[prev in list] [next in list] [prev in thread] [next in thread]
List: koffice-devel
Subject: Re: Suspicious code in koffice-1.5.0-rc1
From: Stefan Nikolaus <stefan.nikolaus () kdemail ! net>
Date: 2006-04-24 12:07:32
Message-ID: 200604241407.33262.stefan.nikolaus () kdemail ! net
[Download RAW message or body]
First of all: Thanks for this report, Christoph.
On Sunday 09 April 2006 16:22, Christoph Bartoschek wrote:
> - kspread/plugins/calculator/kcalc_core.cpp:647
>
> work_amount1 is uninitialized here.
Fixed. The whole calculator plugin is dead code. Why is it still there?
> - filters/kspread/excel/sidewinder/excel.cpp:597
>
> If d->data.size() is 0, then you have an access beyond the array bounds
> in line 597.
>
> - filters/kspread/excel/sidewinder/excel.cpp:4569
>
> If size >= buffer_size in line 4530, then buffer_size == size. But then
> you access buffer one element beyond in line 4569.
Still there?
> - filters/kspread/opencalc/opencalcimport.cc:2258
>
> If format is not 0 then formatType is not initialized in line 2258.
Remains open.
> - kspread/kspread_sheet.cc:1727
>
> If the loop in line 1567 is never entered, then result is uninitialized.
Not possible. The Selection is never empty.
> - kspread/kspread_sheetprint.cc:627
>
> If the for loops at lines 448, 451, 457 and 585 are not entered, then
> xpos is not initialized here.
Fixed.
> - kspread/kspread_sheetprint.cc:1120
>
> pl.ptPageEdge and pl.ptBindingSide are not initialized here.
Remains open.
> - kspread/valuecalc.cc:1382
> - kspread/valuecalc.cc:1443 (similar)
>
> If the condition in line 1380 is not true, than s and t can be
> uninitialized here.
Remains open.
> - kspread/kspread_cell.cc:1858
>
> "&& (uint) Style::FUnderline" is always true. Therefore the fixme
> comment seems to be reasonable.
Fixed.
> - kspread/dialogs/kspread_dlg_layout.cc:1712
>
> if the switch statement in line 1683 does not select any case then
> floatFormat remains uninitialized
Fixed.
> - kspread/plugins/calculator/kcalc_core.cpp:1772
>
> If top_item is NULL from PopStack(), then line 1772 crashes.
I think this is called lazy evaluation and stops if top_item is NULL.
> - kspread/selection.cc:606
>
> If element is NULL as indicated by line 599, then line 606 crashes.
Fixed.
> - kspread/dialogs/kspread_dlg_styles.cc:213
>
> Line 202 indicates that m_view could be NULL. Line 213 crashes then.
Fixed.
> - kspread/dialogs/kspread_dlg_conditional.cc:448
>
> If the switch in line 424 does not select any case, then sb, cb, kl1,
> kl2 remain NULL and cause crashes.
Fixed.
> -----------------------------------------------------------------
> Cases from switch statements that fall through in some cases but
> do not have a fall through comment as in most such cases.
> ------------------------------------------------------------------
>
> - kspread/dialogs/kspread_dlg_formula.cc:463
Fixed.
> - kspread/digest.cc:613
> - kspread/digest.cc:614
> - kspread/digest.cc:615
Don't understand this enough to solve it.
> - kspread/kspread_autofill.cc:473
Fixed.
> -----------------------------------------------------------------
> Lines where boolean expressions are used in non-boolean contexts:
>
> I suspect that at least the lines marked with !!! are bugs
> -----------------------------------------------------------------
>
> - kspread/manipulator.cc:127
> - kspread/dialogs/kspread_dlg_preference.cc:1037
> - filters/kspread/excel/sidewinder/pole.cpp:1043
> - filters/kspread/excel/sidewinder/pole.cpp:999
Fixed.
Bye
Stefan
_______________________________________________
koffice-devel mailing list
koffice-devel@kde.org
https://mail.kde.org/mailman/listinfo/koffice-devel
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic