From kde-core-devel Sat Apr 22 10:59:48 2006 From: Christoph Bartoschek Date: Sat, 22 Apr 2006 10:59:48 +0000 To: kde-core-devel Subject: Suspicious code in kdeedu-3.5.2 Message-Id: <200604221259.48841.bartoschek () gmx ! de> X-MARC-Message: https://marc.info/?l=kde-core-devel&m=114570365823275 So, the last report for kde 3.5.2: ------------------------------------------------------------------ Misc problems: ------------------------------------------------------------------ - kturtle/src/value.cpp:309 - kturtle/src/value.cpp:299 - kturtle/src/value.cpp:289 - kturtle/src/value.cpp:279 m_bool >= n.Bool() ??? - kturtle/src/canvas.cpp:508 Could it be that i is 4 here because of lines 489, 495, 501, 507? - kturtle/src/kturtle.cpp:399 - kturtle/src/kturtle.cpp:356 The loop is executed at most once. - kverbos/kverbos/kverbosdoc.cpp:698 of is allocated in line 690 and used uninitialized here. - keduca/libkeduca/fileread.cpp:337 - keduca/libkeduca/fileread.cpp:379 - keduca/libkeduca/fileread.cpp:349 - keduca/libkeduca/fileread.cpp:391 - keduca/libkeduca/fileread.cpp:298 - keduca/libkeduca/fileread.cpp:307 - keduca/libkeduca/fileread.cpp:322 - keduca/libkeduca/fileread.cpp:321 - keduca/libkeduca/fileread.cpp:284 - keduca/libkeduca/fileread.cpp:283 - keduca/libkeduca/fileread.cpp:364 - keduca/libkeduca/fileread.cpp:363 - keduca/libkeduca/fileread.cpp:357 - keduca/libkeduca/fileread.cpp:356 - keduca/libkeduca/fileread.cpp:277 - keduca/libkeduca/fileread.cpp:276 - keduca/libkeduca/fileread.cpp:315 - keduca/libkeduca/fileread.cpp:314 if (_fileBOF = true) is always true. But even if you mean if (_fileBOF == true) _fileBOF = false this still means: _fileBOF = false; - kmplot/kmplot/parser.cpp:265 - kmplot/kmplot/parser.cpp:269 - kmplot/kmplot/parser.cpp:273 - kmplot/kmplot/parser.cpp:277 - kmplot/kmplot/parser.cpp:280 - kmplot/kmplot/parser.cpp:285 - kmplot/kmplot/parser.cpp:289 - kmplot/kmplot/parser.cpp:293 - kmplot/kmplot/parser.cpp:304 When this case is selected the first time the switch in line 245 is executed then stkptr[-1] is out of bounds. - kstars/kstars/fitshistogram.cpp:148 If binSize is 0 but buffer is not NULL, then line 144 is not executed and line 148 has a division by 0. - kstars/kstars/fitsprocess.cpp:147 Is narray leaking here? If yes, why not using std::vector? - kstars/kstars/indi/apmount.cpp:657 - kstars/kstars/indi/apmount.cpp:658 tmtexts and tmtp have only 1 byte allocated, but 4 bytes (32bit platforms) are assigned here. Why not using std::vector and std::string for such tasks? Is the memory also leaking in lines 667, 668? - kstars/kstars/indi/apogee/ApnCamera.cpp:983 If no case is selected in line 967, then RegVal is uninitialized here. - kstars/kstars/indi/apogee/ApogeeUsbLinuxForKernel.cpp:354 retval is used uninitialized. - kstars/kstars/indi/apogee/ApogeeUsbLinuxForKernel.cpp:367 Success is not set, if the loop in line 348 is not entered. - kstars/kstars/indi/v4ldriver.cpp:662 Use delete [] here. Or better a std::vector. This way you prevent the memory leaks in lines 625 and 641. - kstars/kstars/indi/v4lphilips.cpp:602 The index 5 is out of bounds of this array. - kstars/kstars/indi/sbigccd.cpp:567 - kstars/kstars/indi/sbigccd.cpp:590 - kstars/kstars/indi/sbigccd.cpp:578 - kstars/kstars/indi/sbigccd.cpp:559 (only fitsData) fitsData and compressedData are leaking memory here. Why not using std::vector? - kstars/kstars/indi/sbigccd.cpp:602 - kstars/kstars/indi/apogee_ppi.cpp:679 (similar) After this function finished. imageB.blob points to freed memory. Are there memory leaks, when the function returns to early in the second case? - kstars/kstars/indidevice.cpp:874 - kstars/kstars/indidevice.cpp:885 (similar) - kstars/kstars/indidevice.cpp:898 (similar) In line 872 you delete pp and use it here again. - kstars/kstars/fitsviewer.cpp:308 If buffer is != NULL here, than the memory is leaking here. std::vector is beffer for such tasks. - kstars/kstars/indistd.cpp:492 Use delete [] here or better a std::string or QString for tempPrefix. - kstars/kstars/kstarsdata.cpp:553 If ok is true but nn != 2, then you delete seg in line 546. But you use it again in line 553. - kgeography/src/answer.cpp:101 If line 91 is also false, then widgets[i] is not initialized here. - blinken/src/blinken.cpp:442 i can become 4 if selected is always false. Then the else part in line 434 is chosen and in line 442 you have an out of bounds access. - kig/objects/locus_imp.cc:231 - kig/objects/locus_imp.cc:168 (similar) Why not (mm1 > mm2 && j <= N)? - kiten/xjdxgen.c:151 fp is closed in line 140. Here you close it again. - kstars/kstars/indi/fli/libfli-mem.c:75 Buffer overflow. In line 68 num is set to 2*allocated.total. Then allocated.pointers gets a buffer for num pointers in line 70. In line 75 you start at position allocate.total and overwrite num (= 2 * allocated.total) elements with 0. The last allocated.total elements do not belong to the buffer. - kstars/kstars/indi/fli/libfli-filter-focuser.c:467 abs looses precision here. Maybe you want to use labs. - kstars/kstars/indi/fli_ccd.c:898 - kstars/kstars/indi/fli_ccd.c:908 The memory pointed to by fitsData and compressedData is leaking here. - kstars/kstars/indi/temmadriver.c:73 Buffer overflow. PortT->text has place for 10 chars, but strcpy copies 11 into it. Note that strcpy adds the \0. kstars/kstars/indi/celestronprotocol.c:562 The loop is executed at most once. - ktouch/extras/training-gen/c/ktouchgen.c:131 If strlen(ptr->word) returns 0 in line 100, then or_failed or and_failed are not initialized. - ktouch/extras/training-gen/c/ktouchgen.c:179 - ktouch/extras/training-gen/c/ktouchgen.c:197 (similar) - ktouch/extras/training-gen/c/ktouchgen.c:229 (similar) If file is NULL and line 167 is entered, then a NULL is passed to fclose. - kstars/kstars/indi/webcam/v4l2_base.cpp:1116 num_ctrls is leaking here. ------------------------------------ Problems involving the NULL pointer: ------------------------------------ - keduca/keducabuilder/kcontroladdedit.cpp:170 - keduca/keducabuilder/kcontroladdedit.cpp:158 (similar) If item is NULL as indicated by line 167, then line 170 crashes. - kstars/kstars/kswizard.cpp:143 If the if condition in line 134 is false, then line 143 crashes. - kmplot/kmplot/View.cpp:703 it could be NULL here, when line 623 is false. ----------------------------------------------------------------- Cases from switch statements that fall through in some cases but do not have a fall through comment as in most such cases. ------------------------------------------------------------------ - kverbos/kverbos/kerfassen.cpp:281 ----------------------------------------------------------------- Lines where boolean expressions are used in non-boolean contexts: I suspect that at least the lines marked with !!! are bugs ----------------------------------------------------------------- - kig/modes/label.cc:291, 330 - kig/modes/popup.cc:878, 874, 870, 214 - kig/modes/construct_mode.cc:213 - kig/misc/kiginputdialog.cc:203 - kig/misc/object_hierarchy.cc:317 - kig/misc/calcpaths.cc:206, 207 - kig/misc/object_constructor.cc:516 - kig/misc/rect.cc:291 - kstars/kstars/kstarsdata.cpp:1663, 1675 - kstars/kstars/indi/apogee/CameraIO_LinuxPPI.cpp:251, 270, 300 - kstars/kstars/indi/apogee/CameraIO_LinuxPCI.cpp:301, 320, 348 - kstars/kstars/indi/apogee/CameraIO_LinuxISA.cpp:247, 266, 294