Suspicious code in kdeutils-3.5.2

Christoph Bartoschek bartoschek at gmx.de
Sun Apr 16 10:27:53 BST 2006


Not that much found:

------------------------------------------------------------------
Misc problems:
------------------------------------------------------------------

- khexedit/hexvalidator.cc:340

Buffer overflow. Here you write 3 bytes into buf: the char, a blank and
\0. But buf is only 2 bytes long.

- khexedit/hexbuffer.cc:4581

If cell is 3 then the if condition in line 4575 is not true. Then shift
gets the value (uint) -1. Then shift * 3 is an invalid shift amount in
line 4581.

- khexedit/hexbuffer.cc:1938

Always false: 0 && pos[i]

- khexedit/hexeditorwidget.cc:831

This loop is executed at most once.

- klaptopdaemon/portable.cpp:225

If there are 0 batteries then here is a division by 0.

------------------------------------
Problems involving the NULL pointer:
------------------------------------

- klaptopdaemon/power.cpp:637

If powerOff is NULL as indicated by line 634, then line 637 crashes.

- kjots/kjotsentry.cpp:445

If the if condition in line 408 is never true, then entry is NULL here.

-----------------------------------------------------------------
Lines where the operator preference between & and == leads to an error.
There are some lines of code that look like this:
if (variable & 0xF != 0)  ...
The compiler reads:
if (variable & (0xF != 0))  ...
and not
if ((variable & 0xF) != 0)  ...
The result is that the compiler optimizes such code to:
if (variable & 1) ...
because (0xF != 0) is true and this is equivalent to 1
-----------------------------------------------------------------

- kedit/kedit.cpp:1142


-----------------------------------------------------------------
Cases from switch statements that fall through in some cases but 
do not have a fall through comment as in most such cases.
------------------------------------------------------------------

- kedit/kedit.cpp:631
- khexedit/lib/controller/kvalueeditor.cpp

-----------------------------------------------------------------
Lines where boolean expressions are used in non-boolean contexts:
-----------------------------------------------------------------

- kgpg/listkeys.cpp:757
- klaptopdaemon/warning.cpp:508
- klaptopdaemon/warning.cpp:596
- kcharselect/kcharselectdia.cc:245
- khexedit/hexbuffer.cc:1788
- khexedit/hexbuffer.cc:1525
- klaptopdaemon/portable.cpp:440
- klaptopdaemon/portable.cpp:593
- klaptopdaemon/portable.cpp:594
- klaptopdaemon/daemon_state.cpp:247
- klaptopdaemon/daemon_state.cpp:246
- klaptopdaemon/daemon_state.cpp:243
- klaptopdaemon/daemon_state.cpp:242
- klaptopdaemon/daemon_state.cpp:239
- klaptopdaemon/daemon_state.cpp:238
- klaptopdaemon/daemon_state.cpp:204-209
- klaptopdaemon/daemon_state.cpp:200
- klaptopdaemon/daemon_state.cpp:198
- klaptopdaemon/daemon_state.cpp:189-196
- klaptopdaemon/daemon_state.cpp:187
- klaptopdaemon/daemon_state.cpp:185
- klaptopdaemon/daemon_state.cpp:174
- klaptopdaemon/daemon_state.cpp:172
- klaptopdaemon/daemon_state.cpp:170
- klaptopdaemon/daemon_state.cpp:169
- klaptopdaemon/daemon_state.cpp:163-168
- klaptopdaemon/daemon_state.cpp:161
- klaptopdaemon/daemon_state.cpp:159
- klaptopdaemon/daemon_state.cpp:147-148
- klaptopdaemon/daemon_state.cpp:133-134
- klaptopdaemon/daemon_state.cpp:129-130
- klaptopdaemon/daemon_state.cpp:125-126




More information about the kde-core-devel mailing list