[dia] [scan-build] Logic errors - Null dereference, Garbage result

From: Hans Breuer <hans src gnome org>
To: svn-commits-list gnome org
Cc:
Subject: [dia] [scan-build] Logic errors - Null dereference, Garbage result
Date: Sat, 5 Dec 2009 17:47:40 +0000 (UTC)
commit 18533759b5d223de2c28abf4e0a40e8f3a860a4e
Author: Hans Breuer <hans breuer org>
Date:   Sat Nov 28 16:13:21 2009 +0100

    [scan-build] Logic errors - Null dereference,  Garbage result
    
    lib/objchange.c:54 - Dereference of null pointer - avoided
    
    lib/parent.c:66, lib/parent.c:110 - Dead store - removed superfluous
      initialization
    lib/parent.c:192 - Undefined or garbage result : not actually a bug,
      made more understandable to clang
    lib/parent.c:281 - Dereference of null pointer : dito (obj->num_handle
      would not be smaller than 0
    
    lib/text.c:975 - Null dereference - simplified for API robustness
    lib/text.c:978 - Dead assignment - removed
    lib/text.c:1057 Dead assignment, Value stored to 'composite_node'
      is never read - removed that code

 lib/objchange.c |    8 +++++---
 lib/parent.c    |   12 ++++++------
 lib/text.c      |    6 +-----
 3 files changed, 12 insertions(+), 14 deletions(-)
---
diff --git a/lib/objchange.c b/lib/objchange.c
index 82aaa9a..2f0a560 100644
--- a/lib/objchange.c
+++ b/lib/objchange.c
@@ -49,9 +49,11 @@ object_state_change_apply_revert(ObjectStateChange *change, DiaObject *obj)
 static void
 object_state_change_free(ObjectStateChange *change)
 {
-  if ((change) && (change->saved_state) && (change->saved_state->free))
-    (*change->saved_state->free)(change->saved_state);
-  g_free(change->saved_state);
+  if ((change) && (change->saved_state)) {
+    if (change->saved_state->free)
+      (*change->saved_state->free)(change->saved_state);
+    g_free(change->saved_state);
+  }
 }
 
 ObjectChange *new_object_state_change(DiaObject *obj,
diff --git a/lib/parent.c b/lib/parent.c
index 434a4e0..ba0f248 100644
--- a/lib/parent.c
+++ b/lib/parent.c
@@ -63,7 +63,7 @@ GList *parent_list_affected_hierarchy(GList *obj_list)
 {
   GHashTable *object_hash = g_hash_table_new(g_direct_hash, g_direct_equal);
   GList *all_list = g_list_copy(obj_list);
-  GList *new_list = NULL, *list = all_list;
+  GList *new_list = NULL, *list;
   int orig_length = g_list_length(obj_list);
 
   if (parent_list_expand(all_list)) /* fast way out */
@@ -107,7 +107,7 @@ GList *parent_list_affected(GList *obj_list)
 {
   GHashTable *object_hash = g_hash_table_new(g_direct_hash, g_direct_equal);
   GList *all_list = g_list_copy(obj_list);
-  GList *new_list = NULL, *list = all_list;
+  GList *new_list = NULL, *list;
 
   if (parent_list_expand(all_list)) /* fast way out */
     return g_list_copy(obj_list);
@@ -168,7 +168,7 @@ gboolean parent_handle_move_in_check(DiaObject *object, Point *to, Point *start_
   Rectangle common_ext;
   gboolean restricted = FALSE;
 
-  if (!object_flags_set(object, DIA_OBJECT_CAN_PARENT) || !object->children)
+  if (!object_flags_set(object, DIA_OBJECT_CAN_PARENT) || !list)
     return FALSE;
 
   while (list)
@@ -261,9 +261,6 @@ parent_handle_extents(DiaObject *obj, Rectangle *extents)
   int idx;
   coord *left_most = NULL, *top_most = NULL, *bottom_most = NULL, *right_most = NULL;
 
-  if (obj->num_handles == 0)
-    return FALSE;
-
   for (idx = 0; idx < obj->num_handles; idx++)
   {
     Handle *handle = obj->handles[idx];
@@ -278,6 +275,9 @@ parent_handle_extents(DiaObject *obj, Rectangle *extents)
       bottom_most = &handle->pos.y;
   }
 
+  if (!left_most ||  !right_most || !top_most || !bottom_most)
+    return FALSE;
+
   extents->left = *left_most;
   extents->right = *right_most;
   extents->top = *top_most;
diff --git a/lib/text.c b/lib/text.c
index 93c4989..d67a16b 100644
--- a/lib/text.c
+++ b/lib/text.c
@@ -972,10 +972,9 @@ text_key_event(Focus *focus,
         break;
       default:
         if (str || (strlen>0)) {
-          if (strlen == 1 && *str == '\r')
+          if (str && *str == '\r')
             break; /* avoid putting junk into our string */
           return_val = TRUE;
-          utf = str;
           for (utf = str; utf && *utf && strlen > 0 ;
 	       utf = g_utf8_next_char (utf), strlen--) {
             c = g_utf8_get_char (utf);
@@ -1051,11 +1050,8 @@ data_text(AttributeNode text_attr)
   Color col;
   Alignment align;
   AttributeNode attr;
-  DataNode composite_node;
   Text *text;
 
-  composite_node = attribute_first_data(text_attr);
-
   attr = composite_find_attribute(text_attr, "string");
   if (attr != NULL)
     string = data_string(attribute_first_data(attr));
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]