I came across some code which I think, can lead to dereferencing of a null-pointer. For example: File /core/sd/source/filter/eppt/pptx-grouptable.cxx pTemp is dereferenced in line 47 without checking whether the new operator returned a non-null-pointer. 45| GroupEntry** pTemp = new GroupEntry*[ nEntrys ]; 46| for ( sal_uInt32 i = 0; i < mnCurrentGroupEntry; i++ ) 47| pTemp[ i ] = mpGroupEntry[ i ]; Lines 59 and 60 of the same file has a similar case. File /core/desktop/unx/source/start.c too has calloc call with similar situation. In the line 118 ppArgs is dereferenced without checking for a non-null-pointer. I think this is some issue which we can work on (probably there will be some more) to make the code better (Please correct me if I have misunderstood anything)
On first look, that class could use an STL container for mpGroupEntry instead. Maybe a stack?
new throws an exception if allocation failed
Thank you for the clarification. I am sorry. I was thinking of the second error which I mentioned and when I came across the pointed out code I felt that it too falls to the same category. I missed the exception invoked in new operator. Still I think the issue I pointed out with calloc in /core/desktop/unx/source/start.c is valid. Here is the code (lines 116-118) : ppArgs = (rtl_uString **)calloc( nArgs + 1, sizeof( rtl_uString* ) ); for ( i = 0; i < nArgs; ++i ) ppArgs[i] = args->ppArgs[i];
'needsConfirmationAdvise' is only used for unconfirmed bugs. Removing it from this bug. [NinjaEdit]
David: can you comment on comment 3?
Closing this unsubstantiated speculation. If you find a particular sequence of arguments that actually causes a reproducibly dereferenced null, feel free to reopen.