New Defects reported by Coverity Scan for LibreOffice

Thu, 04 Dec 2025 22:53:53 -0800 

Hi,

Please find the latest report on new defect(s) introduced to LibreOffice found 
with Coverity Scan.

6 new defect(s) introduced to LibreOffice found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 6 of 6 defect(s)


** CID 1675333:       API usage errors  (SWAPPED_ARGUMENTS)


_____________________________________________________________________________________________
*** CID 1675333:         API usage errors  (SWAPPED_ARGUMENTS)
/sc/source/ui/docshell/docsh4.cxx: 635             in 
ScDocShell::Execute(SfxRequest &)()
629                     }
630                     //  apply the change: flip orientation and swap paper 
size
631                     SvxPageItem aNewPageItem(ATTR_PAGE);
632                     aNewPageItem.SetLandscape(bDesiredLandscape);
633     
634                     Size aOld = rOldSizeItem.GetSize();
>>>     CID 1675333:         API usage errors  (SWAPPED_ARGUMENTS)
>>>     The positions of arguments in the constructor for "Size" do not match 
>>> the ordering of the parameters:
* "aOld.Height()" is passed to "nWidth".
* "aOld.Width()" is passed to "nHeight".
635                     Size aNew(aOld.Height(), aOld.Width()); // swap W/H
636                     SvxSizeItem aNewSizeItem(ATTR_PAGE_SIZE, aNew);
637     
638                     rSet.Put(aNewPageItem);
639                     rSet.Put(aNewSizeItem);
640     

** CID 1675332:       Null pointer dereferences  (NULL_RETURNS)


_____________________________________________________________________________________________
*** CID 1675332:         Null pointer dereferences  (NULL_RETURNS)
/sw/source/core/doc/tblrwcl.cxx: 1038             in SwTable::OldSplitRow(SwDoc 
&, const SwSelBoxes &, unsigned short, bool)()
1032             pRowHeights.reset(new tools::Long[ rBoxes.size() ]);
1033             for (size_t n = 0; n < rBoxes.size(); ++n)
1034             {
1035                 SwTableBox* pSelBox = rBoxes[n];
1036                 const SwRowFrame* pRow = GetRowFrame( *pSelBox->GetUpper() 
);
1037                 OSL_ENSURE( pRow, "Where is the SwTableLine's Frame?" );
>>>     CID 1675332:         Null pointer dereferences  (NULL_RETURNS)
>>>     Dereferencing a pointer that might be "nullptr" "pRow" when calling 
>>> "SwRectFnSet".
1038                 SwRectFnSet aRectFnSet(pRow);
1039                 pRowHeights[ n ] = 
aRectFnSet.GetHeight(pRow->getFrameArea());
1040             }
1041         }
1042     
1043         // Find Lines for the Layout update

** CID 1675331:       Memory - illegal accesses  (USE_AFTER_FREE)


_____________________________________________________________________________________________
*** CID 1675331:         Memory - illegal accesses  (USE_AFTER_FREE)
/sw/source/core/layout/ftnfrm.cxx: 1680             in 
SwFootnoteBossFrame::AppendFootnote(SwContentFrame *, SwTextFootnote *)()
1674                     pEndnoteSection->InsertBehind(pParent, pBefore);
1675                     pEndnoteSection->Init();
1676                     pEndnoteSection->SetEndNoteSection(true);
1677                 }
1678     
1679                 SwFrame* pColumnFrame = pEndnoteSection->GetLower();
>>>     CID 1675331:         Memory - illegal accesses  (USE_AFTER_FREE)
>>>     Calling "IsColumnFrame" dereferences freed pointer "pColumnFrame".
1680                 if (pColumnFrame->IsColumnFrame())
1681                 {
1682                     pBoss = static_cast<SwColumnFrame*>(pColumnFrame);
1683                 }
1684             }
1685             else

** CID 1675330:       Memory - illegal accesses  (USE_AFTER_FREE)


_____________________________________________________________________________________________
*** CID 1675330:         Memory - illegal accesses  (USE_AFTER_FREE)
/sw/source/core/layout/sectfrm.cxx: 2871             in 
SwSectionFrame::SwClientNotify(const SwModify &, const SfxHint &)()
2865                                 
SwFlowFrame::CastFlowFrame(pFollow->GetNext())->MoveSubTree(pLay, nullptr);
2866                             }
2867                             pFollow = new SwSectionFrame(*pFollow, false);
2868                             SimpleFormat();
2869                             pFollow->InsertBehind(pLay, nullptr);
2870                             pFollow->Init();
>>>     CID 1675330:         Memory - illegal accesses  (USE_AFTER_FREE)
>>>     Calling "Lower" dereferences freed pointer "static_cast<SwLayoutFrame 
>>> *>(pFollow->Lower())".
2871                             SwLayoutFrame *const pTarget{pColumn
2872                                 ? 
static_cast<SwLayoutFrame*>(static_cast<SwLayoutFrame*>(pFollow->Lower())->Lower())
2873                                 : pFollow};
2874                             
SwFlowFrame::CastFlowFrame(pLowerFrame)->MoveSubTree(pTarget, nullptr);
2875                         }
2876                     }

** CID 1675329:       Integer handling issues  (INTEGER_OVERFLOW)
/svx/source/sidebar/area/AreaPropertyPanelBase.cxx: 300           in 
svx::sidebar::AreaPropertyPanelBase::SelectFillAttrHdl_Impl()()


_____________________________________________________________________________________________
*** CID 1675329:         Integer handling issues  (INTEGER_OVERFLOW)
/svx/source/sidebar/area/AreaPropertyPanelBase.cxx: 300             in 
svx::sidebar::AreaPropertyPanelBase::SelectFillAttrHdl_Impl()()
294             case eFillStyle::GRADIENT:
295             {
296     
297                 if (pSh && pSh->GetItem(SID_COLOR_TABLE))
298                 {
299                     basegfx::BGradient aGradient(createColorStops());
>>>     CID 1675329:         Integer handling issues  (INTEGER_OVERFLOW)
>>>     Expression "this->mxMTRAngle->get_value(FieldUnit::DEGREE) * 10L", 
>>> where "this->mxMTRAngle->get_value(FieldUnit::DEGREE)" is known to be equal 
>>> to -9223372036854775808, overflows the type of 
>>> "this->mxMTRAngle->get_value(FieldUnit::DEGREE) * 10L", which is type 
>>> "long".
300                     
aGradient.SetAngle(Degree10(mxMTRAngle->get_value(FieldUnit::DEGREE) * 10));
301                     
aGradient.SetGradientStyle(static_cast<css::awt::GradientStyle>(mxGradientStyle->get_active()));
302     
303                     const XFillGradientItem 
aXFillGradientItem(mxLbFillAttr->get_active_text(), aGradient);
304     
305                         // #i122676# Change FillStyle and Gradient in one 
call

** CID 1675328:       Performance inefficiencies  (COPY_INSTEAD_OF_MOVE)


_____________________________________________________________________________________________
*** CID 1675328:         Performance inefficiencies  (COPY_INSTEAD_OF_MOVE)
/vcl/source/graphic/GraphicObject2.cxx: 454             in 
GraphicObject::ImplTransformBitmap(Bitmap &, const GraphicAttr &, const Size &, 
const Size &, const tools::Rectangle &, const Size &, bool) const()
448                     rBmp = aBmp2;
449                 }
450     
451                 aBmp2.Scale(Size(nPadTotalWidth, nPadTotalHeight));
452                 aBmp2.Erase( Color(ColorAlpha,0,0,0,0) );
453                 aBmp2.CopyPixel( tools::Rectangle( Point(nPadLeft, 
nPadTop), aBmpSize ), tools::Rectangle( Point(0, 0), aBmpSize ), rBmp );
>>>     CID 1675328:         Performance inefficiencies  (COPY_INSTEAD_OF_MOVE)
>>>     "aBmp2" is copied in call to copy assignment for class "Bitmap", when 
>>> it could be moved instead.
454                 rBmp = aBmp2;
455             }
456         }
457     
458         const Size  aSizePixel( rBmp.GetSizePixel() );
459     


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, 
https://scan.coverity.com/projects/libreoffice?tab=overview

Reply via email to