Suspicious code in kdelibs/kdebase revision 864329

Christoph Bartoschek bartoschek at gmx.de
Wed Sep 24 21:22:39 BST 2008 

Here are some remarks to some source files of kdelibs/kdebase:


- kdelibs/kdeui/dialogs/kshortcutseditor.cpp:121

Action has the value 2 (see 109).  However hier has only entries 0 and 1. 
Out of bounds access.

- kdelibs/kdeui/widgets/ktoolbar.cpp:1056

This loop is executed at most once. Not forever.

- kdelibs/kdeui/dialogs/kshortcutseditoritem.cpp:122
  kdelibs/kdeui/dialogs/kshortcutseditoritem.cpp:139

A default case with an assertion would be good for this switch.

- kdelibs/khtml/khtmlview.cpp:2933

I guess this break wants to be behind the following line. See line 2915.

- kdelibs/khtml/xml/dom_nodeimpl.cpp:332

r is used here but never got a value. Same ofr the other values.

- kdelibs/khtml/xml/xml_tokenizer.cpp:505

Line 502 indicates that body can be NULL here. A crash follows.

- kdelibs/khtml/xml/dom_xmlimpl.cpp:483

Line 481 indicates that m_sheet can be NULL here. A crash follows.

- kdelibs/khtml/xml/dom_selection.cpp:827

Line 824 indicates that renderNode can be NULL here. A crash follows.

- kdelibs/khtml/html/html_baseimpl.cpp:735
  kdelibs/khtml/html/html_imageimpl.cpp:160
  kdelibs/khtml/rendering/bidi.cpp:1103,1154
  kdebase/runtime/nepomuk/services/queryservice/searchthread.cpp:374

A break might be missing. A fall through comment would be nice.

- kdelibs/khtml/editing/jsediting.cpp:581

If command == sizeof commands / sizeof commands[0] then line 583 is an access
out of bounds.

- kdelibs/kate/completion/katecompletionconfig.cpp:226
  kdelibs/kate/completion/katecompletionconfig.cpp:176

If the condition in line 225 is true for the first iteration then the shift
amount is i - 1 == -1 in line 226. This is invalid.

- kdepimlibs/kioslave/imap4/imap4.cpp:150

A signal handler that calls for example waitpid has to save errno before and
restore it afterwards.

- kdebase/workspace/libs/plasma/extenderitem.cpp:740

Line 732 indicates that d->extender might be NULL here. A crash follows.

- kdebase/workspace/libs/plasma/extenderitem.cpp:332

Line 283 indicates that hostExtender->d->applet might be NULL here. A crash
follows.

- kdebase/workspace/libs/plasma/private/style.cpp:100

Line 83 indicates that scrollOption might be NULL here. A crash follows.

- kdebase/workspace/libs/taskmanager/groupmanager.cpp:157

If line 153 is false then item is uninitialized here.

More information about the kde-core-devel mailing list