Hi,
Please find the latest report on new defect(s) introduced to LibreOffice found with Coverity Scan.
6 new defect(s) introduced to LibreOffice found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 6 of 6 defect(s)
** CID 1487035: Uninitialized members (UNINIT_CTOR)
/oox/source/ole/oleobjecthelper.cxx: 52 in oox::ole::OleObjectInfo::OleObjectInfo()()
________________________________________________________________________________________________________
*** CID 1487035: Uninitialized members (UNINIT_CTOR)
/oox/source/ole/oleobjecthelper.cxx: 52 in oox::ole::OleObjectInfo::OleObjectInfo()()
46
47 OleObjectInfo::OleObjectInfo() :
48 mbLinked( false ),
49 mbShowAsIcon( false ),
50 mbAutoUpdate( false )
51 {
>>> CID 1487035: Uninitialized members (UNINIT_CTOR)
>>> Non-static class member "mbHasPicture" is not initialized in this constructor nor in any functions that it calls.
52 }
53
54 const char g_aEmbeddedObjScheme[] = "vnd.sun.star.EmbeddedObject:";
55
56 OleObjectHelper::OleObjectHelper(
57 const Reference< XMultiServiceFactory >& rxModelFactory,
** CID 1487034: (TAINTED_SCALAR)
________________________________________________________________________________________________________
*** CID 1487034: (TAINTED_SCALAR)
/vcl/source/filter/svm/SvmReader.cxx: 119 in SvmReader::Read(GDIMetaFile &, ImplMetaReadData *)()
113 {
114 if (pAction->GetType() == MetaActionType::COMMENT)
115 {
116 MetaCommentAction* pCommentAct
117 = static_cast<MetaCommentAction*>(pAction.get());
118
>>> CID 1487034: (TAINTED_SCALAR)
>>> Passing tainted expression "*pCommentAct->GetComment().pData" to "operator ==", which uses it as a loop boundary.
119 if (pCommentAct->GetComment() == "EMF_PLUS")
120 rMetaFile.UseCanvas(true);
121 }
122 rMetaFile.AddAction(pAction);
123 }
124 }
/vcl/source/filter/svm/SvmReader.cxx: 119 in SvmReader::Read(GDIMetaFile &, ImplMetaReadData *)()
113 {
114 if (pAction->GetType() == MetaActionType::COMMENT)
115 {
116 MetaCommentAction* pCommentAct
117 = static_cast<MetaCommentAction*>(pAction.get());
118
>>> CID 1487034: (TAINTED_SCALAR)
>>> Passing tainted expression "*pCommentAct->GetComment().pData" to "operator ==", which uses it as an offset.
119 if (pCommentAct->GetComment() == "EMF_PLUS")
120 rMetaFile.UseCanvas(true);
121 }
122 rMetaFile.AddAction(pAction);
123 }
124 }
** CID 1487033: (FB.UWF_UNWRITTEN_FIELD)
/nlpsolver/ThirdParty/EvolutionarySolver/src/net/adaptivebox/deps/DEPSAgent.java: 76 in ()
/nlpsolver/ThirdParty/EvolutionarySolver/src/net/adaptivebox/deps/DEPSAgent.java: 75 in ()
________________________________________________________________________________________________________
*** CID 1487033: (FB.UWF_UNWRITTEN_FIELD)
/nlpsolver/ThirdParty/EvolutionarySolver/src/net/adaptivebox/deps/DEPSAgent.java: 76 in ()
70 private DEGTBehavior deGTBehavior;
71 private PSGTBehavior psGTBehavior;
72 public double switchP = 0.5;
73
74 public void setLibrary(Library lib) {
75 deGTBehavior.setLibrary(lib);
>>> CID 1487033: (FB.UWF_UNWRITTEN_FIELD)
>>> Unwritten field: net.adaptivebox.deps.DEPSAgent.psGTBehavior.
76 psGTBehavior.setLibrary(lib);
77 }
78
79 public void setProblemEncoder(ProblemEncoder encoder) {
80 problemEncoder = encoder;
81 trailPoint = problemEncoder.getFreshSearchPoint();
/nlpsolver/ThirdParty/EvolutionarySolver/src/net/adaptivebox/deps/DEPSAgent.java: 75 in ()
69 // Generate-and-test behaviors.
70 private DEGTBehavior deGTBehavior;
71 private PSGTBehavior psGTBehavior;
72 public double switchP = 0.5;
73
74 public void setLibrary(Library lib) {
>>> CID 1487033: (FB.UWF_UNWRITTEN_FIELD)
>>> Unwritten field: net.adaptivebox.deps.DEPSAgent.deGTBehavior.
75 deGTBehavior.setLibrary(lib);
76 psGTBehavior.setLibrary(lib);
77 }
78
79 public void setProblemEncoder(ProblemEncoder encoder) {
80 problemEncoder = encoder;
** CID 1487032: (FB.NP_UNWRITTEN_FIELD)
/nlpsolver/ThirdParty/EvolutionarySolver/src/net/adaptivebox/deps/DEPSAgent.java: 76 in net.adaptivebox.deps.DEPSAgent.setLibrary(net.adaptivebox.knowledge.Library)()
/nlpsolver/ThirdParty/EvolutionarySolver/src/net/adaptivebox/deps/DEPSAgent.java: 75 in net.adaptivebox.deps.DEPSAgent.setLibrary(net.adaptivebox.knowledge.Library)()
________________________________________________________________________________________________________
*** CID 1487032: (FB.NP_UNWRITTEN_FIELD)
/nlpsolver/ThirdParty/EvolutionarySolver/src/net/adaptivebox/deps/DEPSAgent.java: 76 in net.adaptivebox.deps.DEPSAgent.setLibrary(net.adaptivebox.knowledge.Library)()
70 private DEGTBehavior deGTBehavior;
71 private PSGTBehavior psGTBehavior;
72 public double switchP = 0.5;
73
74 public void setLibrary(Library lib) {
75 deGTBehavior.setLibrary(lib);
>>> CID 1487032: (FB.NP_UNWRITTEN_FIELD)
>>> Read of unwritten field psGTBehavior.
76 psGTBehavior.setLibrary(lib);
77 }
78
79 public void setProblemEncoder(ProblemEncoder encoder) {
80 problemEncoder = encoder;
81 trailPoint = problemEncoder.getFreshSearchPoint();
/nlpsolver/ThirdParty/EvolutionarySolver/src/net/adaptivebox/deps/DEPSAgent.java: 75 in net.adaptivebox.deps.DEPSAgent.setLibrary(net.adaptivebox.knowledge.Library)()
69 // Generate-and-test behaviors.
70 private DEGTBehavior deGTBehavior;
71 private PSGTBehavior psGTBehavior;
72 public double switchP = 0.5;
73
74 public void setLibrary(Library lib) {
>>> CID 1487032: (FB.NP_UNWRITTEN_FIELD)
>>> Read of unwritten field deGTBehavior.
75 deGTBehavior.setLibrary(lib);
76 psGTBehavior.setLibrary(lib);
77 }
78
79 public void setProblemEncoder(ProblemEncoder encoder) {
80 problemEncoder = encoder;
** CID 1487031: Insecure data handling (TAINTED_SCALAR)
________________________________________________________________________________________________________
*** CID 1487031: Insecure data handling (TAINTED_SCALAR)
/vcl/source/filter/svm/SvmReader.cxx: 745 in SvmReader::TextArrayHandler(ImplMetaReadData *)()
739 {
740 pAction->SetIndex(0);
741 aArray.reset();
742 }
743 }
744
>>> CID 1487031: Insecure data handling (TAINTED_SCALAR)
>>> Passing tainted expression "pAction->mnLen" to "SetDXArray", which uses it as an allocation size.
745 pAction->SetDXArray(aArray.get());
746 return pAction;
747 }
748
749 rtl::Reference<MetaAction> SvmReader::StretchTextHandler(ImplMetaReadData* pData)
750 {
** CID 1487030: Null pointer dereferences (FORWARD_NULL)
________________________________________________________________________________________________________
*** CID 1487030: Null pointer dereferences (FORWARD_NULL)
/oox/source/shape/WpsContext.cxx: 40 in oox::shape::WpsContext::WpsContext(const oox::core::ContextHandler2Helper &, com::sun::star::uno::Reference<com::sun::star::drawing::XShape>, const std::shared_ptr<oox::drawingml::Shape> &, const std::shared_ptr<oox::drawingml::Shape> &)()
34 WpsContext::WpsContext(ContextHandler2Helper const& rParent, uno::Reference<drawing::XShape> xShape,
35 const drawingml::ShapePtr& pMasterShapePtr,
36 const drawingml::ShapePtr& pShapePtr)
37 : ShapeContext(rParent, pMasterShapePtr, pShapePtr)
38 , mxShape(std::move(xShape))
39 {
>>> CID 1487030: Null pointer dereferences (FORWARD_NULL)
>>> Passing null pointer "this->mpShapePtr" to "setWps", which dereferences it.
40 mpShapePtr->setWps(true);
41 }
42
43 WpsContext::~WpsContext() = default;
44
45 oox::core::ContextHandlerRef WpsContext::onCreateContext(sal_Int32 nElementToken,
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50ypSs1kiFPuCn2xFdlMIFBirii0zZ9j2-2F9F2XPBcBm2BNgi9duPy3v-2FzgFDd2LJ-2BDKI-3DkOcc_OTq2XUZbbipYjyLSo6GRo-2FpVxQ9OzkDINu9UTS-2FQhSdO0F0jQniitrGlNxDIzPJiGtuAb-2BR7mqMhKgI9yxano-2FEvS1V3hO8HvqwdnG98ftK-2BdHHQe6rM0mepiXqaqJfjZvf4CVq-2FWdXHvPE-2B695hKrZoML4-2B-2BEzWyPV8sEl7biCehptWXrHKtClAkE2w-2FymRdKSHCiVdxUybXPzhRn-2Fsjh68EmQd4bxzQ5rcicfUiHc-3D
_______________________________________________
LibreOffice mailing list
LibreOffice@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/libreoffice
New Defects reported by Coverity Scan for LibreOffice
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: New Defects reported by Coverity Scan for LibreOffice
- From: scan-admin@xxxxxxxxxxxx
- Date: Sat, 10 Jul 2021 08:53:27 +0000 (UTC)
- Prev by Date: testVerticallyMergedCellBorder failing on some systems
- Next by Date: Can some characters, '<' and '>' add in Korean Line break rules file on LibreOffice?
- Previous by thread: New Defects reported by Coverity Scan for LibreOffice
- Next by thread: New Defects reported by Coverity Scan for LibreOffice
- Index(es):
 |