Suspicious code in revision 867140
Aaron J. Seigo
aseigo at kde.org
Fri Oct 3 16:15:25 BST 2008
On Friday 03 October 2008, Christoph Bartoschek wrote:
> - kdelibs/kdecore/config/kconfig.cpp:592
> Is it really necessary to evaluate both sides of the |?
looks like a typo; fixed.
> - kdelibs/kimgio/xcf.cpp:1211, 1476
> If the switch in line 1157 (1421) does not find a case copy is not
> initialized here
> and an invalid function pointer. Is it possible to crash the application
> with invalid xcf files?
i don't know if it is exploitable in practice but it looks dangerous; fixed.
> - kdelibs/kdeui/sonnet/highlighter.cpp:229
> d->wordCount is always > 1 here. Why? In line 216 savedActive and d->active
> equal. To get to line 229 they have to be unequal due to line 228. But they
> only change in lines 220 till 226. This lines however are only evaluated if
> d->wordCount >= 10. Therefore (d->wordCount > 1) is always true.
yep; this compare is unecessary.. fixed.
> - kdeui/widgets/kcompletionbox.cpp:185
> A break might be missing
> - kdelibs/knewstuff/knewstuff2/engine.cpp:139
> m_loop points to a deallocated object here. It would be clearer to set it
> to NULL here.
it is set to NULL when the loop exits, so this is safe ...
> - kdebase/workspace/libs/plasma/extenderitem.cpp:333
> Line 284 indicates that hostExtender->d->applet might be NULL here.
the check on 284 is bogus; fixed.
Aaron J. Seigo
humru othro a kohnu se
GPG Fingerprint: 8B8B 2209 0C6F 7C47 B1EA EE75 D6B7 2EB1 A7F1 DB43
KDE core developer sponsored by Trolltech
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 197 bytes
Desc: This is a digitally signed message part.
More information about the kde-core-devel