Hi,
Please find the latest report on new defect(s) introduced to LibreOffice found
with Coverity Scan.
14 new defect(s) introduced to LibreOffice found with Coverity Scan.
3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent
build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 14 of 14 defect(s)
** CID 1362689: Uninitialized members (UNINIT_CTOR)
/sd/source/filter/eppt/pptx-text.cxx: 70 in PortionObj::PortionObj(const
com::sun::star::uno::Reference<com::sun::star::beans::XPropertySet> &,
FontCollection &)()
________________________________________________________________________________________________________
*** CID 1362689: Uninitialized members (UNINIT_CTOR)
/sd/source/filter/eppt/pptx-text.cxx: 70 in PortionObj::PortionObj(const
com::sun::star::uno::Reference<com::sun::star::beans::XPropertySet> &,
FontCollection &)()
64 mpText ( nullptr ),
65 mpFieldEntry ( nullptr )
66 {
67 mXPropSet = rXPropSet;
68
69 ImplGetPortionValues( rFontCollection );
>>> CID 1362689: Uninitialized members (UNINIT_CTOR)
>>> Non-static class member "meCharHeight" is not initialized in this
>>> constructor nor in any functions that it calls.
70 }
71
72 PortionObj::PortionObj(css::uno::Reference< css::text::XTextRange > &
rXTextRange,
73 bool bLast, FontCollection& rFontCollection)
74 : meCharColor(css::beans::PropertyState_AMBIGUOUS_VALUE)
75 , meCharHeight(css::beans::PropertyState_AMBIGUOUS_VALUE)
** CID 1362688: Uninitialized members (UNINIT_CTOR)
/sw/source/uibase/app/docstyle.cxx: 485 in
SwDocStyleSheet::SwDocStyleSheet(SwDoc &, const rtl::OUString &,
SwDocStyleSheetPool *, SfxStyleFamily)()
________________________________________________________________________________________________________
*** CID 1362688: Uninitialized members (UNINIT_CTOR)
/sw/source/uibase/app/docstyle.cxx: 485 in
SwDocStyleSheet::SwDocStyleSheet(SwDoc &, const rtl::OUString &,
SwDocStyleSheetPool *, SfxStyleFamily)()
479 FN_PARAM_FTN_INFO, FN_PARAM_FTN_INFO, //
[21123
480 FN_COND_COLL, FN_COND_COLL, //
[22401
481 0),
482 bPhysical(false)
483 {
484 nHelpId = UCHAR_MAX;
>>> CID 1362688: Uninitialized members (UNINIT_CTOR)
>>> Non-static class member "pBoxFormat" is not initialized in this
>>> constructor nor in any functions that it calls.
485 }
486
487 SwDocStyleSheet::SwDocStyleSheet( const SwDocStyleSheet& rOrg) :
488 SfxStyleSheetBase(rOrg),
489 pCharFormat(rOrg.pCharFormat),
490 pColl(rOrg.pColl),
** CID 1362687: Uninitialized members (UNINIT_CTOR)
/sw/source/uibase/app/docstyle.cxx: 498 in
SwDocStyleSheet::SwDocStyleSheet(const SwDocStyleSheet&)()
________________________________________________________________________________________________________
*** CID 1362687: Uninitialized members (UNINIT_CTOR)
/sw/source/uibase/app/docstyle.cxx: 498 in
SwDocStyleSheet::SwDocStyleSheet(const SwDocStyleSheet&)()
492 pDesc(rOrg.pDesc),
493 pNumRule(rOrg.pNumRule),
494 rDoc(rOrg.rDoc),
495 aCoreSet(rOrg.aCoreSet),
496 bPhysical(rOrg.bPhysical)
497 {
>>> CID 1362687: Uninitialized members (UNINIT_CTOR)
>>> Non-static class member "pBoxFormat" is not initialized in this
>>> constructor nor in any functions that it calls.
498 }
499
500 SwDocStyleSheet::~SwDocStyleSheet()
501 {
502 }
503
** CID 1362686: Uninitialized variables (UNINIT)
/sd/source/filter/eppt/pptx-stylesheet.cxx: 83 in
PPTExCharSheet::SetStyleSheet(const
com::sun::star::uno::Reference<com::sun::star::beans::XPropertySet> &,
FontCollection &, int)()
________________________________________________________________________________________________________
*** CID 1362686: Uninitialized variables (UNINIT)
/sd/source/filter/eppt/pptx-stylesheet.cxx: 83 in
PPTExCharSheet::SetStyleSheet(const
com::sun::star::uno::Reference<com::sun::star::beans::XPropertySet> &,
FontCollection &, int)()
77 PPTExCharLevel& rLev = maCharLevel[ nLevel ];
78
79 if ( aPortionObj.meCharColor ==
css::beans::PropertyState_DIRECT_VALUE )
80 rLev.mnFontColor = aPortionObj.mnCharColor;
81 if ( aPortionObj.meCharEscapement ==
css::beans::PropertyState_DIRECT_VALUE )
82 rLev.mnEscapement = aPortionObj.mnCharEscapement;
>>> CID 1362686: Uninitialized variables (UNINIT)
>>> Using uninitialized value "aPortionObj.meCharHeight".
83 if ( aPortionObj.meCharHeight ==
css::beans::PropertyState_DIRECT_VALUE )
84 rLev.mnFontHeight = aPortionObj.mnCharHeight;
85 if ( aPortionObj.meFontName ==
css::beans::PropertyState_DIRECT_VALUE )
86 rLev.mnFont = aPortionObj.mnFont;
87 if ( aPortionObj.meAsianOrComplexFont ==
css::beans::PropertyState_DIRECT_VALUE )
88 rLev.mnAsianOrComplexFont = aPortionObj.mnAsianOrComplexFont;
** CID 1362685: Uninitialized variables (UNINIT)
/sc/source/core/data/dpobject.cxx: 1888 in
ScDPObject::ParseFilters(rtl::OUString &,
std::vector<com::sun::star::sheet::DataPilotFieldFilter,
std::allocator<com::sun::star::sheet::DataPilotFieldFilter>> &,
std::vector<com::sun::star::sheet::GeneralFunction,
std::allocator<com::sun::star::sheet::GeneralFunction>>&, const rtl::OUString
&)()
________________________________________________________________________________________________________
*** CID 1362685: Uninitialized variables (UNINIT)
/sc/source/core/data/dpobject.cxx: 1888 in
ScDPObject::ParseFilters(rtl::OUString &,
std::vector<com::sun::star::sheet::DataPilotFieldFilter,
std::allocator<com::sun::star::sheet::DataPilotFieldFilter>> &,
std::vector<com::sun::star::sheet::GeneralFunction,
std::allocator<com::sun::star::sheet::GeneralFunction>>&, const rtl::OUString
&)()
1882 {
1883 SvNumberFormatter* pFormatter =
mpTableData->GetCacheTable().getCache().GetNumberFormatter();
1884 if (pFormatter)
1885 {
1886 // Parse possible number from aQueryValueName and
format
1887 // locale independent as aQueryValue.
>>> CID 1362685: Uninitialized variables (UNINIT)
>>> Declaring variable "nNumFormat" without initializer.
1888 sal_uInt32 nNumFormat;
1889 double fValue;
1890 if (pFormatter->IsNumberFormat( aQueryValueName,
nNumFormat, fValue))
1891 aQueryValue =
ScDPCache::GetLocaleIndependentFormattedString( fValue, *pFormatter,
nNumFormat);
1892 }
1893 }
** CID 1362684: Uninitialized variables (UNINIT)
/sc/source/core/tool/interpr2.cxx: 3363 in ScInterpreter::ScGetPivotData()()
________________________________________________________________________________________________________
*** CID 1362684: Uninitialized variables (UNINIT)
/sc/source/core/tool/interpr2.cxx: 3363 in ScInterpreter::ScGetPivotData()()
3357 else
3358 {
3359 aFilters[i].MatchValueName = aSharedString.getString();
3360
3361 // Parse possible number from MatchValueName and format
3362 // locale independent as MatchValue.
>>> CID 1362684: Uninitialized variables (UNINIT)
>>> Declaring variable "nNumFormat" without initializer.
3363 sal_uInt32 nNumFormat;
3364 double fValue;
3365 if (pFormatter->IsNumberFormat(
aFilters[i].MatchValueName, nNumFormat, fValue))
3366 aFilters[i].MatchValue =
ScDPCache::GetLocaleIndependentFormattedString(
3367 fValue, *pFormatter, nNumFormat);
3368 else
** CID 1362682: Insecure data handling (TAINTED_SCALAR)
/lotuswordpro/source/filter/lwpsdwgrouploaderv0102.cxx: 226 in
LwpSdwGroupLoaderV0102::BeginDrawObjects(std::vector<rtl::Reference<XFFrame>,
std::allocator<rtl::Reference<XFFrame>>> *)()
________________________________________________________________________________________________________
*** CID 1362682: Insecure data handling (TAINTED_SCALAR)
/lotuswordpro/source/filter/lwpsdwgrouploaderv0102.cxx: 226 in
LwpSdwGroupLoaderV0102::BeginDrawObjects(std::vector<rtl::Reference<XFFrame>,
std::allocator<rtl::Reference<XFFrame>>> *)()
220 m_aTransformData.fLeftMargin = fLeftMargin;
221 m_aTransformData.fTopMargin = fTopMargin;
222 }
223 }
224
225 //load draw object
>>> CID 1362682: Insecure data handling (TAINTED_SCALAR)
>>> Using tainted variable "nRecCount" as a loop boundary.
226 for (unsigned short i = 0; i < nRecCount; i++)
227 {
228 XFFrame* pXFDrawObj = CreateDrawObject();
229
230 if (pXFDrawObj)
231 {
** CID 1362681: Insecure data handling (TAINTED_SCALAR)
/lotuswordpro/source/filter/lwpsdwgrouploaderv0102.cxx: 279 in
LwpSdwGroupLoaderV0102::CreateDrawGroupObject()()
________________________________________________________________________________________________________
*** CID 1362681: Insecure data handling (TAINTED_SCALAR)
/lotuswordpro/source/filter/lwpsdwgrouploaderv0102.cxx: 279 in
LwpSdwGroupLoaderV0102::CreateDrawGroupObject()()
273 // fileSize
274 m_pStream->SeekRel(2);
275
276 XFDrawGroup* pXFDrawGroup = new XFDrawGroup();
277
278 //load draw object
>>> CID 1362681: Insecure data handling (TAINTED_SCALAR)
>>> Using tainted variable "nRecCount" as a loop boundary.
279 for (unsigned short i = 0; i < nRecCount; i++)
280 {
281 XFFrame* pXFDrawObj = CreateDrawObject();
282
283 if (pXFDrawObj)
284 {
** CID 1362680: (RETURN_LOCAL)
/dbaccess/source/ui/uno/copytablewizard.cxx: 977 in
dbaui::<unnamed>::ValueTransfer::ValueTransfer(int, int, const std::vector<int,
std::allocator<int>> &, const
com::sun::star::uno::Reference<com::sun::star::sdbc::XRow> &, const
com::sun::star::uno::Reference<com::sun::star::sdbc::XParameters> &)()
/dbaccess/source/ui/uno/copytablewizard.cxx: 977 in
dbaui::<unnamed>::ValueTransfer::ValueTransfer(int, int, const std::vector<int,
std::allocator<int>> &, const
com::sun::star::uno::Reference<com::sun::star::sdbc::XRow> &, const
com::sun::star::uno::Reference<com::sun::star::sdbc::XParameters> &)()
________________________________________________________________________________________________________
*** CID 1362680: (RETURN_LOCAL)
/dbaccess/source/ui/uno/copytablewizard.cxx: 977 in
dbaui::<unnamed>::ValueTransfer::ValueTransfer(int, int, const std::vector<int,
std::allocator<int>> &, const
com::sun::star::uno::Reference<com::sun::star::sdbc::XRow> &, const
com::sun::star::uno::Reference<com::sun::star::sdbc::XParameters> &)()
971 :m_rSourcePos( _rSourcePos )
972 ,m_rDestPos( _rDestPos )
973 ,m_rColTypes( _rColTypes )
974 ,m_xSource( _rxSource )
975 ,m_xDest( _rxDest )
976 {
>>> CID 1362680: (RETURN_LOCAL)
>>> Returning here.
977 }
978
979 template< typename VALUE_TYPE >
980 void transferValue( VALUE_TYPE ( SAL_CALL XRow::*_pGetter )(
sal_Int32 ),
981 void (SAL_CALL XParameters::*_pSetter)( sal_Int32, VALUE_TYPE )
)
982 {
/dbaccess/source/ui/uno/copytablewizard.cxx: 977 in
dbaui::<unnamed>::ValueTransfer::ValueTransfer(int, int, const std::vector<int,
std::allocator<int>> &, const
com::sun::star::uno::Reference<com::sun::star::sdbc::XRow> &, const
com::sun::star::uno::Reference<com::sun::star::sdbc::XParameters> &)()
971 :m_rSourcePos( _rSourcePos )
972 ,m_rDestPos( _rDestPos )
973 ,m_rColTypes( _rColTypes )
974 ,m_xSource( _rxSource )
975 ,m_xDest( _rxDest )
976 {
>>> CID 1362680: (RETURN_LOCAL)
>>> Returning here.
977 }
978
979 template< typename VALUE_TYPE >
980 void transferValue( VALUE_TYPE ( SAL_CALL XRow::*_pGetter )(
sal_Int32 ),
981 void (SAL_CALL XParameters::*_pSetter)( sal_Int32, VALUE_TYPE )
)
982 {
** CID 1362679: (FORWARD_NULL)
/editeng/source/editeng/impedit3.cxx: 3091 in ImpEditEngine::Paint(OutputDevice
*, Rectangle, Point, bool, short)()
/editeng/source/editeng/impedit3.cxx: 3440 in ImpEditEngine::Paint(OutputDevice
*, Rectangle, Point, bool, short)()
/editeng/source/editeng/impedit3.cxx: 3063 in ImpEditEngine::Paint(OutputDevice
*, Rectangle, Point, bool, short)()
________________________________________________________________________________________________________
*** CID 1362679: (FORWARD_NULL)
/editeng/source/editeng/impedit3.cxx: 3091 in ImpEditEngine::Paint(OutputDevice
*, Rectangle, Point, bool, short)()
3085
3086 if ( 0x200B == cChar ||
0x2060 == cChar )
3087 {
3088 const OUString aBlank(
' ' );
3089 long nHalfBlankWidth =
aTmpFont.QuickGetTextSize( pOutDev, aBlank, 0, 1 ).Width() / 2;
3090
>>> CID 1362679: (FORWARD_NULL)
>>> Dereferencing null pointer "pDXArray".
3091 const long nAdvanceX =
( nTmpIdx == nTmpEnd ?
3092
rTextPortion.GetSize().Width() :
3093
pDXArray[ nTmpIdx - nTextStart ] ) - nHalfBlankWidth;
3094 const long nAdvanceY =
-pLine->GetMaxAscent();
3095
3096 Point aTopLeftRectPos(
aTmpPos );
/editeng/source/editeng/impedit3.cxx: 3440 in ImpEditEngine::Paint(OutputDevice
*, Rectangle, Point, bool, short)()
3434 {
3435 aRealOutPos.X() +=
rTextPortion.GetExtraInfos()->nPortionOffsetX;
3436 }
3437
3438 // RTL portions with (#i37132#)
3439 // compressed blank should not
paint this blank:
>>> CID 1362679: (FORWARD_NULL)
>>> Dereferencing null pointer "pDXArray".
3440 if (
rTextPortion.IsRightToLeft() && nTextLen >= 2 &&
3441 pDXArray[ nTextLen - 1 ]
==
3442 pDXArray[ nTextLen - 2 ]
&&
3443 ' ' == aText[nTextStart +
nTextLen - 1] )
3444 --nTextLen;
3445
/editeng/source/editeng/impedit3.cxx: 3063 in ImpEditEngine::Paint(OutputDevice
*, Rectangle, Point, bool, short)()
3057 ImplInitLayoutMode( pOutDev, n, nIndex
);
3058 ImplInitDigitMode(pOutDev,
aTmpFont.GetLanguage());
3059
3060 OUString aText;
3061 sal_Int32 nTextStart = 0;
3062 sal_Int32 nTextLen = 0;
>>> CID 1362679: (FORWARD_NULL)
>>> Assigning: "pDXArray" = "NULL".
3063 const long* pDXArray = nullptr;
3064 std::unique_ptr<long[]> pTmpDXArray;
3065
3066 if ( rTextPortion.GetKind() ==
PortionKind::TEXT )
3067 {
3068 aText =
pPortion->GetNode()->GetString();
** CID 1362678: Null pointer dereferences (FORWARD_NULL)
/sd/source/ui/slidesorter/shell/SlideSorterViewShell.cxx: 295 in
sd::slidesorter::SlideSorterViewShell::RelocateToParentWindow(vcl::Window *)()
________________________________________________________________________________________________________
*** CID 1362678: Null pointer dereferences (FORWARD_NULL)
/sd/source/ui/slidesorter/shell/SlideSorterViewShell.cxx: 295 in
sd::slidesorter::SlideSorterViewShell::RelocateToParentWindow(vcl::Window *)()
289 bool SlideSorterViewShell::RelocateToParentWindow (vcl::Window*
pParentWindow)
290 {
291 OSL_ASSERT(mpSlideSorter);
292 if ( ! mpSlideSorter)
293 return false;
294
>>> CID 1362678: Null pointer dereferences (FORWARD_NULL)
>>> Comparing "pParentWindow" to null implies that "pParentWindow" might be
>>> null.
295 if (pParentWindow == nullptr)
296 WriteFrameViewData();
297 const bool bSuccess
(mpSlideSorter->RelocateToWindow(pParentWindow));
298 if (pParentWindow != nullptr)
299 ReadFrameViewData(mpFrameView);
300
** CID 1362677: Null pointer dereferences (FORWARD_NULL)
/sfx2/source/control/templateabstractview.cxx: 324 in
TemplateAbstractView::RemoveDefaultTemplateIcon(const rtl::OUString &)()
________________________________________________________________________________________________________
*** CID 1362677: Null pointer dereferences (FORWARD_NULL)
/sfx2/source/control/templateabstractview.cxx: 324 in
TemplateAbstractView::RemoveDefaultTemplateIcon(const rtl::OUString &)()
318 }
319
320 void TemplateAbstractView::RemoveDefaultTemplateIcon(const OUString&
rPath)
321 {
322 for (ThumbnailViewItem* pItem : mItemList)
323 {
>>> CID 1362677: Null pointer dereferences (FORWARD_NULL)
>>> Assigning: "pViewItem" = "dynamic_cast <TemplateViewItem *>(pItem)".
324 TemplateViewItem* pViewItem =
dynamic_cast<TemplateViewItem*>(pItem);
325 if(pViewItem->getPath().match(rPath))
326 {
327 pViewItem->showDefaultIcon(false);
328 Invalidate();
329 return;
** CID 1362676: Null pointer dereferences (FORWARD_NULL)
/vcl/source/window/paint.cxx: 1463 in vcl::Window::PaintToDevice(OutputDevice
*, const Point &, const Size &)()
________________________________________________________________________________________________________
*** CID 1362676: Null pointer dereferences (FORWARD_NULL)
/vcl/source/window/paint.cxx: 1463 in vcl::Window::PaintToDevice(OutputDevice
*, const Point &, const Size &)()
1457 DBG_ASSERT( ! pDev->IsRTLEnabled(), "PaintToDevice to mirroring
device" );
1458
1459 vcl::Window* pRealParent = nullptr;
1460 if( ! mpWindowImpl->mbVisible )
1461 {
1462 vcl::Window* pTempParent = ImplGetDefaultWindow();
>>> CID 1362676: Null pointer dereferences (FORWARD_NULL)
>>> Comparing "pTempParent" to null implies that "pTempParent" might be
>>> null.
1463 if( pTempParent )
1464 pTempParent->EnableChildTransparentMode();
1465 pRealParent = GetParent();
1466 SetParent( pTempParent );
1467 // trigger correct visibility flags for children
1468 Show();
** CID 1362675: Null pointer dereferences (FORWARD_NULL)
/ridljar/com/sun/star/lib/uno/typedesc/TypeDescription.java: 499 in
com.sun.star.lib.uno.typedesc.TypeDescription.<init>(com.sun.star.uno.TypeClass,
java.lang.String, java.lang.String, java.lang.Class,
com.sun.star.lib.uno.typedesc.TypeDescription[],
com.sun.star.lib.uno.typedesc.TypeDescription)()
________________________________________________________________________________________________________
*** CID 1362675: Null pointer dereferences (FORWARD_NULL)
/ridljar/com/sun/star/lib/uno/typedesc/TypeDescription.java: 499 in
com.sun.star.lib.uno.typedesc.TypeDescription.<init>(com.sun.star.uno.TypeClass,
java.lang.String, java.lang.String, java.lang.Class,
com.sun.star.lib.uno.typedesc.TypeDescription[],
com.sun.star.lib.uno.typedesc.TypeDescription)()
493 this.typeName = typeName;
494 this.arrayTypeName = arrayTypeName;
495 this.zClass = zClass;
496 this.superTypes = superTypes;
497 this.componentType = componentType;
498 TypeDescription[] args = calculateTypeArguments();
>>> CID 1362675: Null pointer dereferences (FORWARD_NULL)
>>> Comparing "args" to null implies that "args" might be null.
499 this.hasTypeArguments = args != null;
500 this.fieldDescriptions = calculateFieldDescriptions(args);
501 // methodDescriptions must be initialized lazily, to avoid
problems with
502 // circular dependencies (a super-interface that has a
sub-interface as
503 // method parameter type; an interface that has a struct as
method
504 // parameter type, and the struct has the interface as member
type)
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit,
https://scan.coverity.com/projects/libreoffice?tab=overview
To manage Coverity Scan email notifications for
"[email protected]", click
https://scan.coverity.com/subscriptions/edit?email=libreoffice%40lists.freedesktop.org&token=d6481d718a775246b2340f282ebe5939
_______________________________________________
LibreOffice mailing list
[email protected]
https://lists.freedesktop.org/mailman/listinfo/libreoffice
