372872 – Possible Null-Pointer dereference in AlbumManager [patch]

Bug 372872 - Possible Null-Pointer dereference in AlbumManager [patch]

Summary: Possible Null-Pointer dereference in AlbumManager [patch]

Status:	RESOLVED FIXED

Alias:	None

Product:	digikam
Classification:	Applications
Component:	Searches-Similarity (show other bugs)
Version:	5.4.0
Platform:	Compiled Sources Linux

Importance:	NOR normal
Target Milestone:	---
Assignee:	Digikam Developers

URL:
Keywords:

Depends on:
Blocks:

Reported:	2016-11-24 07:34 UTC by Mario Frank
Modified:	2016-11-24 10:29 UTC (History)
CC List:	2 users (show)

See Also:
Latest Commit:	https://commits.kde.org/digikam/b5a252ea99b1bd77b581d88b68aa9ba8a2c1b4c8
Version Fixed In:	5.4.0
Sentry Crash Report:

Attachments
Patch for the possible NULL Pointer derefernce (1.12 KB, patch) 2016-11-24 07:34 UTC, Mario Frank	Details
View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Mario Frank 2016-11-24 07:34:50 UTC

Created attachment 102429 [details]
Patch for the possible NULL Pointer derefernce

As reported by coverty scan:
*** CID 1394671:  Null pointer dereferences  (FORWARD_NULL)
/home/gilles/Devel/5.x/core/libs/album/albummanager.cpp: 2080 in Digikam::AlbumManager::findSAlbumsBySearchType(int) const()
2074     
2075     QList<SAlbum*> AlbumManager::findSAlbumsBySearchType(int searchType) const
2076     {
2077         QList<SAlbum*> albums;
2078         for (Album* album = d->rootSAlbum->firstChild(); album; album = album->next())
2079         {
>>>     CID 1394671:  Null pointer dereferences  (FORWARD_NULL)
>>>     Assigning: "sAlbum" = "dynamic_cast <Digikam::SAlbum *>(album)".
2080             SAlbum* sAlbum = dynamic_cast<SAlbum*>(album);
2081             if (sAlbum->searchType() == searchType)
2082             {
2083                 albums.append(sAlbum);
2084             }
2085         }

As I understand that, either firstChild() may return NULL which is processed by dynamic_cast and this may also return NULL.
I prevent that by explicitly checking for NULL.

Comment 1 caulier.gilles 2016-11-24 10:27:22 UTC

Confirmed by Coverity Static analyzer :

1 new defect(s) introduced to digiKam found with Coverity Scan.


New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)


** CID 1394671:  Null pointer dereferences  (FORWARD_NULL)
/home/gilles/Devel/5.x/core/libs/album/albummanager.cpp: 2080 in Digikam::AlbumManager::findSAlbumsBySearchType(int) const()


________________________________________________________________________________________________________
*** CID 1394671:  Null pointer dereferences  (FORWARD_NULL)
/home/gilles/Devel/5.x/core/libs/album/albummanager.cpp: 2080 in Digikam::AlbumManager::findSAlbumsBySearchType(int) const()
2074
2075     QList<SAlbum*> AlbumManager::findSAlbumsBySearchType(int searchType) const
2076     {
2077         QList<SAlbum*> albums;
2078         for (Album* album = d->rootSAlbum->firstChild(); album; album = album->next())
2079         {
>>>     CID 1394671:  Null pointer dereferences  (FORWARD_NULL)
>>>     Assigning: "sAlbum" = "dynamic_cast <Digikam::SAlbum *>(album)".
2080             SAlbum* sAlbum = dynamic_cast<SAlbum*>(album);
2081             if (sAlbum->searchType() == searchType)
2082             {
2083                 albums.append(sAlbum);
2084             }
2085         }

Comment 2 caulier.gilles 2016-11-24 10:29:14 UTC

Git commit b5a252ea99b1bd77b581d88b68aa9ba8a2c1b4c8 by Gilles Caulier.
Committed on 24/11/2016 at 10:28.
Pushed by cgilles into branch 'master'.

apply patch #102429 from Mario Frank
FIXED-IN: 5.4.0

M  +2    -1    NEWS
M  +6    -3    libs/album/albummanager.cpp

https://commits.kde.org/digikam/b5a252ea99b1bd77b581d88b68aa9ba8a2c1b4c8