New Defects reported by Coverity Scan for LibreOffice

scan-admin Fri, 31 Oct 2025 11:03:53 -0700

Hi,

Please find the latest report on new defect(s) introduced to LibreOffice found 
with Coverity Scan.


4 new defect(s) introduced to LibreOffice found with Coverity Scan.
2 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent 
build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 4 of 4 defect(s)


** CID 1668263:       Null pointer dereferences  (REVERSE_INULL)
/sc/source/ui/navipi/content.cxx: 1543           in 
ScContentTree::BringCommentToAttention(unsigned short)()


_____________________________________________________________________________________________
*** CID 1668263:         Null pointer dereferences  (REVERSE_INULL)
/sc/source/ui/navipi/content.cxx: 1543             in 
ScContentTree::BringCommentToAttention(unsigned short)()
1537         do
1538         {
1539             ScContentId nType;
1540             sal_uLong nChild;
1541             GetEntryIndexes(nType, nChild, xIter.get());
1542     
>>>     CID 1668263:         Null pointer dereferences  (REVERSE_INULL)
>>>     Null-checking "xIter" suggests that it may be null, but it has already 
>>> been dereferenced on all paths leading to the check.
1543             if (!xIter)
1544                 return;
1545     
1546             if (nType == ScContentId::NOTE)
1547             {
1548                 m_xTreeView->set_cursor(*xIter);

** CID 1668262:       Error handling issues  (CHECKED_RETURN)
/sc/source/ui/navipi/content.cxx: 1571           in 
ScContentTree::BringCommentToAttention(unsigned short)()


_____________________________________________________________________________________________
*** CID 1668262:         Error handling issues  (CHECKED_RETURN)
/sc/source/ui/navipi/content.cxx: 1571             in 
ScContentTree::BringCommentToAttention(unsigned short)()
1565                     const ScPostIt* pPostIt = aEntries[i].mpNote;
1566                     if (pPostIt && pPostIt->GetId() == nCommentId)
1567                     {
1568                         m_xTreeView->select(*xIter);
1569                         break;
1570                     }
>>>     CID 1668262:         Error handling issues  (CHECKED_RETURN)
>>>     Calling "iter_next" without checking return value (as is done elsewhere 
>>> 90 out of 91 times).
1571                     m_xTreeView->iter_next(*xIter);
1572                 }
1573                 break;
1574             }
1575             else
1576                 m_xTreeView->collapse_row(*xIter);

** CID 1668261:       Error handling issues  (CHECKED_RETURN)
/sc/source/ui/navipi/content.cxx: 1552           in 
ScContentTree::BringCommentToAttention(unsigned short)()


_____________________________________________________________________________________________
*** CID 1668261:         Error handling issues  (CHECKED_RETURN)
/sc/source/ui/navipi/content.cxx: 1552             in 
ScContentTree::BringCommentToAttention(unsigned short)()
1546             if (nType == ScContentId::NOTE)
1547             {
1548                 m_xTreeView->set_cursor(*xIter);
1549                 m_xTreeView->select(*xIter);
1550                 m_xTreeView->expand_row(*xIter);
1551                 sal_uInt32 nCount = m_xTreeView->iter_n_children(*xIter);
>>>     CID 1668261:         Error handling issues  (CHECKED_RETURN)
>>>     Calling "iter_children" without checking return value (as is done 
>>> elsewhere 62 out of 64 times).
1552                 m_xTreeView->iter_children(*xIter);
1553     
1554                 std::vector<sc::NoteEntry> aEntries;
1555                 ScDocument* pDoc= GetSourceDocument();
1556                 pDoc->GetAllNoteEntries(aEntries);
1557     

** CID 1668260:       Insecure data handling  (INTEGER_OVERFLOW)


_____________________________________________________________________________________________
*** CID 1668260:         Insecure data handling  (INTEGER_OVERFLOW)
/desktop/source/deployment/gui/dp_gui_extlistbox.cxx: 435             in 
dp_gui::ExtensionBox::DrawRow(OutputDevice &, const tools::Rectangle &, const 
std::shared_ptr<dp_gui::Entry_Impl> &, bool)()
429     
430         rRenderContext.SetFont(aBoldFont);
431         tools::Long aTitleWidth = 
rRenderContext.GetTextWidth(rEntry->m_sTitle) + (aTextHeight / 3);
432         if (aTitleWidth > nMaxTitleWidth - aVersionWidth)
433         {
434             aTitleWidth = nMaxTitleWidth - aVersionWidth - (aTextHeight / 
3);
>>>     CID 1668260:         Insecure data handling  (INTEGER_OVERFLOW)
>>>     "aTitleWidth", which might have underflowed, is passed to 
>>> "rRenderContext->GetEllipsisString(rEntry->m_sTitle, aTitleWidth, 
>>> DrawTextFlags::EndEllipsis)".
435             OUString aShortTitle = 
rRenderContext.GetEllipsisString(rEntry->m_sTitle, aTitleWidth);
436             rRenderContext.DrawText(aPos, aShortTitle);
437             aTitleWidth += (aTextHeight / 3);
438         }
439         else
440             rRenderContext.DrawText(aPos, rEntry->m_sTitle);


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, 
https://scan.coverity.com/projects/libreoffice?tab=overview

New Defects reported by Coverity Scan for LibreOffice

Reply via email to