Compiz

Coverity FORWARD_NULL - CID 12458 - src/match.cpp - in function: matchOpsEqual(std::list<MatchOp , std::allocator<MatchOp >> &, std::list<MatchOp , std::allocator<MatchOp >> &) - Dynamic cast to pointer "dynamic_cast <MatchExpOp >(it1)" can return NULL. Assigning: "e1" = "dynamic_cast <MatchExpOp >(it1)". Passing null pointer "e1->value" to function "std::operator !=<char, std::char_traits<char>, std::allocator<char> >(std::basic_string<char, std::char_traits<char>, std::allocator<char> > const &, std::basic_string<char, std::char_traits<char>, std::allocator<char> > const &)", which dereferences it.

Bug #1101637 reported by Product Strategy Coverity Bug Uploader on 2013-01-18

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Compiz	Confirmed	Medium	Unassigned	Compiz 0.9.12.2
	0.9.9	Won't Fix	High	Unassigned

Bug Description

This bug is exported from the Coverity Integration Manager on Canonical's servers. For information on how this is done please see this website: https://wiki.ubuntu.com/CanonicalProductStrategy/Coverity
CID: 12458
Checker: FORWARD_NULL
Category: dynamic_cast
CWE definition: http://cwe.mitre.org/data/definitions/476.html
File: /tmp/buildd/compiz-0.9.9~daily13.01.14/src/match.cpp
Function: matchOpsEqual(std::list<MatchOp *, std::allocator<MatchOp *>> &, std::list<MatchOp *, std::allocator<MatchOp *>> &)
Code snippet:
224 return false;
225
226 break;
227 case MatchOp::TypeExp:
CID 12458 - FORWARD_NULL
Dynamic cast to pointer "dynamic_cast <MatchExpOp *>(*it1)" can return NULL.
Assigning: "e1" = "dynamic_cast <MatchExpOp *>(*it1)".
228 e1 = dynamic_cast<MatchExpOp *> (*it1);
229 e2 = dynamic_cast<MatchExpOp *> (*it2);
230
CID 12458 - FORWARD_NULL
Passing null pointer "e1->value" to function "std::operator !=<char, std::char_traits<char>, std::allocator<char> >(std::basic_string<char, std::char_traits<char>, std::allocator<char> > const &, std::basic_string<char, std::char_traits<char>, std::allocator<char> > const &)", which dereferences it.
231 if (e1->value != e2->value)
232 return false;
233

Tags:

Revision history for this message

Product Strategy Coverity Bug Uploader (coverity-uploader) wrote on 2013-01-18: compiz-0.9.9: /tmp/buildd/compiz-0.9.9~daily13.01.14/src/match.cpp

compiz-0.9.9: /tmp/buildd/compiz-0.9.9~daily13.01.14/src/match.cpp Edit (106.0 KiB, text/html)

Source file with Coverity annotations.

Changed in compiz:
importance:	Undecided → High

MC Return (mc-return) on 2013-07-06

summary:	- Coverity FORWARD_NULL - CID 12458 + Coverity FORWARD_NULL - CID 12458 - src/match.cpp - in function: + matchOpsEqual(std::list<MatchOp , std::allocator<MatchOp >> &, + std::list<MatchOp , std::allocator<MatchOp >> &) - Dynamic cast to + pointer "dynamic_cast <MatchExpOp >(it1)" can return NULL. Assigning: + "e1" = "dynamic_cast <MatchExpOp >(it1)". Passing null pointer + "e1->value" to function "std::operator !=<char, std::char_traits<char>, + std::allocator<char> >(std::basic_string<char, std::char_traits<char>, + std::allocator<char> > const &, std::basic_string<char, + std::char_traits<char>, std::allocator<char> > const &)", which + dereferences it.
Changed in compiz:
milestone:	none → 0.9.10.0