New Defects reported by Coverity Scan for LyX

Jean-Marc Lasgouttes lasgouttes at lyx.org
Mon Aug 24 15:39:56 UTC 2020


Le 24/08/2020 à 12:16, scan-admin at coverity.com a écrit :
> Hi,
> 
> Please find the latest report on new defect(s) introduced to LyX found with Coverity Scan.
> 
> 2 new defect(s) introduced to LyX found with Coverity Scan.
> 1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
> 
> New defect(s) Reported-by: Coverity Scan
> Showing 2 of 2 defect(s)
> 
> 
> ** CID 361431:  Null pointer dereferences  (FORWARD_NULL)
> 
> 
> ________________________________________________________________________________________________________
> *** CID 361431:  Null pointer dereferences  (FORWARD_NULL)
> /home/lasgoutt/src/lyx/coverity/lyx/src/output_docbook.cpp: 359 in lyx::<unnamed>::makeParagraphBibliography(const lyx::Buffer &, lyx::XMLStream &, const lyx::OutputParams &, const lyx::Text &, const std::_List_const_iterator<lyx::Paragraph> &, const std::_List_const_iterator<lyx::Paragraph> &)()
> 353     		// Don't forget the citation ID!
> 354     		docstring attr;
> 355     		for (auto i = 0; i < par->size(); ++i) {
> 356     			Inset const *ip = par->getInset(0);
> 357     			if (ip != nullptr && ip->lyxCode() == BIBITEM_CODE) {
> 358     				const auto * bibitem = dynamic_cast<const InsetBibitem*>(par->getInset(i));
>>>>      CID 361431:  Null pointer dereferences  (FORWARD_NULL)
>>>>      Passing null pointer "bibitem" to "getParam", which dereferences it.
> 359     				attr = from_utf8("xml:id='") + bibitem->getParam("key") + from_utf8("'");
> 360     				break;
> 361     			}
> 362     		}
> 363     		xs << xml::StartTag(from_utf8("bibliomixed"), attr);
> 364

Thibaut, I'll let you fix this one because the loop seems very fishy to 
me: why let ip be the inset at position 0 (which is OK for bibitem 
indeed) but then look at insets at all positions in paragraph?

Moreover, when it comes to identifying insets, the situation is a bit 
unsatisfying. We have
* lyxCode to check the type of inset
* dynamic_cast like everywhere else
* asInsetXxx() , which are virtual functions that date from the time 
when dynamic-cast was not usable for us (remember 1995?).

I would propose to either define Inset::asInsetBibitem() and use that, 
or rely only on dynamic_cast. But it is not necessary to rely on inset 
code IMO (I try to reduce the amount of such code uses, but they creep 
back relentlessly :).

JMarc


More information about the lyx-devel mailing list