[Fontconfig] Code review needed ,spotted by Coverity

Frederic Crozat fcrozat at mandriva.com
Tue Apr 11 10:10:37 PDT 2006


Ok, I'm almost done with the various Coverity defects.

The only ones left are not trivial and requires much more knowledge of
fontconfig internal than I have, so I'll explain the defects spot and
let people with more knowledge tell me if it is a real bug or if I
should close defect as false alarm :

-defect #984 in fcdir.c / FcDirScanConfig :
FcGlobalCacheReadDir might be call with config == NULL, which will call
FcConfigInodeMatchFontDir which deferences config without checking for
NULL value. I'm not sure how to fix this.

-defect #759 in fccharset.c / FcCharSetSubtractCount :
*bm might be NULL because of assignment to bi.leaf->map and then it is
accessed without any NULL test. I don't know if bi.leaf->map is never
NULL.

-defects #783, #784, #785, #786 : 
* if config->maxObjects == 0, but config->substPattern or
config->substFont are not NULL, st, while NULL, will be accessed
* at line 1497, there is a test against thisValue being NULL (so, it
might be NULL), but FcConfigDel called at line 1506 might deferences
thisValue, causing a crash.
* at line 1463, l might be leaked if switch (e->op) is handled by
default case). I don't know if it is possible.

Oh and I think I found a coverity bug ;) (defect #782)..

There are two other memleaks in doc/edit-sgml.c but I don't know if it
is worth trying to fix (defects #744, #745, leaking ss and ls in
DoReplace).

But now, we are done ;)
-- 
Frederic Crozat <fcrozat at mandriva.com>
Mandriva




More information about the Fontconfig mailing list