Bug 425459

Summary: ToolBarState and associated classes never check UMLScene* for NULL
Product: [Applications] umbrello Reporter: Robert Hairgrove <code>
Component: generalAssignee: Umbrello Development Group <umbrello-devel>
Status: CONFIRMED ---    
Severity: crash    
Priority: NOR    
Version: Git   
Target Milestone: ---   
Platform: Other   
OS: Linux   
Latest Commit: Version Fixed In:

Description Robert Hairgrove 2020-08-17 13:25:41 UTC 
SUMMARY
The class ToolBarStateFactory is responsible for creating instances of different classes derived from ToolBarState. It is passed a UMLScene* as its last argument. However, it does not check the pointer for NULL before using it, which causes undefined behavior if it is NULL.

The pointer to UMLScene is passed on to the derived classes, but apparently, also none of these other classes check the pointer, either.
Comment 1 Justin Zobel 2022-10-12 03:50:07 UTC 
Thank you for reporting this crash in KDE software. As it has been a while since this issue was reported, can we please ask you to see if you can reproduce the crash with a recent software version?

If you can reproduce the issue, please change the status to "CONFIRMED" when replying. Thank you!
Comment 2 Robert Hairgrove 2022-10-13 10:52:34 UTC 
AFAICT, the UMLScene* argument is still never checked for NULL. There are several classes which dereference the pointer without ever checking it; especially in the implementation of ToolBarState.