Hi, Please find the latest report on new defect(s) introduced to LibreOffice found with Coverity Scan.
14 new defect(s) introduced to LibreOffice found with Coverity Scan. 3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 14 of 14 defect(s) ** CID 1362689: Uninitialized members (UNINIT_CTOR) /sd/source/filter/eppt/pptx-text.cxx: 70 in PortionObj::PortionObj(const com::sun::star::uno::Reference<com::sun::star::beans::XPropertySet> &, FontCollection &)() ________________________________________________________________________________________________________ *** CID 1362689: Uninitialized members (UNINIT_CTOR) /sd/source/filter/eppt/pptx-text.cxx: 70 in PortionObj::PortionObj(const com::sun::star::uno::Reference<com::sun::star::beans::XPropertySet> &, FontCollection &)() 64 mpText ( nullptr ), 65 mpFieldEntry ( nullptr ) 66 { 67 mXPropSet = rXPropSet; 68 69 ImplGetPortionValues( rFontCollection ); >>> CID 1362689: Uninitialized members (UNINIT_CTOR) >>> Non-static class member "meCharHeight" is not initialized in this >>> constructor nor in any functions that it calls. 70 } 71 72 PortionObj::PortionObj(css::uno::Reference< css::text::XTextRange > & rXTextRange, 73 bool bLast, FontCollection& rFontCollection) 74 : meCharColor(css::beans::PropertyState_AMBIGUOUS_VALUE) 75 , meCharHeight(css::beans::PropertyState_AMBIGUOUS_VALUE) ** CID 1362688: Uninitialized members (UNINIT_CTOR) /sw/source/uibase/app/docstyle.cxx: 485 in SwDocStyleSheet::SwDocStyleSheet(SwDoc &, const rtl::OUString &, SwDocStyleSheetPool *, SfxStyleFamily)() ________________________________________________________________________________________________________ *** CID 1362688: Uninitialized members (UNINIT_CTOR) /sw/source/uibase/app/docstyle.cxx: 485 in SwDocStyleSheet::SwDocStyleSheet(SwDoc &, const rtl::OUString &, SwDocStyleSheetPool *, SfxStyleFamily)() 479 FN_PARAM_FTN_INFO, FN_PARAM_FTN_INFO, // [21123 480 FN_COND_COLL, FN_COND_COLL, // [22401 481 0), 482 bPhysical(false) 483 { 484 nHelpId = UCHAR_MAX; >>> CID 1362688: Uninitialized members (UNINIT_CTOR) >>> Non-static class member "pBoxFormat" is not initialized in this >>> constructor nor in any functions that it calls. 485 } 486 487 SwDocStyleSheet::SwDocStyleSheet( const SwDocStyleSheet& rOrg) : 488 SfxStyleSheetBase(rOrg), 489 pCharFormat(rOrg.pCharFormat), 490 pColl(rOrg.pColl), ** CID 1362687: Uninitialized members (UNINIT_CTOR) /sw/source/uibase/app/docstyle.cxx: 498 in SwDocStyleSheet::SwDocStyleSheet(const SwDocStyleSheet&)() ________________________________________________________________________________________________________ *** CID 1362687: Uninitialized members (UNINIT_CTOR) /sw/source/uibase/app/docstyle.cxx: 498 in SwDocStyleSheet::SwDocStyleSheet(const SwDocStyleSheet&)() 492 pDesc(rOrg.pDesc), 493 pNumRule(rOrg.pNumRule), 494 rDoc(rOrg.rDoc), 495 aCoreSet(rOrg.aCoreSet), 496 bPhysical(rOrg.bPhysical) 497 { >>> CID 1362687: Uninitialized members (UNINIT_CTOR) >>> Non-static class member "pBoxFormat" is not initialized in this >>> constructor nor in any functions that it calls. 498 } 499 500 SwDocStyleSheet::~SwDocStyleSheet() 501 { 502 } 503 ** CID 1362686: Uninitialized variables (UNINIT) /sd/source/filter/eppt/pptx-stylesheet.cxx: 83 in PPTExCharSheet::SetStyleSheet(const com::sun::star::uno::Reference<com::sun::star::beans::XPropertySet> &, FontCollection &, int)() ________________________________________________________________________________________________________ *** CID 1362686: Uninitialized variables (UNINIT) /sd/source/filter/eppt/pptx-stylesheet.cxx: 83 in PPTExCharSheet::SetStyleSheet(const com::sun::star::uno::Reference<com::sun::star::beans::XPropertySet> &, FontCollection &, int)() 77 PPTExCharLevel& rLev = maCharLevel[ nLevel ]; 78 79 if ( aPortionObj.meCharColor == css::beans::PropertyState_DIRECT_VALUE ) 80 rLev.mnFontColor = aPortionObj.mnCharColor; 81 if ( aPortionObj.meCharEscapement == css::beans::PropertyState_DIRECT_VALUE ) 82 rLev.mnEscapement = aPortionObj.mnCharEscapement; >>> CID 1362686: Uninitialized variables (UNINIT) >>> Using uninitialized value "aPortionObj.meCharHeight". 83 if ( aPortionObj.meCharHeight == css::beans::PropertyState_DIRECT_VALUE ) 84 rLev.mnFontHeight = aPortionObj.mnCharHeight; 85 if ( aPortionObj.meFontName == css::beans::PropertyState_DIRECT_VALUE ) 86 rLev.mnFont = aPortionObj.mnFont; 87 if ( aPortionObj.meAsianOrComplexFont == css::beans::PropertyState_DIRECT_VALUE ) 88 rLev.mnAsianOrComplexFont = aPortionObj.mnAsianOrComplexFont; ** CID 1362685: Uninitialized variables (UNINIT) /sc/source/core/data/dpobject.cxx: 1888 in ScDPObject::ParseFilters(rtl::OUString &, std::vector<com::sun::star::sheet::DataPilotFieldFilter, std::allocator<com::sun::star::sheet::DataPilotFieldFilter>> &, std::vector<com::sun::star::sheet::GeneralFunction, std::allocator<com::sun::star::sheet::GeneralFunction>>&, const rtl::OUString &)() ________________________________________________________________________________________________________ *** CID 1362685: Uninitialized variables (UNINIT) /sc/source/core/data/dpobject.cxx: 1888 in ScDPObject::ParseFilters(rtl::OUString &, std::vector<com::sun::star::sheet::DataPilotFieldFilter, std::allocator<com::sun::star::sheet::DataPilotFieldFilter>> &, std::vector<com::sun::star::sheet::GeneralFunction, std::allocator<com::sun::star::sheet::GeneralFunction>>&, const rtl::OUString &)() 1882 { 1883 SvNumberFormatter* pFormatter = mpTableData->GetCacheTable().getCache().GetNumberFormatter(); 1884 if (pFormatter) 1885 { 1886 // Parse possible number from aQueryValueName and format 1887 // locale independent as aQueryValue. >>> CID 1362685: Uninitialized variables (UNINIT) >>> Declaring variable "nNumFormat" without initializer. 1888 sal_uInt32 nNumFormat; 1889 double fValue; 1890 if (pFormatter->IsNumberFormat( aQueryValueName, nNumFormat, fValue)) 1891 aQueryValue = ScDPCache::GetLocaleIndependentFormattedString( fValue, *pFormatter, nNumFormat); 1892 } 1893 } ** CID 1362684: Uninitialized variables (UNINIT) /sc/source/core/tool/interpr2.cxx: 3363 in ScInterpreter::ScGetPivotData()() ________________________________________________________________________________________________________ *** CID 1362684: Uninitialized variables (UNINIT) /sc/source/core/tool/interpr2.cxx: 3363 in ScInterpreter::ScGetPivotData()() 3357 else 3358 { 3359 aFilters[i].MatchValueName = aSharedString.getString(); 3360 3361 // Parse possible number from MatchValueName and format 3362 // locale independent as MatchValue. >>> CID 1362684: Uninitialized variables (UNINIT) >>> Declaring variable "nNumFormat" without initializer. 3363 sal_uInt32 nNumFormat; 3364 double fValue; 3365 if (pFormatter->IsNumberFormat( aFilters[i].MatchValueName, nNumFormat, fValue)) 3366 aFilters[i].MatchValue = ScDPCache::GetLocaleIndependentFormattedString( 3367 fValue, *pFormatter, nNumFormat); 3368 else ** CID 1362682: Insecure data handling (TAINTED_SCALAR) /lotuswordpro/source/filter/lwpsdwgrouploaderv0102.cxx: 226 in LwpSdwGroupLoaderV0102::BeginDrawObjects(std::vector<rtl::Reference<XFFrame>, std::allocator<rtl::Reference<XFFrame>>> *)() ________________________________________________________________________________________________________ *** CID 1362682: Insecure data handling (TAINTED_SCALAR) /lotuswordpro/source/filter/lwpsdwgrouploaderv0102.cxx: 226 in LwpSdwGroupLoaderV0102::BeginDrawObjects(std::vector<rtl::Reference<XFFrame>, std::allocator<rtl::Reference<XFFrame>>> *)() 220 m_aTransformData.fLeftMargin = fLeftMargin; 221 m_aTransformData.fTopMargin = fTopMargin; 222 } 223 } 224 225 //load draw object >>> CID 1362682: Insecure data handling (TAINTED_SCALAR) >>> Using tainted variable "nRecCount" as a loop boundary. 226 for (unsigned short i = 0; i < nRecCount; i++) 227 { 228 XFFrame* pXFDrawObj = CreateDrawObject(); 229 230 if (pXFDrawObj) 231 { ** CID 1362681: Insecure data handling (TAINTED_SCALAR) /lotuswordpro/source/filter/lwpsdwgrouploaderv0102.cxx: 279 in LwpSdwGroupLoaderV0102::CreateDrawGroupObject()() ________________________________________________________________________________________________________ *** CID 1362681: Insecure data handling (TAINTED_SCALAR) /lotuswordpro/source/filter/lwpsdwgrouploaderv0102.cxx: 279 in LwpSdwGroupLoaderV0102::CreateDrawGroupObject()() 273 // fileSize 274 m_pStream->SeekRel(2); 275 276 XFDrawGroup* pXFDrawGroup = new XFDrawGroup(); 277 278 //load draw object >>> CID 1362681: Insecure data handling (TAINTED_SCALAR) >>> Using tainted variable "nRecCount" as a loop boundary. 279 for (unsigned short i = 0; i < nRecCount; i++) 280 { 281 XFFrame* pXFDrawObj = CreateDrawObject(); 282 283 if (pXFDrawObj) 284 { ** CID 1362680: (RETURN_LOCAL) /dbaccess/source/ui/uno/copytablewizard.cxx: 977 in dbaui::<unnamed>::ValueTransfer::ValueTransfer(int, int, const std::vector<int, std::allocator<int>> &, const com::sun::star::uno::Reference<com::sun::star::sdbc::XRow> &, const com::sun::star::uno::Reference<com::sun::star::sdbc::XParameters> &)() /dbaccess/source/ui/uno/copytablewizard.cxx: 977 in dbaui::<unnamed>::ValueTransfer::ValueTransfer(int, int, const std::vector<int, std::allocator<int>> &, const com::sun::star::uno::Reference<com::sun::star::sdbc::XRow> &, const com::sun::star::uno::Reference<com::sun::star::sdbc::XParameters> &)() ________________________________________________________________________________________________________ *** CID 1362680: (RETURN_LOCAL) /dbaccess/source/ui/uno/copytablewizard.cxx: 977 in dbaui::<unnamed>::ValueTransfer::ValueTransfer(int, int, const std::vector<int, std::allocator<int>> &, const com::sun::star::uno::Reference<com::sun::star::sdbc::XRow> &, const com::sun::star::uno::Reference<com::sun::star::sdbc::XParameters> &)() 971 :m_rSourcePos( _rSourcePos ) 972 ,m_rDestPos( _rDestPos ) 973 ,m_rColTypes( _rColTypes ) 974 ,m_xSource( _rxSource ) 975 ,m_xDest( _rxDest ) 976 { >>> CID 1362680: (RETURN_LOCAL) >>> Returning here. 977 } 978 979 template< typename VALUE_TYPE > 980 void transferValue( VALUE_TYPE ( SAL_CALL XRow::*_pGetter )( sal_Int32 ), 981 void (SAL_CALL XParameters::*_pSetter)( sal_Int32, VALUE_TYPE ) ) 982 { /dbaccess/source/ui/uno/copytablewizard.cxx: 977 in dbaui::<unnamed>::ValueTransfer::ValueTransfer(int, int, const std::vector<int, std::allocator<int>> &, const com::sun::star::uno::Reference<com::sun::star::sdbc::XRow> &, const com::sun::star::uno::Reference<com::sun::star::sdbc::XParameters> &)() 971 :m_rSourcePos( _rSourcePos ) 972 ,m_rDestPos( _rDestPos ) 973 ,m_rColTypes( _rColTypes ) 974 ,m_xSource( _rxSource ) 975 ,m_xDest( _rxDest ) 976 { >>> CID 1362680: (RETURN_LOCAL) >>> Returning here. 977 } 978 979 template< typename VALUE_TYPE > 980 void transferValue( VALUE_TYPE ( SAL_CALL XRow::*_pGetter )( sal_Int32 ), 981 void (SAL_CALL XParameters::*_pSetter)( sal_Int32, VALUE_TYPE ) ) 982 { ** CID 1362679: (FORWARD_NULL) /editeng/source/editeng/impedit3.cxx: 3091 in ImpEditEngine::Paint(OutputDevice *, Rectangle, Point, bool, short)() /editeng/source/editeng/impedit3.cxx: 3440 in ImpEditEngine::Paint(OutputDevice *, Rectangle, Point, bool, short)() /editeng/source/editeng/impedit3.cxx: 3063 in ImpEditEngine::Paint(OutputDevice *, Rectangle, Point, bool, short)() ________________________________________________________________________________________________________ *** CID 1362679: (FORWARD_NULL) /editeng/source/editeng/impedit3.cxx: 3091 in ImpEditEngine::Paint(OutputDevice *, Rectangle, Point, bool, short)() 3085 3086 if ( 0x200B == cChar || 0x2060 == cChar ) 3087 { 3088 const OUString aBlank( ' ' ); 3089 long nHalfBlankWidth = aTmpFont.QuickGetTextSize( pOutDev, aBlank, 0, 1 ).Width() / 2; 3090 >>> CID 1362679: (FORWARD_NULL) >>> Dereferencing null pointer "pDXArray". 3091 const long nAdvanceX = ( nTmpIdx == nTmpEnd ? 3092 rTextPortion.GetSize().Width() : 3093 pDXArray[ nTmpIdx - nTextStart ] ) - nHalfBlankWidth; 3094 const long nAdvanceY = -pLine->GetMaxAscent(); 3095 3096 Point aTopLeftRectPos( aTmpPos ); /editeng/source/editeng/impedit3.cxx: 3440 in ImpEditEngine::Paint(OutputDevice *, Rectangle, Point, bool, short)() 3434 { 3435 aRealOutPos.X() += rTextPortion.GetExtraInfos()->nPortionOffsetX; 3436 } 3437 3438 // RTL portions with (#i37132#) 3439 // compressed blank should not paint this blank: >>> CID 1362679: (FORWARD_NULL) >>> Dereferencing null pointer "pDXArray". 3440 if ( rTextPortion.IsRightToLeft() && nTextLen >= 2 && 3441 pDXArray[ nTextLen - 1 ] == 3442 pDXArray[ nTextLen - 2 ] && 3443 ' ' == aText[nTextStart + nTextLen - 1] ) 3444 --nTextLen; 3445 /editeng/source/editeng/impedit3.cxx: 3063 in ImpEditEngine::Paint(OutputDevice *, Rectangle, Point, bool, short)() 3057 ImplInitLayoutMode( pOutDev, n, nIndex ); 3058 ImplInitDigitMode(pOutDev, aTmpFont.GetLanguage()); 3059 3060 OUString aText; 3061 sal_Int32 nTextStart = 0; 3062 sal_Int32 nTextLen = 0; >>> CID 1362679: (FORWARD_NULL) >>> Assigning: "pDXArray" = "NULL". 3063 const long* pDXArray = nullptr; 3064 std::unique_ptr<long[]> pTmpDXArray; 3065 3066 if ( rTextPortion.GetKind() == PortionKind::TEXT ) 3067 { 3068 aText = pPortion->GetNode()->GetString(); ** CID 1362678: Null pointer dereferences (FORWARD_NULL) /sd/source/ui/slidesorter/shell/SlideSorterViewShell.cxx: 295 in sd::slidesorter::SlideSorterViewShell::RelocateToParentWindow(vcl::Window *)() ________________________________________________________________________________________________________ *** CID 1362678: Null pointer dereferences (FORWARD_NULL) /sd/source/ui/slidesorter/shell/SlideSorterViewShell.cxx: 295 in sd::slidesorter::SlideSorterViewShell::RelocateToParentWindow(vcl::Window *)() 289 bool SlideSorterViewShell::RelocateToParentWindow (vcl::Window* pParentWindow) 290 { 291 OSL_ASSERT(mpSlideSorter); 292 if ( ! mpSlideSorter) 293 return false; 294 >>> CID 1362678: Null pointer dereferences (FORWARD_NULL) >>> Comparing "pParentWindow" to null implies that "pParentWindow" might be >>> null. 295 if (pParentWindow == nullptr) 296 WriteFrameViewData(); 297 const bool bSuccess (mpSlideSorter->RelocateToWindow(pParentWindow)); 298 if (pParentWindow != nullptr) 299 ReadFrameViewData(mpFrameView); 300 ** CID 1362677: Null pointer dereferences (FORWARD_NULL) /sfx2/source/control/templateabstractview.cxx: 324 in TemplateAbstractView::RemoveDefaultTemplateIcon(const rtl::OUString &)() ________________________________________________________________________________________________________ *** CID 1362677: Null pointer dereferences (FORWARD_NULL) /sfx2/source/control/templateabstractview.cxx: 324 in TemplateAbstractView::RemoveDefaultTemplateIcon(const rtl::OUString &)() 318 } 319 320 void TemplateAbstractView::RemoveDefaultTemplateIcon(const OUString& rPath) 321 { 322 for (ThumbnailViewItem* pItem : mItemList) 323 { >>> CID 1362677: Null pointer dereferences (FORWARD_NULL) >>> Assigning: "pViewItem" = "dynamic_cast <TemplateViewItem *>(pItem)". 324 TemplateViewItem* pViewItem = dynamic_cast<TemplateViewItem*>(pItem); 325 if(pViewItem->getPath().match(rPath)) 326 { 327 pViewItem->showDefaultIcon(false); 328 Invalidate(); 329 return; ** CID 1362676: Null pointer dereferences (FORWARD_NULL) /vcl/source/window/paint.cxx: 1463 in vcl::Window::PaintToDevice(OutputDevice *, const Point &, const Size &)() ________________________________________________________________________________________________________ *** CID 1362676: Null pointer dereferences (FORWARD_NULL) /vcl/source/window/paint.cxx: 1463 in vcl::Window::PaintToDevice(OutputDevice *, const Point &, const Size &)() 1457 DBG_ASSERT( ! pDev->IsRTLEnabled(), "PaintToDevice to mirroring device" ); 1458 1459 vcl::Window* pRealParent = nullptr; 1460 if( ! mpWindowImpl->mbVisible ) 1461 { 1462 vcl::Window* pTempParent = ImplGetDefaultWindow(); >>> CID 1362676: Null pointer dereferences (FORWARD_NULL) >>> Comparing "pTempParent" to null implies that "pTempParent" might be >>> null. 1463 if( pTempParent ) 1464 pTempParent->EnableChildTransparentMode(); 1465 pRealParent = GetParent(); 1466 SetParent( pTempParent ); 1467 // trigger correct visibility flags for children 1468 Show(); ** CID 1362675: Null pointer dereferences (FORWARD_NULL) /ridljar/com/sun/star/lib/uno/typedesc/TypeDescription.java: 499 in com.sun.star.lib.uno.typedesc.TypeDescription.<init>(com.sun.star.uno.TypeClass, java.lang.String, java.lang.String, java.lang.Class, com.sun.star.lib.uno.typedesc.TypeDescription[], com.sun.star.lib.uno.typedesc.TypeDescription)() ________________________________________________________________________________________________________ *** CID 1362675: Null pointer dereferences (FORWARD_NULL) /ridljar/com/sun/star/lib/uno/typedesc/TypeDescription.java: 499 in com.sun.star.lib.uno.typedesc.TypeDescription.<init>(com.sun.star.uno.TypeClass, java.lang.String, java.lang.String, java.lang.Class, com.sun.star.lib.uno.typedesc.TypeDescription[], com.sun.star.lib.uno.typedesc.TypeDescription)() 493 this.typeName = typeName; 494 this.arrayTypeName = arrayTypeName; 495 this.zClass = zClass; 496 this.superTypes = superTypes; 497 this.componentType = componentType; 498 TypeDescription[] args = calculateTypeArguments(); >>> CID 1362675: Null pointer dereferences (FORWARD_NULL) >>> Comparing "args" to null implies that "args" might be null. 499 this.hasTypeArguments = args != null; 500 this.fieldDescriptions = calculateFieldDescriptions(args); 501 // methodDescriptions must be initialized lazily, to avoid problems with 502 // circular dependencies (a super-interface that has a sub-interface as 503 // method parameter type; an interface that has a struct as method 504 // parameter type, and the struct has the interface as member type) ________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/libreoffice?tab=overview To manage Coverity Scan email notifications for "libreoffice@lists.freedesktop.org", click https://scan.coverity.com/subscriptions/edit?email=libreoffice%40lists.freedesktop.org&token=d6481d718a775246b2340f282ebe5939 _______________________________________________ LibreOffice mailing list LibreOffice@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice