARD_NULL)
/sc/source/core/tool/address.cxx: 2553 in AlphaToCol(const ScDocument *, short &, const rtl::OUString &)()
2547 {
2548 if (nPos > 0)
2549 nResult = (nResult + 1) * 26;
2550 nResult += ScGlobal::ToUpperAlpha(c) - 'A';
2551 ++nPos;
2552 }
>>> CID 1456608: Null pointer dereferences (FORWARD_NULL)
>>> Passing null pointer "pDoc" to "ValidCol", which dereferences it.
2553 bool bOk = (pDoc->ValidCol(nResult) && nPos > 0);
2554 if (bOk)
2555 rCol = nResult;
2556 return bOk;
2557 }
2558
** CID 1456607: Error handling issues (UNCAUGHT_EXCEPT)
/sc/source/core/tool/chartlis.cxx: 57 in ScChartListener::ExternalRefListener::~ExternalRefListener()()
________________________________________________________________________________________________________
*** CID 1456607: Error handling issues (UNCAUGHT_EXCEPT)
/sc/source/core/tool/chartlis.cxx: 57 in ScChartListener::ExternalRefListener::~ExternalRefListener()()
51 // ScChartListener
52 ScChartListener::ExternalRefListener::ExternalRefListener(ScChartListener& rParent, ScDocument* pDoc) :
53 mrParent(rParent), mpDoc(pDoc)
54 {
55 }
56
>>> CID 1456607: Error handling issues (UNCAUGHT_EXCEPT)
>>> An exception of type "com::sun::star::uno::RuntimeException" is thrown but the throw list "noexcept" doesn't allow it to be thrown. This will cause a call to unexpected() which usually calls terminate().
57 ScChartListener::ExternalRefListener::~ExternalRefListener()
58 {
59 if (!mpDoc || mpDoc->IsInDtorClear())
60 // The document is being destroyed. Do nothing.
61 return;
62
** CID 1456606: Null pointer dereferences (FORWARD_NULL)
________________________________________________________________________________________________________
*** CID 1456606: Null pointer dereferences (FORWARD_NULL)
/sd/source/ui/func/futext.cxx: 245 in sd::FuText::DoExecute(SfxRequest &)()
239 && static_cast<const SfxUInt16Item&>(pArgs->Get(SID_TEXTEDIT)).GetValue() == 2)
240 {
241 // Selection by doubleclick -> don't allow QuickDrag
242 bQuickDrag = false;
243 }
244
>>> CID 1456606: Null pointer dereferences (FORWARD_NULL)
>>> "SetInEditMode" dereferences null "this->mpViewShell".
245 SetInEditMode(aMEvt, bQuickDrag);
246 }
247
248 bool FuText::MouseButtonDown(const MouseEvent& rMEvt)
249 {
250 bMBDown = true;
** CID 1456605: Null pointer dereferences (FORWARD_NULL)
/sfx2/source/sidebar/SidebarDockingWindow.cxx: 79 in sfx2::sidebar::SidebarNotifyIdle::Invoke()()
________________________________________________________________________________________________________
*** CID 1456605: Null pointer dereferences (FORWARD_NULL)
/sfx2/source/sidebar/SidebarDockingWindow.cxx: 79 in sfx2::sidebar::SidebarNotifyIdle::Invoke()()
73 aTree.put("id", m_rSidebarDockingWin.GetLOKWindowId());
74 boost::property_tree::write_json(aStream, aTree);
75 const std::string message = aStream.str();
76 if (message != m_LastNotificationMessage)
77 {
78 m_LastNotificationMessage = message;
>>> CID 1456605: Null pointer dereferences (FORWARD_NULL)
>>> Passing null pointer "pMobileNotifier" to "libreOfficeKitViewCallback", which dereferences it. (The dereference happens because this is a virtual function call.)
79 pMobileNotifier->libreOfficeKitViewCallback(LOK_CALLBACK_JSDIALOG, message.c_str());
80 }
81 }
82
83 // Notify the sidebar is created, and its LOKWindowId, which
84 // is needed on both Mobile and Desktop.
** CID 1456604: (UNINIT)
/vcl/opengl/x11/gdiimpl.cxx: 254 in <unnamed>::X11OpenGLContext::generateWinData(vcl::Window *, bool)()
/vcl/opengl/x11/gdiimpl.cxx: 274 in <unnamed>::X11OpenGLContext::generateWinData(vcl::Window *, bool)()
/vcl/opengl/x11/gdiimpl.cxx: 260 in <unnamed>::X11OpenGLContext::generateWinData(vcl::Window *, bool)()
________________________________________________________________________________________________________
*** CID 1456604: (UNINIT)
/vcl/opengl/x11/gdiimpl.cxx: 254 in <unnamed>::X11OpenGLContext::generateWinData(vcl::Window *, bool)()
248 const SystemEnvData* sysData(pParent->GetSystemData());
249
250 Display *dpy = static_cast<Display*>(sysData->pDisplay);
251 Window win = sysData->aWindow;
252
253 if( dpy == nullptr || !glXQueryExtension( dpy, nullptr, nullptr ) )
>>> CID 1456604: (UNINIT)
>>> Using uninitialized value "aWinData". Field "aWinData.bClipUsingNativeWidget" is uninitialized.
254 return aWinData;
255
256 int best_fbc = -1;
257 GLXFBConfig* pFBC = getFBConfig(dpy, win, best_fbc);
258
259 if (!pFBC)
/vcl/opengl/x11/gdiimpl.cxx: 274 in <unnamed>::X11OpenGLContext::generateWinData(vcl::Window *, bool)()
268 if( vi )
269 {
270 VCL_GL_INFO("using VisualID " << vi->visualid);
271 aWinData.pVisual = static_cast<void*>(vi->visual);
272 }
273
>>> CID 1456604: (UNINIT)
>>> Using uninitialized value "aWinData". Field "aWinData.bClipUsingNativeWidget" is uninitialized.
274 return aWinData;
275 }
276
277 bool X11OpenGLContext::ImplInit()
278 {
279 if (!m_aGLWin.dpy)
/vcl/opengl/x11/gdiimpl.cxx: 260 in <unnamed>::X11OpenGLContext::generateWinData(vcl::Window *, bool)()
254 return aWinData;
255
256 int best_fbc = -1;
257 GLXFBConfig* pFBC = getFBConfig(dpy, win, best_fbc);
258
259 if (!pFBC)
>>> CID 1456604: (UNINIT)
>>> Using uninitialized value "aWinData". Field "aWinData.bClipUsingNativeWidget" is uninitialized.
260 return aWinData;
261
262 XVisualInfo* vi = nullptr;
263 if( best_fbc != -1 )
264 vi = glXGetVisualFromFBConfig( dpy, pFBC[best_fbc] );
265
** CID 1456603: Uninitialized members (UNINIT_CTOR)
/drawinglayer/source/tools/emfphelperdata.cxx: 953 in emfplushelper::EmfPlusHelperData::EmfPlusHelperData(SvMemoryStream &, wmfemfhelper::TargetHolders &, wmfemfhelper::PropertyHolders &)()
________________________________________________________________________________________________________
*** CID 1456603: Uninitialized members (UNINIT_CTOR)
/drawinglayer/source/tools/emfphelperdata.cxx: 953 in emfplushelper::EmfPlusHelperData::EmfPlusHelperData(SvMemoryStream &, wmfemfhelper::TargetHolders &, wmfemfhelper::PropertyHolders &)()
947 SAL_INFO("drawinglayer", "EMF+ picture frame: " << mnFrameLeft << "," << mnFrameTop << " - " << mnFrameRight << "," << mnFrameBottom);
948 rMS.ReadInt32(mnPixX).ReadInt32(mnPixY).ReadInt32(mnMmX).ReadInt32(mnMmY);
949 SAL_INFO("drawinglayer", "EMF+ ref device pixel size: " << mnPixX << "x" << mnPixY << " mm size: " << mnMmX << "x" << mnMmY);
950 readXForm(rMS, maBaseTransform);
951 SAL_INFO("drawinglayer", "EMF+ base transform: " << maBaseTransform);
952 mappingChanged();
>>> CID 1456603: Uninitialized members (UNINIT_CTOR)
>>> Non-static class member "mnTextContrast" is not initialized in this constructor nor in any functions that it calls.
953 }
954
955 EmfPlusHelperData::~EmfPlusHelperData()
956 {
957 }
958
** CID 1456602: Error handling issues (UNCAUGHT_EXCEPT)
/sc/source/ui/unoobj/chart2uno.cxx: 2833 in ScChart2DataSequence::ExternalRefListener::~ExternalRefListener()()
________________________________________________________________________________________________________
*** CID 1456602: Error handling issues (UNCAUGHT_EXCEPT)
/sc/source/ui/unoobj/chart2uno.cxx: 2833 in ScChart2DataSequence::ExternalRefListener::~ExternalRefListener()()
2827 ScExternalRefManager::LinkListener(),
2828 mrParent(rParent),
2829 mpDoc(pDoc)
2830 {
2831 }
2832
>>> CID 1456602: Error handling issues (UNCAUGHT_EXCEPT)
>>> An exception of type "com::sun::star::uno::RuntimeException" is thrown but the throw list "noexcept" doesn't allow it to be thrown. This will cause a call to unexpected() which usually calls terminate().
2833 ScChart2DataSequence::ExternalRefListener::~ExternalRefListener()
2834 {
2835 if (!mpDoc || mpDoc->IsInDtorClear())
2836 // The document is being destroyed. Do nothing.
2837 return;
2838
** CID 1401474: Error handling issues (UNCAUGHT_EXCEPT)
/usr/include/c++/8/bits/unique_ptr.h: 270 in std::unique_ptr<pcr::OBrowserListBox, std::default_delete<pcr::OBrowserListBox>>::~unique_ptr()()
________________________________________________________________________________________________________
*** CID 1401474: Error handling issues (UNCAUGHT_EXCEPT)
/usr/include/c++/8/bits/unique_ptr.h: 270 in std::unique_ptr<pcr::OBrowserListBox, std::default_delete<pcr::OBrowserListBox>>::~unique_ptr()()
264 is_convertible<_Up*, _Tp*>, is_same<_Dp, default_delete<_Tp>>>>
265 unique_ptr(auto_ptr<_Up>&& __u) noexcept;
266 #pragma GCC diagnostic pop
267 #endif
268
269 /// Destructor, invokes the deleter if the stored pointer is not null.
>>> CID 1401474: Error handling issues (UNCAUGHT_EXCEPT)
>>> An exception of type "std::runtime_error" is thrown but the throw list "noexcept" doesn't allow it to be thrown. This will cause a call to unexpected() which usually calls terminate().
270 ~unique_ptr() noexcept
271 {
272 auto& __ptr = _M_t._M_ptr();
273 if (__ptr != nullptr)
274 get_deleter()(__ptr);
275 __ptr = pointer();
** CID 1401342: Error handling issues (UNCAUGHT_EXCEPT)
/usr/include/c++/8/bits/shared_ptr_base.h: 550 in std::_Sp_counted_ptr_inplace<FmPropBrw, std::allocator<FmPropBrw>, (__gnu_cxx::_Lock_policy)2>::_M_dispose()()
________________________________________________________________________________________________________
*** CID 1401342: Error handling issues (UNCAUGHT_EXCEPT)
/usr/include/c++/8/bits/shared_ptr_base.h: 550 in std::_Sp_counted_ptr_inplace<FmPropBrw, std::allocator<FmPropBrw>, (__gnu_cxx::_Lock_policy)2>::_M_dispose()()
544 std::forward<_Args>(__args)...); // might throw
545 }
546
547 ~_Sp_counted_ptr_inplace() noexcept { }
548
549 virtual void
>>> CID 1401342: Error handling issues (UNCAUGHT_EXCEPT)
>>> An exception of type "com::sun::star::uno::RuntimeException" is thrown but the throw list "noexcept" doesn't allow it to be thrown. This will cause a call to unexpected() which usually calls terminate().
550 _M_dispose() noexcept
551 {
552 allocator_traits<_Alloc>::destroy(_M_impl._M_alloc(), _M_ptr());
553 }
554
555 // Override because the allocator needs to know the dynamic type
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRZBnDJeNb0HijxaS4JNJPxk3kpyAm2AYqo71yXmnOxB73RtgzoPcQtNNP5dkHLuV1E-3D_g-2BrHdvqzaBa155F-2F8AmPhpJzY63UzWDisJV95WUBpGhqFw1ICExHG8aMaV2EoFpyMYzt7WYdGr0e0JbEpKhf93Qpxjwvi-2F3lHZy7uvECTqjACmkXjbrhmSZFb2boiHxUgMy9DfYhnGeNulFu5lUrCUGAiZsMYjtIn87sVplC-2BQGQRUZdIMELo2hyjrcrGF-2Bnm11WGLSIMs6LJbX0e-2BL1DomA0aKKV6GP9H9Sr54H4oWdpfj1K8grFSpwXvtqBTgK
_______________________________________________
LibreOffice mailing list
LibreOffice@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/libreoffice
New Defects reported by Coverity Scan for LibreOffice
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: New Defects reported by Coverity Scan for LibreOffice
- From: scan-admin@xxxxxxxxxxxx
- Date: Thu, 02 Jan 2020 22:14:22 +0000 (UTC)
- Prev by Date: Re: Cannot review Gerrit patch
- Next by Date: Re: Cannot review Gerrit patch
- Previous by thread: New Defects reported by Coverity Scan for LibreOffice
- Next by thread: New Defects reported by Coverity Scan for LibreOffice
- Index(es):
 |