Hi,
Please find the latest report on new defect(s) introduced to LibreOffice found
with Coverity Scan.
11 new defect(s) introduced to LibreOffice found with Coverity Scan.
1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent
build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 11 of 11 defect(s)
** CID 1296217: Memory - illegal accesses (USE_AFTER_FREE)
________________________________________________________________________________________________________
*** CID 1296217: Memory - illegal accesses (USE_AFTER_FREE)
/sw/source/core/layout/sectfrm.cxx: 356 in SwSectionFrm::Paste(SwFrm *, SwFrm
*)()
350 pSect->SetFollow(
static_cast<SwSectionFrm*>(pParent)->GetFollow() );
351 static_cast<SwSectionFrm*>(pParent)->SetFollow( NULL );
352 if( pSect->GetFollow() )
353 pParent->_InvalidateSize();
354
355 InsertGroupBefore( pParent, pSibling, pSect );
>>> CID 1296217: Memory - illegal accesses (USE_AFTER_FREE)
>>> Calling "Init" dereferences freed pointer "pSect".
356 pSect->Init();
357 (pSect->*fnRect->fnMakePos)( pSect->GetUpper(),
pSect->GetPrev(), true);
358 if( !static_cast<SwLayoutFrm*>(pParent)->Lower() )
359 {
360 SwSectionFrm::MoveCntntAndDelete(
static_cast<SwSectionFrm*>(pParent), false );
361 pParent = this;
** CID 1296216: Error handling issues (UNCAUGHT_EXCEPT)
/chart2/source/controller/chartapiwrapper/DataSeriesPointWrapper.cxx: 639 in
chart::wrapper::DataSeriesPointWrapper::getPropertyState(const rtl::OUString
&)()
________________________________________________________________________________________________________
*** CID 1296216: Error handling issues (UNCAUGHT_EXCEPT)
/chart2/source/controller/chartapiwrapper/DataSeriesPointWrapper.cxx: 639 in
chart::wrapper::DataSeriesPointWrapper::getPropertyState(const rtl::OUString
&)()
633 return m_spChart2ModelContact->GetPageSize();
634 }
635
636 // WrappedPropertySet
637
638 //XPropertyState
>>> CID 1296216: Error handling issues (UNCAUGHT_EXCEPT)
>>> An exception of type "com::sun::star::lang::WrappedTargetException" is
>>> thrown but the throw list "throw(com::sun::star::uno::RuntimeException,
>>> com::sun::star::beans::UnknownPropertyException, std::exception)" doesn't
>>> allow it to be thrown. This will cause a call to unexpected() which usually
>>> calls terminate().
639 beans::PropertyState SAL_CALL DataSeriesPointWrapper::getPropertyState(
const OUString& rPropertyName )
640 throw
(beans::UnknownPropertyException, uno::RuntimeException, std::exception)
641 {
642 beans::PropertyState aState( beans::PropertyState_DIRECT_VALUE );
643 if (rPropertyName == "SymbolBitmapURL")
644 {
** CID 1296215: Null pointer dereferences (REVERSE_INULL)
/vcl/source/window/mouse.cxx: 286 in vcl::Window::ImplGrabFocus(unsigned
short)()
________________________________________________________________________________________________________
*** CID 1296215: Null pointer dereferences (REVERSE_INULL)
/vcl/source/window/mouse.cxx: 286 in vcl::Window::ImplGrabFocus(unsigned
short)()
280 bMustNotGrabFocus = true;
281 break;
282 }
283 pParent = pParent->mpWindowImpl->mpParent;
284 }
285
>>> CID 1296215: Null pointer dereferences (REVERSE_INULL)
>>> Null-checking "this->mpWindowImpl" suggests that it may be null, but it
>>> has already been dereferenced on all paths leading to the check.
286 if ( ( pSVData->maWinData.mpFocusWin.get() != this &&
287 mpWindowImpl && !mpWindowImpl->mbInDispose ) ||
288 ( bAsyncFocusWaiting && !bHasFocus && !bMustNotGrabFocus ) )
289 {
290 // EndExtTextInput if it is not the same window
291 if ( pSVData->maWinData.mpExtTextInputWin &&
** CID 1296214: Null pointer dereferences (NULL_RETURNS)
/formula/source/core/api/FormulaCompiler.cxx: 1878 in
formula::FormulaCompiler::CreateStringFromToken(rtl::OUStringBuffer &, const
formula::FormulaToken *, bool)()
________________________________________________________________________________________________________
*** CID 1296214: Null pointer dereferences (NULL_RETURNS)
/formula/source/core/api/FormulaCompiler.cxx: 1878 in
formula::FormulaCompiler::CreateStringFromToken(rtl::OUStringBuffer &, const
formula::FormulaToken *, bool)()
1872 {
1873 // Suppress all TableRef related tokens, the
resulting
1874 // range was written by CreateStringFromIndex().
1875 const FormulaToken* const p = pArr->PeekNext();
1876 if (p && p->GetOpCode() == ocTableRefOpen)
1877 {
>>> CID 1296214: Null pointer dereferences (NULL_RETURNS)
>>> Assigning: "t" = null return value from "Next".
1878 t = pArr->Next();
1879 int nLevel = 0;
1880 do
1881 {
1882 // Switch cases correspond with those in
1883 // ScCompiler::HandleTableRef()
** CID 1296213: (NO_EFFECT)
/extensions/source/dbpilots/unoautopilot.inl: 70 in
dbp::OUnoAutoPilot<dbp::OGridWizard,
dbp::OGridSI>::getSupportedServiceNames_Static()()
/extensions/source/dbpilots/unoautopilot.inl: 70 in
dbp::OUnoAutoPilot<dbp::OGroupBoxWizard,
dbp::OGroupBoxSI>::getSupportedServiceNames_Static()()
/extensions/source/dbpilots/unoautopilot.inl: 70 in
dbp::OUnoAutoPilot<dbp::OListComboWizard,
dbp::OListComboSI>::getSupportedServiceNames_Static()()
________________________________________________________________________________________________________
*** CID 1296213: (NO_EFFECT)
/extensions/source/dbpilots/unoautopilot.inl: 70 in
dbp::OUnoAutoPilot<dbp::OGridWizard,
dbp::OGridSI>::getSupportedServiceNames_Static()()
64 }
65
66
67 template <class TYPE, class SERVICEINFO>
68 ::comphelper::StringSequence OUnoAutoPilot<TYPE,
SERVICEINFO>::getSupportedServiceNames_Static()
throw(::com::sun::star::uno::RuntimeException)
69 {
>>> CID 1296213: (NO_EFFECT)
>>> Part "dbp::OGridSI({})" of statement "(dbp::OGridSI({})) ,
>>> getServiceNames" has no effect due to the comma.
70 return SERVICEINFO().getServiceNames();
71 }
72
73
74 template <class TYPE, class SERVICEINFO>
75 ::com::sun::star::uno::Reference<
::com::sun::star::beans::XPropertySetInfo > SAL_CALL OUnoAutoPilot<TYPE,
SERVICEINFO>::getPropertySetInfo()
throw(::com::sun::star::uno::RuntimeException, std::exception)
/extensions/source/dbpilots/unoautopilot.inl: 70 in
dbp::OUnoAutoPilot<dbp::OGroupBoxWizard,
dbp::OGroupBoxSI>::getSupportedServiceNames_Static()()
64 }
65
66
67 template <class TYPE, class SERVICEINFO>
68 ::comphelper::StringSequence OUnoAutoPilot<TYPE,
SERVICEINFO>::getSupportedServiceNames_Static()
throw(::com::sun::star::uno::RuntimeException)
69 {
>>> CID 1296213: (NO_EFFECT)
>>> Part "dbp::OGroupBoxSI({})" of statement "(dbp::OGroupBoxSI({})) ,
>>> getServiceNames" has no effect due to the comma.
70 return SERVICEINFO().getServiceNames();
71 }
72
73
74 template <class TYPE, class SERVICEINFO>
75 ::com::sun::star::uno::Reference<
::com::sun::star::beans::XPropertySetInfo > SAL_CALL OUnoAutoPilot<TYPE,
SERVICEINFO>::getPropertySetInfo()
throw(::com::sun::star::uno::RuntimeException, std::exception)
/extensions/source/dbpilots/unoautopilot.inl: 70 in
dbp::OUnoAutoPilot<dbp::OListComboWizard,
dbp::OListComboSI>::getSupportedServiceNames_Static()()
64 }
65
66
67 template <class TYPE, class SERVICEINFO>
68 ::comphelper::StringSequence OUnoAutoPilot<TYPE,
SERVICEINFO>::getSupportedServiceNames_Static()
throw(::com::sun::star::uno::RuntimeException)
69 {
>>> CID 1296213: (NO_EFFECT)
>>> Part "dbp::OListComboSI({})" of statement "(dbp::OListComboSI({})) ,
>>> getServiceNames" has no effect due to the comma.
70 return SERVICEINFO().getServiceNames();
71 }
72
73
74 template <class TYPE, class SERVICEINFO>
75 ::com::sun::star::uno::Reference<
::com::sun::star::beans::XPropertySetInfo > SAL_CALL OUnoAutoPilot<TYPE,
SERVICEINFO>::getPropertySetInfo()
throw(::com::sun::star::uno::RuntimeException, std::exception)
** CID 1296212: (NO_EFFECT)
/extensions/source/dbpilots/unoautopilot.inl: 56 in
dbp::OUnoAutoPilot<dbp::OGridWizard,
dbp::OGridSI>::getImplementationName_Static()()
/extensions/source/dbpilots/unoautopilot.inl: 56 in
dbp::OUnoAutoPilot<dbp::OGroupBoxWizard,
dbp::OGroupBoxSI>::getImplementationName_Static()()
/extensions/source/dbpilots/unoautopilot.inl: 56 in
dbp::OUnoAutoPilot<dbp::OListComboWizard,
dbp::OListComboSI>::getImplementationName_Static()()
________________________________________________________________________________________________________
*** CID 1296212: (NO_EFFECT)
/extensions/source/dbpilots/unoautopilot.inl: 56 in
dbp::OUnoAutoPilot<dbp::OGridWizard,
dbp::OGridSI>::getImplementationName_Static()()
50 }
51
52
53 template <class TYPE, class SERVICEINFO>
54 ::rtl::OUString OUnoAutoPilot<TYPE,
SERVICEINFO>::getImplementationName_Static()
throw(::com::sun::star::uno::RuntimeException)
55 {
>>> CID 1296212: (NO_EFFECT)
>>> Part "dbp::OGridSI({})" of statement "(dbp::OGridSI({})) ,
>>> getImplementationName" has no effect due to the comma.
56 return SERVICEINFO().getImplementationName();
57 }
58
59
60 template <class TYPE, class SERVICEINFO>
61 ::comphelper::StringSequence SAL_CALL OUnoAutoPilot<TYPE,
SERVICEINFO>::getSupportedServiceNames()
throw(::com::sun::star::uno::RuntimeException, std::exception)
/extensions/source/dbpilots/unoautopilot.inl: 56 in
dbp::OUnoAutoPilot<dbp::OGroupBoxWizard,
dbp::OGroupBoxSI>::getImplementationName_Static()()
50 }
51
52
53 template <class TYPE, class SERVICEINFO>
54 ::rtl::OUString OUnoAutoPilot<TYPE,
SERVICEINFO>::getImplementationName_Static()
throw(::com::sun::star::uno::RuntimeException)
55 {
>>> CID 1296212: (NO_EFFECT)
>>> Part "dbp::OGroupBoxSI({})" of statement "(dbp::OGroupBoxSI({})) ,
>>> getImplementationName" has no effect due to the comma.
56 return SERVICEINFO().getImplementationName();
57 }
58
59
60 template <class TYPE, class SERVICEINFO>
61 ::comphelper::StringSequence SAL_CALL OUnoAutoPilot<TYPE,
SERVICEINFO>::getSupportedServiceNames()
throw(::com::sun::star::uno::RuntimeException, std::exception)
/extensions/source/dbpilots/unoautopilot.inl: 56 in
dbp::OUnoAutoPilot<dbp::OListComboWizard,
dbp::OListComboSI>::getImplementationName_Static()()
50 }
51
52
53 template <class TYPE, class SERVICEINFO>
54 ::rtl::OUString OUnoAutoPilot<TYPE,
SERVICEINFO>::getImplementationName_Static()
throw(::com::sun::star::uno::RuntimeException)
55 {
>>> CID 1296212: (NO_EFFECT)
>>> Part "dbp::OListComboSI({})" of statement "(dbp::OListComboSI({})) ,
>>> getImplementationName" has no effect due to the comma.
56 return SERVICEINFO().getImplementationName();
57 }
58
59
60 template <class TYPE, class SERVICEINFO>
61 ::comphelper::StringSequence SAL_CALL OUnoAutoPilot<TYPE,
SERVICEINFO>::getSupportedServiceNames()
throw(::com::sun::star::uno::RuntimeException, std::exception)
** CID 1296211: Null pointer dereferences (FORWARD_NULL)
/basctl/source/basicide/basides1.cxx: 539 in
basctl::Shell::ExecuteGlobal(SfxRequest &)()
________________________________________________________________________________________________________
*** CID 1296211: Null pointer dereferences (FORWARD_NULL)
/basctl/source/basicide/basides1.cxx: 539 in
basctl::Shell::ExecuteGlobal(SfxRequest &)()
533 DBG_ASSERT( rReq.GetArgs(), "arguments expected" );
534 const SbxItem& rSbxItem = static_cast<const
SbxItem&>(rReq.GetArgs()->Get(SID_BASICIDE_ARG_SBX ));
535 ScriptDocument aDocument( rSbxItem.GetDocument() );
536 OUString aLibName( rSbxItem.GetLibName() );
537 OUString aName( rSbxItem.GetName() );
538 SetCurLib( aDocument, aLibName );
>>> CID 1296211: Null pointer dereferences (FORWARD_NULL)
>>> Assigning: "pWin" = "NULL".
539 BaseWindow* pWin = 0;
540 if ( rSbxItem.GetType() == TYPE_DIALOG )
541 {
542 pWin = FindDlgWin( aDocument, aLibName, aName, true );
543 }
544 else if ( rSbxItem.GetType() == TYPE_MODULE )
** CID 1296210: Null pointer dereferences (FORWARD_NULL)
/sd/source/ui/dlg/dlgass.cxx: 322 in
AssistentDlgImpl::AssistentDlgImpl(vcl::Window *, const Link &, bool)()
________________________________________________________________________________________________________
*** CID 1296210: Null pointer dereferences (FORWARD_NULL)
/sd/source/ui/dlg/dlgass.cxx: 322 in
AssistentDlgImpl::AssistentDlgImpl(vcl::Window *, const Link &, bool)()
316 VclPtr<SdPageListControl> mpPage5PageListCT;
317 VclPtr<CheckBox> mpPage5SummaryCB;
318
319 };
320
321 AssistentDlgImpl::AssistentDlgImpl( vcl::Window* pWindow, const Link&
rFinishLink, bool bAutoPilot ) :
>>> CID 1296210: Null pointer dereferences (FORWARD_NULL)
>>> Assigning: "this->mpTemplateRegion" = "NULL".
322 mpTemplateRegion(NULL),
323 mpLayoutRegion(NULL),
324 mbUserDataDirty(false),
325 xDocShell (NULL),
326 mpWindowUpdater (new WindowUpdater()),
327 mbPreview(true),
** CID 1296209: (DEADCODE)
/sw/source/core/unocore/swunohelper.cxx: 297 in
SWUnoHelper::needToMapFillItemsToSvxBrushItemTypes(const SfxItemSet &, unsigned
short)()
/sw/source/core/unocore/swunohelper.cxx: 303 in
SWUnoHelper::needToMapFillItemsToSvxBrushItemTypes(const SfxItemSet &, unsigned
short)()
________________________________________________________________________________________________________
*** CID 1296209: (DEADCODE)
/sw/source/core/unocore/swunohelper.cxx: 297 in
SWUnoHelper::needToMapFillItemsToSvxBrushItemTypes(const SfxItemSet &, unsigned
short)()
291 case drawing::FillStyle_GRADIENT: // gradient and hatch don't
exist in
292 case drawing::FillStyle_HATCH: // SvxBrushItem so average color
is emulated
293 switch (nMID)
294 {
295 case MID_BACK_COLOR:
296 // Gradient/Hatch always have emulated color
>>> CID 1296209: (DEADCODE)
>>> Execution cannot reach the expression "SfxItemState::SET ==
>>> rSet->GetItemState(1015, true, NULL)" inside this statement: "return
>>> com::sun::star::draw...".
297 return (drawing::FillStyle_SOLID != nMID)
298 || SfxItemState::SET ==
rSet.GetItemState(XATTR_FILLCOLOR)
299 || SfxItemState::SET ==
rSet.GetItemState(XATTR_FILLTRANSPARENCE)
300 || SfxItemState::SET ==
rSet.GetItemState(XATTR_FILLFLOATTRANSPARENCE);
301 case MID_BACK_COLOR_R_G_B:
302 // Gradient/Hatch always have emulated color
/sw/source/core/unocore/swunohelper.cxx: 303 in
SWUnoHelper::needToMapFillItemsToSvxBrushItemTypes(const SfxItemSet &, unsigned
short)()
297 return (drawing::FillStyle_SOLID != nMID)
298 || SfxItemState::SET ==
rSet.GetItemState(XATTR_FILLCOLOR)
299 || SfxItemState::SET ==
rSet.GetItemState(XATTR_FILLTRANSPARENCE)
300 || SfxItemState::SET ==
rSet.GetItemState(XATTR_FILLFLOATTRANSPARENCE);
301 case MID_BACK_COLOR_R_G_B:
302 // Gradient/Hatch always have emulated color
>>> CID 1296209: (DEADCODE)
>>> Execution cannot reach the expression "SfxItemState::SET ==
>>> rSet->GetItemState(1015, true, NULL)" inside this statement: "return
>>> com::sun::star::draw...".
303 return (drawing::FillStyle_SOLID != nMID)
304 || SfxItemState::SET ==
rSet.GetItemState(XATTR_FILLCOLOR);
305 case MID_BACK_COLOR_TRANSPARENCY:
306 return SfxItemState::SET ==
rSet.GetItemState(XATTR_FILLTRANSPARENCE)
307 || SfxItemState::SET ==
rSet.GetItemState(XATTR_FILLFLOATTRANSPARENCE);
308 }
** CID 1296208: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
/vcl/source/window/window.cxx: 144 in vcl::Window::dispose()()
________________________________________________________________________________________________________
*** CID 1296208: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
/vcl/source/window/window.cxx: 144 in vcl::Window::dispose()()
138 }
139
140 void Window::dispose()
141 {
142 assert( mpWindowImpl );
143 assert( !mpWindowImpl->mbInDispose ); // should only be called from
disposeOnce()
>>> CID 1296208: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
>>> "!this->mpWindowImpl->mpParent.operator bool() ||
>>> !this->mpWindowImpl->mpParent->IsDisposed() || true /* "vcl::Window child
>>> should have its parent disposed first" */" is always true regardless of the
>>> values of its operands. This occurs as the logical first operand of '?:'.
144 assert( !mpWindowImpl->mpParent ||
145 !mpWindowImpl->mpParent->IsDisposed() ||
146 "vcl::Window child should have its parent disposed first" );
147
148 // remove Key and Mouse events issued by
Application::PostKey/MouseEvent
149 Application::RemoveMouseAndKeyEvents( this );
** CID 1296207: Error handling issues (CHECKED_RETURN)
/oox/source/ole/olestorage.cxx: 272 in oox::ole::OleStorage::implIsStorage()
const()
________________________________________________________________________________________________________
*** CID 1296207: Error handling issues (CHECKED_RETURN)
/oox/source/ole/olestorage.cxx: 272 in oox::ole::OleStorage::implIsStorage()
const()
266 {
267 if( mxStorage.is() ) try
268 {
269 /* If this is not an OLE storage, hasElements() of the
OLESimpleStorage
270 implementation throws an exception. But we do not return
the result
271 of hasElements(), because an empty storage is a valid
storage too. */
>>> CID 1296207: Error handling issues (CHECKED_RETURN)
>>> Calling "hasElements" without checking return value (as is done
>>> elsewhere 72 out of 90 times).
272 mxStorage->hasElements();
273 return true;
274 }
275 catch(const Exception& )
276 {
277 }
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit,
https://scan.coverity.com/projects/211?tab=overview
To manage Coverity Scan email notifications for
"[email protected]", click
https://scan.coverity.com/subscriptions/edit?email=libreoffice%40lists.freedesktop.org&token=d6481d718a775246b2340f282ebe5939
.
_______________________________________________
LibreOffice mailing list
[email protected]
http://lists.freedesktop.org/mailman/listinfo/libreoffice
