basic/source/comp/buffer.cxx | 5 ---
cppuhelper/source/component_context.cxx | 12 +++++----
cui/source/inc/insdlg.hxx | 2 -
editeng/source/accessibility/AccessibleEditableTextPara.cxx | 10 +++++--
editeng/source/items/flditem.cxx | 9 ++++++
filter/source/graphicfilter/itiff/itiff.cxx | 9 ++++++
filter/source/msfilter/svdfppt.cxx | 16 ++++++++++--
sc/source/core/data/documen4.cxx | 8 ++++--
vcl/source/window/dlgctrl.cxx | 6 ++--
xmlsecurity/source/helper/xsecctl.cxx | 12 +++------
10 files changed, 60 insertions(+), 29 deletions(-)
New commits:
commit 784d069cc1d9f1d6e6a4e543a278376ab483d1eb
Author: Caolán McNamara <caol...@redhat.com>
Date: Sun Jan 25 21:28:20 2015 +0000
coverity#1266475 Dereference null return value
Change-Id: Ife68d6e6d837d1e4e1e1de3a82998866e5ef7e83
diff --git a/vcl/source/window/dlgctrl.cxx b/vcl/source/window/dlgctrl.cxx
index a7d6e7a..2b63b3f 100644
--- a/vcl/source/window/dlgctrl.cxx
+++ b/vcl/source/window/dlgctrl.cxx
@@ -231,7 +231,7 @@ vcl::Window* Window::ImplGetDlgWindow( sal_uInt16 nIndex,
sal_uInt16 nType,
pWindow = ImplGetChildWindow( this, nFormStart, i, true );
}
- if ( i <= nFormEnd )
+ if (i <= nFormEnd && pWindow)
{
// carry the 2nd index, in case all controls are disabled
sal_uInt16 nStartIndex2 = i;
@@ -252,9 +252,9 @@ vcl::Window* Window::ImplGetDlgWindow( sal_uInt16 nIndex,
sal_uInt16 nType,
else
pWindow = ImplGetNextWindow( this, i, i, true );
}
- while ( (i != nStartIndex) && (i != nStartIndex2) );
+ while (i != nStartIndex && i != nStartIndex2 && pWindow);
- if ( (i == nStartIndex2) &&
+ if ( (i == nStartIndex2) && pWindow &&
(!(pWindow->GetStyle() & WB_TABSTOP) ||
!isEnabledInLayout(pWindow)) )
i = nStartIndex;
}
commit 6347df7af9a6c095da49c353aa8cc31914da8510
Author: Caolán McNamara <caol...@redhat.com>
Date: Sun Jan 25 21:24:41 2015 +0000
coverity#1266458 Argument cannot be negative
and
coverity#1266464 Argument cannot be negative
Change-Id: I27fb7789cd37046fcdaeaaa801d6dc0547a8afa1
diff --git a/xmlsecurity/source/helper/xsecctl.cxx
b/xmlsecurity/source/helper/xsecctl.cxx
index 66edb6a..1225097 100644
--- a/xmlsecurity/source/helper/xsecctl.cxx
+++ b/xmlsecurity/source/helper/xsecctl.cxx
@@ -1019,10 +1019,8 @@ void SAL_CALL XSecController::signatureCreated(
sal_Int32 securityId, com::sun::
throw (com::sun::star::uno::RuntimeException, std::exception)
{
int index = findSignatureInfor(securityId);
- DBG_ASSERT( index != -1, "Signature Not Found!" );
-
- SignatureInformation& signatureInfor =
m_vInternalSignatureInformations[index].signatureInfor;
-
+ assert(index != -1 && "Signature Not Found!");
+ SignatureInformation& signatureInfor =
m_vInternalSignatureInformations.at(index).signatureInfor;
signatureInfor.nStatus = nResult;
}
@@ -1033,10 +1031,8 @@ void SAL_CALL XSecController::signatureVerified(
sal_Int32 securityId, com::sun:
throw (com::sun::star::uno::RuntimeException, std::exception)
{
int index = findSignatureInfor(securityId);
- DBG_ASSERT( index != -1, "Signature Not Found!" );
-
- SignatureInformation& signatureInfor =
m_vInternalSignatureInformations[index].signatureInfor;
-
+ assert(index != -1 && "Signature Not Found!");
+ SignatureInformation& signatureInfor =
m_vInternalSignatureInformations.at(index).signatureInfor;
signatureInfor.nStatus = nResult;
}
commit e11fe1886a58498899d7b074348186a46c5f6ac6
Author: Caolán McNamara <caol...@redhat.com>
Date: Sun Jan 25 21:20:32 2015 +0000
coverity#1266474 Dereference null return value
Change-Id: I240be73629a26a7067bfde5d2b662315a3259d1f
diff --git a/sc/source/core/data/documen4.cxx b/sc/source/core/data/documen4.cxx
index 27f8a20..ba09b3b 100644
--- a/sc/source/core/data/documen4.cxx
+++ b/sc/source/core/data/documen4.cxx
@@ -82,14 +82,19 @@ bool ScDocument::Solver(SCCOL nFCol, SCROW nFRow, SCTAB
nFTab,
GetCellType(nVCol, nVRow, nVTab, eVType);
// #i108005# convert target value to number using default format,
// as previously done in ScInterpreter::GetDouble
+ ScFormulaCell* pFormula = NULL;
double fTargetVal = 0.0;
sal_uInt32 nFIndex = 0;
if ( eFType == CELLTYPE_FORMULA && eVType == CELLTYPE_VALUE &&
GetFormatTable()->IsNumberFormat( sValStr, nFIndex, fTargetVal ) )
{
+ ScAddress aFormulaAdr( nFCol, nFRow, nFTab );
+ pFormula = GetFormulaCell( aFormulaAdr );
+ }
+ if (pFormula)
+ {
bool bDoneIteration = false;
ScAddress aValueAdr( nVCol, nVRow, nVTab );
- ScAddress aFormulaAdr( nFCol, nFRow, nFTab );
double* pVCell = GetValueCell( aValueAdr );
ScRange aVRange( aValueAdr, aValueAdr ); // for SetDirty
@@ -104,7 +109,6 @@ bool ScDocument::Solver(SCCOL nFCol, SCROW nFRow, SCTAB
nFTab,
double fBestF, fFPrev;
fBestX = fXPrev = fSaveVal;
- ScFormulaCell* pFormula = GetFormulaCell( aFormulaAdr );
pFormula->Interpret();
bool bError = ( pFormula->GetErrCode() != 0 );
// bError always corresponds with fF
commit 475461a6b5f26fe7f586ff122e2fa71316e316ef
Author: Caolán McNamara <caol...@redhat.com>
Date: Sun Jan 25 21:17:35 2015 +0000
coverity#1266494 Untrusted value as argument
Change-Id: I220e582cd75199b5619c2ad7607392b078ab3956
diff --git a/filter/source/msfilter/svdfppt.cxx
b/filter/source/msfilter/svdfppt.cxx
index ba898c0..ab1731d 100644
--- a/filter/source/msfilter/svdfppt.cxx
+++ b/filter/source/msfilter/svdfppt.cxx
@@ -1201,7 +1201,15 @@ SdrObject* SdrEscherImport::ProcessObj( SvStream& rSt,
DffObjData& rObjData, voi
{
sal_Int16 i, nRowCount = 0;
rSt.ReadInt16( nRowCount ).ReadInt16( i ).ReadInt16( i );
- if ( nRowCount )
+ const size_t nMinRecordSize = 4;
+ const size_t nMaxRecords = rSt.remainingSize() /
nMinRecordSize;
+ if (nRowCount > 0 && static_cast<size_t>(nRowCount) >
nMaxRecords)
+ {
+ SAL_WARN("filter.ms", "Parsing error: " << nMaxRecords
<<
+ " max possible entries, but " << nRowCount <<
" claimed, truncating");
+ nRowCount = nMaxRecords;
+ }
+ if (nRowCount > 0)
{
sal_uInt32* pTableArry = new sal_uInt32[ nRowCount + 2
];
pTableArry[ 0 ] = nTableProperties;
commit f159b9429990bcf133c53b20bb922afba402d06b
Author: Caolán McNamara <caol...@redhat.com>
Date: Sun Jan 25 21:10:40 2015 +0000
coverity#1266492 Untrusted value as argument
Change-Id: Id2a102fae99ecf938ac8f326e358785581d6f986
diff --git a/filter/source/msfilter/svdfppt.cxx
b/filter/source/msfilter/svdfppt.cxx
index 1b09ed4..ba898c0 100644
--- a/filter/source/msfilter/svdfppt.cxx
+++ b/filter/source/msfilter/svdfppt.cxx
@@ -5266,7 +5266,11 @@ void PPTStyleTextPropReader::Init( SvStream& rIn,
SdrPowerPointImport& rMan, con
}
else
{
- aCharPropSet.maString = aString.copy(nCharAnzRead,
nCharCount);
+ sal_uInt32 nStrLen = nCharCount;
+ sal_uInt32 nMaxStrLen = aString.getLength();
+ if (nCharAnzRead + nStrLen > nMaxStrLen)
+ nStrLen = nMaxStrLen - nCharAnzRead;
+ aCharPropSet.maString = aString.copy(nCharAnzRead,
nStrLen);
aCharPropList.push_back( new PPTCharPropSet( aCharPropSet,
nCurrentPara ) );
nCharAnzRead += nCharCount;
bEmptyParaPossible = false;
commit a046795194f0540b5752887b837bb15d43ddcdda
Author: Caolán McNamara <caol...@redhat.com>
Date: Sun Jan 25 21:05:37 2015 +0000
coverity#1266496 Untrusted loop bound
Change-Id: Ibab7f84940f6eec75bc3ee914bac59a07689a80c
diff --git a/filter/source/graphicfilter/itiff/itiff.cxx
b/filter/source/graphicfilter/itiff/itiff.cxx
index cd56f63..edd1aa0 100644
--- a/filter/source/graphicfilter/itiff/itiff.cxx
+++ b/filter/source/graphicfilter/itiff/itiff.cxx
@@ -1266,6 +1266,15 @@ bool TIFFReader::ReadTIFF(SvStream & rTIFF, Graphic &
rGraphic )
pTIFF->ReadUInt16( nNumTags );
nPos = pTIFF->Tell();
+ const size_t nMinRecordSize = 8;
+ const size_t nMaxRecords = pTIFF->remainingSize() /
nMinRecordSize;
+ if (nNumTags > nMaxRecords)
+ {
+ SAL_WARN("filter.tiff", "Parsing error: " << nMaxRecords <<
+ " max possible entries, but " << nNumTags << "
claimed, truncating");
+ nNumTags = nMaxRecords;
+ }
+
// Schleife ueber Tags:
for( i = 0; i < nNumTags; i++ )
{
commit 2987f8d8d6bb005814660a1a10a5eebb74aef312
Author: Caolán McNamara <caol...@redhat.com>
Date: Sun Jan 25 20:59:20 2015 +0000
coverity#1266493 Use of untrusted scalar value
Change-Id: Iba051da07f5ffafcab559fe03a4e93f21a2d4f8a
diff --git a/editeng/source/items/flditem.cxx b/editeng/source/items/flditem.cxx
index 57de987..9155c27 100644
--- a/editeng/source/items/flditem.cxx
+++ b/editeng/source/items/flditem.cxx
@@ -567,7 +567,14 @@ static OUString read_unicode( SvPersistStream & rStm )
rtl_uString *pStr = NULL;
sal_uInt16 nL = 0;
rStm.ReadUInt16( nL );
- if ( nL )
+ const size_t nMaxRecords = rStm.remainingSize() / sizeof(sal_Unicode);
+ if (nL > nMaxRecords)
+ {
+ SAL_WARN("editeng", "Parsing error: " << nMaxRecords <<
+ " max possible entries, but " << nL << " claimed,
truncating");
+ nL = nMaxRecords;
+ }
+ if (nL)
{
pStr = rtl_uString_alloc(nL);
//endian specific?, yipes!
commit 90ec1a60777ad9e78ad5fafd712cc98371782d7f
Author: Caolán McNamara <caol...@redhat.com>
Date: Sun Jan 25 20:55:56 2015 +0000
coverity#1266455 Explicit null dereferenced
Change-Id: If772142b776d2365cbd2b7f0927975c2739c1316
diff --git a/editeng/source/accessibility/AccessibleEditableTextPara.cxx
b/editeng/source/accessibility/AccessibleEditableTextPara.cxx
index f5fabde..7fc1326 100644
--- a/editeng/source/accessibility/AccessibleEditableTextPara.cxx
+++ b/editeng/source/accessibility/AccessibleEditableTextPara.cxx
@@ -1701,6 +1701,8 @@ namespace accessibility
{
break;
}
+ if (!ree.pFieldItem)
+ continue;
if( (Segment.SegmentEnd > reeBegin && Segment.SegmentEnd <=
reeEnd) ||
(Segment.SegmentStart >= reeBegin && Segment.SegmentStart <
reeEnd) )
{
commit 54d8dbdcb4353c2a8ccd3b5955e626fcb330fa61
Author: Caolán McNamara <caol...@redhat.com>
Date: Sun Jan 25 20:54:51 2015 +0000
coverity#1266454 Explicit null dereferenced
Change-Id: Ic8f13e9bd3755c9ccb59d173ac0a36be1d06a2f4
diff --git a/editeng/source/accessibility/AccessibleEditableTextPara.cxx
b/editeng/source/accessibility/AccessibleEditableTextPara.cxx
index 2f2c608..f5fabde 100644
--- a/editeng/source/accessibility/AccessibleEditableTextPara.cxx
+++ b/editeng/source/accessibility/AccessibleEditableTextPara.cxx
@@ -1663,9 +1663,11 @@ namespace accessibility
{
break;
}
- if( nIndex >= reeBegin && nIndex < reeEnd )
+ if (!ree.pFieldItem)
+ continue;
+ if (nIndex >= reeBegin && nIndex < reeEnd)
{
- if(ree.pFieldItem->GetField()->GetClassId() !=
text::textfield::Type::URL)
+ if (ree.pFieldItem->GetField()->GetClassId() !=
text::textfield::Type::URL)
{
nFoundFieldIndex = j;
break;
commit 383a5f2ef16853001353206b9c88edf13bb99ead
Author: Caolán McNamara <caol...@redhat.com>
Date: Sun Jan 25 20:53:34 2015 +0000
coverity#1266453 Explicit null dereferenced
Change-Id: Ia03fdd3d854574ba19b028334e2397ad544fe20a
diff --git a/editeng/source/accessibility/AccessibleEditableTextPara.cxx
b/editeng/source/accessibility/AccessibleEditableTextPara.cxx
index b95a1b3..2f2c608 100644
--- a/editeng/source/accessibility/AccessibleEditableTextPara.cxx
+++ b/editeng/source/accessibility/AccessibleEditableTextPara.cxx
@@ -930,7 +930,7 @@ namespace accessibility
break;
}
}
- if( nFoundFieldIndex >= 0 )
+ if (nFoundFieldIndex >= 0 && ree.pFieldItem)
{
// So we get a field, check its type now.
nFieldType = ree.pFieldItem->GetField()->GetClassId() ;
commit cb8aa4522f3b38f6d0242c3877322582157035c0
Author: Caolán McNamara <caol...@redhat.com>
Date: Sun Jan 25 20:51:45 2015 +0000
coverity#1266481 Pointer to local outside scope
Change-Id: I50884d73ffbbc8af743175e284860e937b196041
diff --git a/cui/source/inc/insdlg.hxx b/cui/source/inc/insdlg.hxx
index 5307a25..5807c24 100644
--- a/cui/source/inc/insdlg.hxx
+++ b/cui/source/inc/insdlg.hxx
@@ -41,7 +41,7 @@ class InsertObjectDialog_Impl : public ModalDialog
{
protected:
com::sun::star::uno::Reference < com::sun::star::embed::XEmbeddedObject >
m_xObj;
- const com::sun::star::uno::Reference < com::sun::star::embed::XStorage >&
m_xStorage;
+ const com::sun::star::uno::Reference < com::sun::star::embed::XStorage >
m_xStorage;
comphelper::EmbeddedObjectContainer aCnt;
InsertObjectDialog_Impl(vcl::Window * pParent, const OUString& rID,
commit ede590128f9ea770f5093449fdb748ab76758883
Author: Caolán McNamara <caol...@redhat.com>
Date: Sun Jan 25 20:49:55 2015 +0000
coverity#1266445 Explicit null dereferenced
Change-Id: I2d62d6972d085fe818ec6767a0660afb010bece8
diff --git a/cppuhelper/source/component_context.cxx
b/cppuhelper/source/component_context.cxx
index ed32764..ef684e9 100644
--- a/cppuhelper/source/component_context.cxx
+++ b/cppuhelper/source/component_context.cxx
@@ -741,12 +741,14 @@ void ComponentContext::disposing()
&envs, &envCount, &rtl_allocateMemory, OUString("java").pData);
assert(envCount >= 0);
assert(envCount == 0 || envs != nullptr);
- for (sal_Int32 i = 0; i != envCount; ++i) {
- assert(envs[i] != nullptr);
- assert(envs[i]->dispose != nullptr);
- (*envs[i]->dispose)(envs[i]);
+ if (envs) {
+ for (sal_Int32 i = 0; i != envCount; ++i) {
+ assert(envs[i] != nullptr);
+ assert(envs[i]->dispose != nullptr);
+ (*envs[i]->dispose)(envs[i]);
+ }
+ rtl_freeMemory(envs);
}
- rtl_freeMemory(envs);
}
ComponentContext::ComponentContext(
commit 818c2021d13a24268e4bc3457141e76c008ef296
Author: Caolán McNamara <caol...@redhat.com>
Date: Sun Jan 25 20:46:39 2015 +0000
coverity#1266457 Identical code for different branches
Change-Id: I809ad43ad4541e4dcd5c245b469d30605f9f0d27
diff --git a/basic/source/comp/buffer.cxx b/basic/source/comp/buffer.cxx
index bb61087..870f299 100644
--- a/basic/source/comp/buffer.cxx
+++ b/basic/source/comp/buffer.cxx
@@ -215,10 +215,7 @@ bool SbiBuffer::operator +=( sal_uInt32 n )
{
sal_uInt16 n1 = static_cast<sal_uInt16>( n & 0xFFFF );
sal_uInt16 n2 = static_cast<sal_uInt16>( n >> 16 );
- if ( operator +=( n1 ) && operator +=( n2 ) )
- {
- return true;
- }
+ operator +=(n1) && operator +=(n2);
return true;
}
else
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
