Suspicious code in kdeutils-3.5.2
Christoph Bartoschek
bartoschek at gmx.de
Sun Apr 16 10:27:53 BST 2006
Not that much found:
------------------------------------------------------------------
Misc problems:
------------------------------------------------------------------
- khexedit/hexvalidator.cc:340
Buffer overflow. Here you write 3 bytes into buf: the char, a blank and
\0. But buf is only 2 bytes long.
- khexedit/hexbuffer.cc:4581
If cell is 3 then the if condition in line 4575 is not true. Then shift
gets the value (uint) -1. Then shift * 3 is an invalid shift amount in
line 4581.
- khexedit/hexbuffer.cc:1938
Always false: 0 && pos[i]
- khexedit/hexeditorwidget.cc:831
This loop is executed at most once.
- klaptopdaemon/portable.cpp:225
If there are 0 batteries then here is a division by 0.
------------------------------------
Problems involving the NULL pointer:
------------------------------------
- klaptopdaemon/power.cpp:637
If powerOff is NULL as indicated by line 634, then line 637 crashes.
- kjots/kjotsentry.cpp:445
If the if condition in line 408 is never true, then entry is NULL here.
-----------------------------------------------------------------
Lines where the operator preference between & and == leads to an error.
There are some lines of code that look like this:
if (variable & 0xF != 0) ...
The compiler reads:
if (variable & (0xF != 0)) ...
and not
if ((variable & 0xF) != 0) ...
The result is that the compiler optimizes such code to:
if (variable & 1) ...
because (0xF != 0) is true and this is equivalent to 1
-----------------------------------------------------------------
- kedit/kedit.cpp:1142
-----------------------------------------------------------------
Cases from switch statements that fall through in some cases but
do not have a fall through comment as in most such cases.
------------------------------------------------------------------
- kedit/kedit.cpp:631
- khexedit/lib/controller/kvalueeditor.cpp
-----------------------------------------------------------------
Lines where boolean expressions are used in non-boolean contexts:
-----------------------------------------------------------------
- kgpg/listkeys.cpp:757
- klaptopdaemon/warning.cpp:508
- klaptopdaemon/warning.cpp:596
- kcharselect/kcharselectdia.cc:245
- khexedit/hexbuffer.cc:1788
- khexedit/hexbuffer.cc:1525
- klaptopdaemon/portable.cpp:440
- klaptopdaemon/portable.cpp:593
- klaptopdaemon/portable.cpp:594
- klaptopdaemon/daemon_state.cpp:247
- klaptopdaemon/daemon_state.cpp:246
- klaptopdaemon/daemon_state.cpp:243
- klaptopdaemon/daemon_state.cpp:242
- klaptopdaemon/daemon_state.cpp:239
- klaptopdaemon/daemon_state.cpp:238
- klaptopdaemon/daemon_state.cpp:204-209
- klaptopdaemon/daemon_state.cpp:200
- klaptopdaemon/daemon_state.cpp:198
- klaptopdaemon/daemon_state.cpp:189-196
- klaptopdaemon/daemon_state.cpp:187
- klaptopdaemon/daemon_state.cpp:185
- klaptopdaemon/daemon_state.cpp:174
- klaptopdaemon/daemon_state.cpp:172
- klaptopdaemon/daemon_state.cpp:170
- klaptopdaemon/daemon_state.cpp:169
- klaptopdaemon/daemon_state.cpp:163-168
- klaptopdaemon/daemon_state.cpp:161
- klaptopdaemon/daemon_state.cpp:159
- klaptopdaemon/daemon_state.cpp:147-148
- klaptopdaemon/daemon_state.cpp:133-134
- klaptopdaemon/daemon_state.cpp:129-130
- klaptopdaemon/daemon_state.cpp:125-126
More information about the kde-core-devel
mailing list