New Defects reported by Coverity Scan for LibreOffice

scan-admin Thu, 21 Aug 2025 10:04:50 -0700

Hi,

Please find the latest report on new defect(s) introduced to LibreOffice found 
with Coverity Scan.


4 new defect(s) introduced to LibreOffice found with Coverity Scan.
13 defect(s), reported by Coverity Scan earlier, were marked fixed in the 
recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 4 of 4 defect(s)


** CID 1665118:       Insecure data handling  (INTEGER_OVERFLOW)
/include/o3tl/unit_conversion.hxx: 105           in 
o3tl::detail::MulDivSaturate<int>(T1, long, long)()


_____________________________________________________________________________________________
*** CID 1665118:         Insecure data handling  (INTEGER_OVERFLOW)
/include/o3tl/unit_conversion.hxx: 105             in 
o3tl::detail::MulDivSaturate<int>(T1, long, long)()
99         if (sal_Int64 d_2 = d / 2; !isBetween(n, (SAL_MIN_INT64 + d_2) / m, 
(SAL_MAX_INT64 - d_2) / m))
100         {
101             if (n >= 0)
102             {
103                 if (m > d && std::make_unsigned_t<I>(n) > 
sal_uInt64(SAL_MAX_INT64 / m * d - d_2))
104                     return SAL_MAX_INT64; // saturate
>>>     CID 1665118:         Insecure data handling  (INTEGER_OVERFLOW)
>>>     "o3tl::saturating_add(n, d_2) / d * m", which might have overflowed, is 
>>> returned from the function.
105                 return saturating_add<sal_uInt64>(n, d_2) / d * m; // 
divide before multiplication
106             }
107             else if constexpr (std::is_signed_v<I>) // n < 0; don't compile 
for unsigned n
108             {
109                 if (m > d && n < SAL_MIN_INT64 / m * d + d_2)
110                     return SAL_MIN_INT64; // saturate

** CID 1665116:       Insecure data handling  (INTEGER_OVERFLOW)
/include/o3tl/unit_conversion.hxx: 105           in 
o3tl::detail::MulDivSaturate<long>(T1, long, long)()


_____________________________________________________________________________________________
*** CID 1665116:         Insecure data handling  (INTEGER_OVERFLOW)
/include/o3tl/unit_conversion.hxx: 105             in 
o3tl::detail::MulDivSaturate<long>(T1, long, long)()
99         if (sal_Int64 d_2 = d / 2; !isBetween(n, (SAL_MIN_INT64 + d_2) / m, 
(SAL_MAX_INT64 - d_2) / m))
100         {
101             if (n >= 0)
102             {
103                 if (m > d && std::make_unsigned_t<I>(n) > 
sal_uInt64(SAL_MAX_INT64 / m * d - d_2))
104                     return SAL_MAX_INT64; // saturate
>>>     CID 1665116:         Insecure data handling  (INTEGER_OVERFLOW)
>>>     "o3tl::saturating_add(n, d_2) / d * m", which might have overflowed, is 
>>> returned from the function.
105                 return saturating_add<sal_uInt64>(n, d_2) / d * m; // 
divide before multiplication
106             }
107             else if constexpr (std::is_signed_v<I>) // n < 0; don't compile 
for unsigned n
108             {
109                 if (m > d && n < SAL_MIN_INT64 / m * d + d_2)
110                     return SAL_MIN_INT64; // saturate

** CID 1665115:       Performance inefficiencies  (COPY_INSTEAD_OF_MOVE)


_____________________________________________________________________________________________
*** CID 1665115:         Performance inefficiencies  (COPY_INSTEAD_OF_MOVE)
/drawinglayer/source/processor2d/cairopixelprocessor2d.cxx: 2121             in 
drawinglayer::processor2d::CairoPixelProcessor2D::processMarkerArrayPrimitive2D(const
 drawinglayer::primitive2d::MarkerArrayPrimitive2D &)()
2115                 Bitmap aBitmap2(rMarker.GetSizePixel(), 
vcl::PixelFormat::N24_BPP);
2116                 aBitmap2.Erase(Color(aReplacementColor));
2117     
2118                 if (rMarker.HasAlpha())
2119                     aBitmap = Bitmap(BitmapEx(aBitmap2, 
rMarker.CreateAlphaMask()));
2120                 else
>>>     CID 1665115:         Performance inefficiencies  (COPY_INSTEAD_OF_MOVE)
>>>     "aBitmap2" is copied in call to copy assignment for class "Bitmap", 
>>> when it could be moved instead.
2121                     aBitmap = aBitmap2;
2122             }
2123     
2124             maBColorModifierStack.pop();
2125         }
2126     

** CID 1665114:       Performance inefficiencies  (COPY_INSTEAD_OF_MOVE)
/sd/inc/sdpage.hxx: 381           in 
SdPage::setLinkAnnotations(std::vector<std::pair<basegfx::B2DRange, 
rtl::OUString>, std::allocator<std::pair<basegfx::B2DRange, rtl::OUString>>>)()


_____________________________________________________________________________________________
*** CID 1665114:         Performance inefficiencies  (COPY_INSTEAD_OF_MOVE)
/sd/inc/sdpage.hxx: 381             in 
SdPage::setLinkAnnotations(std::vector<std::pair<basegfx::B2DRange, 
rtl::OUString>, std::allocator<std::pair<basegfx::B2DRange, rtl::OUString>>>)()
375     
376         SD_DLLPUBLIC void 
removeAnnotation(rtl::Reference<sdr::annotation::Annotation> const& 
xAnnotation) override;
377         void 
removeAnnotationNoNotify(rtl::Reference<sdr::annotation::Annotation> const& 
xAnnotation) override;
378     
379         void 
setLinkAnnotations(std::vector<std::pair<basegfx::B2DRectangle, OUString>> 
aLinks)
380         {
>>>     CID 1665114:         Performance inefficiencies  (COPY_INSTEAD_OF_MOVE)
>>>     "aLinks" is copied in call to copy assignment for class 
>>> "std::vector<std::pair<basegfx::B2DRange, rtl::OUString>, 
>>> std::allocator<std::pair<basegfx::B2DRange, rtl::OUString> > >", when it 
>>> could be moved instead.
381             maLinkAnnotations = aLinks;
382         }
383         const std::vector<std::pair<basegfx::B2DRectangle, OUString>>& 
getLinkAnnotations() const
384         {
385             return maLinkAnnotations;
386         }


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, 
https://scan.coverity.com/projects/libreoffice?tab=overview

New Defects reported by Coverity Scan for LibreOffice

Reply via email to