Hi,
Please find the latest report on new defect(s) introduced to LibreOffice found with Coverity Scan.
17 new defect(s) introduced to LibreOffice found with Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 17 of 17 defect(s)
** CID 1465676: Error handling issues (CHECKED_RETURN)
/sw/source/uibase/docvw/OutlineContentVisibilityWin.cxx: 68 in SwOutlineContentVisibilityWin::Set()()
________________________________________________________________________________________________________
*** CID 1465676: Error handling issues (CHECKED_RETURN)
/sw/source/uibase/docvw/OutlineContentVisibilityWin.cxx: 68 in SwOutlineContentVisibilityWin::Set()()
62 Hide();
63 return;
64 }
65 const SwTextNode* pTextNode = pTextFrame->GetTextNodeFirst();
66 SwWrtShell& rSh = GetEditWin()->GetView().GetWrtShell();
67 const SwOutlineNodes& rOutlineNodes = rSh.GetNodes().GetOutLineNds();
>>> CID 1465676: Error handling issues (CHECKED_RETURN)
>>> Calling "Seek_Entry" without checking return value (as is done elsewhere 23 out of 26 times).
68 rOutlineNodes.Seek_Entry(static_cast<SwNode*>(const_cast<SwTextNode*>(pTextNode)),
69 &m_nOutlinePos);
70 assert(m_nOutlinePos != SwOutlineNodes::npos);
71
72 // don't set if no content and no subs with content
73 auto nPos = m_nOutlinePos;
** CID 1465675: Uninitialized members (UNINIT_CTOR)
/sw/source/uibase/docvw/OutlineContentVisibilityWin.cxx: 41 in SwOutlineContentVisibilityWin::SwOutlineContentVisibilityWin(SwEditWin *, const SwFrame *)()
________________________________________________________________________________________________________
*** CID 1465675: Uninitialized members (UNINIT_CTOR)
/sw/source/uibase/docvw/OutlineContentVisibilityWin.cxx: 41 in SwOutlineContentVisibilityWin::SwOutlineContentVisibilityWin(SwEditWin *, const SwFrame *)()
35 , m_bDestroyed(false)
36 {
37 SetSizePixel(Size(BUTTON_WIDTH, BUTTON_HEIGHT));
38
39 m_aDelayTimer.SetTimeout(50);
40 m_aDelayTimer.SetInvokeHandler(LINK(this, SwOutlineContentVisibilityWin, DelayHandler));
>>> CID 1465675: Uninitialized members (UNINIT_CTOR)
>>> Non-static class member "m_nOutlinePos" is not initialized in this constructor nor in any functions that it calls.
41 }
42
43 void SwOutlineContentVisibilityWin::dispose()
44 {
45 m_bDestroyed = true;
46 m_aDelayTimer.Stop();
** CID 1465674: Incorrect expression (COPY_PASTE_ERROR)
/vcl/opengl/RenderList.cxx: 243 in RenderList::addDrawRectangle(long, long, long, long, double, Color, Color)()
________________________________________________________________________________________________________
*** CID 1465674: Incorrect expression (COPY_PASTE_ERROR)
/vcl/opengl/RenderList.cxx: 243 in RenderList::addDrawRectangle(long, long, long, long, double, Color, Color)()
237 fX1 - 0.5f, fY2 - 0.5f, fX2 + 0.5f, fY2 + 0.5f, nLineColor, fTransparency);
238 }
239
240 if (nFillColor == SALCOLOR_NONE)
241 return;
242
>>> CID 1465674: Incorrect expression (COPY_PASTE_ERROR)
>>> "nLineColor" looks like a copy-paste error.
243 if (nLineColor == SALCOLOR_NONE)
244 {
245 appendRectangle(rRenderParameter.maVertices, rRenderParameter.maIndices,
246 fX1 - 0.5f, fY1 - 0.5f, fX1 + 0.5f, fY2 + 0.5f, nFillColor, fTransparency);
247 appendRectangle(rRenderParameter.maVertices, rRenderParameter.maIndices,
248 fX1 - 0.5f, fY1 - 0.5f, fX2 + 0.5f, fY1 + 0.5f, nFillColor, fTransparency);
** CID 1465673: Error handling issues (CHECKED_RETURN)
/dbaccess/source/ui/querydesign/ConnectionLine.cxx: 90 in <unnamed>::calcPointsYValue(const dbaui::OTableWindow *, int, Point &, Point &)()
________________________________________________________________________________________________________
*** CID 1465673: Error handling issues (CHECKED_RETURN)
/dbaccess/source/ui/querydesign/ConnectionLine.cxx: 90 in <unnamed>::calcPointsYValue(const dbaui::OTableWindow *, int, Point &, Point &)()
84 _rNewConPos.setY( _pWin->GetPosPixel().Y() );
85 if (_nEntry != -1)
86 {
87 _rNewConPos.AdjustY(pListBox->GetPosPixel().Y() );
88 const weld::TreeView& rTreeView = pListBox->get_widget();
89 std::unique_ptr<weld::TreeIter> xEntry = rTreeView.make_iterator();
>>> CID 1465673: Error handling issues (CHECKED_RETURN)
>>> Calling "get_iter_first" without checking return value (as is done elsewhere 88 out of 94 times).
90 rTreeView.get_iter_first(*xEntry);
91 rTreeView.iter_nth_sibling(*xEntry, _nEntry);
92 auto nEntryPos = rTreeView.get_row_area(*xEntry).Center().Y();
93
94 if( nEntryPos >= 0 )
95 {
** CID 1465672: Uninitialized members (UNINIT_CTOR)
/xmloff/source/style/xmlstyle.cxx: 221 in <unnamed>::SvXMLStyleIndex_Impl::SvXMLStyleIndex_Impl(XmlStyleFamily, const rtl::OUString &)()
________________________________________________________________________________________________________
*** CID 1465672: Uninitialized members (UNINIT_CTOR)
/xmloff/source/style/xmlstyle.cxx: 221 in <unnamed>::SvXMLStyleIndex_Impl::SvXMLStyleIndex_Impl(XmlStyleFamily, const rtl::OUString &)()
215 public:
216
217 SvXMLStyleIndex_Impl( XmlStyleFamily nFam, const OUString& rName ) :
218 sName( rName ),
219 nFamily( nFam )
220 {
>>> CID 1465672: Uninitialized members (UNINIT_CTOR)
>>> Non-static class member "mpStyle" is not initialized in this constructor nor in any functions that it calls.
221 }
222
223 SvXMLStyleIndex_Impl( const rtl::Reference<SvXMLStyleContext> &rStl ) :
224 sName( rStl->GetName() ),
225 nFamily( rStl->GetFamily() ),
226 mpStyle ( rStl.get() )
** CID 1465671: Error handling issues (CHECKED_RETURN)
/xmloff/source/text/txtparai.cxx: 1941 in XMLParaContext::XMLParaContext(SvXMLImport &, unsigned short, const rtl::OUString &, const com::sun::star::uno::Reference<com::sun::star::xml::sax::XAttributeList> &, bool)()
________________________________________________________________________________________________________
*** CID 1465671: Error handling issues (CHECKED_RETURN)
/xmloff/source/text/txtparai.cxx: 1941 in XMLParaContext::XMLParaContext(SvXMLImport &, unsigned short, const rtl::OUString &, const com::sun::star::uno::Reference<com::sun::star::xml::sax::XAttributeList> &, bool)()
1935 mbOutlineLevelAttrFound = true;
1936 }
1937 break;
1938 case XML_TOK_TEXT_P_OUTLINE_CONTENT_VISIBLE:
1939 {
1940 mbOutlineContentVisible = true;
>>> CID 1465671: Error handling issues (CHECKED_RETURN)
>>> Calling "convertBool" without checking return value (as is done elsewhere 73 out of 79 times).
1941 ::sax::Converter::convertBool(mbOutlineContentVisible, rValue);
1942 }
1943 break;
1944 case XML_TOK_TEXT_P_IS_LIST_HEADER:
1945 {
1946 bool bBool(false);
** CID 1465670: Control flow issues (DEADCODE)
/sc/source/ui/cctrl/checklistmenu.cxx: 336 in ScCheckListMenuControl::selectMenuItem(unsigned long, bool)()
________________________________________________________________________________________________________
*** CID 1465670: Control flow issues (DEADCODE)
/sc/source/ui/cctrl/checklistmenu.cxx: 336 in ScCheckListMenuControl::selectMenuItem(unsigned long, bool)()
330 queueCloseSubMenu();
331 return;
332 }
333
334
335 if (nPos == MENU_NOT_SELECTED)
>>> CID 1465670: Control flow issues (DEADCODE)
>>> Execution cannot reach this statement: "return;".
336 return;
337
338 ScCheckListMenuWindow* pParentMenu = mxFrame->GetParentMenu();
339 if (pParentMenu)
340 pParentMenu->get_widget().setSubMenuFocused(this);
341
** CID 1465669: Null pointer dereferences (FORWARD_NULL)
________________________________________________________________________________________________________
*** CID 1465669: Null pointer dereferences (FORWARD_NULL)
/sw/source/uibase/uno/unotxdoc.cxx: 2951 in SwXTextDocument::render(int, const com::sun::star::uno::Any &, const com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> &)()
2945 if (!m_pPrintUIOptions)
2946 m_pPrintUIOptions = lcl_GetPrintUIOptions( pDocShell, pView );
2947 m_pPrintUIOptions->processProperties( rxOptions );
2948 const bool bPrintProspect = m_pPrintUIOptions->getBoolValue( "PrintProspect" );
2949 const bool bLastPage = m_pPrintUIOptions->getBoolValue( "IsLastPage" );
2950
>>> CID 1465669: Null pointer dereferences (FORWARD_NULL)
>>> "GetRenderDoc" dereferences null "this->pDocShell".
2951 SwDoc *pDoc = GetRenderDoc( pView, rSelection, bIsPDFExport );
2952 OSL_ENSURE( pDoc && pView, "doc or view shell missing!" );
2953 if (pDoc && pView)
2954 {
2955 sal_Int32 nMaxRenderer = 0;
2956 if (!bIsSwSrcView)
** CID 1462318: Memory - illegal accesses (USE_AFTER_FREE)
________________________________________________________________________________________________________
*** CID 1462318: Memory - illegal accesses (USE_AFTER_FREE)
/bridges/source/jni_uno/jni_java2uno.cxx: 218 in jni_uno::Bridge::call_uno(const jni_uno::JNI_context &, _uno_Interface *, _typelib_TypeDescription *, _typelib_TypeDescriptionReference *, int, const _typelib_MethodParameter *, _jobjectArray *) const()
212 {
213 JLocalAutoRef jo_arg(
214 jni, jni->GetObjectArrayElement( jo_args, nPos ) );
215 jni.ensure_no_exception();
216 jvalue java_arg;
217 java_arg.l = jo_arg.get();
>>> CID 1462318: Memory - illegal accesses (USE_AFTER_FREE)
>>> Calling "map_to_uno" dereferences freed pointer "type".
218 map_to_uno(
219 jni, uno_args[ nPos ], java_arg, type, nullptr,
220 false /* no assign */, param.bOut,
221 true /* special wrapped integral types */ );
222 }
223 catch (...)
** CID 1462316: (USE_AFTER_FREE)
/cppu/source/helper/purpenv/helper_purpenv_Proxy.cxx: 491 in Proxy::dispatch(_typelib_TypeDescriptionReference *, _typelib_MethodParameter *, int, const _typelib_TypeDescription *, void *, void **, _uno_Any **)()
________________________________________________________________________________________________________
*** CID 1462316: (USE_AFTER_FREE)
/cppu/source/helper/purpenv/helper_purpenv_Proxy.cxx: 457 in Proxy::dispatch(_typelib_TypeDescriptionReference *, _typelib_MethodParameter *, int, const _typelib_TypeDescription *, void *, void **, _uno_Any **)()
451 }
452 uno_Environment_invoke(m_to.get(), s_type_destructData_v, args[nPos], param.pTypeRef, 0);
453 }
454 }
455 if (ret != pReturn)
456 {
>>> CID 1462316: (USE_AFTER_FREE)
>>> Calling "uno_type_copyAndConvertData" dereferences freed pointer "pReturnTypeRef".
457 uno_type_copyAndConvertData(pReturn,
458 ret,
459 pReturnTypeRef,
460 m_to_from.get());
461
462 uno_Environment_invoke(m_to.get(), s_type_destructData_v, ret, pReturnTypeRef, 0);
/cppu/source/helper/purpenv/helper_purpenv_Proxy.cxx: 491 in Proxy::dispatch(_typelib_TypeDescriptionReference *, _typelib_MethodParameter *, int, const _typelib_TypeDescription *, void *, void **, _uno_Any **)()
485
486 // FIXME: need to destruct in m_to
487 uno_any_destruct(exc, nullptr);
488 }
489
490 if (m_probeFun)
>>> CID 1462316: (USE_AFTER_FREE)
>>> Passing freed pointer "pReturnTypeRef" as an argument to "*this->m_probeFun".
491 m_probeFun(false,
492 this,
493 m_pProbeContext,
494 pReturnTypeRef,
495 pParams,
496 nParams,
** CID 1462314: Memory - illegal accesses (USE_AFTER_FREE)
________________________________________________________________________________________________________
*** CID 1462314: Memory - illegal accesses (USE_AFTER_FREE)
/bridges/source/cpp_uno/gcc3_linux_x86-64/cpp2uno.cxx: 78 in cpp2uno_call(bridges::cpp_uno::shared::CppInterfaceProxy *, const _typelib_TypeDescription *, _typelib_TypeDescriptionReference *, int, _typelib_MethodParameter *, void **, void **, void **, unsigned long *)()
72
73 void * pUnoReturn = nullptr;
74 void * pCppReturn = nullptr; // complex return ptr: if != 0 && != pUnoReturn, reconversion need
75
76 if ( pReturnTypeDescr )
77 {
>>> CID 1462314: Memory - illegal accesses (USE_AFTER_FREE)
>>> Calling "return_in_hidden_param" dereferences freed pointer "pReturnTypeRef".
78 if ( x86_64::return_in_hidden_param( pReturnTypeRef ) )
79 {
80 pCppReturn = *gpreg++;
81 nr_gpr++;
82
83 pUnoReturn = ( bridges::cpp_uno::shared::relatesToInterfaceType( pReturnTypeDescr )
** CID 1462313: Memory - illegal accesses (USE_AFTER_FREE)
/bridges/source/jni_uno/jni_data.cxx: 1047 in jni_uno::Bridge::map_to_uno(const jni_uno::JNI_context &, void *, jvalue, _typelib_TypeDescriptionReference *, const jni_uno::JNI_type_info *, bool, bool, bool) const()
________________________________________________________________________________________________________
*** CID 1462313: Memory - illegal accesses (USE_AFTER_FREE)
/bridges/source/jni_uno/jni_data.cxx: 1047 in jni_uno::Bridge::map_to_uno(const jni_uno::JNI_context &, void *, jvalue, _typelib_TypeDescriptionReference *, const jni_uno::JNI_type_info *, bool, bool, bool) const()
1041 case typelib_TypeClass_INTERFACE:
1042 {
1043 TypeDescr element_td( element_type );
1044 seq = seq_allocate( nElements, element_td.get()->nSize );
1045
1046 JNI_type_info const * element_info;
>>> CID 1462313: Memory - illegal accesses (USE_AFTER_FREE)
>>> Dereferencing freed pointer "element_type".
1047 if (element_type->eTypeClass == typelib_TypeClass_STRUCT ||
1048 element_type->eTypeClass == typelib_TypeClass_EXCEPTION ||
1049 element_type->eTypeClass == typelib_TypeClass_INTERFACE)
1050 {
1051 element_info =
1052 getJniInfo()->get_type_info( jni, element_td.get() );
** CID 1462312: Memory - illegal accesses (USE_AFTER_FREE)
/bridges/source/jni_uno/jni_data.cxx: 2388 in jni_uno::Bridge::map_to_java(const jni_uno::JNI_context &, jvalue *, const void *, _typelib_TypeDescriptionReference *, const jni_uno::JNI_type_info *, bool, bool, bool) const()
________________________________________________________________________________________________________
*** CID 1462312: Memory - illegal accesses (USE_AFTER_FREE)
/bridges/source/jni_uno/jni_data.cxx: 2388 in jni_uno::Bridge::map_to_java(const jni_uno::JNI_context &, jvalue *, const void *, _typelib_TypeDescriptionReference *, const jni_uno::JNI_type_info *, bool, bool, bool) const()
2382 }
2383 }
2384 break;
2385 }
2386 default:
2387 {
>>> CID 1462312: Memory - illegal accesses (USE_AFTER_FREE)
>>> Dereferencing freed pointer "type".
2388 throw BridgeRuntimeError(
2389 "[map_to_java():" + OUString::unacquired( &type->pTypeName )
2390 + "] unsupported element type: "
2391 + OUString::unacquired( &element_type->pTypeName )
2392 + jni.get_stack_trace() );
2393 }
** CID 1462311: Memory - illegal accesses (USE_AFTER_FREE)
/cppu/source/uno/sequence.cxx: 805 in uno_type_sequence_reference2One()
________________________________________________________________________________________________________
*** CID 1462311: Memory - illegal accesses (USE_AFTER_FREE)
/cppu/source/uno/sequence.cxx: 805 in uno_type_sequence_reference2One()
799 &pNew, pSequence->elements,
800 reinterpret_cast<typelib_IndirectTypeDescription *>(pTypeDescr)->pType,
801 pSequence->nElements, acquire,
802 pSequence->nElements ); // alloc nElements
803 if (ret)
804 {
>>> CID 1462311: Memory - illegal accesses (USE_AFTER_FREE)
>>> Passing freed pointer "pType" as an argument to "idestructSequence".
805 idestructSequence( *ppSequence, pType, pTypeDescr, release );
806 *ppSequence = pNew;
807 }
808
809 TYPELIB_DANGER_RELEASE( pTypeDescr );
810 }
** CID 1462310: Memory - illegal accesses (USE_AFTER_FREE)
/bridges/source/jni_uno/jni_data.cxx: 1094 in jni_uno::Bridge::map_to_uno(const jni_uno::JNI_context &, void *, jvalue, _typelib_TypeDescriptionReference *, const jni_uno::JNI_type_info *, bool, bool, bool) const()
________________________________________________________________________________________________________
*** CID 1462310: Memory - illegal accesses (USE_AFTER_FREE)
/bridges/source/jni_uno/jni_data.cxx: 1094 in jni_uno::Bridge::map_to_uno(const jni_uno::JNI_context &, void *, jvalue, _typelib_TypeDescriptionReference *, const jni_uno::JNI_type_info *, bool, bool, bool) const()
1088 }
1089 }
1090 break;
1091 }
1092 default:
1093 {
>>> CID 1462310: Memory - illegal accesses (USE_AFTER_FREE)
>>> Dereferencing freed pointer "type".
1094 throw BridgeRuntimeError(
1095 "[map_to_uno():" + OUString::unacquired( &type->pTypeName )
1096 + "] unsupported sequence element type: "
1097 + OUString::unacquired( &element_type->pTypeName )
1098 + jni.get_stack_trace() );
1099 }
** CID 1462309: Memory - illegal accesses (USE_AFTER_FREE)
________________________________________________________________________________________________________
*** CID 1462309: Memory - illegal accesses (USE_AFTER_FREE)
/cppu/source/uno/destr.hxx: 139 in cppu::_destructAny(_uno_Any *, void (*)(void *))()
133 break;
134 }
135 #if OSL_DEBUG_LEVEL > 0
136 pAny->pData = reinterpret_cast<void *>(uintptr_t(0xdeadbeef));
137 #endif
138
>>> CID 1462309: Memory - illegal accesses (USE_AFTER_FREE)
>>> Calling "typelib_typedescriptionreference_release" dereferences freed pointer "pType".
139 ::typelib_typedescriptionreference_release( pType );
140 }
141
142 inline sal_Int32 idestructElements(
143 void * pElements, typelib_TypeDescriptionReference * pElementType,
144 sal_Int32 nStartIndex, sal_Int32 nStopIndex,
** CID 1462308: Memory - illegal accesses (USE_AFTER_FREE)
/bridges/source/jni_uno/jni_java2uno.cxx: 286 in jni_uno::Bridge::call_uno(const jni_uno::JNI_context &, _uno_Interface *, _typelib_TypeDescription *, _typelib_TypeDescriptionReference *, int, const _typelib_MethodParameter *, _jobjectArray *) const()
________________________________________________________________________________________________________
*** CID 1462308: Memory - illegal accesses (USE_AFTER_FREE)
/bridges/source/jni_uno/jni_java2uno.cxx: 286 in jni_uno::Bridge::call_uno(const jni_uno::JNI_context &, _uno_Interface *, _typelib_TypeDescription *, _typelib_TypeDescriptionReference *, int, const _typelib_MethodParameter *, _jobjectArray *) const()
280 type->eTypeClass != typelib_TypeClass_ENUM) // opt
281 {
282 uno_type_destructData( uno_args[ nPos ], type, nullptr );
283 }
284 }
285
>>> CID 1462308: Memory - illegal accesses (USE_AFTER_FREE)
>>> Dereferencing freed pointer "return_type".
286 if (return_type->eTypeClass != typelib_TypeClass_VOID)
287 {
288 // convert uno return value
289 jvalue java_ret;
290 try
291 {
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50ypSs1kiFPuCn2xFdlMIFBirii0zZ9j2-2F9F2XPBcBm2BNgi9duPy3v-2FzgFDd2LJ-2BDKI-3DPtsO_OTq2XUZbbipYjyLSo6GRo-2FpVxQ9OzkDINu9UTS-2FQhSdO0F0jQniitrGlNxDIzPJiiXPZi4mOPHWPLpuiRofcUvRfRJq4-2BGfNgELYxKs2jfk9Za1i14VsFm3DmBFhqKLg1B4Cp0AZIX5o1YV6-2B-2Fc3HGbrLNcmNsvZtqkfq3hBZ8rlDFLv5u0YpvnJKMW3aJ9WJZM5PwHSKnBcU9TSZyE-2FoDqBoBhaWDfP9FdtKMDZCtk-2FLFeOuCcJi-2BGpYDM5MZUh
_______________________________________________
LibreOffice mailing list
LibreOffice@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/libreoffice
New Defects reported by Coverity Scan for LibreOffice
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: New Defects reported by Coverity Scan for LibreOffice
- From: scan-admin@xxxxxxxxxxxx
- Date: Thu, 06 Aug 2020 20:33:02 +0000 (UTC)
- Follow-Ups:
- Re: New Defects reported by Coverity Scan for LibreOffice
- From: Stephan Bergmann
- Re: New Defects reported by Coverity Scan for LibreOffice
- Prev by Date: ESC meeting minutes: 2020-08-06
- Next by Date: Crash test update
- Previous by thread: New Defects reported by Coverity Scan for LibreOffice
- Next by thread: Re: New Defects reported by Coverity Scan for LibreOffice
- Index(es):
 |