New Defects reported by Coverity Scan for LibreOffice

scan-admin@xxxxxxxxxxxx · Wed, 01 May 2024 19:06:34 +0000 (UTC)

Hi,

Please find the latest report on new defect(s) introduced to LibreOffice found with Coverity Scan.

5 new defect(s) introduced to LibreOffice found with Coverity Scan.
11 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 5 of 5 defect(s)

** CID 1596707:  Null pointer dereferences  (FORWARD_NULL)

________________________________________________________________________________________________________
*** CID 1596707:  Null pointer dereferences  (FORWARD_NULL)
/sd/source/ui/view/frmview.cxx: 286 in sd::FrameView::Update(const SdOptions *)()
280     {
281         if (!pOptions)
282             return;
283     
284         SdDrawDocument* pDrawDocument = dynamic_cast<SdDrawDocument*>(&GetModel());
285     
>>>     CID 1596707:  Null pointer dereferences  (FORWARD_NULL)
>>>     Passing null pointer "pDrawDocument" to "GetDocumentType", which dereferences it.
286         if (pDrawDocument->GetDocumentType() == DocumentType::Impress)
287         {
288             mbRuler = officecfg::Office::Impress::Layout::Display::Ruler::get();
289             SetDragStripes( officecfg::Office::Impress::Layout::Display::Guide::get() );
290             SetNoDragXorPolys ( !officecfg::Office::Impress::Layout::Display::Contour::get() );
291         }

** CID 1596706:  Null pointer dereferences  (FORWARD_NULL)
/tools/source/fsys/urlobj.cxx: 2285 in INetURLObject::getPrefix(const char16_t *&, const char16_t *)()

________________________________________________________________________________________________________
*** CID 1596706:  Null pointer dereferences  (FORWARD_NULL)
/tools/source/fsys/urlobj.cxx: 2285 in INetURLObject::getPrefix(const char16_t *&, const char16_t *)()
2279                 pMatch = pFirst++;
2280                 pMatched = p;
2281             }
2282             if (p >= pEnd)
2283                 break;
2284             sal_uInt32 nChar = rtl::toAsciiLowerCase(*p++);
>>>     CID 1596706:  Null pointer dereferences  (FORWARD_NULL)
>>>     Dereferencing null pointer "pFirst->m_pPrefix".
2285             while (pFirst <= pLast && static_cast<unsigned char>(pFirst->m_pPrefix[i]) < nChar)
2286                 ++pFirst;
2287             while (pFirst <= pLast && static_cast<unsigned char>(pLast->m_pPrefix[i]) > nChar)
2288                 --pLast;
2289         }
2290         if (pFirst == pLast)

** CID 1596705:  Code maintainability issues  (UNUSED_VALUE)
/basegfx/source/polygon/b2dpolygontools.cxx: 3371 in basegfx::utils::UnoPolygonBezierCoordsToB2DPolygon(const com::sun::star::uno::Sequence<com::sun::star::awt::Point> &, const com::sun::star::uno::Sequence<com::sun::star::drawing::PolygonFlags> &)()

________________________________________________________________________________________________________
*** CID 1596705:  Code maintainability issues  (UNUSED_VALUE)
/basegfx/source/polygon/b2dpolygontools.cxx: 3371 in basegfx::utils::UnoPolygonBezierCoordsToB2DPolygon(const com::sun::star::uno::Sequence<com::sun::star::awt::Point> &, const com::sun::star::uno::Sequence<com::sun::star::drawing::PolygonFlags> &)()
3365                         {
3366                             aControlB = aNewCoordinatePair;
3367                             bControlB = true;
3368     
3369                             // get next point and flag
3370                             aNewCoordinatePair = B2DPoint(rPointSequenceSource[b].X, rPointSequenceSource[b].Y);
>>>     CID 1596705:  Code maintainability issues  (UNUSED_VALUE)
>>>     Assigning value from "rFlagSequenceSource[b]" to "ePolygonFlag" here, but that stored value is overwritten before it can be used.
3371                             ePolygonFlag = rFlagSequenceSource[b];
3372                             b++;
3373                         }
3374     
3375                         // two or no control points are consumed, another one would be an error.
3376                         // It's also an error if only one control point was read

** CID 1596704:  Performance inefficiencies  (COPY_INSTEAD_OF_MOVE)
/xmlsecurity/source/gpg/CertificateImpl.cxx: 226 in CertificateImpl::setCertificate(std::shared_ptr<GpgME::Context>, const GpgME::Key &)()

________________________________________________________________________________________________________
*** CID 1596704:  Performance inefficiencies  (COPY_INSTEAD_OF_MOVE)
/xmlsecurity/source/gpg/CertificateImpl.cxx: 226 in CertificateImpl::setCertificate(std::shared_ptr<GpgME::Context>, const GpgME::Key &)()
220         return KeyUsage::DIGITAL_SIGNATURE | KeyUsage::NON_REPUDIATION  | KeyUsage::KEY_ENCIPHERMENT | KeyUsage::DATA_ENCIPHERMENT;
221     }
222     
223     void CertificateImpl::setCertificate(std::shared_ptr<GpgME::Context> ctx, const GpgME::Key& key)
224     {
225         m_pKey = key;
>>>     CID 1596704:  Performance inefficiencies  (COPY_INSTEAD_OF_MOVE)
>>>     "ctx" is copied in a call to copy assignment "operator =", when it could be moved instead.
226         m_pContext = ctx;
227     }
228     
229     const GpgME::Key* CertificateImpl::getCertificate() const
230     {
231         return &m_pKey;

** CID 1596703:  Memory - illegal accesses  (USE_AFTER_FREE)
/cppu/source/typelib/typelib.cxx: 1673 in typelib_typedescription_getAlignedUnoSize()

________________________________________________________________________________________________________
*** CID 1596703:  Memory - illegal accesses  (USE_AFTER_FREE)
/cppu/source/typelib/typelib.cxx: 1673 in typelib_typedescription_getAlignedUnoSize()
1667                             nMaxIntegral = sal_Int32(sizeof(void *));
1668                             nStructSize = newAlignedSize( nStructSize, nMaxIntegral, nMaxIntegral );
1669                         }
1670                         else
1671                         {
1672                             TYPELIB_DANGER_GET( &pMemberType, pMemberRef );
>>>     CID 1596703:  Memory - illegal accesses  (USE_AFTER_FREE)
>>>     Passing freed pointer "pMemberType" as an argument to "typelib_typedescription_getAlignedUnoSize".
1673                             nStructSize = typelib_typedescription_getAlignedUnoSize(
1674                                 pMemberType, nStructSize, nMaxIntegral );
1675                             TYPELIB_DANGER_RELEASE( pMemberType );
1676                         }
1677                         if( nMaxIntegral > rMaxIntegralTypeSize )
1678                             rMaxIntegralTypeSize = nMaxIntegral;

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=u001.AxU2LYlgjL6eX23u9ErQy-2BKADyCpvUKOL6EWmZljiu6VvXBlQRUbS683tC8265rGNPXqJ1ffcoLZCnTuJFQbNcTEkb4XaEQkzovKhJ5DB3c-3D9jxd_A9M4dSy7guk8NP6DcfgslOyvJRzavztVIKj6nRqYjYpWom7SJFyX0y710bz0kUGtrolD5LkhGHagti-2Bm2Ee4B-2Buf9zobpKmOqPfx6HDA7hzhgj1k9Kh-2F7r-2Byr4uv7yMCSaHGkIH-2FYA6xFQQG7RDHVwaKHs8FBoFtccp7dcMFFI46rGqHNOTt05JCAY-2BEe4HjM189EtFDyhHW8FUzhgXrMsi1wPofI1HQ-2F7NbnJZxblk-3D