Hi,
Please find the latest report on new defect(s) introduced to LibreOffice found
with Coverity Scan.
6 new defect(s) introduced to LibreOffice found with Coverity Scan.
3 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent
build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 6 of 6 defect(s)
** CID 1519051: Null pointer dereferences (FORWARD_NULL)
________________________________________________________________________________________________________
*** CID 1519051: Null pointer dereferences (FORWARD_NULL)
/xmlsecurity/source/xmlsec/nss/seinitializer_nssimpl.cxx: 62 in
SEInitializer_NssImpl::createSecurityContext(const rtl::OUString &)()
56 {
57 /* Build XML Security Context */
58 uno::Reference< css::xml::crypto::XXMLSecurityContext > xSecCtx
= css::xml::crypto::XMLSecurityContext::create( m_xContext );
59
60 uno::Reference< css::xml::crypto::XSecurityEnvironment > xSecEnv
= css::xml::crypto::SecurityEnvironment::create( m_xContext );
61 SecurityEnvironment_NssImpl* pSecEnv =
dynamic_cast<SecurityEnvironment_NssImpl*>(xSecEnv.get());
>>> CID 1519051: Null pointer dereferences (FORWARD_NULL)
>>> Passing null pointer "pSecEnv" to "setCertDb", which dereferences it.
62 pSecEnv->setCertDb(pCertHandle);
63
64 sal_Int32 n = xSecCtx->addSecurityEnvironment(xSecEnv);
65 //originally the SecurityEnvironment with the internal slot was
set as default
66 xSecCtx->setDefaultSecurityEnvironmentIndex( n );
67 return xSecCtx;
** CID 1519050: (FORWARD_NULL)
________________________________________________________________________________________________________
*** CID 1519050: (FORWARD_NULL)
/reportdesign/source/filter/xml/xmlExportDocumentHandler.cxx: 190 in
rptxml::ExportDocumentHandler::startElement(const rtl::OUString &, const
com::sun::star::uno::Reference<com::sun::star::xml::sax::XAttributeList> &)()
184 }
185 else if ( m_bTableRowsStarted && m_bFirstRowExported && (_sName ==
"table:table-row" || _sName == "table:table-cell") )
186 bExport = false;
187 else if ( _sName == "chart:plot-area" )
188 {
189 SvXMLAttributeList* pList =
dynamic_cast<SvXMLAttributeList*>(xAttribs.get());
>>> CID 1519050: (FORWARD_NULL)
>>> Passing null pointer "pList" to "RemoveAttribute", which dereferences
>>> it.
190 pList->RemoveAttribute("table:cell-range-address");
191 }
192 else if ( _sName == "chart:categories" )
193 {
194 static OUString
s_sCellAddress(lcl_createAttribute(XML_NP_TABLE,XML_CELL_RANGE_ADDRESS));
195 lcl_correctCellAddress(s_sCellAddress,xAttribs);
/reportdesign/source/filter/xml/xmlExportDocumentHandler.cxx: 206 in
rptxml::ExportDocumentHandler::startElement(const rtl::OUString &, const
com::sun::star::uno::Reference<com::sun::star::xml::sax::XAttributeList> &)()
200 lcl_correctCellAddress(s_sCellAddress,xAttribs);
201 }
202 else if ( m_bTableRowsStarted && !m_bFirstRowExported && _sName ==
"table:table-cell" )
203 {
204 SvXMLAttributeList* pList =
dynamic_cast<SvXMLAttributeList*>(xAttribs.get());
205 static OUString
s_sValue(lcl_createAttribute(XML_NP_OFFICE,XML_VALUE));
>>> CID 1519050: (FORWARD_NULL)
>>> Passing null pointer "pList" to "RemoveAttribute", which dereferences
>>> it.
206 pList->RemoveAttribute(s_sValue);
207 }
208 else if ( m_bTableRowsStarted && _sName == "text:p" )
209 {
210 bExport = false;
211 }
** CID 1519049: Null pointer dereferences (FORWARD_NULL)
________________________________________________________________________________________________________
*** CID 1519049: Null pointer dereferences (FORWARD_NULL)
/sc/source/filter/xml/xmlwrap.cxx: 667 in
ScXMLImportWrapper::ExportToComponent(const
com::sun::star::uno::Reference<com::sun::star::uno::XComponentContext> &, const
com::sun::star::uno::Reference<com::sun::star::frame::XModel> &, const
com::sun::star::uno::Reference<com::sun::star::xml::sax::XWriter> &, const
com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> &, const
rtl::OUString &, const rtl::OUString &, const rtl::OUString &, const
com::sun::star::uno::Sequence<com::sun::star::uno::Any> &,
std::unique_ptr<ScMySharedData, std::default_delete<ScMySharedData>> &)()
661 if ( xFilter.is() )
662 {
663 ScXMLExport* pExport =
static_cast<ScXMLExport*>(dynamic_cast<SvXMLExport*>(xFilter.get()));
664 pExport->SetSharedData(std::move(pSharedData));
665
666 // if there are sheets to copy, get the source stream
>>> CID 1519049: Null pointer dereferences (FORWARD_NULL)
>>> Passing null pointer "pExport" to "getExportFlags", which dereferences
>>> it.
667 if ( sName == "content.xml" && lcl_HasValidStream(rDoc) && (
pExport->getExportFlags() & SvXMLExportFlags::OASIS ) )
668 {
669 // old stream is still in this file's storage - open
read-only
670
671 // #i106854# use the document's storage directly, without a
temporary SfxMedium
672 uno::Reference<embed::XStorage> xTmpStorage =
rDoc.GetDocumentShell()->GetStorage();
** CID 1519048: Error handling issues (CHECKED_RETURN)
/sw/source/filter/ww8/wrtw8sty.cxx: 327 in StripWWSuffix(const rtl::OUString
&)()
________________________________________________________________________________________________________
*** CID 1519048: Error handling issues (CHECKED_RETURN)
/sw/source/filter/ww8/wrtw8sty.cxx: 327 in StripWWSuffix(const rtl::OUString
&)()
321 }
322
323 // StyleSheetTable::ConvertStyleName appends the suffix do disambiguate
conflicting style names
324 static OUString StripWWSuffix(const OUString& s)
325 {
326 OUString ret = s;
>>> CID 1519048: Error handling issues (CHECKED_RETURN)
>>> Calling "endsWith" without checking return value (as is done elsewhere
>>> 7 out of 8 times).
327 ret.endsWith(" (WW)", &ret);
328 return ret;
329 }
330
331 void MSWordStyles::BuildWwNames()
332 {
** CID 1519047: Null pointer dereferences (FORWARD_NULL)
/reportdesign/source/filter/xml/xmlExportDocumentHandler.cxx: 62 in
rptxml::lcl_correctCellAddress(const rtl::OUString &, const
com::sun::star::uno::Reference<com::sun::star::xml::sax::XAttributeList> &)()
________________________________________________________________________________________________________
*** CID 1519047: Null pointer dereferences (FORWARD_NULL)
/reportdesign/source/filter/xml/xmlExportDocumentHandler.cxx: 62 in
rptxml::lcl_correctCellAddress(const rtl::OUString &, const
com::sun::star::uno::Reference<com::sun::star::xml::sax::XAttributeList> &)()
56 xmloff::token::GetXMLToken(_eAttribute);
57 }
58
59 static void lcl_correctCellAddress(const OUString & _sName, const
uno::Reference< xml::sax::XAttributeList > & xAttribs)
60 {
61 SvXMLAttributeList* pList =
dynamic_cast<SvXMLAttributeList*>(xAttribs.get());
>>> CID 1519047: Null pointer dereferences (FORWARD_NULL)
>>> Passing null pointer "pList" to "getValueByName", which dereferences
>>> it. (The dereference happens because this is a virtual function call.)
62 OUString sCellAddress = pList->getValueByName(_sName);
63 const sal_Int32 nPos = sCellAddress.lastIndexOf('$');
64 if ( nPos != -1 )
65 {
66 sCellAddress = OUString::Concat(sCellAddress.subView(0,nPos)) +
"$65535";
67 pList->RemoveAttribute(_sName);
** CID 1519046: (UNINIT)
________________________________________________________________________________________________________
*** CID 1519046: (UNINIT)
/svx/source/sidebar/nbdtmg.cxx: 324 in
svx::sidebar::BulletsTypeMgr::ReplaceNumRule(SvxNumRule &, unsigned short,
unsigned short)()
318 return;
319
320 pActualBullets[nIndex]->cBulletChar = cChar;
321 if ( pFont )
322 pActualBullets[nIndex]->aFont = *pFont;
323 pActualBullets[nIndex]->bIsCustomized = true;
>>> CID 1519046: (UNINIT)
>>> Using uninitialized value "pFont._M_payload._M_payload" when calling
>>> "~optional".
324 }
325
326 void BulletsTypeMgr::ApplyNumRule(SvxNumRule& aNum, sal_uInt16 nIndex,
sal_uInt16 mLevel, bool /*isDefault*/, bool isResetSize)
327 {
328 if ( nIndex >= DEFAULT_BULLET_TYPES )
329 return;
/svx/source/sidebar/nbdtmg.cxx: 318 in
svx::sidebar::BulletsTypeMgr::ReplaceNumRule(SvxNumRule &, unsigned short,
unsigned short)()
312 return;
313
314 SvxNumberFormat aFmt(aNum.GetLevel(nActLv));
315 sal_UCS4 cChar = aFmt.GetBulletChar();
316 std::optional<vcl::Font> pFont = aFmt.GetBulletFont();
317 if ( nIndex >= DEFAULT_BULLET_TYPES )
>>> CID 1519046: (UNINIT)
>>> Using uninitialized value "pFont._M_payload._M_payload" when calling
>>> "~optional".
318 return;
319
320 pActualBullets[nIndex]->cBulletChar = cChar;
321 if ( pFont )
322 pActualBullets[nIndex]->aFont = *pFont;
323 pActualBullets[nIndex]->bIsCustomized = true;
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit,
https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50ypSs1kiFPuCn2xFdlMIFBirii0zZ9j2-2F9F2XPBcBm2BNgi9duPy3v-2FzgFDd2LJ-2BDKI-3DeGIt_OTq2XUZbbipYjyLSo6GRo-2FpVxQ9OzkDINu9UTS-2FQhSdO0F0jQniitrGlNxDIzPJi-2BeqKk8DoPNt9Z4E9K6487RF5L5Z3OSHNNR2jjoPYirtdjiUvKJTTqOtyrKRotF-2Bgab2t7SjJgEAHWsEG5oVg-2FxD1rCn-2BeK53C-2BL8XT6JL1c2DmFMouWoNLrpetvt3ittE2FmR-2B031fZQefrvPnFb5uzzCJxhqVtm-2Bjb8bXc7pYw-3D
