Suspicious code in kdenetwork-3.5.2

Tue Apr 18 23:05:11 BST 2006

------------------------------------------------------------------
Misc problems:
------------------------------------------------------------------

- kppp/accounts.cpp:229

What about (what & QueryReset::COSTS) ?

- kppp/accounts.cpp:234 

What about (what & QueryReset::VOLUME) ?

- kppp/accounts.cpp:392

A pointer to deleted memory is exposed to the outside world.

- krdc/vnc/vnchostpref.cpp:96

true?

- wifi/kwireless/linuxwirelesswidget.cpp:119

If this condition is not true, some values are not initialized.

- wifi/speed.cpp:64

Why not using a local variable? Otherwise a deleted pointer is exposed
to the outside world.

- ksirc/KSOpenkSirc/open_ksirc.cpp:286

The loop is executed at most once.

- ksirc/KSTicker/ksticker.cpp:260
- ksirc/KSTicker/ksticker.cpp:277

This || disjunktion is always true. Even for values outside of
num2colour bounds.

- kopete/libkopete/avdevice/videodevice.cpp:595

V4L_videowindow.width, V4L_videowindow.height and
V4L_videowindow.clipcount are not initialized here.

- kopete/plugins/history/historydialog.cpp:470

mSearch is NULL here. No effect.

- kopete/protocols/irc/ksparser.cpp:253

If color >= maxcolor, then IRC_Colors[maxcolor] is used and this is out
of bounds.

- kopete/protocols/msn/msnsocket.cpp:301

When buffer is deleted in line 296, is it possible that it is used in line
301?

- kopete/protocols/sms/services/smssendprovider.cpp:234

The if condition is always false. Is this intended?

- kopete/protocols/oscar/liboscar/chatservicetask.cpp:52

The expression is always true because !st->snacService() is either 0 or
1 and never 0x000E.

- ktalkd/ktalkd/readconf.cpp:83

buff should be deleted with delete [] buff. Better use
std::vector<char>.

- kdict/dict.cpp:1267
- kdict/dict.cpp:1579

Write at least an initialized value.

------------------------------------
Problems involving the NULL pointer:
------------------------------------

- kppp/accounting.cpp:370

If proc is NULL, then this line crashes.

- filesharing/advanced/propsdlgplugin/propertiespage.cpp:474

If m_sambaShare is NULL as indicated by line 471, then line 474 crashes.

- kopete/libkopete/kopetemessage.cpp:769

If testCodec is NULL as indicated by line 760, then line 769 crashes.

- kopete/plugins/webpresence/webpresenceplugin.cpp:287

If me is NULL as indicated by line 276, then line 286 crashes.

- kopete/plugins/history/historylogger.cpp:574

Maybe currentContact is NULL here.

- kopete/protocols/msn/outgoingtransfer.cpp:99

If m_file is NULL as indicated by line 88, then line 99 crashes.

- kopete/protocols/gadu/gadudcctransaction.cpp:123

If line 119 is true, then line 123 crashes.

- kopete/protocols/oscar/aim/aimuserinfo.cpp:86

If the if condition in line 85 is true, then line 86 crashes.

- lanbrowsing/lisa/netmanager.cpp:183

If user is NULL as indicated by line 174 and the if condition in line
181 is true, then line 183 crashes.

- ktalkd/ktalkd/machines/talkconn.cpp:114

If sp is NULL as indicated by line 112, then line 114 crashes.

- kopete/protocols/oscar/liboscar/rateinfotask.cpp:138

Is it possible that line 127 is never executed, but line 138 is reached?

- kopete/libkopete/knotification.cpp:468

If mc is NULL as indicated by line 463, then line 468 crashes.

-----------------------------------------------------------------
Lines where the operator preference between & and == leads to an error.
There are some lines of code that look like this:
if (variable & 0xF != 0)  ...
The compiler reads:
if (variable & (0xF != 0))  ...
and not
if ((variable & 0xF) != 0)  ...
The result is that the compiler optimizes such code to:
if (variable & 1) ...
because (0xF != 0) is true and this is equivalent to 1
-----------------------------------------------------------------

- knewsticker/newsscroller.cpp:310
- kppp/opener.cpp:198
- kppp/opener.cpp:199

-----------------------------------------------------------------
Cases from switch statements that fall through in some cases but 
do not have a fall through comment as in most such cases.
------------------------------------------------------------------

- ksirc/KSPrefs/ksprefs.cpp:197
- kopete/libkopete/kopeteonlinestatus.cpp:122
- kopete/protocols/testbed/testbedcontact.cpp:58
- ktalkd/ktalkd/process.cpp:127
- kopete/kopete/chatwindow/chatview.cpp:697
- kopete/kopete/contactlist/kopetecontactlistview.cpp:2073
- ksirc/chanparser.cpp
- ksirc/ahistlineedit.cpp:205
- ksirc/ahistlineedit.cpp:217 
- kopete/plugins/texteffect/texteffectplugin.cpp:157
- kopete/plugins/texteffect/texteffectplugin.cpp:150
- kopete/plugins/texteffect/texteffectplugin.cpp:143
- kopete/plugins/texteffect/texteffectplugin.cpp:136
- kopete/plugins/texteffect/texteffectplugin.cpp:129
- kopete/plugins/texteffect/texteffectplugin.cpp:122
- kopete/plugins/texteffect/texteffectplugin.cpp:115
- kopete/plugins/texteffect/texteffectplugin.cpp:108

-----------------------------------------------------------------
Lines where boolean expressions are used in non-boolean contexts:

I suspect that at least the lines marked with !!! are bugs
-----------------------------------------------------------------

- kget/main.cpp:177 (not && ?)
- krdc/krdc.cpp:293 (startsWith return bool)
- ktalkd/ktalkd/threads.cpp:89
- kopete/libkopete/kopetechatsession.cpp:412 (b is a bool)
- ksirc/chanparser.cpp:86
- kopete/libkopete/avdevice/videodevice.cpp:1174
- kopete/libkopete/avdevice/videodevice.cpp:1175
- kopete/protocols/groupwise/gwmessagemanager.cpp:128
- kopete/protocols/groupwise/gwmessagemanager.cpp:136
- kopete/protocols/gadu/gaduaccount.cpp:1135
- kopete/kopete/addcontactwizard/addcontactwizard.cpp:220
- kopete/libkopete/private/kopeteviewmanager.cpp:176
- kopete/libkopete/private/kopeteviewmanager.cpp:178
- kopete/libkopete/private/kopeteviewmanager.cpp:183
- kopete/libkopete/private/kopeteviewmanager.cpp:187
- kopete/libkopete/kautoconfig.cpp:443
- kopete/libkopete/kautoconfig.cpp:234
- kopete/libkopete/kautoconfig.cpp:193
- kopete/libkopete/kopeteaccountmanager.cpp:93
- ksirc/kstextview.cpp:269
- kget/transferlist.cpp:192