Suspicious code in kdeutils-3.5.2
Michael Pyne
michael.pyne at kdemail.net
Mon Apr 17 00:10:08 BST 2006
On Sunday 16 April 2006 05:27, Christoph Bartoschek wrote:
> Not that much found:
>
> ------------------------------------------------------------------
> Misc problems:
> ------------------------------------------------------------------
>
> - khexedit/hexvalidator.cc:340
>
> Buffer overflow. Here you write 3 bytes into buf: the char, a blank and
> \0. But buf is only 2 bytes long.
Fixed. Well, to be more precise, the whole function was scrapped and
rewritten using advanced C++ concepts like... QString. :)
> - khexedit/hexbuffer.cc:4581
>
> If cell is 3 then the if condition in line 4575 is not true. Then shift
> gets the value (uint) -1. Then shift * 3 is an invalid shift amount in
> line 4581.
Fixed. I assume the code is trying to use that to convert e.g. '033' from
octal (an unsigned char is 3 characters max in octal), but I'm not sure so I
didn't convert to using QString. Others may want to see if that's possible.
> - khexedit/hexbuffer.cc:1938
>
> Always false: 0 && pos[i]
I suspect that it is there on purpose. e.g. a poor man's #if 0
> - khexedit/hexeditorwidget.cc:831
>
> This loop is executed at most once.
Fixed.
Regards,
- Michael Pyne
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: not available
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20060416/f5c8115a/attachment.sig>
More information about the kde-core-devel
mailing list