Hi, Please find the latest report on new defect(s) introduced to LibreOffice found with Coverity Scan.
17 new defect(s) introduced to LibreOffice found with Coverity Scan. 30 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 17 of 17 defect(s) ** CID 1325257: (UNINIT) /vcl/source/gdi/salmisc.cxx: 388 in StretchAndConvert(const BitmapBuffer &, const SalTwoRect &, unsigned long, const BitmapPalette *, const ColorMask *)() /vcl/source/gdi/salmisc.cxx: 388 in StretchAndConvert(const BitmapBuffer &, const SalTwoRect &, unsigned long, const BitmapPalette *, const ColorMask *)() ________________________________________________________________________________________________________ *** CID 1325257: (UNINIT) /vcl/source/gdi/salmisc.cxx: 388 in StretchAndConvert(const BitmapBuffer &, const SalTwoRect &, unsigned long, const BitmapPalette *, const ColorMask *)() 382 Scanline* pDstScan = NULL; 383 long* pMapX = NULL; 384 long* pMapY = NULL; 385 386 try 387 { >>> CID 1325257: (UNINIT) >>> Assigning: "pSrcScan" = "new Scanline[rSrcBuffer.mnHeight]", which is >>> allocated but not initialized. 388 pSrcScan = new Scanline[rSrcBuffer.mnHeight]; 389 pDstScan = new Scanline[pDstBuffer->mnHeight]; 390 pMapX = new long[pDstBuffer->mnWidth]; 391 pMapY = new long[pDstBuffer->mnHeight]; 392 } 393 catch( const std::bad_alloc& ) /vcl/source/gdi/salmisc.cxx: 388 in StretchAndConvert(const BitmapBuffer &, const SalTwoRect &, unsigned long, const BitmapPalette *, const ColorMask *)() 382 Scanline* pDstScan = NULL; 383 long* pMapX = NULL; 384 long* pMapY = NULL; 385 386 try 387 { >>> CID 1325257: (UNINIT) >>> Assigning: "pSrcScan" = "new Scanline[rSrcBuffer.mnHeight]", which is >>> allocated but not initialized. 388 pSrcScan = new Scanline[rSrcBuffer.mnHeight]; 389 pDstScan = new Scanline[pDstBuffer->mnHeight]; 390 pMapX = new long[pDstBuffer->mnWidth]; 391 pMapY = new long[pDstBuffer->mnHeight]; 392 } 393 catch( const std::bad_alloc& ) ** CID 1325256: Null pointer dereferences (NULL_RETURNS) /sfx2/source/view/viewfrm.cxx: 2561 in SfxViewFrame::AddDispatchMacroToBasic_Impl(const rtl::OUString &)() ________________________________________________________________________________________________________ *** CID 1325256: Null pointer dereferences (NULL_RETURNS) /sfx2/source/view/viewfrm.cxx: 2561 in SfxViewFrame::AddDispatchMacroToBasic_Impl(const rtl::OUString &)() 2555 StarBASIC* pBasic = pBasMgr->GetLib( aLibName ); 2556 if ( pBasic ) 2557 { 2558 SbModule* pModule = pBasic->FindModule( aModuleName ); 2559 if ( pModule ) 2560 { >>> CID 1325256: Null pointer dereferences (NULL_RETURNS) >>> Assigning: "pMethod" = null return value from "Find". 2561 SbMethod* pMethod = static_cast<SbMethod*>(pModule->GetMethods()->Find( aMacroName, SbxCLASS_METHOD )); 2562 aOUSource = pModule->GetSource32(); 2563 sal_uInt16 nStart, nEnd; 2564 pMethod->GetLineRange( nStart, nEnd ); 2565 sal_uIntPtr nlStart = nStart; 2566 sal_uIntPtr nlEnd = nEnd; ** CID 1325255: Null pointer dereferences (FORWARD_NULL) /basic/source/runtime/runtime.cxx: 3257 in SbiRuntime::checkClass_Impl(const tools::SvRef<SbxVariable> &, const rtl::OUString &, bool, bool)() ________________________________________________________________________________________________________ *** CID 1325255: Null pointer dereferences (FORWARD_NULL) /basic/source/runtime/runtime.cxx: 3257 in SbiRuntime::checkClass_Impl(const tools::SvRef<SbxVariable> &, const rtl::OUString &, bool, bool)() 3251 if( pObj ) 3252 { 3253 if( !implIsClass( pObj, aClass ) ) 3254 { 3255 if ( ( bVBAEnabled || CodeCompleteOptions::IsExtendedTypeDeclaration() ) && pObj->IsA( TYPE(SbUnoObject) ) ) 3256 { >>> CID 1325255: Null pointer dereferences (FORWARD_NULL) >>> Assigning: "pUnoObj" = "dynamic_cast <SbUnoObject *>(pObj)". 3257 SbUnoObject* pUnoObj = dynamic_cast<SbUnoObject*>( pObj ); 3258 bOk = checkUnoObjectType( pUnoObj, aClass ); 3259 } 3260 else 3261 bOk = false; 3262 if ( !bOk ) ** CID 1325254: Null pointer dereferences (FORWARD_NULL) /xmloff/source/text/XMLTextFrameHyperlinkContext.cxx: 167 in XMLTextFrameHyperlinkContext::GetShape() const() ________________________________________________________________________________________________________ *** CID 1325254: Null pointer dereferences (FORWARD_NULL) /xmloff/source/text/XMLTextFrameHyperlinkContext.cxx: 167 in XMLTextFrameHyperlinkContext::GetShape() const() 161 Reference < drawing::XShape > XMLTextFrameHyperlinkContext::GetShape() const 162 { 163 Reference < drawing::XShape > xShape; 164 if( xFrameContext.Is() ) 165 { 166 SvXMLImportContext *pContext = &xFrameContext; >>> CID 1325254: Null pointer dereferences (FORWARD_NULL) >>> Dynamic cast to pointer "dynamic_cast <XMLTextFrameContext >>> *>(pContext)" can return "NULL". 167 xShape = dynamic_cast<XMLTextFrameContext*>( pContext )->GetShape( ); 168 } 169 170 return xShape; 171 } 172 ** CID 1325253: Null pointer dereferences (FORWARD_NULL) /xmloff/source/text/XMLTextFrameHyperlinkContext.cxx: 154 in XMLTextFrameHyperlinkContext::GetTextContent() const() ________________________________________________________________________________________________________ *** CID 1325253: Null pointer dereferences (FORWARD_NULL) /xmloff/source/text/XMLTextFrameHyperlinkContext.cxx: 154 in XMLTextFrameHyperlinkContext::GetTextContent() const() 148 Reference < XTextContent > XMLTextFrameHyperlinkContext::GetTextContent() const 149 { 150 Reference <XTextContent > xTxt; 151 if( xFrameContext.Is() ) 152 { 153 SvXMLImportContext *pContext = &xFrameContext; >>> CID 1325253: Null pointer dereferences (FORWARD_NULL) >>> Dynamic cast to pointer "dynamic_cast <XMLTextFrameContext >>> *>(pContext)" can return "NULL". 154 xTxt = dynamic_cast<XMLTextFrameContext*>( pContext )->GetTextContent( ); 155 } 156 157 return xTxt; 158 } 159 ** CID 1325252: Null pointer dereferences (FORWARD_NULL) /xmloff/source/text/XMLTextFrameHyperlinkContext.cxx: 141 in XMLTextFrameHyperlinkContext::GetAnchorType() const() ________________________________________________________________________________________________________ *** CID 1325252: Null pointer dereferences (FORWARD_NULL) /xmloff/source/text/XMLTextFrameHyperlinkContext.cxx: 141 in XMLTextFrameHyperlinkContext::GetAnchorType() const() 135 136 TextContentAnchorType XMLTextFrameHyperlinkContext::GetAnchorType() const 137 { 138 if( xFrameContext.Is() ) 139 { 140 SvXMLImportContext *pContext = &xFrameContext; >>> CID 1325252: Null pointer dereferences (FORWARD_NULL) >>> Dynamic cast to pointer "dynamic_cast <XMLTextFrameContext >>> *>(pContext)" can return "NULL". 141 return dynamic_cast<XMLTextFrameContext*>( pContext ) ->GetAnchorType( ); 142 } 143 else 144 return eDefaultAnchorType; 145 146 } ** CID 1325251: Null pointer dereferences (FORWARD_NULL) /cui/source/customize/acccfg.cxx: 1477 in SfxAcceleratorConfigPage::Reset(const SfxItemSet *)() ________________________________________________________________________________________________________ *** CID 1325251: Null pointer dereferences (FORWARD_NULL) /cui/source/customize/acccfg.cxx: 1477 in SfxAcceleratorConfigPage::Reset(const SfxItemSet *)() 1471 1472 RadioHdl(0); 1473 1474 const SfxPoolItem* pMacroItem=0; 1475 if( SfxItemState::SET == rSet->GetItemState( SID_MACROINFO, true, &pMacroItem ) ) 1476 { >>> CID 1325251: Null pointer dereferences (FORWARD_NULL) >>> Assigning: "this->m_pMacroInfoItem" = "dynamic_cast <SfxMacroInfoItem >>> const *>(pMacroItem)". 1477 m_pMacroInfoItem = dynamic_cast<const SfxMacroInfoItem*>( pMacroItem ); 1478 m_pGroupLBox->SelectMacro( m_pMacroInfoItem ); 1479 } 1480 else 1481 { 1482 const SfxPoolItem* pStringItem=0; ** CID 1325250: Null pointer dereferences (FORWARD_NULL) /basic/source/classes/sbunoobj.cxx: 146 in getDefaultProp(SbxVariable *)() ________________________________________________________________________________________________________ *** CID 1325250: Null pointer dereferences (FORWARD_NULL) /basic/source/classes/sbunoobj.cxx: 146 in getDefaultProp(SbxVariable *)() 140 { 141 SbxBase* pObjVarObj = pRef->GetObject(); 142 pObj = dynamic_cast<SbxObject*>( pObjVarObj ); 143 } 144 if ( pObj && 0 != dynamic_cast<const SbUnoObject*>( pObj) ) 145 { >>> CID 1325250: Null pointer dereferences (FORWARD_NULL) >>> Assigning: "pUnoObj" = "dynamic_cast <SbUnoObject *>(pObj)". 146 SbUnoObject* pUnoObj = dynamic_cast<SbUnoObject*>( pObj ); 147 pDefaultProp = pUnoObj->GetDfltProperty(); 148 } 149 } 150 return pDefaultProp; 151 } ** CID 1325249: Null pointer dereferences (FORWARD_NULL) /xmloff/source/draw/ximpshap.cxx: 3613 in SdXMLFrameShapeContext::CreateChildContext(unsigned short, const rtl::OUString &, const com::sun::star::uno::Reference<com::sun::star::xml::sax::XAttributeList> &)() ________________________________________________________________________________________________________ *** CID 1325249: Null pointer dereferences (FORWARD_NULL) /xmloff/source/draw/ximpshap.cxx: 3613 in SdXMLFrameShapeContext::CreateChildContext(unsigned short, const rtl::OUString &, const com::sun::star::uno::Reference<com::sun::star::xml::sax::XAttributeList> &)() 3607 (IsXMLToken( rLocalName, XML_TITLE ) || IsXMLToken( rLocalName, XML_DESC ) ) ) || 3608 (nPrefix == XML_NAMESPACE_OFFICE && IsXMLToken( rLocalName, XML_EVENT_LISTENERS ) ) || 3609 (nPrefix == XML_NAMESPACE_DRAW && (IsXMLToken( rLocalName, XML_GLUE_POINT ) || 3610 IsXMLToken( rLocalName, XML_THUMBNAIL ) ) ) ) 3611 { 3612 SvXMLImportContext *pImplContext = &mxImplContext; >>> CID 1325249: Null pointer dereferences (FORWARD_NULL) >>> Passing null pointer "dynamic_cast <SdXMLShapeContext *>(pImplContext)" >>> to "CreateChildContext", which dereferences it. (The dereference happens >>> because this is a virtual function call.) 3613 pContext = dynamic_cast<SdXMLShapeContext*>( pImplContext )->CreateChildContext( nPrefix, 3614 rLocalName, xAttrList ); 3615 } 3616 else if ( (XML_NAMESPACE_DRAW == nPrefix) && IsXMLToken( rLocalName, XML_IMAGE_MAP ) ) 3617 { 3618 SdXMLShapeContext *pSContext = dynamic_cast< SdXMLShapeContext* >( &mxImplContext ); ** CID 1325248: Null pointer dereferences (FORWARD_NULL) /xmloff/source/text/txtparaimphint.hxx: 223 in XMLTextFrameHint_Impl::GetShape() const() ________________________________________________________________________________________________________ *** CID 1325248: Null pointer dereferences (FORWARD_NULL) /xmloff/source/text/txtparaimphint.hxx: 223 in XMLTextFrameHint_Impl::GetShape() const() 217 // Frame "to character": anchor moves from first to last char after saving (#i33242#) 218 css::uno::Reference < css::drawing::XShape > GetShape() const 219 { 220 css::uno::Reference < css::drawing::XShape > xShape; 221 SvXMLImportContext *pContext = &xContext; 222 if( 0 != dynamic_cast<const XMLTextFrameContext*>(pContext) ) >>> CID 1325248: Null pointer dereferences (FORWARD_NULL) >>> Dynamic cast to pointer "dynamic_cast <XMLTextFrameContext >>> *>(pContext)" can return "NULL". 223 xShape = dynamic_cast< XMLTextFrameContext*>( pContext )->GetShape(); 224 else if( 0 != dynamic_cast<const XMLTextFrameHyperlinkContext*>(pContext) ) 225 xShape = dynamic_cast<XMLTextFrameHyperlinkContext*>( pContext )->GetShape(); 226 227 return xShape; 228 } ** CID 1325247: Null pointer dereferences (FORWARD_NULL) /xmloff/source/text/txtparaimphint.hxx: 209 in XMLTextFrameHint_Impl::GetTextContent() const() ________________________________________________________________________________________________________ *** CID 1325247: Null pointer dereferences (FORWARD_NULL) /xmloff/source/text/txtparaimphint.hxx: 209 in XMLTextFrameHint_Impl::GetTextContent() const() 203 204 css::uno::Reference < css::text::XTextContent > GetTextContent() const 205 { 206 css::uno::Reference < css::text::XTextContent > xTxt; 207 SvXMLImportContext *pContext = &xContext; 208 if( 0 != dynamic_cast<const XMLTextFrameContext*>(pContext) ) >>> CID 1325247: Null pointer dereferences (FORWARD_NULL) >>> Dynamic cast to pointer "dynamic_cast <XMLTextFrameContext >>> *>(pContext)" can return "NULL". 209 xTxt = dynamic_cast< XMLTextFrameContext*>( pContext )->GetTextContent(); 210 else if( 0 != dynamic_cast<const XMLTextFrameHyperlinkContext*>(pContext) ) 211 xTxt = dynamic_cast< XMLTextFrameHyperlinkContext* >( pContext ) 212 ->GetTextContent(); 213 214 return xTxt; ** CID 1325246: Null pointer dereferences (FORWARD_NULL) /xmloff/source/text/txtparaimphint.hxx: 235 in XMLTextFrameHint_Impl::IsBoundAtChar() const() ________________________________________________________________________________________________________ *** CID 1325246: Null pointer dereferences (FORWARD_NULL) /xmloff/source/text/txtparaimphint.hxx: 235 in XMLTextFrameHint_Impl::IsBoundAtChar() const() 229 230 bool IsBoundAtChar() const 231 { 232 bool bRet = false; 233 SvXMLImportContext *pContext = &xContext; 234 if( 0 != dynamic_cast<const XMLTextFrameContext*>(pContext) ) >>> CID 1325246: Null pointer dereferences (FORWARD_NULL) >>> Dynamic cast to pointer "dynamic_cast <XMLTextFrameContext const >>> *>(pContext)" can return "NULL". 235 bRet = css::text::TextContentAnchorType_AT_CHARACTER == 236 dynamic_cast<const XMLTextFrameContext*>( pContext ) 237 ->GetAnchorType(); 238 else if( 0 != dynamic_cast<const XMLTextFrameHyperlinkContext*>( pContext) ) 239 bRet = css::text::TextContentAnchorType_AT_CHARACTER == 240 dynamic_cast<const XMLTextFrameHyperlinkContext*>( pContext ) ** CID 1325245: Incorrect expression (COPY_PASTE_ERROR) /filter/source/graphicfilter/ipict/ipict.cxx: 910 in PictReader::ReadPixMapEtc(Bitmap &, bool, bool, Rectangle *, Rectangle *, bool, bool)() ________________________________________________________________________________________________________ *** CID 1325245: Incorrect expression (COPY_PASTE_ERROR) /filter/source/graphicfilter/ipict/ipict.cxx: 910 in PictReader::ReadPixMapEtc(Bitmap &, bool, bool, Rectangle *, Rectangle *, bool, bool)() 904 sal_uInt16 nByteCount, nCount, nD; 905 sal_uLong nSrcBitsPos; 906 907 if (nWidth > nRowBytes / 2) 908 BITMAPERROR; 909 >>> CID 1325245: Incorrect expression (COPY_PASTE_ERROR) >>> "nRowBytes" in "nRowBytes < 8" looks like a copy-paste error. 910 if ( nRowBytes < 8 || nPackType == 1 ) { 911 if (pPict->remainingSize() < sizeof(sal_uInt16) * nHeight * nWidth) 912 BITMAPERROR; 913 } 914 915 for (sal_uInt16 ny = 0; ny < nHeight; ++ny) ** CID 1209375: Null pointer dereferences (FORWARD_NULL) /connectivity/source/drivers/dbase/DIndexIter.cxx: 135 in connectivity::dbase::OIndexIterator::GetCompare(bool)() ________________________________________________________________________________________________________ *** CID 1209375: Null pointer dereferences (FORWARD_NULL) /connectivity/source/drivers/dbase/DIndexIter.cxx: 135 in connectivity::dbase::OIndexIterator::GetCompare(bool)() 129 } 130 131 132 sal_uIntPtr OIndexIterator::GetCompare(bool bFirst) 133 { 134 ONDXKey* pKey = NULL; >>> CID 1209375: Null pointer dereferences (FORWARD_NULL) >>> Dynamic cast to pointer "dynamic_cast <connectivity::file::OOp_COMPARE >>> *>(this->m_pOperator)" can return "NULL". 135 sal_Int32 ePredicateType = dynamic_cast<file::OOp_COMPARE*>(m_pOperator)->getPredicateType(); 136 137 if (bFirst) 138 { 139 // Preparation, position on the smallest element 140 ONDXPage* pPage = m_aRoot; ** CID 735748: Null pointer dereferences (FORWARD_NULL) /filter/source/pdf/pdfexport.cxx: 187 in PDFExport::ExportSelection(vcl::PDFWriter &, com::sun::star::uno::Reference<com::sun::star::view::XRenderable> &, const com::sun::star::uno::Any &, const StringRangeEnumerator &, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> &, int)() ________________________________________________________________________________________________________ *** CID 735748: Null pointer dereferences (FORWARD_NULL) /filter/source/pdf/pdfexport.cxx: 187 in PDFExport::ExportSelection(vcl::PDFWriter &, com::sun::star::uno::Reference<com::sun::star::view::XRenderable> &, const com::sun::star::uno::Any &, const StringRangeEnumerator &, com::sun::star::uno::Sequence<com::sun::star::beans::PropertyValue> &, int)() 181 } 182 183 OutputDevice* pOut = rPDFWriter.GetReferenceDevice(); 184 185 if( pOut ) 186 { >>> CID 735748: Null pointer dereferences (FORWARD_NULL) >>> Assigning: "pPDFExtOutDevData" = "dynamic_cast <vcl::PDFExtOutDevData >>> *>(pOut->GetExtOutDevData())". 187 vcl::PDFExtOutDevData* pPDFExtOutDevData = dynamic_cast<vcl::PDFExtOutDevData* >( pOut->GetExtOutDevData() ); 188 if ( nPageCount ) 189 { 190 pPDFExtOutDevData->SetIsExportNotesPages( bExportNotesPages ); 191 192 sal_Int32 nCurrentPage(0); ** CID 735690: Null pointer dereferences (FORWARD_NULL) /dbaccess/source/ui/dlg/dbadmin.cxx: 112 in dbaui::ODbAdminDialog::impl_selectDataSource(const com::sun::star::uno::Any &)() ________________________________________________________________________________________________________ *** CID 735690: Null pointer dereferences (FORWARD_NULL) /dbaccess/source/ui/dlg/dbadmin.cxx: 112 in dbaui::ODbAdminDialog::impl_selectDataSource(const com::sun::star::uno::Any &)() 106 void ODbAdminDialog::impl_selectDataSource(const css::uno::Any& _aDataSourceName) 107 { 108 m_pImpl->setDataSourceOrName(_aDataSourceName); 109 Reference< XPropertySet > xDatasource = m_pImpl->getCurrentDataSource(); 110 impl_resetPages( xDatasource ); 111 >>> CID 735690: Null pointer dereferences (FORWARD_NULL) >>> Assigning: "pCollectionItem" = "dynamic_cast >>> <dbaui::DbuTypeCollectionItem const *>(this->getOutputSet()->GetItem(5, >>> true, NULL))". 112 const DbuTypeCollectionItem* pCollectionItem = dynamic_cast<const DbuTypeCollectionItem*>( getOutputSet()->GetItem(DSID_TYPECOLLECTION) ); 113 ::dbaccess::ODsnTypeCollection* pCollection = pCollectionItem->getCollection(); 114 ::dbaccess::DATASOURCE_TYPE eType = pCollection->determineType(getDatasourceType(*getOutputSet())); 115 116 // and insert the new ones 117 switch ( eType ) ** CID 735689: Null pointer dereferences (FORWARD_NULL) /dbaccess/source/ui/dlg/dbadmin.cxx: 203 in dbaui::ODbAdminDialog::impl_resetPages(const com::sun::star::uno::Reference<com::sun::star::beans::XPropertySet> &)() ________________________________________________________________________________________________________ *** CID 735689: Null pointer dereferences (FORWARD_NULL) /dbaccess/source/ui/dlg/dbadmin.cxx: 203 in dbaui::ODbAdminDialog::impl_resetPages(const com::sun::star::uno::Reference<com::sun::star::beans::XPropertySet> &)() 197 // reset the example set 198 delete pExampleSet; 199 pExampleSet = new SfxItemSet(*GetInputSetImpl()); 200 201 // special case: MySQL Native does not have the generic "advanced" page 202 >>> CID 735689: Null pointer dereferences (FORWARD_NULL) >>> Assigning: "pCollectionItem" = "dynamic_cast >>> <dbaui::DbuTypeCollectionItem const *>(this->getOutputSet()->GetItem(5, >>> true, NULL))". 203 const DbuTypeCollectionItem* pCollectionItem = dynamic_cast<const DbuTypeCollectionItem*>( getOutputSet()->GetItem(DSID_TYPECOLLECTION) ); 204 ::dbaccess::ODsnTypeCollection* pCollection = pCollectionItem->getCollection(); 205 if ( pCollection->determineType(getDatasourceType( *pExampleSet )) == ::dbaccess::DST_MYSQL_NATIVE ) 206 { 207 AddTabPage( PAGE_MYSQL_NATIVE, OUString( ModuleRes( STR_PAGETITLE_CONNECTION ) ), ODriversSettings::CreateMySQLNATIVE, NULL ); 208 RemoveTabPage("advanced"); ________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/libreoffice?tab=overview To manage Coverity Scan email notifications for "libreoffice@lists.freedesktop.org", click https://scan.coverity.com/subscriptions/edit?email=libreoffice%40lists.freedesktop.org&token=d6481d718a775246b2340f282ebe5939 _______________________________________________ LibreOffice mailing list LibreOffice@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/libreoffice