Hi,
Please find the latest report on new defect(s) introduced to LibreOffice found with Coverity Scan.
25 new defect(s) introduced to LibreOffice found with Coverity Scan.
10 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 20 of 25 defect(s)
** CID 1559969: Uninitialized variables (UNINIT)
________________________________________________________________________________________________________
*** CID 1559969: Uninitialized variables (UNINIT)
/sc/source/core/data/poolcach.cxx: 74 in ScItemPoolCache::ApplyTo(const CellAttributeHolder &)()
68 }
69 else
70 {
71 pNewItem->GetItemSet().Put(*pSetToPut);
72 }
73
>>> CID 1559969: Uninitialized variables (UNINIT)
>>> Using uninitialized value "pNewItem->pName._M_payload._M_payload" when calling "CellAttributeHolder".
74 m_aCache.emplace_back(rOrigItem, CellAttributeHolder(pNewItem, true));
75 return m_aCache.back().aModified;
76 }
77
78
** CID 1559968: Uninitialized variables (UNINIT)
________________________________________________________________________________________________________
*** CID 1559968: Uninitialized variables (UNINIT)
/sc/source/ui/undo/undocell.cxx: 252 in ScUndoEnterData::Undo()()
246 rDoc.ApplyAttr(maPos.Col(), maPos.Row(), rVal.mnTab,
247 SfxUInt32Item(ATTR_VALUE_FORMAT, rVal.mnFormat));
248 else
249 {
250 ScPatternAttr* pPattern(new ScPatternAttr(*rDoc.GetPattern(maPos.Col(), maPos.Row(), rVal.mnTab)));
251 pPattern->GetItemSet().ClearItem( ATTR_VALUE_FORMAT );
>>> CID 1559968: Uninitialized variables (UNINIT)
>>> Using uninitialized value "pPattern->pName._M_payload._M_payload" when calling "CellAttributeHolder".
252 rDoc.SetPattern(maPos.Col(), maPos.Row(), rVal.mnTab, CellAttributeHolder(pPattern, true));
253 }
254 pDocShell->PostPaintCell(maPos.Col(), maPos.Row(), rVal.mnTab);
255 }
256
257 ScChangeTrack* pChangeTrack = rDoc.GetChangeTrack();
** CID 1559967: Uninitialized variables (UNINIT)
________________________________________________________________________________________________________
*** CID 1559967: Uninitialized variables (UNINIT)
/sc/source/core/data/attarray.cxx: 1624 in ScAttrArray::ApplyFlags(int, int, ScMF)()
1618 if ( (nOldValue | nFlags) != nOldValue )
1619 {
1620 nRow = mvData[nIndex].nEndRow;
1621 SCROW nAttrRow = std::min( nRow, nEndRow );
1622 ScPatternAttr* pNewPattern(new ScPatternAttr(*pOldPattern));
1623 pNewPattern->GetItemSet().Put( ScMergeFlagAttr( nOldValue | nFlags ) );
>>> CID 1559967: Uninitialized variables (UNINIT)
>>> Using uninitialized value "pNewPattern->pName._M_payload._M_payload" when calling "CellAttributeHolder".
1624 SetPatternArea( nThisRow, nAttrRow, CellAttributeHolder(pNewPattern, true) );
1625 Search( nThisRow, nIndex ); // data changed
1626 bChanged = true;
1627 }
1628
1629 ++nIndex;
** CID 1559966: Uninitialized variables (UNINIT)
________________________________________________________________________________________________________
*** CID 1559966: Uninitialized variables (UNINIT)
/sc/source/core/data/attarray.cxx: 2439 in ScAttrArray::CopyArea(int, int, long, ScAttrArray&, ScMF) const()
2433
2434 if (bSameCellAttributeHelper)
2435 aNewPattern.setScPatternAttr(pTmpPattern, true);
2436 else
2437 {
2438 aNewPattern = pTmpPattern->MigrateToDocument( &rAttrArray.rDocument, &rDocument );
>>> CID 1559966: Uninitialized variables (UNINIT)
>>> Using uninitialized value "pTmpPattern->pName._M_payload._M_payload" when calling "~ScPatternAttr".
2439 delete pTmpPattern;
2440 }
2441 }
2442 else
2443 {
2444 if (bSameCellAttributeHelper)
** CID 1559965: Memory - corruptions (USE_AFTER_FREE)
/sc/inc/fstalgorithm.hxx: 69 in sc::buildSpanWithValue<int, CellAttributeHolder, <unnamed>::PatternSpan>(std::vector<T3, std::allocator<T3>> &, mdds::flat_segment_tree<T1, T2>::const_iterator, mdds::flat_segment_tree<T1, T2>::const_iterator)()
________________________________________________________________________________________________________
*** CID 1559965: Memory - corruptions (USE_AFTER_FREE)
/sc/inc/fstalgorithm.hxx: 69 in sc::buildSpanWithValue<int, CellAttributeHolder, <unnamed>::PatternSpan>(std::vector<T3, std::allocator<T3>> &, mdds::flat_segment_tree<T1, T2>::const_iterator, mdds::flat_segment_tree<T1, T2>::const_iterator)()
63 rSpans.push_back(Span(nIndex1, nIndex2, nLastVal));
64 }
65
66 nLastPos = nThisPos;
67 nLastVal = nThisVal;
68 }
>>> CID 1559965: Memory - corruptions (USE_AFTER_FREE)
>>> Calling "~CellAttributeHolder" frees pointer "nLastVal.mpScPatternAttr" which has already been freed.
69 }
70
71 /**
72 * Convert a flat_segment_tree structure whose value type is boolean, into
73 * an array of ranges that corresponds with the segments that have a 'true'
74 * value.
** CID 1559964: Uninitialized variables (UNINIT)
________________________________________________________________________________________________________
*** CID 1559964: Uninitialized variables (UNINIT)
/sc/source/core/data/column.cxx: 522 in ScColumn::ApplyStyle(int, const ScStyleSheet *)()
516
517 void ScColumn::ApplyStyle( SCROW nRow, const ScStyleSheet* rStyle )
518 {
519 const ScPatternAttr* pPattern = pAttrArray->GetPattern(nRow);
520 ScPatternAttr* pNewPattern(new ScPatternAttr(*pPattern));
521 pNewPattern->SetStyleSheet(const_cast<ScStyleSheet*>(rStyle));
>>> CID 1559964: Uninitialized variables (UNINIT)
>>> Using uninitialized value "pNewPattern->pName._M_payload._M_payload" when calling "CellAttributeHolder".
522 pAttrArray->SetPattern(nRow, CellAttributeHolder(pNewPattern, true));
523 }
524
525 void ScColumn::ApplySelectionStyle(const ScStyleSheet& rStyle, const ScMarkData& rMark)
526 {
527 SCROW nTop;
** CID 1559963: (USE_AFTER_FREE)
/sc/source/core/data/column2.cxx: 1071 in ScColumn::GetOptimalHeight(sc::RowHeightContext &, int, int, unsigned short, int)()
/sc/source/core/data/column2.cxx: 1071 in ScColumn::GetOptimalHeight(sc::RowHeightContext &, int, int, unsigned short, int)()
________________________________________________________________________________________________________
*** CID 1559963: (USE_AFTER_FREE)
/sc/source/core/data/column2.cxx: 1071 in ScColumn::GetOptimalHeight(sc::RowHeightContext &, int, int, unsigned short, int)()
1065 for (SCROW nRow = rSpan.mnRow1; nRow <= rSpan.mnRow2; ++nRow)
1066 {
1067 // only calculate the cell height when it's used later (#37928#)
1068
1069 if (rCxt.isForceAutoSize() || !(rDocument.GetRowFlags(nRow, nTab) & CRFlags::ManualSize) )
1070 {
>>> CID 1559963: (USE_AFTER_FREE)
>>> Passing freed pointer "pPattern" as an argument to "setScPatternAttr".
1071 aOptions.aPattern.setScPatternAttr(pPattern);
1072 const CellAttributeHolder aOldPattern(pPattern);
1073 sal_uInt16 nHeight = static_cast<sal_uInt16>(
1074 std::min(
1075 GetNeededSize( nRow, rCxt.getOutputDevice(), rCxt.getPPTX(), rCxt.getPPTY(),
1076 rCxt.getZoomX(), rCxt.getZoomY(), false, aOptions,
/sc/source/core/data/column2.cxx: 1071 in ScColumn::GetOptimalHeight(sc::RowHeightContext &, int, int, unsigned short, int)()
1065 for (SCROW nRow = rSpan.mnRow1; nRow <= rSpan.mnRow2; ++nRow)
1066 {
1067 // only calculate the cell height when it's used later (#37928#)
1068
1069 if (rCxt.isForceAutoSize() || !(rDocument.GetRowFlags(nRow, nTab) & CRFlags::ManualSize) )
1070 {
>>> CID 1559963: (USE_AFTER_FREE)
>>> Passing freed pointer "pPattern" as an argument to "setScPatternAttr".
1071 aOptions.aPattern.setScPatternAttr(pPattern);
1072 const CellAttributeHolder aOldPattern(pPattern);
1073 sal_uInt16 nHeight = static_cast<sal_uInt16>(
1074 std::min(
1075 GetNeededSize( nRow, rCxt.getOutputDevice(), rCxt.getPPTX(), rCxt.getPPTY(),
1076 rCxt.getZoomX(), rCxt.getZoomY(), false, aOptions,
** CID 1559962: Uninitialized variables (UNINIT)
________________________________________________________________________________________________________
*** CID 1559962: Uninitialized variables (UNINIT)
/sc/source/core/data/attarray.cxx: 1661 in ScAttrArray::RemoveFlags(int, int, ScMF)()
1655 if ( (nOldValue & ~nFlags) != nOldValue )
1656 {
1657 nRow = mvData[nIndex].nEndRow;
1658 SCROW nAttrRow = std::min( nRow, nEndRow );
1659 ScPatternAttr* pNewPattern(new ScPatternAttr(*pOldPattern));
1660 pNewPattern->GetItemSet().Put( ScMergeFlagAttr( nOldValue & ~nFlags ) );
>>> CID 1559962: Uninitialized variables (UNINIT)
>>> Using uninitialized value "pNewPattern->pName._M_payload._M_payload" when calling "CellAttributeHolder".
1661 SetPatternArea( nThisRow, nAttrRow, CellAttributeHolder(pNewPattern, true) );
1662 Search( nThisRow, nIndex ); // data changed
1663 bChanged = true;
1664 }
1665
1666 ++nIndex;
** CID 1559961: Memory - corruptions (BAD_FREE)
________________________________________________________________________________________________________
*** CID 1559961: Memory - corruptions (BAD_FREE)
/sc/source/core/data/table2.cxx: 1113 in ScTable::TransposeColPatterns(ScTable*, short, short, int, int, int, bool, const std::vector<int, std::allocator<int>> &, int)()
1107 rNewSet.Put( ScMergeFlagAttr( nNewFlags ) );
1108 else
1109 rNewSet.ClearItem( ATTR_MERGE_FLAG );
1110 }
1111
1112 // Set pattern in cells from nAttrRow1 to nAttrRow2
>>> CID 1559961: Memory - corruptions (BAD_FREE)
>>> "lcl_SetTransposedPatternInRows" frees address of "aNewPattern".
1113 lcl_SetTransposedPatternInRows(pTransClip, nAttrRow1, nAttrRow2, nCol1, nRow1,
1114 nCombinedStartRow, nCol, aNewPattern,
1115 bIncludeFiltered, rFilteredRows, nRowDestOffset);
1116 }
1117 }
1118 }
** CID 1559960: Uninitialized variables (UNINIT)
________________________________________________________________________________________________________
*** CID 1559960: Uninitialized variables (UNINIT)
/sc/source/ui/view/spelleng.cxx: 147 in ScConversionEngineBase::FindNextConversionCell()()
141 if (nullptr != pAttr)
142 pNewAttr = new ScPatternAttr(*pAttr);
143 else
144 pNewAttr = new ScPatternAttr(mrDoc.getCellAttributeHelper());
145
146 pNewAttr->GetItemSet().Put(SvxLanguageItem(aLang.nLang, EE_CHAR_LANGUAGE), ATTR_FONT_LANGUAGE);
>>> CID 1559960: Uninitialized variables (UNINIT)
>>> Using uninitialized value "pNewAttr->pName._M_payload._M_payload" when calling "CellAttributeHolder".
147 mrDoc.SetPattern(aPos, CellAttributeHolder(pNewAttr, true));
148 }
149
150 if (mpRedoDoc && !bEmptyCell)
151 mrDoc.CopyCellToDocument(aPos, aPos, *mpRedoDoc);
152
** CID 1559959: Uninitialized variables (UNINIT)
________________________________________________________________________________________________________
*** CID 1559959: Uninitialized variables (UNINIT)
/sc/source/core/data/attarray.cxx: 1823 in ScAttrArray::FindStyleSheet(const SfxStyleSheetBase *, ScFlatBoolRowSegments &, bool)()
1817 ScPatternAttr* pNewPattern(new ScPatternAttr(*mvData[nPos].getScPatternAttr()));
1818 pNewPattern->SetStyleSheet( static_cast<ScStyleSheet*>(
1819 rDocument.GetStyleSheetPool()->
1820 Find( ScResId(STR_STYLENAME_STANDARD),
1821 SfxStyleFamily::Para,
1822 SfxStyleSearchBits::Auto | SfxStyleSearchBits::ScStandard ) ) );
>>> CID 1559959: Uninitialized variables (UNINIT)
>>> Using uninitialized value "pNewPattern->pName._M_payload._M_payload" when calling "setScPatternAttr".
1823 mvData[nPos].setScPatternAttr(pNewPattern, true);
1824
1825 if (Concat(nPos))
1826 {
1827 Search(nStart, nPos);
1828 --nPos; // because ++ at end
** CID 1559958: Error handling issues (UNCAUGHT_EXCEPT)
/sc/inc/poolcach.hxx: 31 in ScItemPoolCache::SfxItemModifyImpl::SfxItemModifyImpl(ScItemPoolCache::SfxItemModifyImpl&&)()
________________________________________________________________________________________________________
*** CID 1559958: Error handling issues (UNCAUGHT_EXCEPT)
/sc/inc/poolcach.hxx: 31 in ScItemPoolCache::SfxItemModifyImpl::SfxItemModifyImpl(ScItemPoolCache::SfxItemModifyImpl&&)()
25 class CellAttributeHelper;
26 class SfxItemSet;
27 class SfxPoolItem;
28
29 class ScItemPoolCache
30 {
>>> CID 1559958: Error handling issues (UNCAUGHT_EXCEPT)
>>> An exception of type "com::sun::star::uno::RuntimeException" is thrown but the exception specification "/*implicit*/noexcept" doesn't allow it to be thrown. This will result in a call to terminate().
31 struct SfxItemModifyImpl
32 {
33 const CellAttributeHolder aOriginal;
34 const CellAttributeHolder aModified;
35 SfxItemModifyImpl(const CellAttributeHolder& a, const CellAttributeHolder &b) : aOriginal(a), aModified(b) {}
36 };
** CID 1559957: Uninitialized variables (UNINIT)
________________________________________________________________________________________________________
*** CID 1559957: Uninitialized variables (UNINIT)
/sc/source/core/data/attarray.cxx: 1584 in ScAttrArray::SetPatternAreaSafe(int, int, const CellAttributeHolder &)()
1578 // default-constructing a ScPatternAttr for DeleteArea doesn't work
1579 // because it would have no cell style information.
1580 // Instead, the document's getCellAttributeHelper().getDefaultCellAttribute() is copied. Since it is passed as
1581 // pWantedPattern, no special treatment of default is needed here anymore.
1582 ScPatternAttr* pNewPattern(new ScPatternAttr(*rWantedPattern.getScPatternAttr()));
1583 pNewPattern->GetItemSet().Put( *pItem );
>>> CID 1559957: Uninitialized variables (UNINIT)
>>> Using uninitialized value "pNewPattern->pName._M_payload._M_payload" when calling "CellAttributeHolder".
1584 SetPatternArea( nThisRow, nAttrRow, CellAttributeHolder(pNewPattern, true) );
1585 }
1586 else
1587 {
1588 SetPatternArea(nThisRow, nAttrRow, rWantedPattern);
1589 }
** CID 1559956: (UNINIT)
________________________________________________________________________________________________________
*** CID 1559956: (UNINIT)
/sc/source/core/data/column.cxx: 631 in ScColumn::ApplyAttr(int, const SfxPoolItem &)()
625
626 const ScPatternAttr* pOldPattern(pAttrArray->GetPattern(nRow));
627 ScPatternAttr* pNewPattern(new ScPatternAttr(*pOldPattern));
628 pNewPattern->GetItemSet().Put(rAttr);
629
630 if (!ScPatternAttr::areSame( pNewPattern, pOldPattern ))
>>> CID 1559956: (UNINIT)
>>> Using uninitialized value "pNewPattern->pName._M_payload._M_payload" when calling "CellAttributeHolder".
631 pAttrArray->SetPattern( nRow, CellAttributeHolder(pNewPattern, true) );
632 else
633 delete pNewPattern;
634 }
635
636 ScRefCellValue ScColumn::GetCellValue( SCROW nRow ) const
/sc/source/core/data/column.cxx: 633 in ScColumn::ApplyAttr(int, const SfxPoolItem &)()
627 ScPatternAttr* pNewPattern(new ScPatternAttr(*pOldPattern));
628 pNewPattern->GetItemSet().Put(rAttr);
629
630 if (!ScPatternAttr::areSame( pNewPattern, pOldPattern ))
631 pAttrArray->SetPattern( nRow, CellAttributeHolder(pNewPattern, true) );
632 else
>>> CID 1559956: (UNINIT)
>>> Using uninitialized value "pNewPattern->pName._M_payload._M_payload" when calling "~ScPatternAttr".
633 delete pNewPattern;
634 }
635
636 ScRefCellValue ScColumn::GetCellValue( SCROW nRow ) const
637 {
638 std::pair<sc::CellStoreType::const_iterator,size_t> aPos = maCells.position(nRow);
** CID 1559955: (UNINIT)
________________________________________________________________________________________________________
*** CID 1559955: (UNINIT)
/sc/source/core/data/attarray.cxx: 371 in ScAttrArray::RemoveCondFormat(int, int, unsigned int)()
365 {
366 if (nIndex == 0)
367 {
368 ScCondFormatItem aItem;
369 ScPatternAttr* pTemp(new ScPatternAttr(*pPattern));
370 pTemp->GetItemSet().Put( aItem );
>>> CID 1559955: (UNINIT)
>>> Using uninitialized value "pTemp->pName._M_payload._M_payload" when calling "CellAttributeHolder".
371 SetPatternArea( nTempStartRow, nTempEndRow, CellAttributeHolder(pTemp, true) );
372 }
373 else
374 {
375 ScCondFormatIndexes const & rCondFormatData = pItem->GetCondFormatData();
376 auto itr = rCondFormatData.find(nIndex);
/sc/source/core/data/attarray.cxx: 384 in ScAttrArray::RemoveCondFormat(int, int, unsigned int)()
378 {
379 ScCondFormatIndexes aNewCondFormatData(rCondFormatData);
380 aNewCondFormatData.erase_at(std::distance(rCondFormatData.begin(), itr));
381 ScCondFormatItem aItem( std::move(aNewCondFormatData) );
382 ScPatternAttr* pTemp(new ScPatternAttr(*pPattern));
383 pTemp->GetItemSet().Put( aItem );
>>> CID 1559955: (UNINIT)
>>> Using uninitialized value "pTemp->pName._M_payload._M_payload" when calling "CellAttributeHolder".
384 SetPatternArea( nTempStartRow, nTempEndRow, CellAttributeHolder(pTemp, true) );
385 }
386 }
387 }
388 }
389 else
** CID 1559954: (USE_AFTER_FREE)
/sc/source/core/data/attarray.cxx: 2353 in ScAttrArray::DeleteHardAttr(int, int)()
________________________________________________________________________________________________________
*** CID 1559954: (USE_AFTER_FREE)
/sc/source/core/data/attarray.cxx: 2353 in ScAttrArray::DeleteHardAttr(int, int)()
2347 ScPatternAttr* pNewPattern(new ScPatternAttr(*pOldPattern));
2348 SfxItemSet& rSet = pNewPattern->GetItemSet();
2349 for (sal_uInt16 nId = ATTR_PATTERN_START; nId <= ATTR_PATTERN_END; nId++)
2350 if (nId != ATTR_MERGE && nId != ATTR_MERGE_FLAG)
2351 rSet.ClearItem(nId);
2352
>>> CID 1559954: (USE_AFTER_FREE)
>>> Passing freed pointer "pDefPattern" as an argument to "operator ==".
2353 if ( *pNewPattern == *pDefPattern )
2354 {
2355 delete pNewPattern;
2356 SetPatternArea( nThisRow, nAttrRow, pDefPattern );
2357 }
2358 else
/sc/source/core/data/attarray.cxx: 2353 in ScAttrArray::DeleteHardAttr(int, int)()
2347 ScPatternAttr* pNewPattern(new ScPatternAttr(*pOldPattern));
2348 SfxItemSet& rSet = pNewPattern->GetItemSet();
2349 for (sal_uInt16 nId = ATTR_PATTERN_START; nId <= ATTR_PATTERN_END; nId++)
2350 if (nId != ATTR_MERGE && nId != ATTR_MERGE_FLAG)
2351 rSet.ClearItem(nId);
2352
>>> CID 1559954: (USE_AFTER_FREE)
>>> Calling "operator ==" dereferences freed pointer "pDefPattern".
2353 if ( *pNewPattern == *pDefPattern )
2354 {
2355 delete pNewPattern;
2356 SetPatternArea( nThisRow, nAttrRow, pDefPattern );
2357 }
2358 else
** CID 1559953: Uninitialized variables (UNINIT)
________________________________________________________________________________________________________
*** CID 1559953: Uninitialized variables (UNINIT)
/sc/source/core/data/column.cxx: 1626 in ScColumn::CopyToColumn(sc::CopyToDocContext &, int, int, InsertDeleteFlags, bool, ScColumn&, const ScMarkData *, bool, bool) const()
1620 // e.g. DIF and RTF Clipboard-Import
1621 for ( SCROW nRow = nRow1; nRow <= nRow2; nRow++ )
1622 {
1623 const ScStyleSheet* pStyle(rColumn.pAttrArray->GetPattern( nRow )->GetStyleSheet());
1624 ScPatternAttr* pNewPattern(new ScPatternAttr(*pAttrArray->GetPattern(nRow)));
1625 pNewPattern->SetStyleSheet(const_cast<ScStyleSheet*>(pStyle));
>>> CID 1559953: Uninitialized variables (UNINIT)
>>> Using uninitialized value "pNewPattern->pName._M_payload._M_payload" when calling "CellAttributeHolder".
1626 rColumn.pAttrArray->SetPattern(nRow, CellAttributeHolder(pNewPattern, true));
1627 }
1628 }
1629 else
1630 pAttrArray->CopyArea( nRow1, nRow2, 0, *rColumn.pAttrArray);
1631 }
** CID 1559952: (UNINIT)
________________________________________________________________________________________________________
*** CID 1559952: (UNINIT)
/sc/source/core/data/attarray.cxx: 2355 in ScAttrArray::DeleteHardAttr(int, int)()
2349 for (sal_uInt16 nId = ATTR_PATTERN_START; nId <= ATTR_PATTERN_END; nId++)
2350 if (nId != ATTR_MERGE && nId != ATTR_MERGE_FLAG)
2351 rSet.ClearItem(nId);
2352
2353 if ( *pNewPattern == *pDefPattern )
2354 {
>>> CID 1559952: (UNINIT)
>>> Using uninitialized value "pNewPattern->pName._M_payload._M_payload" when calling "~ScPatternAttr".
2355 delete pNewPattern;
2356 SetPatternArea( nThisRow, nAttrRow, pDefPattern );
2357 }
2358 else
2359 {
2360 SetPatternArea( nThisRow, nAttrRow, CellAttributeHolder(pNewPattern, true) );
/sc/source/core/data/attarray.cxx: 2360 in ScAttrArray::DeleteHardAttr(int, int)()
2354 {
2355 delete pNewPattern;
2356 SetPatternArea( nThisRow, nAttrRow, pDefPattern );
2357 }
2358 else
2359 {
>>> CID 1559952: (UNINIT)
>>> Using uninitialized value "pNewPattern->pName._M_payload._M_payload" when calling "CellAttributeHolder".
2360 SetPatternArea( nThisRow, nAttrRow, CellAttributeHolder(pNewPattern, true) );
2361 }
2362
2363 Search( nThisRow, nIndex ); // data changed
2364 }
2365
** CID 1559951: Memory - illegal accesses (USE_AFTER_FREE)
/sc/source/core/data/column2.cxx: 833 in ScColumn::GetOptimalColWidth(OutputDevice *, double, double, const Fraction &, const Fraction &, bool, unsigned short, const ScMarkData *, const ScColWidthParam *) const()
________________________________________________________________________________________________________
*** CID 1559951: Memory - illegal accesses (USE_AFTER_FREE)
/sc/source/core/data/column2.cxx: 833 in ScColumn::GetOptimalColWidth(OutputDevice *, double, double, const Fraction &, const Fraction &, bool, unsigned short, const ScMarkData *, const ScColWidthParam *) const()
827 SvtScriptType nScript = rDocument.GetScriptType(nCol, nRow, nTab);
828 if (nScript == SvtScriptType::NONE)
829 nScript = ScGlobal::GetDefaultScriptType();
830
831 const ScPatternAttr* pPattern = GetPattern(nRow);
832 aOptions.aPattern.setScPatternAttr(pPattern);
>>> CID 1559951: Memory - illegal accesses (USE_AFTER_FREE)
>>> Passing freed pointer "pOldPattern" as an argument to "areSame".
833 aOptions.bGetFont = (!ScPatternAttr::areSame(pPattern, pOldPattern) || nScript != SvtScriptType::NONE);
834 pOldPattern = pPattern;
835 sal_uInt16 nThis = static_cast<sal_uInt16>(GetNeededSize(
836 nRow, pDev, nPPTX, nPPTY, rZoomX, rZoomY, true, aOptions, &pOldPattern));
837 if (nThis && (nThis > nWidth || !bFound))
838 {
** CID 1559950: Memory - corruptions (USE_AFTER_FREE)
________________________________________________________________________________________________________
*** CID 1559950: Memory - corruptions (USE_AFTER_FREE)
/sc/source/core/data/column2.cxx: 1071 in ScColumn::GetOptimalHeight(sc::RowHeightContext &, int, int, unsigned short, int)()
1065 for (SCROW nRow = rSpan.mnRow1; nRow <= rSpan.mnRow2; ++nRow)
1066 {
1067 // only calculate the cell height when it's used later (#37928#)
1068
1069 if (rCxt.isForceAutoSize() || !(rDocument.GetRowFlags(nRow, nTab) & CRFlags::ManualSize) )
1070 {
>>> CID 1559950: Memory - corruptions (USE_AFTER_FREE)
>>> Calling "setScPatternAttr" frees pointer "aOptions.aPattern.mpScPatternAttr" which has already been freed.
1071 aOptions.aPattern.setScPatternAttr(pPattern);
1072 const CellAttributeHolder aOldPattern(pPattern);
1073 sal_uInt16 nHeight = static_cast<sal_uInt16>(
1074 std::min(
1075 GetNeededSize( nRow, rCxt.getOutputDevice(), rCxt.getPPTX(), rCxt.getPPTY(),
1076 rCxt.getZoomX(), rCxt.getZoomY(), false, aOptions,
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50ypSs1kiFPuCn2xFdlMIFBirii0zZ9j2-2F9F2XPBcBm2BNnPiSHxWPOELPnIxzXoBNaw-3D7rH1_OTq2XUZbbipYjyLSo6GRo-2FpVxQ9OzkDINu9UTS-2FQhSdO0F0jQniitrGlNxDIzPJiAwZiGo2uNUGOh-2FZwTiBJxE8CpSWcmlUC2C1GpaU-2FeRMT2gM3Caudo1iQkST-2Bh3Mzc4B0FCipx1g6sLD5mbXLzX8l4JIQlplV-2F2xQXRElu-2B2FL-2BeI-2B1CuDOA6uMwQ6ggwFoX8Yj6py9GN-2BtOXuhytsJ-2BU8QLiLIUhBaaw4cpWSZM-3D
New Defects reported by Coverity Scan for LibreOffice
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: New Defects reported by Coverity Scan for LibreOffice
- From: scan-admin@xxxxxxxxxxxx
- Date: Sat, 30 Dec 2023 00:18:09 +0000 (UTC)
- Prev by Date: Libreoffice on Linux Inlaws S02E01
- Next by Date: Outreachy Dec 2023 - Weekly Update 3
- Previous by thread: New Defects reported by Coverity Scan for LibreOffice
- Next by thread: New Defects reported by Coverity Scan for LibreOffice
- Index(es):
 |