Hi,
Please find the latest report on new defect(s) introduced to LibreOffice found with Coverity Scan.
13 new defect(s) introduced to LibreOffice found with Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 13 of 13 defect(s)
** CID 1464975: (RESOURCE_LEAK)
/sd/source/filter/sdpptwrp.cxx: 347 in SdPPTFilter::Export()()
/sd/source/filter/sdpptwrp.cxx: 349 in SdPPTFilter::Export()()
/sd/source/filter/sdpptwrp.cxx: 324 in SdPPTFilter::Export()()
________________________________________________________________________________________________________
*** CID 1464975: (RESOURCE_LEAK)
/sd/source/filter/sdpptwrp.cxx: 347 in SdPPTFilter::Export()()
341 Sequence<sal_Int8> aStreamContent;
342 aStreamData.Value >>= aStreamContent;
343 size_t nBytesWritten = pStream->WriteBytes(aStreamContent.getArray(), aStreamContent.getLength());
344 if (nBytesWritten != static_cast<size_t>(aStreamContent.getLength()))
345 {
346 bRet = false;
>>> CID 1464975: (RESOURCE_LEAK)
>>> Variable "pStorage" going out of scope leaks the storage it points to.
347 break;
348 }
349 }
350 xEncryptedRootStrg->Commit();
351
352 // Restore encryption data
/sd/source/filter/sdpptwrp.cxx: 349 in SdPPTFilter::Export()()
343 size_t nBytesWritten = pStream->WriteBytes(aStreamContent.getArray(), aStreamContent.getLength());
344 if (nBytesWritten != static_cast<size_t>(aStreamContent.getLength()))
345 {
346 bRet = false;
347 break;
348 }
>>> CID 1464975: (RESOURCE_LEAK)
>>> Variable "pStorage" going out of scope leaks the storage it points to.
349 }
350 xEncryptedRootStrg->Commit();
351
352 // Restore encryption data
353 mrMedium.GetItemSet()->Put(SfxUnoAnyItem(SID_ENCRYPTIONDATA, makeAny(aEncryptionData)));
354 }
/sd/source/filter/sdpptwrp.cxx: 324 in SdPPTFilter::Export()()
318 if (idx < 0)
319 {
320 sFileName = sPathElem;
321 }
322 else
323 {
>>> CID 1464975: (RESOURCE_LEAK)
>>> Overwriting "pStorage" in "pStorage = pStorage->OpenSotStorage(sPathElem, StreamMode::STD_READWRITE, true)" leaks the storage that "pStorage" points to.
324 pStorage = pStorage->OpenSotStorage(sPathElem);
325 }
326 }
327 } while (pStorage && idx >= 0);
328
329 if (!pStorage)
** CID 1464974: Null pointer dereferences (FORWARD_NULL)
________________________________________________________________________________________________________
*** CID 1464974: Null pointer dereferences (FORWARD_NULL)
/sw/source/core/unocore/unosett.cxx: 1774 in SwXNumberingRules::SetPropertiesToNumFormat(SwNumFormat &, rtl::OUString &, rtl::OUString *, rtl::OUString *, rtl::OUString *, SwDoc *, const com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> &)()
1768 bWrongArg = true;
1769 }
1770 else if (rProp.Name == UNO_NAME_BULLET_FONT_NAME)
1771 {
1772 OUString sBulletFontName;
1773 rProp.Value >>= sBulletFontName;
>>> CID 1464974: Null pointer dereferences (FORWARD_NULL)
>>> Passing null pointer "pDoc" to "GetDocShell", which dereferences it.
1774 SwDocShell* pLclDocShell = pDoc->GetDocShell();
1775 if( !sBulletFontName.isEmpty() && pLclDocShell )
1776 {
1777 const SvxFontListItem* pFontListItem =
1778 static_cast<const SvxFontListItem* >(pLclDocShell
1779 ->GetItem( SID_ATTR_CHAR_FONTLIST ));
** CID 1464973: (RESOURCE_LEAK)
/sc/source/filter/excel/excel.cxx: 363 in lcl_ExportExcelBiff(SfxMedium &, ScDocument *, SvStream *, bool, unsigned short)()
/sc/source/filter/excel/excel.cxx: 388 in lcl_ExportExcelBiff(SfxMedium &, ScDocument *, SvStream *, bool, unsigned short)()
/sc/source/filter/excel/excel.cxx: 386 in lcl_ExportExcelBiff(SfxMedium &, ScDocument *, SvStream *, bool, unsigned short)()
________________________________________________________________________________________________________
*** CID 1464973: (RESOURCE_LEAK)
/sc/source/filter/excel/excel.cxx: 363 in lcl_ExportExcelBiff(SfxMedium &, ScDocument *, SvStream *, bool, unsigned short)()
357 if (idx < 0)
358 {
359 sFileName = sPathElem;
360 }
361 else
362 {
>>> CID 1464973: (RESOURCE_LEAK)
>>> Overwriting "pStorage" in "pStorage = pStorage->OpenSotStorage(sPathElem, StreamMode::STD_READWRITE, true)" leaks the storage that "pStorage" points to.
363 pStorage = pStorage->OpenSotStorage(sPathElem);
364 }
365 }
366 } while (pStorage && idx >= 0);
367
368 if (!pStorage)
/sc/source/filter/excel/excel.cxx: 388 in lcl_ExportExcelBiff(SfxMedium &, ScDocument *, SvStream *, bool, unsigned short)()
382 size_t nBytesWritten = pStream->WriteBytes(aStreamContent.getArray(), aStreamContent.getLength());
383 if (nBytesWritten != static_cast<size_t>(aStreamContent.getLength()))
384 {
385 eRet = ERRCODE_IO_CANTWRITE;
386 break;
387 }
>>> CID 1464973: (RESOURCE_LEAK)
>>> Variable "pStorage" going out of scope leaks the storage it points to.
388 }
389 xEncryptedRootStrg->Commit();
390
391 // Restore encryption data
392 rMedium.GetItemSet()->Put(SfxUnoAnyItem(SID_ENCRYPTIONDATA, uno::makeAny(aEncryptionData)));
393 }
/sc/source/filter/excel/excel.cxx: 386 in lcl_ExportExcelBiff(SfxMedium &, ScDocument *, SvStream *, bool, unsigned short)()
380 uno::Sequence<sal_Int8> aStreamContent;
381 aStreamData.Value >>= aStreamContent;
382 size_t nBytesWritten = pStream->WriteBytes(aStreamContent.getArray(), aStreamContent.getLength());
383 if (nBytesWritten != static_cast<size_t>(aStreamContent.getLength()))
384 {
385 eRet = ERRCODE_IO_CANTWRITE;
>>> CID 1464973: (RESOURCE_LEAK)
>>> Variable "pStorage" going out of scope leaks the storage it points to.
386 break;
387 }
388 }
389 xEncryptedRootStrg->Commit();
390
391 // Restore encryption data
** CID 1464972: Null pointer dereferences (FORWARD_NULL)
________________________________________________________________________________________________________
*** CID 1464972: Null pointer dereferences (FORWARD_NULL)
/vcl/jsdialog/jsdialogbuilder.cxx: 28 in JSInstanceBuilder::JSInstanceBuilder(weld::Widget *, const rtl::OUString &, const rtl::OUString &)()
22 pNotifier->libreOfficeKitViewCallback(LOK_CALLBACK_JSDIALOG, message.c_str());
23 }
24 }
25
26 JSInstanceBuilder::JSInstanceBuilder(weld::Widget* pParent, const OUString& rUIRoot,
27 const OUString& rUIFile)
>>> CID 1464972: Null pointer dereferences (FORWARD_NULL)
>>> Passing null pointer "dynamic_cast <SalInstanceWidget *>(pParent)" to "getWidget", which dereferences it.
28 : SalInstanceBuilder(dynamic_cast<SalInstanceWidget*>(pParent)
29 ? dynamic_cast<SalInstanceWidget*>(pParent)->getWidget()
30 : nullptr,
31 rUIRoot, rUIFile)
32 {
33 }
** CID 1464971: Null pointer dereferences (NULL_RETURNS)
________________________________________________________________________________________________________
*** CID 1464971: Null pointer dereferences (NULL_RETURNS)
/sw/source/core/text/xmldump.cxx: 471 in SwFrame::dumpAsXmlAttributes(_xmlTextWriter *) const()
465 xmlTextWriterWriteFormatAttribute( writer, BAD_CAST("follow"), "%" SAL_PRIuUINT32, pFF->GetFollow()->GetFrameId() );
466 }
467 if (IsSctFrame())
468 {
469 SwSectionFrame const*const pFrame(static_cast<SwSectionFrame const*>(this));
470 SwSectionNode const*const pNode(pFrame->GetSection()->GetFormat()->GetSectionNode());
>>> CID 1464971: Null pointer dereferences (NULL_RETURNS)
>>> Dereferencing a pointer that might be "nullptr" "pNode" when calling "GetIndex".
471 xmlTextWriterWriteFormatAttribute(writer, BAD_CAST("sectionNodeIndex"), TMP_FORMAT, pNode->GetIndex());
472 }
473 if ( IsTextFrame( ) )
474 {
475 const SwTextFrame *pTextFrame = static_cast<const SwTextFrame *>(this);
476 const SwTextNode *pTextNode = pTextFrame->GetTextNodeFirst();
** CID 1464970: Null pointer dereferences (FORWARD_NULL)
________________________________________________________________________________________________________
*** CID 1464970: Null pointer dereferences (FORWARD_NULL)
/sc/source/ui/app/inputwin.cxx: 198 in ScInputWindow::ScInputWindow(vcl::Window *, const SfxBindings *)()
192 InsertWindow (1, aWndPos.get(), ToolBoxItemBits::NONE, 0);
193 InsertSeparator (1);
194 InsertItem (SID_INPUT_FUNCTION, Image(StockImage::Yes, RID_BMP_INPUT_FUNCTION), ToolBoxItemBits::NONE, 2);
195 }
196
197 // sigma and equal buttons
>>> CID 1464970: Null pointer dereferences (FORWARD_NULL)
>>> Passing null pointer "this->mpViewShell" to "isLOKMobilePhone", which dereferences it.
198 if (!mpViewShell->isLOKMobilePhone())
199 {
200 InsertItem (SID_INPUT_SUM, Image(StockImage::Yes, RID_BMP_INPUT_SUM), ToolBoxItemBits::DROPDOWNONLY, 3);
201 InsertItem (SID_INPUT_EQUAL, Image(StockImage::Yes, RID_BMP_INPUT_EQUAL), ToolBoxItemBits::NONE, 4);
202 InsertItem (SID_INPUT_CANCEL, Image(StockImage::Yes, RID_BMP_INPUT_CANCEL), ToolBoxItemBits::NONE, 5);
203 InsertItem (SID_INPUT_OK, Image(StockImage::Yes, RID_BMP_INPUT_OK), ToolBoxItemBits::NONE, 6);
** CID 1464969: Error handling issues (CHECKED_RETURN)
/vcl/source/treelist/iconviewimpl.cxx: 608 in IconViewImpl::KeyInput(const KeyEvent &)()
________________________________________________________________________________________________________
*** CID 1464969: Error handling issues (CHECKED_RETURN)
/vcl/source/treelist/iconviewimpl.cxx: 608 in IconViewImpl::KeyInput(const KeyEvent &)()
602 // allow scrolling
603 break;
604 }
605
606 case KEY_RETURN:
607 {
>>> CID 1464969: Error handling issues (CHECKED_RETURN)
>>> Calling "Call" without checking return value (as is done elsewhere 4 out of 5 times).
608 m_pView->aDoubleClickHdl.Call( m_pView );
609 bHandled = true;
610
611 break;
612 }
613
** CID 1464968: Control flow issues (DEADCODE)
/sw/source/filter/ww8/wrtww8.cxx: 2601 in WW8AttributeOutput::TableCellBorders(const std::shared_ptr<ww8::WW8TableNodeInfoInner> &)()
________________________________________________________________________________________________________
*** CID 1464968: Control flow issues (DEADCODE)
/sw/source/filter/ww8/wrtww8.cxx: 2601 in WW8AttributeOutput::TableCellBorders(const std::shared_ptr<ww8::WW8TableNodeInfoInner> &)()
2595 &rTabBoxes[n]->GetFrameFormat()->GetBox();
2596 if( !pLastBox )
2597 pLastBox = pBox;
2598 else if( !pBox || *pLastBox != *pBox )
2599 {
2600 if ( !pLastBox )
>>> CID 1464968: Control flow issues (DEADCODE)
>>> Execution cannot reach this statement: "break;".
2601 break;
2602
2603 // This cell has different borders than the previous cell,
2604 // so output the borders for the preceding cell range.
2605 m_rWW8Export.Out_CellRangeBorders(pLastBox, nSeqStart, n);
2606
** CID 1464967: (RESOURCE_LEAK)
/sw/source/filter/ww8/wrtww8.cxx: 3768 in SwWW8Writer::WriteStorage()()
/sw/source/filter/ww8/wrtww8.cxx: 3741 in SwWW8Writer::WriteStorage()()
/sw/source/filter/ww8/wrtww8.cxx: 3766 in SwWW8Writer::WriteStorage()()
________________________________________________________________________________________________________
*** CID 1464967: (RESOURCE_LEAK)
/sw/source/filter/ww8/wrtww8.cxx: 3768 in SwWW8Writer::WriteStorage()()
3762 size_t nBytesWritten = pStream->WriteBytes(aStreamContent.getArray(), aStreamContent.getLength());
3763 if (nBytesWritten != static_cast<size_t>(aStreamContent.getLength()))
3764 {
3765 nErrorCode = ERRCODE_IO_CANTWRITE;
3766 break;
3767 }
>>> CID 1464967: (RESOURCE_LEAK)
>>> Variable "pStorage" going out of scope leaks the storage it points to.
3768 }
3769 }
3770
3771 return nErrorCode;
3772 }
3773 ErrCode SwWW8Writer::WriteStorageImpl()
/sw/source/filter/ww8/wrtww8.cxx: 3741 in SwWW8Writer::WriteStorage()()
3735 if (idx < 0)
3736 {
3737 sFileName = sPathElem;
3738 }
3739 else
3740 {
>>> CID 1464967: (RESOURCE_LEAK)
>>> Overwriting "pStorage" in "pStorage = pStorage->OpenSotStorage(sPathElem, StreamMode::STD_READWRITE, true)" leaks the storage that "pStorage" points to.
3741 pStorage = pStorage->OpenSotStorage(sPathElem);
3742 if (!pStorage)
3743 break;
3744 }
3745 }
3746 } while (pStorage && idx >= 0);
/sw/source/filter/ww8/wrtww8.cxx: 3766 in SwWW8Writer::WriteStorage()()
3760 uno::Sequence<sal_Int8> aStreamContent;
3761 aStreamData.Value >>= aStreamContent;
3762 size_t nBytesWritten = pStream->WriteBytes(aStreamContent.getArray(), aStreamContent.getLength());
3763 if (nBytesWritten != static_cast<size_t>(aStreamContent.getLength()))
3764 {
3765 nErrorCode = ERRCODE_IO_CANTWRITE;
>>> CID 1464967: (RESOURCE_LEAK)
>>> Variable "pStorage" going out of scope leaks the storage it points to.
3766 break;
3767 }
3768 }
3769 }
3770
3771 return nErrorCode;
** CID 1464966: Control flow issues (DEADCODE)
/xmloff/source/draw/shapeexport.cxx: 2924 in XMLShapeExport::ImpExportOLE2Shape(const com::sun::star::uno::Reference<com::sun::star::drawing::XShape> &, XmlShapeType, XMLShapeExportFlags, com::sun::star::awt::Point *, SvXMLAttributeList *)()
________________________________________________________________________________________________________
*** CID 1464966: Control flow issues (DEADCODE)
/xmloff/source/draw/shapeexport.cxx: 2924 in XMLShapeExport::ImpExportOLE2Shape(const com::sun::star::uno::Reference<com::sun::star::drawing::XShape> &, XmlShapeType, XMLShapeExportFlags, com::sun::star::awt::Point *, SvXMLAttributeList *)()
2918 }
2919 }
2920 }
2921 else
2922 {
2923 // export empty href for empty placeholders to be valid ODF
>>> CID 1464966: Control flow issues (DEADCODE)
>>> Execution cannot reach the expression "this->mrExport->AddAttribute(6, xmloff::token::XML_HREF, rtl::OUString const("", rtl::libreoffice_internal::Dummy()))" inside this statement: "this->mrExport->AddAttribut...".
2924 mrExport.AddAttribute(XML_NAMESPACE_XLINK, XML_HREF, "" );
2925 mrExport.AddAttribute( XML_NAMESPACE_XLINK, XML_TYPE, XML_SIMPLE );
2926 mrExport.AddAttribute( XML_NAMESPACE_XLINK, XML_SHOW, XML_EMBED );
2927 mrExport.AddAttribute( XML_NAMESPACE_XLINK, XML_ACTUATE, XML_ONLOAD );
2928 }
2929
** CID 1464965: Control flow issues (DEADCODE)
/xmloff/source/draw/shapeexport.cxx: 2402 in XMLShapeExport::ImpExportGraphicObjectShape(const com::sun::star::uno::Reference<com::sun::star::drawing::XShape> &, XmlShapeType, XMLShapeExportFlags, com::sun::star::awt::Point *)()
________________________________________________________________________________________________________
*** CID 1464965: Control flow issues (DEADCODE)
/xmloff/source/draw/shapeexport.cxx: 2402 in XMLShapeExport::ImpExportGraphicObjectShape(const com::sun::star::uno::Reference<com::sun::star::drawing::XShape> &, XmlShapeType, XMLShapeExportFlags, com::sun::star::awt::Point *)()
2396 mrExport.AddAttribute(XML_NAMESPACE_XLINK, XML_SHOW, XML_EMBED);
2397 mrExport.AddAttribute(XML_NAMESPACE_XLINK, XML_ACTUATE, XML_ONLOAD);
2398 }
2399 }
2400 else
2401 {
>>> CID 1464965: Control flow issues (DEADCODE)
>>> Execution cannot reach the expression "this->mrExport->AddAttribute(6, xmloff::token::XML_HREF, rtl::OUString())" inside this statement: "this->mrExport->AddAttribut...".
2402 mrExport.AddAttribute(XML_NAMESPACE_XLINK, XML_HREF, OUString());
2403 mrExport.AddAttribute(XML_NAMESPACE_XLINK, XML_TYPE, XML_SIMPLE);
2404 mrExport.AddAttribute(XML_NAMESPACE_XLINK, XML_SHOW, XML_EMBED);
2405 mrExport.AddAttribute(XML_NAMESPACE_XLINK, XML_ACTUATE, XML_ONLOAD);
2406 }
2407
** CID 1464964: API usage errors (INVALIDATE_ITERATOR)
/writerfilter/source/dmapper/DomainMapper_Impl.cxx: 1657 in writerfilter::dmapper::DomainMapper_Impl::finishParagraph(const tools::SvRef<writerfilter::dmapper::PropertyMap> &, bool)()
________________________________________________________________________________________________________
*** CID 1464964: API usage errors (INVALIDATE_ITERATOR)
/writerfilter/source/dmapper/DomainMapper_Impl.cxx: 1657 in writerfilter::dmapper::DomainMapper_Impl::finishParagraph(const tools::SvRef<writerfilter::dmapper::PropertyMap> &, bool)()
1651 {
1652 // This textnode has numbering. Look up the numbering style name of the current and previous paragraph.
1653 OUString aCurrentNumberingName;
1654 OUString aPreviousNumberingName;
1655 if (isNumberingViaRule)
1656 {
>>> CID 1464964: API usage errors (INVALIDATE_ITERATOR)
>>> Dereferencing iterator "itNumberingRules" though it is already past the end of its container.
1657 uno::Reference<container::XNamed> xCurrentNumberingRules(itNumberingRules->Value, uno::UNO_QUERY);
1658 if (xCurrentNumberingRules.is())
1659 aCurrentNumberingName = xCurrentNumberingRules->getName();
1660 if (m_xPreviousParagraph.is())
1661 {
1662 uno::Reference<container::XNamed> xPreviousNumberingRules(m_xPreviousParagraph->getPropertyValue("NumberingRules"), uno::UNO_QUERY);
** CID 1464963: Null pointer dereferences (FORWARD_NULL)
________________________________________________________________________________________________________
*** CID 1464963: Null pointer dereferences (FORWARD_NULL)
/sw/source/filter/ww8/wrtww8.cxx: 3741 in SwWW8Writer::WriteStorage()()
3735 if (idx < 0)
3736 {
3737 sFileName = sPathElem;
3738 }
3739 else
3740 {
>>> CID 1464963: Null pointer dereferences (FORWARD_NULL)
>>> Passing null pointer "pStorage" to "OpenSotStorage", which dereferences it.
3741 pStorage = pStorage->OpenSotStorage(sPathElem);
3742 if (!pStorage)
3743 break;
3744 }
3745 }
3746 } while (pStorage && idx >= 0);
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/ls/click?upn=nJaKvJSIH-2FPAfmty-2BK5tYpPklAc1eEA-2F1zfUjH6teExViPHTTReBArhCRZ3BE4kCjKjDqn2Dq3ZyEbAvAs31gRpU3vMPHDnoSx68vDAWjNU-3DNRdp_OTq2XUZbbipYjyLSo6GRo-2FpVxQ9OzkDINu9UTS-2FQhSdO0F0jQniitrGlNxDIzPJiNIv57A1D1K2Gn6W2cjMm-2F-2FSk6Axy1HU8H5dzx5z1zf4l3HG7K5aNNC1MLkmp-2BzCf1XU4Uzugm-2FFpHC2YsWZvlt1T-2FLUNe2Xv81jJgVLdGj0KELdWk1iDAgvtcrdMyEoyWGZY-2FNbt8osW3yWDFK9uhFc1Y4-2FLbZWEhu4dNGVRky7lHttwJTYNbWgyO8wBk96P
_______________________________________________
LibreOffice mailing list
LibreOffice@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/libreoffice
New Defects reported by Coverity Scan for LibreOffice
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: New Defects reported by Coverity Scan for LibreOffice
- From: scan-admin@xxxxxxxxxxxx
- Date: Fri, 26 Jun 2020 22:59:05 +0000 (UTC)
- Prev by Date: Re: Implementation of mathbb and script
- Next by Date: Re: Implementation of mathbb and script
- Previous by thread: New Defects reported by Coverity Scan for LibreOffice
- Next by thread: New Defects reported by Coverity Scan for LibreOffice
- Index(es):
 |