Hi, Please find the latest report on new defect(s) introduced to LibreOffice found with Coverity Scan.
2 new defect(s) introduced to LibreOffice found with Coverity Scan. 7 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 2 of 2 defect(s) ** CID 1312139: Insecure data handling (TAINTED_SCALAR) /comphelper/source/xml/xmltools.cxx: 84 in comphelper::xml::makeXMLChaff()() ________________________________________________________________________________________________________ *** CID 1312139: Insecure data handling (TAINTED_SCALAR) /comphelper/source/xml/xmltools.cxx: 84 in comphelper::xml::makeXMLChaff()() 78 rtlRandomPool pool = rtl_random_createPool(); 79 80 sal_Int8 n; 81 rtl_random_getBytes(pool, &n, 1); 82 83 //1024 minus max -127/plus max 128 >>> CID 1312139: Insecure data handling (TAINTED_SCALAR) >>> Assigning: "nLength" = "1024 + n". Both are now tainted. 84 sal_Int32 nLength = 1024+n; 85 std::vector<sal_uInt8> aChaff(nLength); 86 rtl_random_getBytes(pool, &aChaff[0], nLength); 87 88 rtl_random_destroyPool(pool); 89 ** CID 1312138: Resource leaks (RESOURCE_LEAK) /sal/osl/unx/random.cxx: 30 in osl_get_system_random_data() ________________________________________________________________________________________________________ *** CID 1312138: Resource leaks (RESOURCE_LEAK) /sal/osl/unx/random.cxx: 30 in osl_get_system_random_data() 24 while(desired_len) 25 { 26 if ((nb_read = read(fd, buffer, desired_len)) == -1) 27 { 28 if (errno != EINTR) 29 { >>> CID 1312138: Resource leaks (RESOURCE_LEAK) >>> Handle variable "fd" going out of scope leaks the handle. 30 return false; 31 } 32 } 33 else 34 { 35 buffer += nb_read; ________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/211?tab=overview To manage Coverity Scan email notifications for "libreoffice@lists.freedesktop.org", click https://scan.coverity.com/subscriptions/edit?email=libreoffice%40lists.freedesktop.org&token=d6481d718a775246b2340f282ebe5939 _______________________________________________ LibreOffice mailing list LibreOffice@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/libreoffice