Hi,
Please find the latest report on new defect(s) introduced to LibreOffice found
with Coverity Scan.
6 new defect(s) introduced to LibreOffice found with Coverity Scan.
7 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent
build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 6 of 6 defect(s)
** CID 1664879: (DIVIDE_BY_ZERO)
_____________________________________________________________________________________________
*** CID 1664879: (DIVIDE_BY_ZERO)
/svx/source/svdraw/svdotextpathdecomposition.cxx: 424 in
<unnamed>::impPolygonParagraphHandler::HandlePair(const basegfx::B2DPolygon &,
const std::vector<const <unnamed>::impPathTextPortion *, std::allocator<const
<unnamed>::impPathTextPortion *>> &)()
418
aNewTransformB.translate(aStartPos.getX() - (fPortionLength / 2.0),
aStartPos.getY());
419
420 break;
421 }
422 case XFormTextStyle::SlantY :
423 {
>>> CID 1664879: (DIVIDE_BY_ZERO)
>>> In function call "getPositionAbsolute", division by expression
>>> "fPolyLength" which may be zero has undefined behavior.
424 aEndPos =
basegfx::utils::getPositionAbsolute(aPolygonCandidate, fPolyStart +
fPortionLength, fPolyLength);
425 const basegfx::B2DVector
aDirection(aEndPos - aStartPos);
426 const double
fShearValue(atan2(aDirection.getY(), aDirection.getX()));
427 const double fCos(cos(fShearValue));
428 const double fTan(tan(fShearValue));
429
/svx/source/svdraw/svdotextpathdecomposition.cxx: 391 in
<unnamed>::impPolygonParagraphHandler::HandlePair(const basegfx::B2DPolygon &,
const std::vector<const <unnamed>::impPathTextPortion *, std::allocator<const
<unnamed>::impPathTextPortion *>> &)()
385 }
386
387
switch(maSdrFormTextAttribute.getFormTextStyle())
388 {
389 case XFormTextStyle::Rotate :
390 {
>>> CID 1664879: (DIVIDE_BY_ZERO)
>>> In function call "getPositionAbsolute", division by expression
>>> "fPolyLength" which may be zero has undefined behavior.
391 aEndPos =
basegfx::utils::getPositionAbsolute(aPolygonCandidate, fPolyStart +
fPortionLength, fPolyLength);
392 const basegfx::B2DVector
aDirection(aEndPos - aStartPos);
393
aNewTransformB.rotate(atan2(aDirection.getY(), aDirection.getX()));
394
aNewTransformB.translate(aStartPos.getX(), aStartPos.getY());
395
396 break;
/svx/source/svdraw/svdotextpathdecomposition.cxx: 449 in
<unnamed>::impPolygonParagraphHandler::HandlePair(const basegfx::B2DPolygon &,
const std::vector<const <unnamed>::impPathTextPortion *, std::allocator<const
<unnamed>::impPathTextPortion *>> &)()
443
444 // distance from path?
445 if(maSdrFormTextAttribute.getFormTextDistance())
446 {
447 if(aEndPos.equal(aStartPos))
448 {
>>> CID 1664879: (DIVIDE_BY_ZERO)
>>> In function call "getPositionAbsolute", division by expression
>>> "fPolyLength" which may be zero has undefined behavior.
449 aEndPos =
basegfx::utils::getPositionAbsolute(aPolygonCandidate, fPolyStart +
fPortionLength, fPolyLength);
450 }
451
452 // use back vector (aStartPos - aEndPos)
here to get mirrored perpendicular as in old stuff
453 const basegfx::B2DVector aPerpendicular(
454
basegfx::getNormalizedPerpendicular(aStartPos - aEndPos) *
/svx/source/svdraw/svdotextpathdecomposition.cxx: 406 in
<unnamed>::impPolygonParagraphHandler::HandlePair(const basegfx::B2DPolygon &,
const std::vector<const <unnamed>::impPathTextPortion *, std::allocator<const
<unnamed>::impPathTextPortion *>> &)()
400
aNewTransformB.translate(aStartPos.getX() - (fPortionLength / 2.0),
aStartPos.getY());
401
402 break;
403 }
404 case XFormTextStyle::SlantX :
405 {
>>> CID 1664879: (DIVIDE_BY_ZERO)
>>> In function call "getPositionAbsolute", division by expression
>>> "fPolyLength" which may be zero has undefined behavior.
406 aEndPos =
basegfx::utils::getPositionAbsolute(aPolygonCandidate, fPolyStart +
fPortionLength, fPolyLength);
407 const basegfx::B2DVector
aDirection(aEndPos - aStartPos);
408 const double
fShearValue(atan2(aDirection.getY(), aDirection.getX()));
409 const double fSin(sin(fShearValue));
410 const double fCos(cos(fShearValue));
411
/svx/source/svdraw/svdotextpathdecomposition.cxx: 352 in
<unnamed>::impPolygonParagraphHandler::HandlePair(const basegfx::B2DPolygon &,
const std::vector<const <unnamed>::impPathTextPortion *, std::allocator<const
<unnamed>::impPathTextPortion *>> &)()
346 // when autosize scaling, expand portion
length
347 fPortionLength *= fAutosizeScaleFactor;
348 }
349
350 // create transformation
351 basegfx::B2DHomMatrix aNewTransformA,
aNewTransformB, aNewShadowTransform;
>>> CID 1664879: (DIVIDE_BY_ZERO)
>>> In function call "getPositionAbsolute", division by expression
>>> "fPolyLength" which may be zero has undefined behavior.
352 basegfx::B2DPoint
aStartPos(basegfx::utils::getPositionAbsolute(aPolygonCandidate, fPolyStart,
fPolyLength));
353 basegfx::B2DPoint aEndPos(aStartPos);
354
355 // add font scaling
356 aNewTransformA.scale(aFontScaling.getX(),
aFontScaling.getY());
357
** CID 1664878: Incorrect expression (DIVIDE_BY_ZERO)
_____________________________________________________________________________________________
*** CID 1664878: Incorrect expression (DIVIDE_BY_ZERO)
/slideshow/source/engine/animationfactory.cxx: 307 in
slideshow::internal::<unnamed>::PathAnimation::operator ()(double)()
301
302 virtual bool operator()( double nValue ) override
303 {
304 ENSURE_OR_RETURN_FALSE( mpAttrLayer && mpShape,
305 "PathAnimation::operator():
Invalid ShapeAttributeLayer" );
306
>>> CID 1664878: Incorrect expression (DIVIDE_BY_ZERO)
>>> In function call "getPositionRelative", division by expression
>>> "basegfx::utils::getLength(this->maPathPoly)" which may be zero has
>>> undefined behavior.
307 ::basegfx::B2DPoint rOutPos =
::basegfx::utils::getPositionRelative(maPathPoly,
308
nValue,
309
basegfx::utils::getLength(maPathPoly));
310
311 // TODO(F1): Determine whether the path is
312 // absolute, or shape-relative.
** CID 1664877: Incorrect expression (DIVIDE_BY_ZERO)
_____________________________________________________________________________________________
*** CID 1664877: Incorrect expression (DIVIDE_BY_ZERO)
/basegfx/source/polygon/b2dpolygontools.cxx: 2783 in
basegfx::utils::reSegmentPolygon(const basegfx::B2DPolygon &, unsigned int)()
2777 const double fLength(getLength(rCandidate));
2778 const sal_uInt32 nLoopCount(rCandidate.isClosed()
? nSegments : nSegments + 1);
2779
2780 for(sal_uInt32 a(0); a < nLoopCount; a++)
2781 {
2782 const double
fRelativePos(static_cast<double>(a) / static_cast<double>(nSegments)); // 0.0
.. 1.0
>>> CID 1664877: Incorrect expression (DIVIDE_BY_ZERO)
>>> In function call "getPositionRelative", division by expression
>>> "fLength" which may be zero has undefined behavior.
2783 const B2DPoint
aNewPoint(getPositionRelative(rCandidate, fRelativePos, fLength));
2784 aRetval.append(aNewPoint);
2785 }
2786
2787 // copy closed flag
2788 aRetval.setClosed(rCandidate.isClosed());
** CID 1664876: Insecure data handling (INTEGER_OVERFLOW)
_____________________________________________________________________________________________
*** CID 1664876: Insecure data handling (INTEGER_OVERFLOW)
/sw/source/filter/ww8/ww8par3.cxx: 98 in
SwWW8ImplReader::Read_F_FormTextBox(WW8FieldDesc *, rtl::OUString &)()
92 eF_ResT SwWW8ImplReader::Read_F_FormTextBox( WW8FieldDesc* pF, OUString&
rStr )
93 {
94 WW8FormulaEditBox aFormula(*this);
95
96 sal_Int32 const nPos(rStr.indexOf(0x01));
97 if (pF->nLCode && nPos != -1 && nPos < pF->nLCode) {
>>> CID 1664876: Insecure data handling (INTEGER_OVERFLOW)
>>> "pF->nSCode + nPos", which might be negative, is passed to
>>> "this->ImportFormulaControl(aFormula, pF->nSCode + nPos, WW8_CT_EDIT)".
98 ImportFormulaControl(aFormula, pF->nSCode + nPos, WW8_CT_EDIT);
99 }
100
101 /*
102 Here we have a small complication. This formula control contains
103 the default text that is displayed if you edit the form field in
** CID 1664875: Incorrect expression (DIVIDE_BY_ZERO)
_____________________________________________________________________________________________
*** CID 1664875: Incorrect expression (DIVIDE_BY_ZERO)
/basegfx/source/polygon/b2dlinegeometry.cxx: 100 in
basegfx::utils::createAreaGeometryForLineStartEnd(const basegfx::B2DPolygon &,
const basegfx::B2DPolyPolygon &, bool, double, double, double, double *,
double)()
94 fCandidateLength = getLength(rCandidate);
95 }
96
97 // get the polygon vector we want to plant this arrow on
98 const double fConsumedLength(fArrowYLength * (1.0 -
fDockingPosition) - fShift);
99 const B2DVector aHead(rCandidate.getB2DPoint(bStart ? 0
: rCandidate.count() - 1));
>>> CID 1664875: Incorrect expression (DIVIDE_BY_ZERO)
>>> In function call "getPositionAbsolute", division by expression
>>> "fCandidateLength" which may be zero has undefined behavior.
100 const B2DVector aTail(getPositionAbsolute(rCandidate,
101 bStart ? fConsumedLength : fCandidateLength -
fConsumedLength, fCandidateLength));
102
103 // from that vector, take the needed rotation and add
rotate for arrow to transformation
104 const B2DVector aTargetDirection(aHead - aTail);
105 const double fRotation(atan2(aTargetDirection.getY(),
aTargetDirection.getX()) + M_PI_2);
** CID 1664874: Insecure data handling (INTEGER_OVERFLOW)
_____________________________________________________________________________________________
*** CID 1664874: Insecure data handling (INTEGER_OVERFLOW)
/xmloff/source/draw/ximpcustomshape.cxx: 1242 in
XMLEnhancedCustomShapeContext::endFastElement(int)()
1236 do
1237 {
1238 nIndexOf = rEquation.indexOf( '?', nIndexOf );
1239 if ( nIndexOf != -1 )
1240 {
1241 OUString aEquationName;
>>> CID 1664874: Insecure data handling (INTEGER_OVERFLOW)
>>> "nIndexOf + 1", which might be negative, is passed to
>>> "GetEquationName(rEquation->operator std::u16string_view(), nIndexOf + 1,
>>> aEquationName)".
1242 if ( GetEquationName( rEquation, nIndexOf + 1,
aEquationName ) )
1243 {
1244 // copying first characters inclusive '?'
1245 sal_Int32 nIndex = 0;
1246 EquationHashMap::iterator aHashIter( aH.find(
aEquationName ) );
1247 if ( aHashIter != aH.end() )
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit,
https://scan.coverity.com/projects/libreoffice?tab=overview
