Hi, Please find the latest report on new defect(s) introduced to LibreOffice found with Coverity Scan. 5 new defect(s) introduced to LibreOffice found with Coverity Scan. 1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 5 of 5 defect(s) ** CID 1495785: Error handling issues (CHECKED_RETURN) /sw/source/core/doc/DocumentRedlineManager.cxx: 459 in <unnamed>::lcl_DeleteTrackedTableRow(const SwPosition *)() ________________________________________________________________________________________________________ *** CID 1495785: Error handling issues (CHECKED_RETURN) /sw/source/core/doc/DocumentRedlineManager.cxx: 459 in <unnamed>::lcl_DeleteTrackedTableRow(const SwPosition *)() 453 pPos->GetDoc().DeleteRow( aCursor ); 454 } 455 else 456 { 457 // update property "HasTextChangesOnly" 458 SwRedlineTable::size_type nPos = 0; >>> CID 1495785: Error handling issues (CHECKED_RETURN) >>> Calling "UpdateTextChangesOnly" without checking return value (as is done elsewhere 5 out of 6 times). 459 pLine->UpdateTextChangesOnly(nPos); 460 } 461 } 462 } 463 464 // at rejection of a deletion in a table, remove the tracking of the table row ** CID 1495784: Low impact quality (MISSING_MOVE_ASSIGNMENT) /include/cppu/unotype.hxx: 44 in () ________________________________________________________________________________________________________ *** CID 1495784: Low impact quality (MISSING_MOVE_ASSIGNMENT) /include/cppu/unotype.hxx: 44 in () 38 39 namespace com { namespace sun { namespace star { namespace uno { 40 class Type; 41 class Any; 42 class Exception; 43 template< typename > class Reference; >>> CID 1495784: Low impact quality (MISSING_MOVE_ASSIGNMENT) >>> Class "com::sun::star::uno::Sequence<com::sun::star::uno::Reference<com::sun::star::frame::XDispatch> >" may benefit from adding a move assignment operator. See other events which show the copy assignment operator being applied to rvalues, where a move assignment may be faster. 44 template< typename > class Sequence; 45 class XInterface; 46 } } } } 47 namespace rtl { class OUString; } 48 49 namespace cppu { ** CID 1494594: (TOCTOU) /solenv/lockfile/lockfile.c: 320 in lockfile_create_save_tmplock() /solenv/lockfile/lockfile.c: 320 in lockfile_create_save_tmplock() /solenv/lockfile/lockfile.c: 325 in lockfile_create_save_tmplock() /solenv/lockfile/lockfile.c: 320 in lockfile_create_save_tmplock() /solenv/lockfile/lockfile.c: 320 in lockfile_create_save_tmplock() /solenv/lockfile/lockfile.c: 320 in lockfile_create_save_tmplock() ________________________________________________________________________________________________________ *** CID 1494594: (TOCTOU) /solenv/lockfile/lockfile.c: 320 in lockfile_create_save_tmplock() 314 * link() over NFS can't be trusted. 315 * EXTRA FIX: the value of the nlink field 316 * can't be trusted (may be cached). 317 */ 318 (void)!link(tmplock, lockfile); 319 >>> CID 1494594: (TOCTOU) >>> Calling function "lstat" to perform check on "tmplock". 320 if (lstat(tmplock, &st1) < 0) { 321 tmplock[0] = 0; 322 return L_ERROR; /* Can't happen */ 323 } 324 325 if (lstat(lockfile, &st) < 0) { /solenv/lockfile/lockfile.c: 320 in lockfile_create_save_tmplock() 314 * link() over NFS can't be trusted. 315 * EXTRA FIX: the value of the nlink field 316 * can't be trusted (may be cached). 317 */ 318 (void)!link(tmplock, lockfile); 319 >>> CID 1494594: (TOCTOU) >>> Calling function "lstat" to perform check on "tmplock". 320 if (lstat(tmplock, &st1) < 0) { 321 tmplock[0] = 0; 322 return L_ERROR; /* Can't happen */ 323 } 324 325 if (lstat(lockfile, &st) < 0) { /solenv/lockfile/lockfile.c: 325 in lockfile_create_save_tmplock() 319 320 if (lstat(tmplock, &st1) < 0) { 321 tmplock[0] = 0; 322 return L_ERROR; /* Can't happen */ 323 } 324 >>> CID 1494594: (TOCTOU) >>> Calling function "lstat" to perform check on "lockfile". 325 if (lstat(lockfile, &st) < 0) { 326 if (statfailed++ > 5) { 327 /* 328 * Normally, this can't happen; either 329 * another process holds the lockfile or 330 * we do. So if this error pops up /solenv/lockfile/lockfile.c: 320 in lockfile_create_save_tmplock() 314 * link() over NFS can't be trusted. 315 * EXTRA FIX: the value of the nlink field 316 * can't be trusted (may be cached). 317 */ 318 (void)!link(tmplock, lockfile); 319 >>> CID 1494594: (TOCTOU) >>> Calling function "lstat" to perform check on "tmplock". 320 if (lstat(tmplock, &st1) < 0) { 321 tmplock[0] = 0; 322 return L_ERROR; /* Can't happen */ 323 } 324 325 if (lstat(lockfile, &st) < 0) { /solenv/lockfile/lockfile.c: 320 in lockfile_create_save_tmplock() 314 * link() over NFS can't be trusted. 315 * EXTRA FIX: the value of the nlink field 316 * can't be trusted (may be cached). 317 */ 318 (void)!link(tmplock, lockfile); 319 >>> CID 1494594: (TOCTOU) >>> Calling function "lstat" to perform check on "tmplock". 320 if (lstat(tmplock, &st1) < 0) { 321 tmplock[0] = 0; 322 return L_ERROR; /* Can't happen */ 323 } 324 325 if (lstat(lockfile, &st) < 0) { /solenv/lockfile/lockfile.c: 320 in lockfile_create_save_tmplock() 314 * link() over NFS can't be trusted. 315 * EXTRA FIX: the value of the nlink field 316 * can't be trusted (may be cached). 317 */ 318 (void)!link(tmplock, lockfile); 319 >>> CID 1494594: (TOCTOU) >>> Calling function "lstat" to perform check on "tmplock". 320 if (lstat(tmplock, &st1) < 0) { 321 tmplock[0] = 0; 322 return L_ERROR; /* Can't happen */ 323 } 324 325 if (lstat(lockfile, &st) < 0) { ** CID 1494593: Memory - corruptions (OVERRUN) /solenv/lockfile/lockfile.c: 478 in lockfile_check() ________________________________________________________________________________________________________ *** CID 1494593: Memory - corruptions (OVERRUN) /solenv/lockfile/lockfile.c: 478 in lockfile_check() 472 (len = read(fd, buf, sizeof(buf))) >= 0 && 473 fstat(fd, &st2) == 0 && 474 st.st_atime != st2.st_atime) 475 now = st.st_atime; 476 close(fd); 477 if (len > 0 && (flags & (L_PID|L_PPID))) { >>> CID 1494593: Memory - corruptions (OVERRUN) >>> Overrunning array "buf" of 16 bytes at byte offset 16 using index "len" (which evaluates to 16). 478 buf[len] = 0; 479 pid = atoi(buf); 480 } 481 } 482 483 if (pid > 0) { ** CID 1494592: Security best practices violations (TOCTOU) /solenv/lockfile/lockfile.c: 456 in lockfile_check() ________________________________________________________________________________________________________ *** CID 1494592: Security best practices violations (TOCTOU) /solenv/lockfile/lockfile.c: 456 in lockfile_check() 450 struct stat st, st2; 451 char buf[16]; 452 time_t now; 453 pid_t pid; 454 int fd, len, r; 455 >>> CID 1494592: Security best practices violations (TOCTOU) >>> Calling function "stat" to perform check on "lockfile". 456 if (stat(lockfile, &st) < 0) 457 return -1; 458 459 /* 460 * Get the contents and mtime of the lockfile. 461 */ ________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50ypSs1kiFPuCn2xFdlMIFBirii0zZ9j2-2F9F2XPBcBm2BNgi9duPy3v-2FzgFDd2LJ-2BDKI-3DeDJh_OTq2XUZbbipYjyLSo6GRo-2FpVxQ9OzkDINu9UTS-2FQhSdO0F0jQniitrGlNxDIzPJie3cfC7pTBaNmzuryYA3nP-2BmLwswIw4rJayOrqC9nfj-2BVL51zcu9sQnm2pzAVZMak3dsjU43DF5k7VAZ2f-2Fa1APw5ta29R4NRbimHrWvYIICtEZSZnGBawVaWsRHenCVppE76c9Az6Vz7fr8VoQJvznedoeBf8eQOT4lGH9OS4Pw-3D