Hi,
Please find the latest report on new defect(s) introduced to LibreOffice found
with Coverity Scan.
12 new defect(s) introduced to LibreOffice found with Coverity Scan.
5 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent
build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 12 of 12 defect(s)
** CID 1684051: Insecure data handling (INTEGER_OVERFLOW)
_____________________________________________________________________________________________
*** CID 1684051: Insecure data handling (INTEGER_OVERFLOW)
/pyuno/source/module/pyuno_service_constructor.cxx: 143 in
pyuno::<unnamed>::PyUNO_service_constructor_call(_object *, _object *, _object
*)()
137 {
138 PyErr_SetString(PyExc_AttributeError,
139 "First argument to a service constructor
must be an XComponentContext");
140 return nullptr;
141 }
142
>>> CID 1684051: Insecure data handling (INTEGER_OVERFLOW)
>>> "nParams - 1L", which might have overflowed, is passed to
>>> "aParams.Sequence(nParams - 1L)".
143 css::uno::Sequence<css::uno::Any> aParams(nParams - 1);
144 css::uno::Any* pParams = aParams.getArray();
145
146 for (sal_Int32 i = 0; i < nParams - 1; ++i)
147 {
148 css::uno::Any param =
runtime.pyObject2Any(PyTuple_GetItem(args, i + 1));
** CID 1684050: Performance inefficiencies (COPY_INSTEAD_OF_MOVE)
/svx/source/svdraw/svdogrp.cxx: 847 in
SdrObjGroup::SetDescription(const rtl::OUString &)()
_____________________________________________________________________________________________
*** CID 1684050: Performance inefficiencies (COPY_INSTEAD_OF_MOVE)
/svx/source/svdraw/svdogrp.cxx: 847 in
SdrObjGroup::SetDescription(const rtl::OUString &)()
841 // extract possibly existing original description and
set as target value
842 aOrigDescription =
OUString::fromUtf8(aDiagramModel.get("origDesc", ""));
843
844 // parse content to a new Diagram DataModel
845 std::shared_ptr<svx::diagram::DiagramHelper_svx>
aNewHelper(svx::diagram::DiagramHelperFactory_svx::getDiagramHelperFactory_svx().createDiagramHelper_svx(aDiagramModel));
846
>>> CID 1684050: Performance inefficiencies (COPY_INSTEAD_OF_MOVE)
>>> "aNewHelper" is copied in call to copy assignment for class
>>> "std::shared_ptr<svx::diagram::DiagramHelper_svx>", when it could be moved
>>> instead.
847 mp_DiagramHelper = aNewHelper;
848 mp_DiagramHelper->getRootShape() = getUnoShape();
849 }
850 }
851 }
852
** CID 1684049: Performance inefficiencies (COPY_INSTEAD_OF_MOVE)
/sc/source/ui/view/tabvwsha.cxx: 1073 in
ScTabViewShell::ExecStyle(SfxRequest &)()
_____________________________________________________________________________________________
*** CID 1684049: Performance inefficiencies (COPY_INSTEAD_OF_MOVE)
/sc/source/ui/view/tabvwsha.cxx: 1073 in
ScTabViewShell::ExecStyle(SfxRequest &)()
1067 pDialogParent = GetFrameWeld();
1068
1069 SfxNewStyleDlg aDlg(pDialogParent, *pStylePool,
eFamily);
1070 auto xDlg =
std::make_shared<SfxNewStyleDlg>(pDialogParent, *pStylePool, eFamily);
1071 auto xRequest = std::make_shared<SfxRequest>(rReq);
1072 rReq.Ignore();
>>> CID 1684049: Performance inefficiencies (COPY_INSTEAD_OF_MOVE)
>>> "xRequest" is passed-by-value as parameter to
>>> "std::shared_ptr<SfxRequest>::shared_ptr(std::shared_ptr<SfxRequest> const
>>> &) /*explicit =default*/", when it could be moved instead.
1073
weld::GenericDialogController::runAsync(xDlg,[xDlg, xRequest, lambda](sal_Int32
nResult){
1074 if (nResult == RET_OK) {
1075 lambda(*xRequest, xDlg->GetName());
1076 }
1077 });
1078 return;
** CID 1684048: Performance inefficiencies (COPY_INSTEAD_OF_MOVE)
/sc/source/ui/view/tabvwsha.cxx: 1053 in
ScTabViewShell::ExecStyle(SfxRequest &)()
_____________________________________________________________________________________________
*** CID 1684048: Performance inefficiencies (COPY_INSTEAD_OF_MOVE)
/sc/source/ui/view/tabvwsha.cxx: 1053 in
ScTabViewShell::ExecStyle(SfxRequest &)()
1047 case SID_STYLE_EDIT:
1048 case SID_STYLE_DELETE:
1049 case SID_STYLE_HIDE:
1050 case SID_STYLE_SHOW:
1051 case SID_STYLE_NEW_BY_EXAMPLE:
1052 {
>>> CID 1684048: Performance inefficiencies (COPY_INSTEAD_OF_MOVE)
>>> "xNewData" is passed-by-value as parameter to
>>> "std::shared_ptr<ScStyleSaveData>::shared_ptr(std::shared_ptr<ScStyleSaveData>
>>> const &) /*explicit =default*/", when it could be moved instead.
1053 auto lambda = [pStylePool, nSlotId, xOldData,
xNewData, eFamily, this](SfxRequest& rRequest, const OUString& rStyleName)
1054 {
1055 SfxStyleSheetBase* pApplyStyleSheet =
pStylePool->Find(rStyleName, eFamily);
1056 xOldData->InitFromStyle(pApplyStyleSheet);
1057 ExecuteApplyStyle(rRequest, pStylePool,
pApplyStyleSheet, nSlotId, rStyleName, xOldData, xNewData, eFamily);
1058 };
** CID 1684047: Performance inefficiencies (COPY_INSTEAD_OF_MOVE)
/usr/include/boost/property_tree/detail/info_parser_read.hpp: 336 in
boost::property_tree::info_parser::read_info_internal<boost::property_tree::basic_ptree<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char>>,
std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>,
std::less<std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char>>>>, char>(std::basic_istream<T2, std::char_traits<T2>> &,
T1 &, const std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char>> &, int)()
_____________________________________________________________________________________________
*** CID 1684047: Performance inefficiencies (COPY_INSTEAD_OF_MOVE)
/usr/include/boost/property_tree/detail/info_parser_read.hpp: 336
in
boost::property_tree::info_parser::read_info_internal<boost::property_tree::basic_ptree<std::__cxx11::basic_string<char,
std::char_traits<char>, std::allocator<char>>,
std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char>>,
std::less<std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char>>>>, char>(std::basic_istream<T2, std::char_traits<T2>> &,
T1 &, const std::__cxx11::basic_string<char, std::char_traits<char>,
std::allocator<char>> &, int)()
330 state = s_key;
331 }
332 else // Data text found
333 {
334 bool need_more_lines;
335 std::basic_string<Ch> data =
read_data(text, &need_more_lines);
>>> CID 1684047: Performance inefficiencies (COPY_INSTEAD_OF_MOVE)
>>> "data" is copied in call to copy assignment for class
>>> "std::__cxx11::basic_string<char, std::char_traits<char>,
>>> std::allocator<char> >", when it could be moved instead.
336 last->data() = data;
337 state = need_more_lines ? s_data_cont :
s_key;
338 }
339
340
341 }; break;
** CID 1684046: Error handling issues (CHECKED_RETURN)
/vcl/workben/fftester.cxx: 122 in sal_main_with_args(int, char **)()
_____________________________________________________________________________________________
*** CID 1684046: Error handling issues (CHECKED_RETURN)
/vcl/workben/fftester.cxx: 122 in sal_main_with_args(int, char **)()
116 OUString in(argv[1], strlen(argv[1]), RTL_TEXTENCODING_UTF8);
117 OUString out;
118 osl::File::getFileURLFromSystemPath(in, out);
119
120 OUString cwd;
121 osl_getProcessWorkingDir(&cwd.pData);
>>> CID 1684046: Error handling issues (CHECKED_RETURN)
>>> Calling "getAbsoluteFileURL" without checking return value (as is done
>>> elsewhere 20 out of 21 times).
122 osl::File::getAbsoluteFileURL(cwd, out, out);
123
124 tools::extendApplicationEnvironment();
125
126 Reference< XComponentContext > xContext =
defaultBootstrap_InitialComponentContext();
127 Reference< XMultiServiceFactory > xServiceManager(
xContext->getServiceManager(), UNO_QUERY );
** CID 1684045: Error handling issues (CHECKED_RETURN)
/sw/source/filter/md/swmd.cxx: 316 in
SwMarkdownParser::StartNumberedBulletList(MD_BLOCKTYPE)()
_____________________________________________________________________________________________
*** CID 1684045: Error handling issues (CHECKED_RETURN)
/sw/source/filter/md/swmd.cxx: 316 in
SwMarkdownParser::StartNumberedBulletList(MD_BLOCKTYPE)()
310 if (m_pPam->GetPoint()->GetContentIndex())
311 AppendTextNode(bSpace ? AM_SPACE : AM_NOSPACE, false);
312 else if (bSpace)
313 AddParSpace();
314
315 rInfo.IncDepth();
>>> CID 1684045: Error handling issues (CHECKED_RETURN)
>>> Calling "GetDepth" without checking return value (as is done elsewhere
>>> 5 out of 6 times).
316 sal_uInt8 nLevel
317 = static_cast<sal_uInt8>((rInfo.GetDepth() <= MAXLEVEL ?
rInfo.GetDepth() : MAXLEVEL) - 1);
318
319 if (!rInfo.GetNumRule())
320 {
321 sal_uInt16 nPos =
m_xDoc->MakeNumRule(m_xDoc->GetUniqueNumRuleName());
** CID 1684044: Null pointer dereferences (REVERSE_INULL)
/vcl/unx/generic/app/wmadaptor.cxx: 193 in
vcl_sal::WMAdaptor::createWMAdaptor(SalX11Display *)()
_____________________________________________________________________________________________
*** CID 1684044: Null pointer dereferences (REVERSE_INULL)
/vcl/unx/generic/app/wmadaptor.cxx: 193 in
vcl_sal::WMAdaptor::createWMAdaptor(SalX11Display *)()
187 #if OSL_DEBUG_LEVEL > 1
188 else
189 SAL_INFO("vcl.app", "WM supports extended WM hints.");
190 #endif
191
192 // try a GnomeWM
>>> CID 1684044: Null pointer dereferences (REVERSE_INULL)
>>> Null-checking "pAdaptor" suggests that it may be null, but it has
>>> already been dereferenced on all paths leading to the check.
193 if( ! pAdaptor )
194 {
195 pAdaptor.reset(new GnomeWMAdaptor( pSalDisplay ));
196 if( ! pAdaptor->isValid() )
197 {
198 pAdaptor.reset();
** CID 1684043: Performance inefficiencies (COPY_INSTEAD_OF_MOVE)
_____________________________________________________________________________________________
*** CID 1684043: Performance inefficiencies (COPY_INSTEAD_OF_MOVE)
/sc/source/ui/view/tabvwsha.cxx: 1073 in
ScTabViewShell::ExecStyle(SfxRequest &)()
1067 pDialogParent = GetFrameWeld();
1068
1069 SfxNewStyleDlg aDlg(pDialogParent, *pStylePool,
eFamily);
1070 auto xDlg =
std::make_shared<SfxNewStyleDlg>(pDialogParent, *pStylePool, eFamily);
1071 auto xRequest = std::make_shared<SfxRequest>(rReq);
1072 rReq.Ignore();
>>> CID 1684043: Performance inefficiencies (COPY_INSTEAD_OF_MOVE)
>>> "lambda" is passed-by-value as parameter to
>>> "ScTabViewShell::ExecStyle(SfxRequest &)::[lambda(SfxRequest &,
>>> rtl::OUString const &) (instance
>>> 1)]::lambda(ScTabViewShell::ExecStyle(SfxRequest &)::[lambda(SfxRequest &,
>>> rtl::OUString const &) (instance 1)] const &) /*implicit =default*/", when
>>> it could be moved instead.
1073
weld::GenericDialogController::runAsync(xDlg,[xDlg, xRequest, lambda](sal_Int32
nResult){
1074 if (nResult == RET_OK) {
1075 lambda(*xRequest, xDlg->GetName());
1076 }
1077 });
1078 return;
** CID 1684042: Null pointer dereferences (REVERSE_INULL)
/sw/source/uibase/utlui/content.cxx: 708 in
SwContentType::FillMemberList(bool *)()
_____________________________________________________________________________________________
*** CID 1684042: Null pointer dereferences (REVERSE_INULL)
/sw/source/uibase/utlui/content.cxx: 708 in
SwContentType::FillMemberList(bool *)()
702
703 // visibility
704 const SwNode* pNode =
pFrameFormat->GetAnchor().GetAnchorNode();
705 while (pNode /*&& pNode->IsStartNode()
706 && pNode->GetStartNode()->GetStartNodeType()
707 == SwStartNodeType::SwFlyStartNode*/
>>> CID 1684042: Null pointer dereferences (REVERSE_INULL)
>>> Null-checking "pFrameFormat" suggests that it may be null, but it has
>>> already been dereferenced on all paths leading to the check.
708 && pFrameFormat
709 && pFrameFormat->GetAnchor().GetAnchorId() ==
RndStdIds::FLY_AT_FLY
710 && (pFrameFormat = pNode->GetFlyFormat()))
711 {
712 pNode = pFrameFormat->GetAnchor().GetAnchorNode();
713 }
** CID 1684041: Performance inefficiencies (COPY_INSTEAD_OF_MOVE)
/sc/source/ui/view/tabvwsha.cxx: 1053 in
ScTabViewShell::ExecStyle(SfxRequest &)()
_____________________________________________________________________________________________
*** CID 1684041: Performance inefficiencies (COPY_INSTEAD_OF_MOVE)
/sc/source/ui/view/tabvwsha.cxx: 1053 in
ScTabViewShell::ExecStyle(SfxRequest &)()
1047 case SID_STYLE_EDIT:
1048 case SID_STYLE_DELETE:
1049 case SID_STYLE_HIDE:
1050 case SID_STYLE_SHOW:
1051 case SID_STYLE_NEW_BY_EXAMPLE:
1052 {
>>> CID 1684041: Performance inefficiencies (COPY_INSTEAD_OF_MOVE)
>>> "xOldData" is passed-by-value as parameter to
>>> "std::shared_ptr<ScStyleSaveData>::shared_ptr(std::shared_ptr<ScStyleSaveData>
>>> const &) /*explicit =default*/", when it could be moved instead.
1053 auto lambda = [pStylePool, nSlotId, xOldData,
xNewData, eFamily, this](SfxRequest& rRequest, const OUString& rStyleName)
1054 {
1055 SfxStyleSheetBase* pApplyStyleSheet =
pStylePool->Find(rStyleName, eFamily);
1056 xOldData->InitFromStyle(pApplyStyleSheet);
1057 ExecuteApplyStyle(rRequest, pStylePool,
pApplyStyleSheet, nSlotId, rStyleName, xOldData, xNewData, eFamily);
1058 };
** CID 1684040: Null pointer dereferences (REVERSE_INULL)
/sw/source/core/layout/fly.cxx: 1286 in
SwFlyFrame::UpdateAttrForFormatChange(SwFormat *, SwFormat *,
SwFlyFrameInvFlags &)()
_____________________________________________________________________________________________
*** CID 1684040: Null pointer dereferences (REVERSE_INULL)
/sw/source/core/layout/fly.cxx: 1286 in
SwFlyFrame::UpdateAttrForFormatChange(SwFormat *, SwFormat *,
SwFlyFrameInvFlags &)()
1280 }
1281 ChgColumns( aCol, GetFormat()->GetCol() );
1282 }
1283
1284 SwFormatURL aURL( GetFormat()->GetURL() );
1285
>>> CID 1684040: Null pointer dereferences (REVERSE_INULL)
>>> Null-checking "pOldFormat" suggests that it may be null, but it has
>>> already been dereferenced on all paths leading to the check.
1286 if (aURL.GetMap() && pOldFormat)
1287 {
1288 const SwFormatFrameSize &rOld = pOldFormat->GetFrameSize();
1289 //#35091# Can be "times zero", when loading the template
1290 if ( rOld.GetWidth() && rOld.GetHeight() )
1291 {
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit,
https://scan.coverity.com/projects/libreoffice?tab=overview
