New Defects reported by Coverity Scan for LibreOffice

classic Classic list List threaded Threaded
3 messages Options
scan-admin scan-admin
Reply | Threaded
Open this post in threaded view
|

New Defects reported by Coverity Scan for LibreOffice

Hi,

Please find the latest report on new defect(s) introduced to LibreOffice found with Coverity Scan.

5 new defect(s) introduced to LibreOffice found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 5 of 5 defect(s)


** CID 1429182:  Null pointer dereferences  (FORWARD_NULL)


________________________________________________________________________________________________________
*** CID 1429182:  Null pointer dereferences  (FORWARD_NULL)
/sw/qa/extras/tiledrendering/tiledrendering.cxx: 2099 in SwTiledRenderingTest::testIMESupport()()
2093     void SwTiledRenderingTest::testIMESupport()
2094     {
2095         comphelper::LibreOfficeKit::setActive();
2096         SwXTextDocument* pXTextDocument = createDoc("dummy.fodt");
2097    
2098         SwView* pView = dynamic_cast<SwView*>(SfxViewShell::Current());
>>>     CID 1429182:  Null pointer dereferences  (FORWARD_NULL)
>>>     Passing null pointer "pView" to "GetWrtShellPtr", which dereferences it.
2099         SwWrtShell* pWrtShell = pView->GetWrtShellPtr();
2100    
2101         // sequence of chinese IME compositions when 'nihao' is typed in an IME
2102         const std::vector<OString> aUtf8Inputs{ "", "", "", "", "", "" };
2103         std::vector<OUString> aInputs;
2104         std::transform(aUtf8Inputs.begin(), aUtf8Inputs.end(),

** CID 1429181:    (DEADCODE)
/sd/source/filter/eppt/pptx-epptooxml.cxx: 816 in oox::core::PowerPointExport::WriteTransition(const std::shared_ptr<sax_fastparser::FastSerializerHelper> &)()
/sd/source/filter/eppt/pptx-epptooxml.cxx: 831 in oox::core::PowerPointExport::WriteTransition(const std::shared_ptr<sax_fastparser::FastSerializerHelper> &)()


________________________________________________________________________________________________________
*** CID 1429181:    (DEADCODE)
/sd/source/filter/eppt/pptx-epptooxml.cxx: 816 in oox::core::PowerPointExport::WriteTransition(const std::shared_ptr<sax_fastparser::FastSerializerHelper> &)()
810    
811             pFS->startElement(FSNS(XML_mc, XML_AlternateContent), FSEND);
812             pFS->startElement(FSNS(XML_mc, XML_Choice), XML_Requires, pRequiresNS, FSEND);
813    
814             if(isTransitionDurationSet && isAdvanceTimingSet)
815             {
>>>     CID 1429181:    (DEADCODE)
>>>     Execution cannot reach the expression "pFS->startElementNS(3797, 5384, 4862, speed, _INTERNAL_18_pptx_epptooxml_cxx_80469f54::oox::XML_advTm, sal_Char const *(rtl::OString(I32S_(advanceTiming * 1000)).getStr()), int(248907708), sal_Char const *(rtl::OString(I32S_(nTransitionDuration)).getStr()), FSEND)" inside this statement: "pFS->startElementNS(3797, 5...".
816                 pFS->startElementNS(XML_p, XML_transition,
817                     XML_spd, speed,
818                     XML_advTm, I32S(advanceTiming * 1000),
819                     FSNS(XML_p14, XML_dur), I32S(nTransitionDuration),
820                     FSEND);
821             }
/sd/source/filter/eppt/pptx-epptooxml.cxx: 831 in oox::core::PowerPointExport::WriteTransition(const std::shared_ptr<sax_fastparser::FastSerializerHelper> &)()
825                     XML_spd, speed,
826                     FSNS(XML_p14, XML_dur), I32S(nTransitionDuration),
827                     FSEND);
828             }
829             else if(isAdvanceTimingSet)
830             {
>>>     CID 1429181:    (DEADCODE)
>>>     Execution cannot reach the expression "pFS->startElementNS(3797, 5384, 4862, speed, _INTERNAL_18_pptx_epptooxml_cxx_80469f54::oox::XML_advTm, sal_Char const *(rtl::OString(I32S_(advanceTiming * 1000)).getStr()), FSEND)" inside this statement: "pFS->startElementNS(3797, 5...".
831                 pFS->startElementNS(XML_p, XML_transition,
832                     XML_spd, speed,
833                     XML_advTm, I32S(advanceTiming * 1000),
834                     FSEND);
835             }
836             else

** CID 1429180:  Incorrect expression  (COPY_PASTE_ERROR)
/svx/source/xoutdev/_xoutbmp.cxx: 598 in XOutBitmap::GetContour(const Bitmap &, XOutFlags, unsigned char, const tools::Rectangle *)()


________________________________________________________________________________________________________
*** CID 1429180:  Incorrect expression  (COPY_PASTE_ERROR)
/svx/source/xoutdev/_xoutbmp.cxx: 598 in XOutBitmap::GetContour(const Bitmap &, XOutFlags, unsigned char, const tools::Rectangle *)()
592                                 pPoints1[ nPolyPos ] = Point( nX, nY );
593                                 nY = nStartY2;
594    
595                                 // this loop always breaks eventually as there is at least one pixel
596                                 while( true )
597                                 {
>>>     CID 1429180:  Incorrect expression  (COPY_PASTE_ERROR)
>>>     "nX" in "pAcc->GetPixelFromData(pScanline, nX)" looks like a copy-paste error.
598                                     if( aBlack == pAcc->GetPixelFromData( pScanline, nX ) )
599                                     {
600                                         pPoints2[ nPolyPos ] = Point( nX, nY );
601                                         break;
602                                     }
603    

** CID 1401334:  Error handling issues  (UNCAUGHT_EXCEPT)
/usr/include/c++/7/bits/unique_ptr.h: 371 in std::unique_ptr<vcl::Cursor, std::default_delete<vcl::Cursor>>::reset(vcl::Cursor *)()


________________________________________________________________________________________________________
*** CID 1401334:  Error handling issues  (UNCAUGHT_EXCEPT)
/usr/include/c++/7/bits/unique_ptr.h: 371 in std::unique_ptr<vcl::Cursor, std::default_delete<vcl::Cursor>>::reset(vcl::Cursor *)()
365            *
366            * @param __p  The new pointer to store.
367            *
368            * The deleter will be invoked if a pointer is already owned.
369            */
370           void
>>>     CID 1401334:  Error handling issues  (UNCAUGHT_EXCEPT)
>>>     An exception of type "com::sun::star::uno::RuntimeException" is thrown but the throw list "throw()" doesn't allow it to be thrown. This will cause a call to unexpected() which usually calls terminate().
371           reset(pointer __p = pointer()) noexcept
372           {
373     using std::swap;
374     swap(_M_t._M_ptr(), __p);
375     if (__p != pointer())
376      get_deleter()(__p);

** CID 1401328:  Error handling issues  (UNCAUGHT_EXCEPT)
/usr/include/c++/7/bits/unique_ptr.h: 264 in std::unique_ptr<vcl::Cursor, std::default_delete<vcl::Cursor>>::~unique_ptr()()


________________________________________________________________________________________________________
*** CID 1401328:  Error handling issues  (UNCAUGHT_EXCEPT)
/usr/include/c++/7/bits/unique_ptr.h: 264 in std::unique_ptr<vcl::Cursor, std::default_delete<vcl::Cursor>>::~unique_ptr()()
258           template<typename _Up, typename = _Require<
259           is_convertible<_Up*, _Tp*>, is_same<_Dp, default_delete<_Tp>>>>
260     unique_ptr(auto_ptr<_Up>&& __u) noexcept;
261     #endif
262    
263           /// Destructor, invokes the deleter if the stored pointer is not null.
>>>     CID 1401328:  Error handling issues  (UNCAUGHT_EXCEPT)
>>>     An exception of type "com::sun::star::uno::RuntimeException" is thrown but the throw list "throw()" doesn't allow it to be thrown. This will cause a call to unexpected() which usually calls terminate().
264           ~unique_ptr() noexcept
265           {
266     auto& __ptr = _M_t._M_ptr();
267     if (__ptr != nullptr)
268      get_deleter()(__ptr);
269     __ptr = pointer();


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRZBnDJeNb0HijxaS4JNJPxk3kpyAm2AYqo71yXmnOxB72ibeUH-2F-2F1Lhi9AZq3dRu-2F4-3D_g-2BrHdvqzaBa155F-2F8AmPhpJzY63UzWDisJV95WUBpGhqFw1ICExHG8aMaV2EoFpyMQNf8Nczv1cW598lRzyZyqHxyOwySdmPoq4H9f08-2FyyMPLvL0p4H8b3HvrMh1j2MI1LAY3-2B2sLg8auC7saEmOrFneGcGs8cWiXRsEa4v4xWRhVKTVPsvonuXj5a91etST0qmIuz16pkBHRE9g-2FQuIGTMUb2iLHaXFGRsgvYrvAE-3D

_______________________________________________
LibreOffice mailing list
[hidden email]
https://lists.freedesktop.org/mailman/listinfo/libreoffice
Caolán McNamara Caolán McNamara
Reply | Threaded
Open this post in threaded view
|

Re: New Defects reported by Coverity Scan for LibreOffice

On Fri, 2018-02-09 at 18:50 +0000, [hidden email] wrote:

> Hi,
>
> Please find the latest report on new defect(s) introduced to
> LibreOffice found with Coverity Scan.
>
> _____________________________________________________________________
> ___________________________________
> *** CID 1429181:    (DEADCODE)
> /sd/source/filter/eppt/pptx-epptooxml.cxx: 816 in
> oox::core::PowerPointExport::WriteTransition(const
> std::shared_ptr<sax_fastparser::FastSerializerHelper> &)()

since...

commit fa85592c0efba65f4a1b09fea950ec1c311bdd4c
Author: Szymon Kłos <[hidden email]>
Date:   Mon Feb 5 12:41:58 2018 +0100

    tdf#115394 export custom transition time in PPTX

bool isAdvanceTimingSet = advanceTiming != -1;

was added, but its above the line which might change advanceTiming away
from its default of -1 (i.e. mAny >>= advanceTiming) is that
intentional or is there something to be fixed ?
_______________________________________________
LibreOffice mailing list
[hidden email]
https://lists.freedesktop.org/mailman/listinfo/libreoffice
Szymon Kłos Szymon Kłos
Reply | Threaded
Open this post in threaded view
|

Re: New Defects reported by Coverity Scan for LibreOffice

Hi,

It wasn't intentional. My fix is already on gerrit:
https://gerrit.libreoffice.org/#/c/49592/

Regards,

Szymon


W dniu 10.02.2018 o 18:13, Caolán McNamara pisze:

> On Fri, 2018-02-09 at 18:50 +0000, [hidden email] wrote:
>> Hi,
>>
>> Please find the latest report on new defect(s) introduced to
>> LibreOffice found with Coverity Scan.
>>
>> _____________________________________________________________________
>> ___________________________________
>> *** CID 1429181:    (DEADCODE)
>> /sd/source/filter/eppt/pptx-epptooxml.cxx: 816 in
>> oox::core::PowerPointExport::WriteTransition(const
>> std::shared_ptr<sax_fastparser::FastSerializerHelper> &)()
> since...
>
> commit fa85592c0efba65f4a1b09fea950ec1c311bdd4c
> Author: Szymon Kłos <[hidden email]>
> Date:   Mon Feb 5 12:41:58 2018 +0100
>
>      tdf#115394 export custom transition time in PPTX
>
> bool isAdvanceTimingSet = advanceTiming != -1;
>
> was added, but its above the line which might change advanceTiming away
> from its default of -1 (i.e. mAny >>= advanceTiming) is that
> intentional or is there something to be fixed ?

_______________________________________________
LibreOffice mailing list
[hidden email]
https://lists.freedesktop.org/mailman/listinfo/libreoffice