QXlsx icon indicating copy to clipboard operation
QXlsx copied to clipboard

Published 20 hours ago verified publisher icon QtExcel

Several bugs are detected by SAST tools

Open ProjectMutilation opened this issue 4 years ago • 2 comments

Hi guys! Static analysis tools detected a some potential weakness in your project

  • 1
QXlsx/WebServer/recurse.hpp in line 526: Access of moved variable 'prev'.
  • 2
This errors are classified as CWE-457. It might cause undefined behavior 
QXlsx/header/xlsxchart_p.h in line 38: Not all members of a class are initialized inside the constructor. Consider inspecting: type, axisPos, axisId, crossAx.
QXlsx/source/xlsxchart.cpp in line 17: Not all members of a class are initialized inside the constructor. Consider inspecting: sheet, legendPos, legendOverlay, majorGridlinesEnabled, minorGridlinesEnabled.
  • 3
QXlsx/source/xlsxzipreader.cpp in line 57: An excessive check can be simplified. The '||' operator is surrounded by opposite expressions 'fi.isFile' and '!fi.isFile'. 
This error is classified as CWE-571
  • 4
QXlsx/source/xlsxstyles.cppin lines 618 and 621: The conditional expressions of the 'if' statements situated alongside each other are identical.
  • 5
QXlsx/source/xlsxworksheet.cpp: The use of 'if (A) {...} else if (A) {...}' pattern was detected. There is a probability of logical error presence. Check lines: 796, 812.
It is strange code
  • 6
QXlsx/source/xlsxworksheet.cpp in 1411 There are identical sub-expressions '!(d->MoodFooter.isNull())' to the left and to the right of the '||' operator.

Also static analysis tools reported several minor issues which might be good to fix

  • 1
QXlsx/source/xlsxdrawinganchor.cpp in line 665
The '!xIn_w.isEmpty()' condition was already verified in line 664.
QXlsx/source/xlsxdrawinganchor.cpp  in line 875 
The '!xIn_w.isEmpty()' condition was already verified in line 874.
This checks are not required. It is error that classified as CWE-571.
  • 2
File: QXlsx/QXlsx/source/xlsxconditionalformatting.cpp
Line 188: Expression 'type >= Highlight_LessThan' is always true.
Line 203: Expression 'type >= Highlight_ContainsText' is always true.
Line 247: Expression 'type >= Highlight_Top' is always true.
Line 255: Expression 'type >= Highlight_AboveAverage' is always true.
Line 257: Expression 'type <= Highlight_BelowStdDev3' is always true.
It is possible wrong logic
  • 3
QXlsx/source/xlsxworksheet.cpp in line 2439: The 'cellType' variable was assigned the same value.
  • 4
QXlsx/source/xlsxrelationships.cpp:72: It is odd that the body of 'worksheetRelationships' function is fully equivalent to the body of 'documentRelationships' function.
  • 5
QXlsx/source/xlsxdocpropscore.cpp:104: Two similar code fragments were found. Perhaps, this is a typo and 'cp' variable should be used instead of 'dc'.
  • 6
QXlsx/source/xlsxworkbook.cpp:546: The code contains the collection of similar blocks. Check items 'writeEndElement', 'writeEndElement', 'writeEndDocument' in lines 546, 548, 549.

ProjectMutilation avatar May 06 '20 09:05 ProjectMutilation

Dear @ProjectMutilation Thanks for reporting. I'll register this issue. And, what is your tool?

j2doll avatar May 06 '20 14:05 j2doll

@j2doll my tool-set: cppcheck, clang-tidy and a commercial solution what I don't want to call

ProjectMutilation avatar May 06 '20 15:05 ProjectMutilation