Suspicious code in kdeutils-3.5.2
Ryan
p0z3r at earthlink.net
Mon Apr 17 04:48:30 BST 2006
Nice to see that there's no mention of SuperKaramba problems!
cheers,
Ryan
On Sunday 16 April 2006 05:27, Christoph Bartoschek wrote:
> Not that much found:
>
> ------------------------------------------------------------------
> Misc problems:
> ------------------------------------------------------------------
>
> - khexedit/hexvalidator.cc:340
>
> Buffer overflow. Here you write 3 bytes into buf: the char, a blank and
> \0. But buf is only 2 bytes long.
>
> - khexedit/hexbuffer.cc:4581
>
> If cell is 3 then the if condition in line 4575 is not true. Then shift
> gets the value (uint) -1. Then shift * 3 is an invalid shift amount in
> line 4581.
>
> - khexedit/hexbuffer.cc:1938
>
> Always false: 0 && pos[i]
>
> - khexedit/hexeditorwidget.cc:831
>
> This loop is executed at most once.
>
> - klaptopdaemon/portable.cpp:225
>
> If there are 0 batteries then here is a division by 0.
>
> ------------------------------------
> Problems involving the NULL pointer:
> ------------------------------------
>
> - klaptopdaemon/power.cpp:637
>
> If powerOff is NULL as indicated by line 634, then line 637 crashes.
>
> - kjots/kjotsentry.cpp:445
>
> If the if condition in line 408 is never true, then entry is NULL here.
>
> -----------------------------------------------------------------
> Lines where the operator preference between & and == leads to an error.
> There are some lines of code that look like this:
> if (variable & 0xF != 0) ...
> The compiler reads:
> if (variable & (0xF != 0)) ...
> and not
> if ((variable & 0xF) != 0) ...
> The result is that the compiler optimizes such code to:
> if (variable & 1) ...
> because (0xF != 0) is true and this is equivalent to 1
> -----------------------------------------------------------------
>
> - kedit/kedit.cpp:1142
>
>
> -----------------------------------------------------------------
> Cases from switch statements that fall through in some cases but
> do not have a fall through comment as in most such cases.
> ------------------------------------------------------------------
>
> - kedit/kedit.cpp:631
> - khexedit/lib/controller/kvalueeditor.cpp
>
> -----------------------------------------------------------------
> Lines where boolean expressions are used in non-boolean contexts:
> -----------------------------------------------------------------
>
> - kgpg/listkeys.cpp:757
> - klaptopdaemon/warning.cpp:508
> - klaptopdaemon/warning.cpp:596
> - kcharselect/kcharselectdia.cc:245
> - khexedit/hexbuffer.cc:1788
> - khexedit/hexbuffer.cc:1525
> - klaptopdaemon/portable.cpp:440
> - klaptopdaemon/portable.cpp:593
> - klaptopdaemon/portable.cpp:594
> - klaptopdaemon/daemon_state.cpp:247
> - klaptopdaemon/daemon_state.cpp:246
> - klaptopdaemon/daemon_state.cpp:243
> - klaptopdaemon/daemon_state.cpp:242
> - klaptopdaemon/daemon_state.cpp:239
> - klaptopdaemon/daemon_state.cpp:238
> - klaptopdaemon/daemon_state.cpp:204-209
> - klaptopdaemon/daemon_state.cpp:200
> - klaptopdaemon/daemon_state.cpp:198
> - klaptopdaemon/daemon_state.cpp:189-196
> - klaptopdaemon/daemon_state.cpp:187
> - klaptopdaemon/daemon_state.cpp:185
> - klaptopdaemon/daemon_state.cpp:174
> - klaptopdaemon/daemon_state.cpp:172
> - klaptopdaemon/daemon_state.cpp:170
> - klaptopdaemon/daemon_state.cpp:169
> - klaptopdaemon/daemon_state.cpp:163-168
> - klaptopdaemon/daemon_state.cpp:161
> - klaptopdaemon/daemon_state.cpp:159
> - klaptopdaemon/daemon_state.cpp:147-148
> - klaptopdaemon/daemon_state.cpp:133-134
> - klaptopdaemon/daemon_state.cpp:129-130
> - klaptopdaemon/daemon_state.cpp:125-126
--
Ryan Nickell
Software Engineer by day, SuperKaramba developer by night.
More information about the kde-core-devel
mailing list