Suspicous code in kdelibs-3.5.2

Aaron J. Seigo aseigo at kde.org
Wed Apr 5 18:08:14 BST 2006 

On Wednesday 05 April 2006 08:26, Christoph Bartoschek wrote:
> ------------------------------------------------------------------
> Misc problems:
> ------------------------------------------------------------------
> - libkscreensaver/kscreensaver.cpp:224
>
> block is allocated with operator new[] and not deleted with  "delete []
> block"

fixed

> - kdeui/kcolordialog.cpp:429
> - kdeui/kcolordialog.cpp:533
>
> The expression LeftButton is always true. I guess the correct line is:
> if( !(e->state() & LeftButton)) return;

fixed (already fixed in trunk/ apparently)

> - kimgio/tga.cpp:196
>
> When the file is broken and size becomes 0 here, you get a lot of problems
> in the following lines.

fixed

> - kspell2/plugins/ispell/lookup.cpp:310
>
> 1 != 1 is always false

this appears to be intentional.

> - kdeui/knuminput.cpp:653
>   kdeui/knuminput.cpp:821 (similar)
>
> Line 652 returns when referencePoint != 0. In line 653 there is a
> division by 0.

looks fine

> - kdeui/kdockwidget.cpp:3111
>
> The loop does not iterate. Breaks for the first obj.

looks intentional (at least i hope it is)... one more hack in kdockwidget; not 
surprising =)

> - kdeui/kdialogbase.cpp:671
>
> If style == ActionStyleMax, then you get accesses beyond array bounds in
> lines 687, 700, 714. Change the second comparison to:
> style >= ActionStyleMAX

fixed

> - kdeui/kcolordialog.cpp:294
> - kdeui/kcolordialog.cpp:234 (similar with xSize)
>
> If xSize becomes 1 or ySize becomes 1 here you have a division by 0 in
> lines 308 and 320

fixed

> - kdefx/kpixmap.cpp:62
>
> i+n easily reaches the array bound 16. For example if n == 15 and i ==
> 14, then bm[29][0] is accessed. This is way behind the array bound.

false positive. it's a 16x16 array and the code is taking advantage of the 
fact that it's contiguous memory... so bm[29] is actually the 15th element in 
the second "row"... fun.

> - kdecore/kiconloader.cpp:1276
>
> The condition is always true because QIconSet::Mode has only 3 values.

i think this is safe as a future-proofing, if a bit paranoid, check =)

> - kio/kio/kservicetypefactory.cpp:283
>
> I guess this error is fatal. Otherwise line 286 crashes.

fixed

-- 
Aaron J. Seigo
GPG Fingerprint: 8B8B 2209 0C6F 7C47 B1EA  EE75 D6B7 2EB1 A7F1 DB43

Full time KDE developer sponsored by Trolltech (http://www.trolltech.com)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20060405/1636f757/attachment.sig>

More information about the kde-core-devel mailing list