Suspicious code in revision 867140

Christoph Bartoschek bartoschek at gmx.de
Fri Oct 3 15:27:53 BST 2008 

Hi,

here are the reports for revision 864329 that had no feedback:


- kdelibs/kate/completion/katecompletionconfig.cpp:226
  kdelibs/kate/completion/katecompletionconfig.cpp:176

If the condition in line 225 is true for the first iteration then the shift
amount is i - 1 == -1 in line 226. This is invalid.

- kdepimlibs/kioslave/imap4/imap4.cpp:150

A signal handler that calls for example waitpid has to save errno before and
restore it afterwards.

- kdebase/workspace/ksysguard/gui/SensorDisplayLib/SignalPlotter.cc:635

Line 604 indicates that mVerticalLinesDistance can be 0. If this is the case
and the execution reaches this line, then a devision by 0 is the result.

- kdebase/workspace/ksysguard/gui/WorkSheet.cc:548, 551

If the condition in line 538 is false then newDisplay is NULL here.

- kdebase/workspace/powerdevil/kcmodule/CapabilitiesPage.cpp:205

There is no need to confuse the reader and use the bitwise-or here.


- kdebase/workspace/powerdevil/kcmodule/CapabilitiesPage.cpp:304

If line 270 is false and line 278 is false but line 298 is true, then butly 
is NULL here.

- kdebase/workspace/kcontrol/kfontinst/kcmfontinst/FontList.cpp:641

Consider including <cmath> to see all overloads of abs().

- kdesvn/kdesdk/umbrello/umbrello/uml.cpp:2262

If cmd == NULL in line 2259 then this line crashes.
-------------------------------------------------------------------------------

The following items are for revision 867140:

- kdesupport/qimageblitz/blitz/convolve.cpp:1155,991

It seems as if i and columns are not changed in the loop. An endless loop is 
the
result.

- kdesupport/cpptoxml/parser/binder.cpp:237

Line 234 indicates that declarator can be NULL. A crash follows here

- kdesupport/qimageblitz/blitz/histogram.cpp:251

high.red is quint16 and therefore always >= 0.

- kdesupport/qimageblitz/blitz/scale.cpp:165, 192, 223

If dh (dw, d) is 0 then a division by 0 is performed.

- kdesupport/akonadi/server/src/handler/store.cpp:95

If buffer != "REV" and buffer != "NOREV" then revCheck is still true and
rev is uninitialized here.  A final else for the if in line 86 is missing.

- kdelibs/kdecore/config/kconfig.cpp:592

Is it really necessary to evaluate both sides of the |?

- kdelibs/kimgio/xcf.cpp:1211, 1476

If the switch in line 1157 (1421) does not find a case copy is not 
initialized here
and an invalid function pointer. Is it possible to crash the application with
invalid xcf files?

- kdelibs/kjs/string_object.cpp:408

The local variable global is never changed.

- kdelibs/kdeui/sonnet/highlighter.cpp:229

d->wordCount is always > 1 here. Why? In line 216 savedActive and d->active 
are
equal. To get to line 229 they have to be unequal due to line 228. But they 
can
only change in lines 220 till 226. This lines however are only evaluated if
d->wordCount >= 10. Therefore (d->wordCount > 1) is always true.

- kdeui/widgets/kcompletionbox.cpp:185

A break might be missing

- kdeui/windowmanagement/netwm.cpp:3665

Add a todo comment about the false to not forget it. The loop 3598 is only 
executed once. Same for 1983

- kdelibs/kded/kbuildsycoca.cpp:516

Can mimeTypeFactory or serviceFactory or servicetypeFactory be still NULL 
after 
the loop in line 490?

- kdelibs/knewstuff/knewstuff2/engine.cpp:139

m_loop points to a deallocated object here. It would be clearer to set it to
NULL here.

- kdelibs/security/kcert/kcertpart.cc:860,861,869,870

The result of the dynamic_casts is not used.

- kdelibs/khtml/khtmlview.cpp:2303
  kdelibs/khtml/html/html_documentimpl.cpp:195

Add a todo comment about the 0 to not forget it.

- kdelibs/khtml/khtml_part.cpp:4282

Add a todo comment about the 0 to not forget it. Does this mean that 
certificate
chains are always valid in khtml?

- kdelibs/khtml/xml/dom_nodeimpl.cpp:333

r_ofs and outsideEnd are used but never assigned.

- kdelibs/khtml/rendering/render_layer.cpp:894

Line 887 indicates that m_hBar can be false. If line 893 is true, then a 
crash
follows here.

- kdelibs/khtml/css/css_valueimpl.cpp:1314

If line 1411 is false then docLoader is NULL here.

- kdelibs/khtml/ecma/kjs_binding.cpp:336
  kdelibs/khtml/ecma/kjs_binding.cpp:353

The allowed code range [DOM::RangeException::_EXCEPTION_OFFSET,
DOM::RangeException::_EXCEPTION_MAX} is wider than table rangeExceptionNames.

- kdebase/workspace/libs/plasma/extenderitem.cpp:333

Line 284 indicates that hostExtender->d->applet might be NULL here.

More information about the kde-core-devel mailing list