Details
-
Bug
-
Resolution: Done
-
P3: Somewhat important
-
None
-
5.5.1, 5.6.2, 5.7.0, 5.8.0 Beta
Description
Klocwork 2016.2 reports some errors in Qt's header files.
A. MemoryPool::allocate_helper() http://code.qt.io/cgit/qt/qtdeclarative.git/tree/src/qml/parser/qqmljsmemorypool_p.h?h=5.5#n140 ---------------------------------------- 11;/home/user/Qt5.5.1/5.5/qnx6_x86/include/QtQml/5.5.1/QtQml/private/qqmljsmemorypool_p.h;140;13;Warning;3;C and C++;FREE.INCONSISTENT;Warning;allocate_helper;-1984532746;Memory pointed by 'this->_blocks' is freed at this point, but this memory is not freed upon function exits at line(s) 156.;System;Analyze;C and C++;unowned;4;; 12;/home/user/Qt5.5.1/5.5/qnx6_x86/include/QtQml/5.5.1/QtQml/private/qqmljsmemorypool_p.h;143;17;Critical;1;C and C++;NPD.FUNC.MUST;Error;allocate_helper;-893448703;Pointer '_blocks' returned from call to function 'realloc' at line 140 may be NULL and will be dereferenced at line 143.;System;Analyze;C and C++;unowned;5;; 13;/home/user/Qt5.5.1/5.5/qnx6_x86/include/QtQml/5.5.1/QtQml/private/qqmljsmemorypool_p.h;148;15;Critical;1;C and C++;NPD.FUNC.MUST;Error;allocate_helper;546728937;Pointer 'block' returned from call to function 'realloc' at line 140 may be NULL and will be dereferenced at line 148.;System;Analyze;C and C++;unowned;6;; ----------------------------------------
The result of realloc() is not checked.
When realloc() fails to reserve memory,
Old '_blocks' is leaked and invalid memory access is occurred.
B. QML_GETTYPENAMES in qmlRegisterSingletonType() http://code.qt.io/cgit/qt/qtdeclarative.git/tree/src/qml/qml/qqml.h?h=5.5#n544 ---------------------------------------- 42;/home/user/Qt5.5.1/5.5/qnx6_x86/include/QtQml/qqml.h;544;5;Critical;1;C and C++;NPD.FUNC.CALL.MUST;Error;qmlRegisterSingletonType;-836239127;Pointer 'pointerName.ptr' returned from call to function 'QVarLengthArray<char,48>' at line 544 may be NULL, will be passed to function and may be dereferenced there by passing argument 1 to function 'memcpy' at line 544.;System;Analyze;C and C++;unowned;25;; 43;/home/user/Qt5.5.1/5.5/qnx6_x86/include/QtQml/qqml.h;544;5;Critical;1;C and C++;NPD.FUNC.MUST;Error;qmlRegisterSingletonType;1529069522;Pointer 'listName.ptr' returned from call to function 'QVarLengthArray<char,64>' at line 544 may be NULL and will be dereferenced at line 544.;System;Analyze;C and C++;unowned;26;; ----------------------------------------
It seems QVarLengthArray is assumed to success allocating memory.