New Defects reported by Coverity Scan for LibreOffice

scan-admin@xxxxxxxxxxxx · Sun, 27 Nov 2022 12:19:56 +0000 (UTC)

Hi,

Please find the latest report on new defect(s) introduced to LibreOffice found with Coverity Scan.

7 new defect(s) introduced to LibreOffice found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 7 of 7 defect(s)

** CID 1517060:  Error handling issues  (CHECKED_RETURN)
/cui/source/customize/cfgutil.cxx: 1352 in SvxScriptSelectorDialog::LoadLastUsedMacro()()

________________________________________________________________________________________________________
*** CID 1517060:  Error handling issues  (CHECKED_RETURN)
/cui/source/customize/cfgutil.cxx: 1352 in SvxScriptSelectorDialog::LoadLastUsedMacro()()
1346             if (bIsIterValid)
1347             {
1348                 xCategories.expand_row(*xIter);
1349                 nOpenedNodes++;
1350             }
1351             if (xCategories.iter_has_child(*xIter))
>>>     CID 1517060:  Error handling issues  (CHECKED_RETURN)
>>>     Calling "iter_children" without checking return value (as is done elsewhere 59 out of 61 times).
1352                 xCategories.iter_children(*xIter);
1353             else if (nOpenedNodes < nInfoParts - 1)
1354                 // If the number of levels in the tree is smaller than the
1355                 // number of parts in the macro info string, then return
1356                 return;
1357         }

** CID 1517059:  Integer handling issues  (NEGATIVE_RETURNS)

________________________________________________________________________________________________________
*** CID 1517059:  Integer handling issues  (NEGATIVE_RETURNS)
/sw/source/ui/vba/vbacontentcontrols.cxx: 182 in <unnamed>::ContentControlCollectionHelper::hasByName(const rtl::OUString &)()
176                 new SwVbaContentControl(mxParent, mxContext, mxTextDocument, *m_pCache)));
177         }
178     
179         sal_Bool SAL_CALL hasByName(const OUString& aName) override
180         {
181             sal_Int32 nCount = -1;
>>>     CID 1517059:  Integer handling issues  (NEGATIVE_RETURNS)
>>>     "nCount" is passed to a parameter that cannot be negative.
182             m_pCache = lcl_getContentControl(aName, m_sTag, m_sTitle, nCount, mxTextDocument);
183             return m_pCache != nullptr;
184         }
185     
186         // XElementAccess
187         uno::Type SAL_CALL getElementType() override

** CID 1517058:  Null pointer dereferences  (FORWARD_NULL)

________________________________________________________________________________________________________
*** CID 1517058:  Null pointer dereferences  (FORWARD_NULL)
/sc/source/filter/xcl97/xcl97rec.cxx: 247 in <unnamed>::SaveDrawingMLObjects(XclExpObjList &, XclExpXmlStream &)()
241             else
242                 --nSkipObj;
243     
244             if (rxObj->GetObjType() == 0) // group (it can be a subgroup)
245             {
246                 XclObjAny* pObj = dynamic_cast<XclObjAny*>(rxObj.get());
>>>     CID 1517058:  Null pointer dereferences  (FORWARD_NULL)
>>>     Passing null pointer "pObj->GetShape()" to "Reference", which dereferences it.
247                 css::uno::Reference<css::drawing::XShapes> mXShapes(pObj->GetShape(), UNO_QUERY);
248                 // skip (also) the objects of this group
249                 nSkipObj += mXShapes->getCount();
250             }
251         }
252     

** CID 1517057:  Null pointer dereferences  (REVERSE_INULL)
/sdext/source/pdfimport/tree/drawtreevisiting.cxx: 761 in pdfi::DrawXmlOptimizer::optimizeTextElements(pdfi::Element &)()

________________________________________________________________________________________________________
*** CID 1517057:  Null pointer dereferences  (REVERSE_INULL)
/sdext/source/pdfimport/tree/drawtreevisiting.cxx: 761 in pdfi::DrawXmlOptimizer::optimizeTextElements(pdfi::Element &)()
755                         for(int i=0; i< str.getLength(); i++)
756                         {
757                             sal_Int16 nType = GetBreakIterator()->getScriptType( str, i );
758                             if (nType == css::i18n::ScriptType::COMPLEX)
759                                 isComplex = true;
760                         }
>>>     CID 1517057:  Null pointer dereferences  (REVERSE_INULL)
>>>     Null-checking "pPara" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
761                         if (bPara && pPara && isComplex)
762                             pPara->bRtl = true;
763                         // append eventual children to current element
764                         // and clear children (else the children just
765                         // appended to pCur would be destroyed)
766                         pCur->Children.splice( pCur->Children.end(), pNext->Children );

** CID 1517056:  Null pointer dereferences  (FORWARD_NULL)
/sw/source/core/crsr/bookmark.cxx: 824 in sw::mark::DropDownFieldmark::AddContent(const rtl::OUString &, int *)()

________________________________________________________________________________________________________
*** CID 1517056:  Null pointer dereferences  (FORWARD_NULL)
/sw/source/core/crsr/bookmark.cxx: 824 in sw::mark::DropDownFieldmark::AddContent(const rtl::OUString &, int *)()
818     
819             auto aList = comphelper::sequenceToContainer<std::vector<OUString>>(aSeq);
820             if (nNewPos < nLen)
821                 aList.insert(aList.begin() + nNewPos, rText);
822             else
823             {
>>>     CID 1517056:  Null pointer dereferences  (FORWARD_NULL)
>>>     Dereferencing null pointer "pIndex".
824                 *pIndex = nLen;
825                 aList.push_back(rText);
826             }
827     
828             (*pParameters)[ODF_FORMDROPDOWN_LISTENTRY] <<= comphelper::containerToSequence(aList);
829             Invalidate();

** CID 1517055:  Null pointer dereferences  (REVERSE_INULL)
/vcl/source/window/bubblewindow.cxx: 535 in MenuBarUpdateIconManager::AddMenuBarIcon(SystemWindow *, bool)()

________________________________________________________________________________________________________
*** CID 1517055:  Null pointer dereferences  (REVERSE_INULL)
/vcl/source/window/bubblewindow.cxx: 535 in MenuBarUpdateIconManager::AddMenuBarIcon(SystemWindow *, bool)()
529                                         LINK( this, MenuBarUpdateIconManager, ClickHdl ),
530                                         aBuf.makeStringAndClear() );
531                 maIconMBars.push_back(pActiveMBar);
532                 maIconIDs.push_back(nIconID);
533             }
534     
>>>     CID 1517055:  Null pointer dereferences  (REVERSE_INULL)
>>>     Null-checking "pSysWin" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
535             if (bAddEventHdl && pSysWin)
536                 pSysWin->AddEventListener( maWindowEventHdl );
537         }
538     
539         if (mpActiveMBar != pActiveMBar)
540         {

** CID 1517054:  Control flow issues  (DEADCODE)
/vcl/headless/CairoCommon.cxx: 738 in CairoCommon::drawPolyLine(_cairo *, basegfx::B2DRange *, const Color &, bool, const basegfx::B2DHomMatrix &, const basegfx::B2DPolygon &, double, double, const std::vector<double, std::allocator<double>> *, basegfx::B2DLineJoin, com::sun::star::drawing::LineCap, double, bool)()

________________________________________________________________________________________________________
*** CID 1517054:  Control flow issues  (DEADCODE)
/vcl/headless/CairoCommon.cxx: 738 in CairoCommon::drawPolyLine(_cairo *, basegfx::B2DRange *, const Color &, bool, const basegfx::B2DHomMatrix &, const basegfx::B2DPolygon &, double, double, const std::vector<double, std::allocator<double>> *, basegfx::B2DLineJoin, com::sun::star::drawing::LineCap, double, bool)()
732             {
733                 SAL_WARN("vcl.gdi", "drawPolyLine, suspicious input line width of: "
734                                         << fLineWidth << ", will be " << fLineWidthPixel
735                                         << " pixels thick");
736                 if (bFuzzing)
737                 {
>>>     CID 1517054:  Control flow issues  (DEADCODE)
>>>     Execution cannot reach this statement: "aObjectToDeviceInv.B2DHomMa...".
738                     basegfx::B2DHomMatrix aObjectToDeviceInv(rObjectToDevice);
739                     aObjectToDeviceInv.invert();
740                     fLineWidth
741                         = (aObjectToDeviceInv * basegfx::B2DVector(MaxNormalLineWidth, 0)).getLength();
742                 }
743             }

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50ypSs1kiFPuCn2xFdlMIFBirii0zZ9j2-2F9F2XPBcBm2BNgi9duPy3v-2FzgFDd2LJ-2BDKI-3DW6Og_OTq2XUZbbipYjyLSo6GRo-2FpVxQ9OzkDINu9UTS-2FQhSdO0F0jQniitrGlNxDIzPJiKrCse1h-2BnRwGOk50ynxFkFdufQej79C3ZH-2BdKCk2YZIzzgchvaeXWH8Cu-2Bb7XzVZODnizk4c-2BDDSDrX8NliW-2FHCDsm1cGAt2-2FHJksk-2B6Gban-2FV-2FyDhYB4zkZvAprXz91dTTRRO5Ex6kMIe3n3uKL9-2BsADNUIOJCko1wyQED2zKw-3D