Suspicious code in revision 867140

Aaron J. Seigo aseigo at kde.org
Fri Oct 3 16:15:25 BST 2008


On Friday 03 October 2008, Christoph Bartoschek wrote:
> - kdelibs/kdecore/config/kconfig.cpp:592
>
> Is it really necessary to evaluate both sides of the |?

looks like a typo; fixed.

> - kdelibs/kimgio/xcf.cpp:1211, 1476
>
> If the switch in line 1157 (1421) does not find a case copy is not
> initialized here
> and an invalid function pointer. Is it possible to crash the application
> with invalid xcf files?

i don't know if it is exploitable in practice but it looks dangerous; fixed.

> - kdelibs/kdeui/sonnet/highlighter.cpp:229
>
> d->wordCount is always > 1 here. Why? In line 216 savedActive and d->active
> are
> equal. To get to line 229 they have to be unequal due to line 228. But they
> can
> only change in lines 220 till 226. This lines however are only evaluated if
> d->wordCount >= 10. Therefore (d->wordCount > 1) is always true.

yep; this compare is unecessary.. fixed.

> - kdeui/widgets/kcompletionbox.cpp:185
>
> A break might be missing

fixed

> - kdelibs/knewstuff/knewstuff2/engine.cpp:139
>
> m_loop points to a deallocated object here. It would be clearer to set it
> to NULL here.

it is set to NULL when the loop exits, so this is safe ... 

> - kdebase/workspace/libs/plasma/extenderitem.cpp:333
>
> Line 284 indicates that hostExtender->d->applet might be NULL here.

the check on 284 is bogus; fixed.

thanks =))

-- 
Aaron J. Seigo
humru othro a kohnu se
GPG Fingerprint: 8B8B 2209 0C6F 7C47 B1EA  EE75 D6B7 2EB1 A7F1 DB43

KDE core developer sponsored by Trolltech

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20081003/40436dea/attachment.sig>


More information about the kde-core-devel mailing list