--===============8296919850528741321== Content-Type: multipart/alternative; boundary="===============0864945967454951108==" --===============0864945967454951108== MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://git.reviewboard.kde.org/r/126507/#review90467 ----------------------------------------------------------- Ship it! Ship It! - David Faure On Jan. 2, 2016, 4:02 p.m., Michael Pyne wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://git.reviewboard.kde.org/r/126507/ > ----------------------------------------------------------- > > (Updated Jan. 2, 2016, 4:02 p.m.) > > > Review request for KDE Frameworks. > > > Repository: kdelibs4support > > > Description > ------- > > Fix a couple of Coverity issues: > > 1. CID 1175508; file descriptors used in KLockFile could be leaked in > error conditions. Even when KLockFile sets mustCloseFd, the dtor's impl > also checks that the lock has been taken, which is only considered true > if LockOK had been returned in our lock function. Instead close() the fd > ourselves unless we make it to LockOK. > > 2. CID 1175555; The standard mis-use of QCache. QCache::insert can, in > theory, delete our object as soon as we insert it into cache, so we have > to check for that. Even ::contains() and ::object() can be risky (the > pointers returned by object() have no lifetime guarantee), but since > this is GUI code I assume it's only used single-threaded and not > re-entrant. Otherwise we'd need even more paranoia... > > > Diffs > ----- > > src/kdecore/klockfile_unix.cpp 67283a5 > src/kdeui/k4style.cpp a1a2ab1 > > Diff: https://git.reviewboard.kde.org/r/126507/diff/ > > > Testing > ------- > > Everything builds and appears to still work, though it's hard to test K4Style as I'm not sure what uses it right at this point. > > > Thanks, > > Michael Pyne > > --===============0864945967454951108== MIME-Version: 1.0 Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: 7bit

This is an automatically generated e-mail. To reply, visit: https://git.reviewboard.kde.org/r/126507/

Ship it!

Ship It!

- David Faure

On January 2nd, 2016, 4:02 p.m. UTC, Michael Pyne wrote:

Review request for KDE Frameworks.

By Michael Pyne.

Updated Jan. 2, 2016, 4:02 p.m.

Repository: kdelibs4support

Description

Fix a couple of Coverity issues:

CID 1175508; file descriptors used in KLockFile could be leaked in error conditions. Even when KLockFile sets mustCloseFd, the dtor's impl also checks that the lock has been taken, which is only considered true if LockOK had been returned in our lock function. Instead close() the fd ourselves unless we make it to LockOK.
CID 1175555; The standard mis-use of QCache. QCache::insert can, in theory, delete our object as soon as we insert it into cache, so we have to check for that. Even ::contains() and ::object() can be risky (the pointers returned by object() have no lifetime guarantee), but since this is GUI code I assume it's only used single-threaded and not re-entrant. Otherwise we'd need even more paranoia...

Testing

Everything builds and appears to still work, though it's hard to test K4Style as I'm not sure what uses it right at this point.

Diffs

src/kdecore/klockfile_unix.cpp (67283a5)
src/kdeui/k4style.cpp (a1a2ab1)

--===============0864945967454951108==-- --===============8296919850528741321== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KS2RlLWZyYW1l d29ya3MtZGV2ZWwgbWFpbGluZyBsaXN0CktkZS1mcmFtZXdvcmtzLWRldmVsQGtkZS5vcmcKaHR0 cHM6Ly9tYWlsLmtkZS5vcmcvbWFpbG1hbi9saXN0aW5mby9rZGUtZnJhbWV3b3Jrcy1kZXZlbAo= --===============8296919850528741321==--