Suspicious code in kdeedu-3.5.2
Christoph Bartoschek
bartoschek at gmx.de
Sat Apr 22 11:59:48 BST 2006
So, the last report for kde 3.5.2:
------------------------------------------------------------------
Misc problems:
------------------------------------------------------------------
- kturtle/src/value.cpp:309
- kturtle/src/value.cpp:299
- kturtle/src/value.cpp:289
- kturtle/src/value.cpp:279
m_bool >= n.Bool() ???
- kturtle/src/canvas.cpp:508
Could it be that i is 4 here because of lines 489, 495, 501, 507?
- kturtle/src/kturtle.cpp:399
- kturtle/src/kturtle.cpp:356
The loop is executed at most once.
- kverbos/kverbos/kverbosdoc.cpp:698
of is allocated in line 690 and used uninitialized here.
- keduca/libkeduca/fileread.cpp:337
- keduca/libkeduca/fileread.cpp:379
- keduca/libkeduca/fileread.cpp:349
- keduca/libkeduca/fileread.cpp:391
- keduca/libkeduca/fileread.cpp:298
- keduca/libkeduca/fileread.cpp:307
- keduca/libkeduca/fileread.cpp:322
- keduca/libkeduca/fileread.cpp:321
- keduca/libkeduca/fileread.cpp:284
- keduca/libkeduca/fileread.cpp:283
- keduca/libkeduca/fileread.cpp:364
- keduca/libkeduca/fileread.cpp:363
- keduca/libkeduca/fileread.cpp:357
- keduca/libkeduca/fileread.cpp:356
- keduca/libkeduca/fileread.cpp:277
- keduca/libkeduca/fileread.cpp:276
- keduca/libkeduca/fileread.cpp:315
- keduca/libkeduca/fileread.cpp:314
if (_fileBOF = true) is always true. But even if you mean
if (_fileBOF == true) _fileBOF = false this still means:
_fileBOF = false;
- kmplot/kmplot/parser.cpp:265
- kmplot/kmplot/parser.cpp:269
- kmplot/kmplot/parser.cpp:273
- kmplot/kmplot/parser.cpp:277
- kmplot/kmplot/parser.cpp:280
- kmplot/kmplot/parser.cpp:285
- kmplot/kmplot/parser.cpp:289
- kmplot/kmplot/parser.cpp:293
- kmplot/kmplot/parser.cpp:304
When this case is selected the first time the switch in line 245 is
executed then stkptr[-1] is out of bounds.
- kstars/kstars/fitshistogram.cpp:148
If binSize is 0 but buffer is not NULL, then line 144 is not executed
and line 148 has a division by 0.
- kstars/kstars/fitsprocess.cpp:147
Is narray leaking here? If yes, why not using std::vector?
- kstars/kstars/indi/apmount.cpp:657
- kstars/kstars/indi/apmount.cpp:658
tmtexts and tmtp have only 1 byte allocated, but 4 bytes (32bit
platforms) are assigned here. Why not using std::vector and std::string
for such tasks? Is the memory also leaking in lines 667, 668?
- kstars/kstars/indi/apogee/ApnCamera.cpp:983
If no case is selected in line 967, then RegVal is uninitialized here.
- kstars/kstars/indi/apogee/ApogeeUsbLinuxForKernel.cpp:354
retval is used uninitialized.
- kstars/kstars/indi/apogee/ApogeeUsbLinuxForKernel.cpp:367
Success is not set, if the loop in line 348 is not entered.
- kstars/kstars/indi/v4ldriver.cpp:662
Use delete [] here. Or better a std::vector<unsigned char>. This way
you prevent the memory leaks in lines 625 and 641.
- kstars/kstars/indi/v4lphilips.cpp:602
The index 5 is out of bounds of this array.
- kstars/kstars/indi/sbigccd.cpp:567
- kstars/kstars/indi/sbigccd.cpp:590
- kstars/kstars/indi/sbigccd.cpp:578
- kstars/kstars/indi/sbigccd.cpp:559 (only fitsData)
fitsData and compressedData are leaking memory here. Why not using
std::vector<unsigned char>?
- kstars/kstars/indi/sbigccd.cpp:602
- kstars/kstars/indi/apogee_ppi.cpp:679 (similar)
After this function finished. imageB.blob points to freed memory. Are
there memory leaks, when the function returns to early in the second
case?
- kstars/kstars/indidevice.cpp:874
- kstars/kstars/indidevice.cpp:885 (similar)
- kstars/kstars/indidevice.cpp:898 (similar)
In line 872 you delete pp and use it here again.
- kstars/kstars/fitsviewer.cpp:308
If buffer is != NULL here, than the memory is leaking here. std::vector
is beffer for such tasks.
- kstars/kstars/indistd.cpp:492
Use delete [] here or better a std::string or QString for tempPrefix.
- kstars/kstars/kstarsdata.cpp:553
If ok is true but nn != 2, then you delete seg in line 546. But you use
it again in line 553.
- kgeography/src/answer.cpp:101
If line 91 is also false, then widgets[i] is not initialized here.
- blinken/src/blinken.cpp:442
i can become 4 if selected is always false. Then the else part in line
434 is chosen and in line 442 you have an out of bounds access.
- kig/objects/locus_imp.cc:231
- kig/objects/locus_imp.cc:168 (similar)
Why not (mm1 > mm2 && j <= N)?
- kiten/xjdxgen.c:151
fp is closed in line 140. Here you close it again.
- kstars/kstars/indi/fli/libfli-mem.c:75
Buffer overflow. In line 68 num is set to 2*allocated.total. Then
allocated.pointers gets a buffer for num pointers in line 70. In line 75
you start at position allocate.total and overwrite num (= 2 *
allocated.total) elements with 0. The last allocated.total elements do
not belong to the buffer.
- kstars/kstars/indi/fli/libfli-filter-focuser.c:467
abs looses precision here. Maybe you want to use labs.
- kstars/kstars/indi/fli_ccd.c:898
- kstars/kstars/indi/fli_ccd.c:908
The memory pointed to by fitsData and compressedData is leaking here.
- kstars/kstars/indi/temmadriver.c:73
Buffer overflow. PortT->text has place for 10 chars, but strcpy copies
11 into it. Note that strcpy adds the \0.
kstars/kstars/indi/celestronprotocol.c:562
The loop is executed at most once.
- ktouch/extras/training-gen/c/ktouchgen.c:131
If strlen(ptr->word) returns 0 in line 100, then or_failed or and_failed
are not initialized.
- ktouch/extras/training-gen/c/ktouchgen.c:179
- ktouch/extras/training-gen/c/ktouchgen.c:197 (similar)
- ktouch/extras/training-gen/c/ktouchgen.c:229 (similar)
If file is NULL and line 167 is entered, then a NULL is passed to fclose.
- kstars/kstars/indi/webcam/v4l2_base.cpp:1116
num_ctrls is leaking here.
------------------------------------
Problems involving the NULL pointer:
------------------------------------
- keduca/keducabuilder/kcontroladdedit.cpp:170
- keduca/keducabuilder/kcontroladdedit.cpp:158 (similar)
If item is NULL as indicated by line 167, then line 170 crashes.
- kstars/kstars/kswizard.cpp:143
If the if condition in line 134 is false, then line 143 crashes.
- kmplot/kmplot/View.cpp:703
it could be NULL here, when line 623 is false.
-----------------------------------------------------------------
Cases from switch statements that fall through in some cases but
do not have a fall through comment as in most such cases.
------------------------------------------------------------------
- kverbos/kverbos/kerfassen.cpp:281
-----------------------------------------------------------------
Lines where boolean expressions are used in non-boolean contexts:
I suspect that at least the lines marked with !!! are bugs
-----------------------------------------------------------------
- kig/modes/label.cc:291, 330
- kig/modes/popup.cc:878, 874, 870, 214
- kig/modes/construct_mode.cc:213
- kig/misc/kiginputdialog.cc:203
- kig/misc/object_hierarchy.cc:317
- kig/misc/calcpaths.cc:206, 207
- kig/misc/object_constructor.cc:516
- kig/misc/rect.cc:291
- kstars/kstars/kstarsdata.cpp:1663, 1675
- kstars/kstars/indi/apogee/CameraIO_LinuxPPI.cpp:251, 270, 300
- kstars/kstars/indi/apogee/CameraIO_LinuxPCI.cpp:301, 320, 348
- kstars/kstars/indi/apogee/CameraIO_LinuxISA.cpp:247, 266, 294
More information about the kde-core-devel
mailing list