Bug 334117 – NULLderef in planner-task-tree.c reported by the coverity checker

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 334117 - NULLderef in planner-task-tree.c reported by the coverity checker


Summary:	NULLderef in planner-task-tree.c reported by the coverity checker


Status:	RESOLVED INVALID

Product:	planner
Classification:	Other
Component:	General
Version:	unspecified
Hardware:	Other Linux

Importance:	Normal normal
Target Milestone:	---
Assigned To:	planner-maint
QA Contact:	planner-maint

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2006-03-10 11:23 UTC by Kjartan Maraas
Modified:	2009-04-07 18:05 UTC

See Also:
GNOME target:	---
GNOME version:	---

Attachments
First attempt at fixing this. (5.95 KB, patch) 2006-07-18 00:35 UTC, Lincoln Phipps	none	Details \| Review

Description Kjartan Maraas 2006-03-10 11:23:10 UTC

Event assign_zero: Variable "unindent_tasks" assigned value 0.
Also see events: [var_deref_op]

3080 		GList               *unindent_tasks = NULL;
3081 		GtkTreePath         *path;
3082 		GtkTreeSelection    *selection;
3083 		gboolean             many;
3084 	
3085 		priv = tree->priv;
3086 		project = priv->project;
3087 	
3088 		model = PLANNER_GANTT_MODEL (gtk_tree_view_get_model (GTK_TREE_VIEW (tree)));
3089 		
3090 		list = planner_task_tree_get_selected_tasks (tree);

At conditional (1): "list == 0" taking false path

3091 		if (list == NULL) {
3092 			return;
3093 		}
3094 	
3095 		task = list->data;
3096 	
3097 		new_parent = mrp_task_get_parent (task);

At conditional (2): "new_parent != 0" taking true path

3098 		if (new_parent != NULL) {
3099 			new_parent = mrp_task_get_parent (new_parent);
3100 		}

At conditional (3): "new_parent == 0" taking false path

3101 		if (new_parent == NULL) {
3102 			/* No grandparent to unindent to. */ 
3103 			g_list_free (list);
3104 			return;
3105 		}
3106 		
3107 		first_task_parent = mrp_task_get_parent (task);
3108 	
3109 		/* Get a list of tasks that have the same parent as the first one. */

At conditional (4): "l != 0" taking true path
At conditional (6): "l != 0" taking false path

3110 		for (l = list; l; l = l->next) {
3111 			task = l->data;
3112 			

At conditional (5): "mrp_task_get_parent == first_task_parent" taking false path

3113 			if (mrp_task_get_parent (task) == first_task_parent) {
3114 				unindent_tasks = g_list_prepend (unindent_tasks, task);
3115 			}
3116 		}
3117 		g_list_free (list);
3118 	

Event var_deref_op: Variable "unindent_tasks" tracked as NULL was dereferenced.
Also see events: [assign_zero]

3119 		if (unindent_tasks->next) {
3120 			many = TRUE;
3121 		} else {
3122 			many = FALSE;
3123 		}

Comment 1 Lincoln Phipps 2006-07-18 00:35:15 UTC

Created attachment 69082 [details] [review]
First attempt at fixing this.

See same patch at, 334113, 334114, 334116 , 334117, 334121

Comment 2 Maurice van der Pot 2009-04-07 18:05:54 UTC

I believe this is a false positive.

'list' is first set to the set of selected tasks. If that list is empty, the function returns. Then the parent of the first task in the list is taken and the list is traversed to find tasks with that same parent. This is obviously guaranteed to be at least one, which means that unindent_tasks will never be NULL.
I can understand that a tool like coverity would miss this.

Please reopen if you do not agree.