425459 – ToolBarState and associated classes never check UMLScene* for NULL

Bug 425459 - ToolBarState and associated classes never check UMLScene* for NULL

Summary: ToolBarState and associated classes never check UMLScene* for NULL

Status:	CONFIRMED

Alias:	None

Product:	umbrello
Classification:	Applications
Component:	general (show other bugs)
Version:	Git
Platform:	Other Linux

Importance:	NOR crash
Target Milestone:	---
Assignee:	Umbrello Development Group

URL:
Keywords:

Depends on:
Blocks:

Reported:	2020-08-17 13:25 UTC by Robert Hairgrove
Modified:	2022-10-13 10:52 UTC (History)
CC List:	0 users

See Also:
Latest Commit:
Version Fixed In:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Robert Hairgrove 2020-08-17 13:25:41 UTC

SUMMARY
The class ToolBarStateFactory is responsible for creating instances of different classes derived from ToolBarState. It is passed a UMLScene* as its last argument. However, it does not check the pointer for NULL before using it, which causes undefined behavior if it is NULL.

The pointer to UMLScene is passed on to the derived classes, but apparently, also none of these other classes check the pointer, either.

Comment 1 Justin Zobel 2022-10-12 03:50:07 UTC

Thank you for reporting this crash in KDE software. As it has been a while since this issue was reported, can we please ask you to see if you can reproduce the crash with a recent software version?

If you can reproduce the issue, please change the status to "CONFIRMED" when replying. Thank you!

Comment 2 Robert Hairgrove 2022-10-13 10:52:34 UTC

AFAICT, the UMLScene* argument is still never checked for NULL. There are several classes which dereference the pointer without ever checking it; especially in the implementation of ToolBarState.