Suspicous code in KDE 4 trunk r764353

Christoph Bartoschek bartoschek at gmx.de
Mon Jan 21 23:21:42 GMT 2008 

- kdepimlibs/kcal/kresult.cpp:105

A very nice way to directly crash. There seems to be no coverage of
this method.


- kdepimlibs/syndication/dataretriever.cpp:211

d->process is NULL since line 209. Nice crash.


- kdelibs/solid/solid/backends/fakehw/fakebattery.cpp:121

A break is missing


- kdelibs/knewstuff/knewstuff2/ui/kdxsbutton.cpp:150

Given the comment in line 146, a break might be missing.


- kdelibs/kate/completion/katecompletionconfig.cpp:176,226

The shift amount is negative on first iteration.


- kdemultimedia/juk/sortedstringlist.cpp:163

Line 153 indicates that previousNode could be NULL here.


- kdepimlibs/kioslave/imap4/imap4.cpp:359

Line 340 indicates that cache might be NULL here. 


- kdepimlibs/kldap/ldapmodel_p.cpp:170

What if depth is 0 and item still NULL here?


- In the generated file
  build/kdepimlibs/kabc/field.cpp:390,392
  
breaks are probably missing here.


- In the generated file 
  build/kdepimlibs/kcal/libical/src/libical/icalrestriction.c:307
  
stat is of enum icalproperty_status
The return value of icalproperty_get_action(prop) is of enum 
icalproperty_action.


- In the generated file 
  build/kdepimlibs/kcal/libical/src/libical/icalrestriction.c:312
  
stat is of enum icalproperty_status
ICAL_ACTION_EMAIL is of enum icalproperty_action


- In the generated file 
  build/kdepimlibs/kcal/libical/icalderivedproperty.c:2393

pkind is of enum icalproperty_kind
ICAL_NO_VALUE is of enum icalvalue_kind


- kdepimlibs/kcal/libical/src/libical/sspm.c:437

Calling strdup with a NULL pointer (line 435) might be a bad idea.


- kdepimlibs/kcal/libical/src/libical/sspm.c:454
  kdepimlibs/kcal/libical/src/libical/sspm.c:494

major_content_type_map[i].type has type 'enum sspm_major_type'
SSPM_UNKNOWN_MINOR_TYPE has type 'enum sspm_minor_type'


- kdepimlibs/kcal/libical/src/libical/sspm.c:1605

If header is NULL buf.buffer is uninitialized.


- kdepimlibs/kblog/wordpressbuggy.cpp:129, 225
  kdepimlibs/kblog/gdata.cpp:299, 340, 396, 442
  
Is a warning enough?


- kdegames/kbounce/wall.cpp:256

A break seems to be missing.


- kdegames/kbattleship/src/networkdialog.cpp:191

server is deleted in 188 and deleted again here.


- kdelibs/khtml/css/css_valueimpl.cpp:1234

docLoader remains NULL if line 1231 is false and crashes here.


- kdepimlibs/kcal/vcalformat.cpp:1452

fakeCString is deleted with deleteStr and not delete.


- kdepimlibs/kcal/scheduler.cpp:439

Line 434 indicates that ev might be NULL here.


- kdebase/runtime/kioslave/sftp/process.cpp:429
  kdebase/runtime/kioslave/sftp/process.cpp:423

The condition < 0 is always false because ! results in 0 or 1.


- kdebase/runtime/kioslave/sftp/process.cpp:207

The file descriptor from line 191 is leaking here.


- kdelibs/khtml/ecma/kjs_html.cpp:2396

A break statement or a fall-through comment should be here.


- kdebase/apps/konsole/src/TerminalDisplay.cpp:2742

A break statement or a fall-through comment should be here.


- kdebase/workspace/libs/ksysguard/processcore/processes_linux_p.cpp:365-377

There are break; statements missing.


- kdebase/workspace/libs/ksysguard/processcore/processes_remote_p.cpp:42

ppidColumn is assigned twice. Undefined behaviour. 


- kdebase/workspace/libs/ksysguard/processcore/processes_remote_p.cpp:247

A break might be missing here. Or a fall-through comment.


- kdebase/workspace/libs/plasma/phase.cpp:257
  kdebase/workspace/libs/plasma/phase.cpp:295
  
Division by zero if frames is 1 or 2  (or 1 in line 295). 
Line 280 and 244 only catch the value 0. But frames is divided and
an integer in lines 255 and 293.


- kdebase/workspace/libs/plasma/desktoptoolbox.cpp:207

If m_toolBacker is NULL a crash is sure here. I guess the ! is
not intended here.


- kdebase/workspace/ksysguard/ksysguardd/Linux/netdev.c:420

There should be something as return here. fd is used in 423, 425,
428. I do not think that calling read or close with invalid
file descriptors is allowed.


- kdebase/workspace/ksysguard/ksysguardd/Linux/softraid.c:580
  kdebase/workspace/ksysguard/ksysguardd/Linux/softraid.c:580
  
I would expect a 6 instead of 4 as the third argument to strncmp.


- kdebase/workspace/klipper/configdialog.cpp:361

Maybe action is NULL if line 353 is true and line 354 true on the first 
iteration.


- kdebase/workspace/kwin/clients/plastik/plastikbutton.cpp:203

alpha is not initialized if lines 194 and 198 are not true.


- kdebase/workspace/kwin/clients/b2/b2client.cpp:168
  kdebase/workspace/kwin/clients/b2/b2client.cpp:170

Highly probably two breaks are missing


- kdebase/workspace/kwin/effects/thumbnailaside.cpp:146

If it is possible that windows.size() == 0 then height is 0 here.


- kdebase/workspace/khotkeys/shared/input.cpp:189

keysym is uninitialized


- kdebase/workspace/khotkeys/shared/input.cpp:217 

x_mod is uninitialized


- kdebase/apps/konqueror/src/konqviewmanager.cpp:960

Line 950 indicates that m_pMainWindow might be NULL: Is it impossible to
get here?


- kdebase/apps/konqueror/sidebar/trees/dirtree_module/dirtree_item.cpp:170
  kdebase/apps/konqueror/settings/filetypes/kservicelistwidget.cpp:442
  kdegames/kpat/klondike.cpp:177
  kdegames/libkdegames/highscore/kexthighscore_gui.cpp:501
  kdepimlibs/kioslave/imap4/imap4.cpp:147

Useless "true &&".  


- kdebase/workspace/ksysguard/gui/WorkSheet.cc:522

newDisplay is NULL here if classType == "ProcessController"  and
mLocalProcessController != NULL. I guess line 512 should move out of the
if braces starting at 509


- kdebase/workspace/kwin/events.cpp:1664 

A break is probably missing.


- kdebase/workspace/kcontrol/kfontinst/kcmfontinst/JobRunner.cpp:294

A break is missing.


- kdebase/workspace/kdm/kfrontend/genkdmconf.c:2812

ftxt is NULL if the for in 2876 is not entered.


- kdebase/workspace/khotkeys/kcontrol/condition_list_widget.cpp:285

If parent2_P is NULL and parent1_P is NULL this method crashes here


- kdebase/workspace/ksplash/ksplashx/scale.cpp:194
  kdebase/workspace/ksplash/ksplashx/scale.cpp:221
  kdebase/workspace/ksplash/ksplashx/scale.cpp:248

If d is 0 problems arise later.


- kdebase/workspace/ksplash/ksplashx/qcolor.cpp:503

Lines 505 and 507 use && and not &. This one of the reasons to use &&
here too.


- kdebase/apps/konsole/src/ViewManager.cpp:399

If existingViewIter.hasNext() is always false container is NULL here and
crashes.



A fall-through-comment or a real break might be missing here:
--------------------------------------------------------------

kdebase/workspace/kcontrol/kfontinst/kcmfontinst/FontList.cpp:800
kdebase/workspace/plasma/applets/kickoff/ui/urlitemview.cpp:295
kdebase/workspace/libs/plasma/widgets/widget.cpp:596
kdebase/runtime/kstyles/oxygen/oxygen.cpp:1816
kdebase/runtime/phonon/xine/mediaobject.cpp:555
kdelibs/phonon/tests/fakebackend/delayaudioeffect.cpp:70

More information about the kde-core-devel mailing list