[Libreoffice] Question about Possible null pointer dereference in SpellDialog.cxx (cui one)

Eike Rathke ooo at erack.de
Tue Oct 18 16:42:42 PDT 2011 

Hi,

On Friday, 2011-09-16 16:29:57 -0700, julien2412 wrote:

> cppcheck detected this on core/cui/source/dialogs/SpellDialog.cxx
> 1534	nullPointer	error	Possible null pointer dereference: pNewError
> 1538	nullPointer	error	Possible null pointer dereference: pNewError
> 1555	nullPointer	error	Possible null pointer dereference: pNewError
> 1559	nullPointer	error	Possible null pointer dereference: pNewError
> 1570	nullPointer	error	Possible null pointer dereference: pNewBack
> 1595	nullPointer	error	Possible null pointer dereference: pNewError
> 1751	nullPointer	error	Possible null pointer dereference: pNewBackground
> 
> I tried to understand with the first one :
>  1530           TextAttrib* pNewError =  NULL;
>                     sal_uInt16 nStart = pErrorAttrLeft->GetStart();
>                     sal_uInt16 nEnd = pErrorAttrLeft->GetEnd();
>                     pTextEngine->RemoveAttrib( 0, *pErrorAttrLeft );
>   1534          SetAttrib( *pNewError, 0, nStart, ++nEnd );
> 
> [...]
> 
> I found that before the commit  d54c3ad1518e32938117c7e529dda375d4110888,
> most (all?) of these variables were initialized. For example like this :
> TextAttrib* pNewError =  pErrorAttrib->GetAttr().Clone();
> 
> I supposed there was certainly a good reason, but I don't know how can it
> works now. Of course, I wouldn't have noticed this without cppcheck report.

http://cgit.freedesktop.org/libreoffice/core/commit/?id=d54c3ad1518e32938117c7e529dda375d4110888&context=6
doesn't look correct, especially with the commit message
"callcatcher: replace Clone() by NULL" it doesn't make sense. I doubt
callcatcher placed this into unused code.

The pointer is dereferenced and the object accessed under SetAttrib().
I reverted the commit.

Thanks for catching.

  Eike

-- 
 PGP/OpenPGP/GnuPG encrypted mail preferred in all private communication.
 Key ID: 0x293C05FD - 997A 4C60 CE41 0149 0DB3  9E96 2F1A D073 293C 05FD
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.freedesktop.org/archives/libreoffice/attachments/20111019/4058f590/attachment.pgp>

More information about the LibreOffice mailing list