Hi, Please find the latest report on new defect(s) introduced to LibreOffice found with Coverity Scan.
3 new defect(s) introduced to LibreOffice found with Coverity Scan. 41 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 3 of 3 defect(s) ** CID 1399552: Integer handling issues (SIGN_EXTENSION) /vcl/source/filter/sgfbram.cxx: 297 in SgfFilterBMap(SvStream &, SvStream &, SgfHeader &, SgfEntry &)() ________________________________________________________________________________________________________ *** CID 1399552: Integer handling issues (SIGN_EXTENSION) /vcl/source/filter/sgfbram.cxx: 297 in SgfFilterBMap(SvStream &, SvStream &, SgfHeader &, SgfEntry &)() 291 } 292 } else if (nColors==256) { 293 294 //we're going to loop Ysize * XSize on GetByte, max compression for GetByte is a run of 63 295 //if we're less than that (and add a generous amount of wriggle room) then its not going 296 //to fly >>> CID 1399552: Integer handling issues (SIGN_EXTENSION) >>> Suspicious implicit sign extension: "rHead.Ysize" with type >>> "sal_uInt16" (16 bits, unsigned) is promoted in "rHead.Xsize * rHead.Ysize >>> / 128" to type "int" (32 bits, signed), then sign-extended to type >>> "unsigned long" (64 bits, unsigned). If "rHead.Xsize * rHead.Ysize / 128" >>> is greater than 0x7FFFFFFF, the upper bits of the result will all be 1. 297 const sal_uInt64 nMinBytesPossiblyNeeded = rHead.Xsize * rHead.Ysize / 128; 298 if (rInp.remainingSize() < nMinBytesPossiblyNeeded) 299 return false; 300 301 cRGB[3]=0; // fourth palette entry for BMP 302 for (sal_uInt16 i=0;i<256;i++) { // copy palette ** CID 1399551: Integer handling issues (SIGN_EXTENSION) /vcl/source/filter/sgfbram.cxx: 297 in SgfFilterBMap(SvStream &, SvStream &, SgfHeader &, SgfEntry &)() ________________________________________________________________________________________________________ *** CID 1399551: Integer handling issues (SIGN_EXTENSION) /vcl/source/filter/sgfbram.cxx: 297 in SgfFilterBMap(SvStream &, SvStream &, SgfHeader &, SgfEntry &)() 291 } 292 } else if (nColors==256) { 293 294 //we're going to loop Ysize * XSize on GetByte, max compression for GetByte is a run of 63 295 //if we're less than that (and add a generous amount of wriggle room) then its not going 296 //to fly >>> CID 1399551: Integer handling issues (SIGN_EXTENSION) >>> Suspicious implicit sign extension: "rHead.Xsize" with type >>> "sal_uInt16" (16 bits, unsigned) is promoted in "rHead.Xsize * rHead.Ysize >>> / 128" to type "int" (32 bits, signed), then sign-extended to type >>> "unsigned long" (64 bits, unsigned). If "rHead.Xsize * rHead.Ysize / 128" >>> is greater than 0x7FFFFFFF, the upper bits of the result will all be 1. 297 const sal_uInt64 nMinBytesPossiblyNeeded = rHead.Xsize * rHead.Ysize / 128; 298 if (rInp.remainingSize() < nMinBytesPossiblyNeeded) 299 return false; 300 301 cRGB[3]=0; // fourth palette entry for BMP 302 for (sal_uInt16 i=0;i<256;i++) { // copy palette ** CID 1399550: Null pointer dereferences (FORWARD_NULL) /sd/source/ui/unoidl/unopage.cxx: 2706 in SdMasterPage::SdMasterPage(SdXImpressDocument *, SdPage *)() ________________________________________________________________________________________________________ *** CID 1399550: Null pointer dereferences (FORWARD_NULL) /sd/source/ui/unoidl/unopage.cxx: 2706 in SdMasterPage::SdMasterPage(SdXImpressDocument *, SdPage *)() 2700 return Any( Reference< XIndexAccess >( this ) ); 2701 } 2702 } 2703 2704 // class SdMasterPage 2705 SdMasterPage::SdMasterPage( SdXImpressDocument* pModel, SdPage* pPage ) throw() >>> CID 1399550: Null pointer dereferences (FORWARD_NULL) >>> Comparing "pPage" to null implies that "pPage" might be null. 2706 : SdGenericDrawPage( pModel, pPage, ImplGetMasterPagePropertySet( pPage ? pPage->GetPageKind() : PageKind::Standard ) ) 2707 { 2708 } 2709 2710 SdMasterPage::~SdMasterPage() throw() 2711 { ________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRZBnDJeNb0HijxaS4JNJPxk3kpyAm2AYqo71yXmnOxB72ibeUH-2F-2F1Lhi9AZq3dRu-2F4-3D_g-2BrHdvqzaBa155F-2F8AmPhpJzY63UzWDisJV95WUBpGhqFw1ICExHG8aMaV2EoFpyto4qO066Rh0hXrp2oBZ4b-2Bxsdz-2FWSMWLQW9tdkWAtJPhX9rQ-2BdJDOkcVNWRxD2LkCdzRYe7U4AUYhcJ46wAl3SSTVnEj-2BY6ugYp4Wp1mcWPhAooe2SPvPdlgXMLUdnv8T3OY4DHD7MjcczCHZAaDqbOZ-2Fl29vhBGGjHNuUrJw6M-3D To manage Coverity Scan email notifications for "libreoffice@lists.freedesktop.org", click https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4k1FZJSDV-2FTHi5VQof9xGafB4oBwGYxuHHknceo2QLpCrZ44Ciy7AqBR2QyX6OCB5N5X-2B1MAElavPQhH6nLwozJzqOkt2k8uOkYf2ZoppNa9QVe0T3fEZVQ7Kky1tOkLz_g-2BrHdvqzaBa155F-2F8AmPhpJzY63UzWDisJV95WUBpGhqFw1ICExHG8aMaV2EoFpyto4qO066Rh0hXrp2oBZ4b3D0KqVkUuGGCYkHeQakyfsodAXK2sUR9sBlz1uBsTZLCodXzySSbISNv3HYjWTQk80fb7jVhkLzH3PWefc0i0EO3tPKc4U48mus-2BzFB50gL4o4ctJ-2BYDsg1A8j2Ua0euaW27iJbYwYbqUyqD9xTF-2F0-3D _______________________________________________ LibreOffice mailing list LibreOffice@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/libreoffice