New Defects reported by Coverity Scan for LibreOffice

scan-admin@xxxxxxxxxxxx · Fri, 29 Sep 2023 05:51:42 +0000 (UTC)

Hi,

Please find the latest report on new defect(s) introduced to LibreOffice found with Coverity Scan.

8 new defect(s) introduced to LibreOffice found with Coverity Scan.
1436 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 8 of 8 defect(s)

** CID 1546834:  Error handling issues  (CHECKED_RETURN)
/pyuno/source/module/pyuno_runtime.cxx: 244 in pyuno::readLoggingConfig(int *, _IO_FILE **)()

________________________________________________________________________________________________________
*** CID 1546834:  Error handling issues  (CHECKED_RETURN)
/pyuno/source/module/pyuno_runtime.cxx: 244 in pyuno::readLoggingConfig(int *, _IO_FILE **)()
238         else if ( str == "stderr" )
239             *ppFile = stderr;
240         else
241         {
242             oslProcessInfo data;
243             data.Size = sizeof( data );
>>>     CID 1546834:  Error handling issues  (CHECKED_RETURN)
>>>     Calling "osl_getProcessInfo" without checking return value (as is done elsewhere 6 out of 7 times).
244             osl_getProcessInfo(
245                 nullptr , osl_Process_IDENTIFIER , &data );
246             osl_getSystemPathFromFileURL( str.pData, &str.pData);
247             OString o = OUStringToOString( str, osl_getThreadTextEncoding() );
248             o += ".";
249             o += OString::number( data.Ident );

** CID 1546833:  Error handling issues  (CHECKED_RETURN)
/sw/source/core/unocore/unoframe.cxx: 2997 in SwXFrame::attachToRange(const com::sun::star::uno::Reference<com::sun::star::text::XTextRange> &, const SwPaM *)()

________________________________________________________________________________________________________
*** CID 1546833:  Error handling issues  (CHECKED_RETURN)
/sw/source/core/unocore/unoframe.cxx: 2997 in SwXFrame::attachToRange(const com::sun::star::uno::Reference<com::sun::star::text::XTextRange> &, const SwPaM *)()
2991                     if(!bSizeFound)
2992                     {
2993                         //TODO/LATER: how do I transport it to the OLENode?
2994                         sal_Int64 nAspect = m_nDrawAspect;
2995     
2996                         // TODO/LEAN: VisualArea still needs running state
>>>     CID 1546833:  Error handling issues  (CHECKED_RETURN)
>>>     Calling "TryRunningState" without checking return value (as is done elsewhere 33 out of 39 times).
2997                         svt::EmbeddedObjectRef::TryRunningState( xIPObj );
2998     
2999                         // set parent to get correct VisArea(in case of object needing parent printer)
3000                         uno::Reference < container::XChild > xChild( xIPObj, uno::UNO_QUERY );
3001                         if ( xChild.is() )
3002                             xChild->setParent( pDoc->GetDocShell()->GetModel() );

** CID 1546832:  Sigma  (SIGMA.weak_hash_core_java)
/workdir/UnpackedTarball/java_websocket/src/main/java/org/java_websocket/drafts/Draft_6455.java: 837 in org.java_websocket.drafts.Draft_6455::generateFinalKey(org.java_websocket.drafts.Draft_6455, String)()

________________________________________________________________________________________________________
*** CID 1546832:  Sigma  (SIGMA.weak_hash_core_java)
/workdir/UnpackedTarball/java_websocket/src/main/java/org/java_websocket/drafts/Draft_6455.java: 837 in org.java_websocket.drafts.Draft_6455::generateFinalKey(org.java_websocket.drafts.Draft_6455, String)()
831        */
832       private String generateFinalKey(String in) {
833         String seckey = in.trim();
834         String acc = seckey + "258EAFA5-E914-47DA-95CA-C5AB0DC85B11";
835         MessageDigest sh1;
836         try {
>>>     CID 1546832:  Sigma  (SIGMA.weak_hash_core_java)
>>>     This application uses a weak algorithm to create a `MessageDigest`, which may lead to collision attacks.
837           sh1 = MessageDigest.getInstance("SHA1");
838         } catch (NoSuchAlgorithmException e) {
839           throw new IllegalStateException(e);
840         }
841         return Base64.encodeBytes(sh1.digest(acc.getBytes()));
842       }

** CID 1546831:  Null pointer dereferences  (FORWARD_NULL)
/sfx2/source/view/lokcharthelper.cxx: 178 in LokChartHelper::HitAny(const Point &, bool)()

________________________________________________________________________________________________________
*** CID 1546831:  Null pointer dereferences  (FORWARD_NULL)
/sfx2/source/view/lokcharthelper.cxx: 178 in LokChartHelper::HitAny(const Point &, bool)()
172     {
173         SfxViewShell* pCurView = SfxViewShell::Current();
174         int nPartForCurView = pCurView ? pCurView->getPart() : -1;
175         SfxViewShell* pViewShell = SfxViewShell::GetFirst();
176         while (pViewShell)
177         {
>>>     CID 1546831:  Null pointer dereferences  (FORWARD_NULL)
>>>     Passing null pointer "pCurView" to "GetDocId", which dereferences it. (The dereference happens because this is a virtual function call.)
178             if (pViewShell->GetDocId() == pCurView->GetDocId() && pViewShell->getPart() == nPartForCurView)
179             {
180                 LokChartHelper aChartHelper(pViewShell, bNegativeX);
181                 if (aChartHelper.Hit(aPos))
182                     return true;
183             }

** CID 1546830:  Error handling issues  (CHECKED_RETURN)
/sw/source/uibase/shells/textsh.cxx: 320 in SwTextShell::ExecInsert(SfxRequest &)()

________________________________________________________________________________________________________
*** CID 1546830:  Error handling issues  (CHECKED_RETURN)
/sw/source/uibase/shells/textsh.cxx: 320 in SwTextShell::ExecInsert(SfxRequest &)()
314             if(pURLItem) // URL is a _must_
315             {
316                 comphelper::EmbeddedObjectContainer aCnt;
317                 OUString aName;
318                 xObj.Assign( aCnt.CreateEmbeddedObject( SvGlobalName( SO3_IFRAME_CLASSID ).GetByteSequence(), aName ),
319                             embed::Aspects::MSOLE_CONTENT );
>>>     CID 1546830:  Error handling issues  (CHECKED_RETURN)
>>>     Calling "TryRunningState" without checking return value (as is done elsewhere 33 out of 39 times).
320                 svt::EmbeddedObjectRef::TryRunningState( xObj.GetObject() );
321                 uno::Reference < beans::XPropertySet > xSet( xObj->getComponent(), uno::UNO_QUERY );
322                 if ( xSet.is() )
323                 {
324                     try
325                     {

** CID 1546829:    (TAINTED_SCALAR)

________________________________________________________________________________________________________
*** CID 1546829:    (TAINTED_SCALAR)
/svx/source/table/cell.cxx: 1267 in sdr::table::Cell::setPropertyValues(const com::sun::star::uno::Sequence<rtl::OUString> &, const com::sun::star::uno::Sequence<com::sun::star::uno::Any> &)()
1261         const Any* pValues = aValues.getConstArray();
1262     
1263         for( sal_Int32 nIdx = 0; nIdx < nCount; nIdx++, pNames++, pValues++ )
1264         {
1265             try
1266             {
>>>     CID 1546829:    (TAINTED_SCALAR)
>>>     Passing tainted expression "*pValues->pData" to "setPropertyValue", which uses it as a loop boundary.
1267                 setPropertyValue( *pNames, *pValues );
1268             }
1269             catch( UnknownPropertyException& )
1270             {
1271                 TOOLS_WARN_EXCEPTION("svx.table", "unknown property!");
1272             }
/svx/source/table/cell.cxx: 1267 in sdr::table::Cell::setPropertyValues(const com::sun::star::uno::Sequence<rtl::OUString> &, const com::sun::star::uno::Sequence<com::sun::star::uno::Any> &)()
1261         const Any* pValues = aValues.getConstArray();
1262     
1263         for( sal_Int32 nIdx = 0; nIdx < nCount; nIdx++, pNames++, pValues++ )
1264         {
1265             try
1266             {
>>>     CID 1546829:    (TAINTED_SCALAR)
>>>     Passing tainted expression "*pValues->pData" to "setPropertyValue", which uses it as an allocation size.
1267                 setPropertyValue( *pNames, *pValues );
1268             }
1269             catch( UnknownPropertyException& )
1270             {
1271                 TOOLS_WARN_EXCEPTION("svx.table", "unknown property!");
1272             }

** CID 1546828:  Error handling issues  (CHECKED_RETURN)
/reportdesign/source/core/sdr/RptObject.cxx: 947 in rptui::OOle2Obj::OOle2Obj(SdrModel &, const rptui::OOle2Obj&)()

________________________________________________________________________________________________________
*** CID 1546828:  Error handling issues  (CHECKED_RETURN)
/reportdesign/source/core/sdr/RptObject.cxx: 947 in rptui::OOle2Obj::OOle2Obj(SdrModel &, const rptui::OOle2Obj&)()
941         ,m_nType(rSource.m_nType)
942         ,m_bOnlyOnce(rSource.m_bOnlyOnce)
943     {
944         m_bIsListening = true;
945     
946         OReportModel& rRptModel(static_cast< OReportModel& >(getSdrModelFromSdrObject()));
>>>     CID 1546828:  Error handling issues  (CHECKED_RETURN)
>>>     Calling "TryRunningState" without checking return value (as is done elsewhere 33 out of 39 times).
947         svt::EmbeddedObjectRef::TryRunningState( GetObjRef() );
948         impl_createDataProvider_nothrow(rRptModel.getReportDefinition());
949     
950         uno::Reference< chart2::data::XDatabaseDataProvider > xSource( lcl_getDataProvider(rSource.GetObjRef()) );
951         uno::Reference< chart2::data::XDatabaseDataProvider > xDest( lcl_getDataProvider(GetObjRef()) );
952         if ( xSource.is() && xDest.is() )

** CID 1546827:  Error handling issues  (CHECKED_RETURN)
/sw/source/filter/html/SwAppletImpl.cxx: 126 in SwApplet_Impl::CreateApplet(const rtl::OUString &, const rtl::OUString &, bool, const rtl::OUString &, std::basic_string_view<char16_t, std::char_traits<char16_t>>)()

________________________________________________________________________________________________________
*** CID 1546827:  Error handling issues  (CHECKED_RETURN)
/sw/source/filter/html/SwAppletImpl.cxx: 126 in SwApplet_Impl::CreateApplet(const rtl::OUString &, const rtl::OUString &, bool, const rtl::OUString &, std::basic_string_view<char16_t, std::char_traits<char16_t>>)()
120     {
121         comphelper::EmbeddedObjectContainer aCnt;
122         OUString aName;
123     
124         // create Applet; it will be in running state
125         m_xApplet = aCnt.CreateEmbeddedObject( SvGlobalName( SO3_APPLET_CLASSID ).GetByteSequence(), aName );
>>>     CID 1546827:  Error handling issues  (CHECKED_RETURN)
>>>     Calling "TryRunningState" without checking return value (as is done elsewhere 33 out of 39 times).
126         ::svt::EmbeddedObjectRef::TryRunningState( m_xApplet );
127     
128         INetURLObject aUrlBase(rDocumentBaseURL);
129         aUrlBase.removeSegment();
130     
131         OUString sDocBase = aUrlBase.GetMainURL(INetURLObject::DecodeMechanism::NONE);

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50ypSs1kiFPuCn2xFdlMIFBirii0zZ9j2-2F9F2XPBcBm2BNgi9duPy3v-2FzgFDd2LJ-2BDKI-3DJJQe_OTq2XUZbbipYjyLSo6GRo-2FpVxQ9OzkDINu9UTS-2FQhSdO0F0jQniitrGlNxDIzPJiYJwZvReeukokQdc6nEo4sF4mv9UAChzal4jwbFXFJ8-2FynCxc-2BAlNKqtWOj79svtIk2OVSYGHfqB-2FPLo2QHJmM8w7g-2FX4ntLIAPUGGLFOTsBzrZ0WumNkOhmLkSeF3-2FXlzUlbntknIZ6XYth5l0BFQZe6ferSPuVfdz-2FJYewBrX8-3D