Project Name | CID | Checker | Category | Developer Description |
---|---|---|---|---|
LyX | 102061 | REVERSE_INULL | Null pointer dereferences | This code will definitely crash due to a null pointer dereference in certain cases. |
1443 1444 1445 1446 1447 1448 1449 1450 1451 1452 1453 1454 1455 1456 1457 1458 1459 1460 1461 1462 1463 1464 1465 1466 |
theSession().bookmarks().bookmark(idx); LASSERT(!bm.filename.empty(), return); string const file = bm.filename.absFileName(); // if the file is not opened, open it. if (!theBufferList().exists(bm.filename)) { if (openFile) dispatch(FuncRequest(LFUN_FILE_OPEN, file)); else return; } // open may fail, so we need to test it again if (!theBufferList().exists(bm.filename)) return; // bm can be changed when saving BookmarksSection::Bookmark tmp = bm; // Special case idx == 0 used for back-from-back jump navigation if (idx == 0) dispatch(FuncRequest(LFUN_BOOKMARK_SAVE, "0")); // if the current buffer is not that one, switch to it. BufferView * doc_bv = current_view_ ? current_view_->documentBufferView() : 0; |
<< Dereferencing pointer "doc_bv".
1467 |
Cursor const old = doc_bv->cursor(); |
<<< CID 102061: Null pointer dereferences REVERSE_INULL <<< Null-checking "doc_bv" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
1468 1469 1470 1471 1472 1473 1474 1475 1476 1477 1478 1479 1480 1481 1482 1483 1484 1485 1486 1487 1488 1489 1490 1491 1492 1493 1494 |
if (!doc_bv || doc_bv->buffer().fileName() != tmp.filename) { if (switchToBuffer) { dispatch(FuncRequest(LFUN_BUFFER_SWITCH, file)); if (!current_view_) return; doc_bv = current_view_->documentBufferView(); } else return; } // moveToPosition try paragraph id first and then paragraph (pit, pos). if (!doc_bv->moveToPosition( tmp.bottom_pit, tmp.bottom_pos, tmp.top_id, tmp.top_pos)) return; Cursor & cur = doc_bv->cursor(); if (cur != old) notifyCursorLeavesOrEnters(old, cur); // bm changed if (idx == 0) return; // Cursor jump succeeded! pit_type new_pit = cur.pit(); pos_type new_pos = cur.pos(); int new_id = cur.paragraph().id(); |
deref_ptr_in_call | GuiApplication.cpp:1467 | |
check_after_deref | GuiApplication.cpp:1468 |