New Defects reported by Coverity Scan for LyX
Jean-Marc Lasgouttes
lasgouttes at lyx.org
Mon Aug 24 15:39:56 UTC 2020
Le 24/08/2020 à 12:16, scan-admin at coverity.com a écrit :
> Hi,
>
> Please find the latest report on new defect(s) introduced to LyX found with Coverity Scan.
>
> 2 new defect(s) introduced to LyX found with Coverity Scan.
> 1 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
>
> New defect(s) Reported-by: Coverity Scan
> Showing 2 of 2 defect(s)
>
>
> ** CID 361431: Null pointer dereferences (FORWARD_NULL)
>
>
> ________________________________________________________________________________________________________
> *** CID 361431: Null pointer dereferences (FORWARD_NULL)
> /home/lasgoutt/src/lyx/coverity/lyx/src/output_docbook.cpp: 359 in lyx::<unnamed>::makeParagraphBibliography(const lyx::Buffer &, lyx::XMLStream &, const lyx::OutputParams &, const lyx::Text &, const std::_List_const_iterator<lyx::Paragraph> &, const std::_List_const_iterator<lyx::Paragraph> &)()
> 353 // Don't forget the citation ID!
> 354 docstring attr;
> 355 for (auto i = 0; i < par->size(); ++i) {
> 356 Inset const *ip = par->getInset(0);
> 357 if (ip != nullptr && ip->lyxCode() == BIBITEM_CODE) {
> 358 const auto * bibitem = dynamic_cast<const InsetBibitem*>(par->getInset(i));
>>>> CID 361431: Null pointer dereferences (FORWARD_NULL)
>>>> Passing null pointer "bibitem" to "getParam", which dereferences it.
> 359 attr = from_utf8("xml:id='") + bibitem->getParam("key") + from_utf8("'");
> 360 break;
> 361 }
> 362 }
> 363 xs << xml::StartTag(from_utf8("bibliomixed"), attr);
> 364
Thibaut, I'll let you fix this one because the loop seems very fishy to
me: why let ip be the inset at position 0 (which is OK for bibitem
indeed) but then look at insets at all positions in paragraph?
Moreover, when it comes to identifying insets, the situation is a bit
unsatisfying. We have
* lyxCode to check the type of inset
* dynamic_cast like everywhere else
* asInsetXxx() , which are virtual functions that date from the time
when dynamic-cast was not usable for us (remember 1995?).
I would propose to either define Inset::asInsetBibitem() and use that,
or rely only on dynamic_cast. But it is not necessary to rely on inset
code IMO (I try to reduce the amount of such code uses, but they creep
back relentlessly :).
JMarc
More information about the lyx-devel
mailing list