New Defects reported by Coverity Scan for digiKam
Locked
New Defects reported by Coverity Scan for digiKam
 
|
Hi, Please find the latest report on new defect(s) introduced to digiKam found with Coverity Scan. 52 new defect(s) introduced to digiKam found with Coverity Scan. 4 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 20 of 52 defect(s) ** CID 1327514: Code maintainability issues (UNUSED_VALUE) /home/gilles/Devel/5.x/core/libs/rawengine/libraw/demosaic-pack-GPL2/afd_interpolate_pl.c: 195 in LibRaw::afd_interpolate_pl(int, int)() ________________________________________________________________________________________________________ *** CID 1327514: Code maintainability issues (UNUSED_VALUE) /home/gilles/Devel/5.x/core/libs/rawengine/libraw/demosaic-pack-GPL2/afd_interpolate_pl.c: 195 in LibRaw::afd_interpolate_pl(int, int)() 189 } 190 } 191 free(w); 192 193 // Interpolate green pixels at RED/BLUE 194 for (rr=2; rr < rr1-2; rr++) >>> CID 1327514: Code maintainability issues (UNUSED_VALUE) >>> Assigning value from "2 - this->FC(rr, cc)" to "c" here, but that stored value is overwritten before it can be used. 195 for (cc=2+(FC(rr,2)&1), c=2-FC(rr,cc); cc < cc1-2; cc+=2) { 196 pix = dimage + rr*cc1+cc; 197 // green 198 pix[0][1] = pix[0][3] + 0.25*(pix[ -1][1] - pix[ -1][3] + 199 pix[ 1][1] - pix[ 1][3] + 200 pix[p23][1] - pix[p23][3] + ** CID 1327513: Code maintainability issues (UNUSED_VALUE) /home/gilles/Devel/5.x/core/libs/rawengine/libraw/demosaic-pack-GPL2/lmmse_interpolate.c: 240 in LibRaw::lmmse_interpolate(int)() ________________________________________________________________________________________________________ *** CID 1327513: Code maintainability issues (UNUSED_VALUE) /home/gilles/Devel/5.x/core/libs/rawengine/libraw/demosaic-pack-GPL2/lmmse_interpolate.c: 240 in LibRaw::lmmse_interpolate(int)() 234 PIX_SORT(p5,p8); PIX_SORT(p5,p3); PIX_SORT(p7,p5); 235 PIX_SORT(p5,p3); 236 rix[0][4] = p5; } 237 for (ii=0; ii < rr1*cc1; ii++) qix[ii][d] = qix[ii][4]; } 238 // red/blue at GREEN pixel locations 239 for (rr=0; rr < rr1; rr++) >>> CID 1327513: Code maintainability issues (UNUSED_VALUE) >>> Assigning value from "this->FC(rr, cc + 1)" to "c" here, but that stored value is overwritten before it can be used. 240 for (cc=(FC(rr,1)&1), c=FC(rr,cc+1); cc < cc1; cc+=2) { 241 rix = qix + rr*cc1 + cc; 242 rix[0][0] = rix[0][1] + rix[0][3]; 243 rix[0][2] = rix[0][1] + rix[0][5]; } 244 // red/blue and green at BLUE/RED pixel locations 245 for (rr=0; rr < rr1; rr++) ** CID 1327512: (UNUSED_VALUE) /home/gilles/Devel/5.x/core/libs/rawengine/libraw/demosaic-pack-GPL2/lmmse_interpolate.c: 233 in LibRaw::lmmse_interpolate(int)() /home/gilles/Devel/5.x/core/libs/rawengine/libraw/demosaic-pack-GPL2/lmmse_interpolate.c: 232 in LibRaw::lmmse_interpolate(int)() ________________________________________________________________________________________________________ *** CID 1327512: (UNUSED_VALUE) /home/gilles/Devel/5.x/core/libs/rawengine/libraw/demosaic-pack-GPL2/lmmse_interpolate.c: 233 in LibRaw::lmmse_interpolate(int)() 227 p7 = rix[ w1-1][d]; p8 = rix[ w1][d]; p9 = rix[ w1+1][d]; 228 // Sort for median of 9 values 229 PIX_SORT(p2,p3); PIX_SORT(p5,p6); PIX_SORT(p8,p9); 230 PIX_SORT(p1,p2); PIX_SORT(p4,p5); PIX_SORT(p7,p8); 231 PIX_SORT(p2,p3); PIX_SORT(p5,p6); PIX_SORT(p8,p9); 232 PIX_SORT(p1,p4); PIX_SORT(p6,p9); PIX_SORT(p5,p8); >>> CID 1327512: (UNUSED_VALUE) >>> Assigning value from "temp" to "p6" here, but that stored value is overwritten before it can be used. 233 PIX_SORT(p4,p7); PIX_SORT(p2,p5); PIX_SORT(p3,p6); 234 PIX_SORT(p5,p8); PIX_SORT(p5,p3); PIX_SORT(p7,p5); 235 PIX_SORT(p5,p3); 236 rix[0][4] = p5; } 237 for (ii=0; ii < rr1*cc1; ii++) qix[ii][d] = qix[ii][4]; } 238 // red/blue at GREEN pixel locations /home/gilles/Devel/5.x/core/libs/rawengine/libraw/demosaic-pack-GPL2/lmmse_interpolate.c: 232 in LibRaw::lmmse_interpolate(int)() 226 p4 = rix[ -1][d]; p5 = rix[ 0][d]; p6 = rix[ 1][d]; 227 p7 = rix[ w1-1][d]; p8 = rix[ w1][d]; p9 = rix[ w1+1][d]; 228 // Sort for median of 9 values 229 PIX_SORT(p2,p3); PIX_SORT(p5,p6); PIX_SORT(p8,p9); 230 PIX_SORT(p1,p2); PIX_SORT(p4,p5); PIX_SORT(p7,p8); 231 PIX_SORT(p2,p3); PIX_SORT(p5,p6); PIX_SORT(p8,p9); >>> CID 1327512: (UNUSED_VALUE) >>> Assigning value from "temp" to "p9" here, but that stored value is overwritten before it can be used. 232 PIX_SORT(p1,p4); PIX_SORT(p6,p9); PIX_SORT(p5,p8); 233 PIX_SORT(p4,p7); PIX_SORT(p2,p5); PIX_SORT(p3,p6); 234 PIX_SORT(p5,p8); PIX_SORT(p5,p3); PIX_SORT(p7,p5); 235 PIX_SORT(p5,p3); 236 rix[0][4] = p5; } 237 for (ii=0; ii < rr1*cc1; ii++) qix[ii][d] = qix[ii][4]; } ** CID 1327511: (UNUSED_VALUE) /home/gilles/Devel/5.x/core/libs/rawengine/libraw/demosaic-pack-GPL2/lmmse_interpolate.c: 233 in LibRaw::lmmse_interpolate(int)() /home/gilles/Devel/5.x/core/libs/rawengine/libraw/demosaic-pack-GPL2/lmmse_interpolate.c: 234 in LibRaw::lmmse_interpolate(int)() ________________________________________________________________________________________________________ *** CID 1327511: (UNUSED_VALUE) /home/gilles/Devel/5.x/core/libs/rawengine/libraw/demosaic-pack-GPL2/lmmse_interpolate.c: 233 in LibRaw::lmmse_interpolate(int)() 227 p7 = rix[ w1-1][d]; p8 = rix[ w1][d]; p9 = rix[ w1+1][d]; 228 // Sort for median of 9 values 229 PIX_SORT(p2,p3); PIX_SORT(p5,p6); PIX_SORT(p8,p9); 230 PIX_SORT(p1,p2); PIX_SORT(p4,p5); PIX_SORT(p7,p8); 231 PIX_SORT(p2,p3); PIX_SORT(p5,p6); PIX_SORT(p8,p9); 232 PIX_SORT(p1,p4); PIX_SORT(p6,p9); PIX_SORT(p5,p8); >>> CID 1327511: (UNUSED_VALUE) >>> Assigning value from "p5" to "p2" here, but that stored value is overwritten before it can be used. 233 PIX_SORT(p4,p7); PIX_SORT(p2,p5); PIX_SORT(p3,p6); 234 PIX_SORT(p5,p8); PIX_SORT(p5,p3); PIX_SORT(p7,p5); 235 PIX_SORT(p5,p3); 236 rix[0][4] = p5; } 237 for (ii=0; ii < rr1*cc1; ii++) qix[ii][d] = qix[ii][4]; } 238 // red/blue at GREEN pixel locations /home/gilles/Devel/5.x/core/libs/rawengine/libraw/demosaic-pack-GPL2/lmmse_interpolate.c: 234 in LibRaw::lmmse_interpolate(int)() 228 // Sort for median of 9 values 229 PIX_SORT(p2,p3); PIX_SORT(p5,p6); PIX_SORT(p8,p9); 230 PIX_SORT(p1,p2); PIX_SORT(p4,p5); PIX_SORT(p7,p8); 231 PIX_SORT(p2,p3); PIX_SORT(p5,p6); PIX_SORT(p8,p9); 232 PIX_SORT(p1,p4); PIX_SORT(p6,p9); PIX_SORT(p5,p8); 233 PIX_SORT(p4,p7); PIX_SORT(p2,p5); PIX_SORT(p3,p6); >>> CID 1327511: (UNUSED_VALUE) >>> Assigning value from "p5" to "p7" here, but that stored value is overwritten before it can be used. 234 PIX_SORT(p5,p8); PIX_SORT(p5,p3); PIX_SORT(p7,p5); 235 PIX_SORT(p5,p3); 236 rix[0][4] = p5; } 237 for (ii=0; ii < rr1*cc1; ii++) qix[ii][d] = qix[ii][4]; } 238 // red/blue at GREEN pixel locations 239 for (rr=0; rr < rr1; rr++) ** CID 1327510: Incorrect expression (UNINTENDED_INTEGER_DIVISION) /home/gilles/Devel/5.x/core/libs/rawengine/libraw/demosaic-pack-GPL2/dcraw_foveon.c: 427 in LibRaw::foveon_camf_matrix(unsigned int *, const char *)() ________________________________________________________________________________________________________ *** CID 1327510: Incorrect expression (UNINTENDED_INTEGER_DIVISION) /home/gilles/Devel/5.x/core/libs/rawengine/libraw/demosaic-pack-GPL2/dcraw_foveon.c: 427 in LibRaw::foveon_camf_matrix(unsigned int *, const char *)() 421 if ((ndim = sget4(cp+4)) > 3) break; 422 dp = pos + sget4(cp+8); 423 for (i=ndim; i--; ) { 424 cp += 12; 425 dim[i] = sget4(cp); 426 } >>> CID 1327510: Incorrect expression (UNINTENDED_INTEGER_DIVISION) >>> Dividing integer expressions "this->libraw_internal_data.unpacker_data.meta_length" and "4U", and then converting the integer quotient to type "double". Any remainder, or fractional part of the quotient, is ignored. 427 if ((dsize = (double) dim[0]*dim[1]*dim[2]) > meta_length/4) break; 428 mat = (unsigned *) malloc ((size = dsize) * 4); 429 merror (mat, "foveon_camf_matrix()"); 430 for (i=0; i < size; i++) 431 if (type && type != 6) 432 mat[i] = sget4(dp + i*4); ** CID 1327509: Uninitialized members (UNINIT_CTOR) /home/gilles/Devel/5.x/extra/kipi-plugins/expoblending/manager/actionthread.cpp: 87 in KIPIExpoBlendingPlugin::ActionThread::Private::Private()() ________________________________________________________________________________________________________ *** CID 1327509: Uninitialized members (UNINIT_CTOR) /home/gilles/Devel/5.x/extra/kipi-plugins/expoblending/manager/actionthread.cpp: 87 in KIPIExpoBlendingPlugin::ActionThread::Private::Private()() 81 PluginLoader* const pl = PluginLoader::instance(); 82 83 if (pl) 84 { 85 iface = pl->interface(); 86 } >>> CID 1327509: Uninitialized members (UNINIT_CTOR) >>> Non-static class member "iface" is not initialized in this constructor nor in any functions that it calls. 87 } 88 89 struct Task 90 { 91 bool align; 92 QList<QUrl> urls; ** CID 1327508: (UNINIT) /home/gilles/Devel/5.x/core/libs/rawengine/libraw/internal/dcraw_common.cpp: 8481 in LibRaw::parse_makernote(int, int)() /home/gilles/Devel/5.x/core/libs/rawengine/libraw/internal/dcraw_common.cpp: 8486 in LibRaw::parse_makernote(int, int)() ________________________________________________________________________________________________________ *** CID 1327508: (UNINIT) /home/gilles/Devel/5.x/core/libs/rawengine/libraw/internal/dcraw_common.cpp: 8481 in LibRaw::parse_makernote(int, int)() 8475 } 8476 if(!strncasecmp(make,"Samsung",7)) 8477 { 8478 if (tag == 0xa020) // get the full Samsung encryption key 8479 for (i=0; i<11; i++) SamsungKey[i] = get4(); 8480 if (tag == 0xa021) // get and decode Samsung cam_mul array >>> CID 1327508: (UNINIT) >>> Using uninitialized value "SamsungKey[c]". 8481 FORC4 cam_mul[c ^ (c >> 1)] = get4() - SamsungKey[c]; 8482 if (tag == 0xa030 && len == 9) // get and decode Samsung color matrix 8483 for (i=0; i < 3; i++) 8484 FORC3 cmatrix[i][c] = (short)((get4() + SamsungKey[i*3+c]))/256.0; 8485 if (tag == 0xa028) 8486 FORC4 cblack[c ^ (c >> 1)] = get4() - SamsungKey[c]; /home/gilles/Devel/5.x/core/libs/rawengine/libraw/internal/dcraw_common.cpp: 8486 in LibRaw::parse_makernote(int, int)() 8480 if (tag == 0xa021) // get and decode Samsung cam_mul array 8481 FORC4 cam_mul[c ^ (c >> 1)] = get4() - SamsungKey[c]; 8482 if (tag == 0xa030 && len == 9) // get and decode Samsung color matrix 8483 for (i=0; i < 3; i++) 8484 FORC3 cmatrix[i][c] = (short)((get4() + SamsungKey[i*3+c]))/256.0; 8485 if (tag == 0xa028) >>> CID 1327508: (UNINIT) >>> Using uninitialized value "SamsungKey[c]". 8486 FORC4 cblack[c ^ (c >> 1)] = get4() - SamsungKey[c]; 8487 } 8488 else 8489 { 8490 // Somebody else use 0xa021 and 0xa028? 8491 if (tag == 0xa021) ** CID 1327507: Uninitialized variables (UNINIT) /home/gilles/Devel/5.x/core/libs/rawengine/libraw/internal/dcraw_common.cpp: 8695 in LibRaw::parse_mos(int)() ________________________________________________________________________________________________________ *** CID 1327507: Uninitialized variables (UNINIT) /home/gilles/Devel/5.x/core/libs/rawengine/libraw/internal/dcraw_common.cpp: 8695 in LibRaw::parse_mos(int)() 8689 static const char *mod[] = 8690 { "","DCB2","Volare","Cantare","CMost","Valeo 6","Valeo 11","Valeo 22", 8691 "Valeo 11p","Valeo 17","","Aptus 17","Aptus 22","Aptus 75","Aptus 65", 8692 "Aptus 54S","Aptus 65S","Aptus 75S","AFi 5","AFi 6","AFi 7", 8693 "AFi-II 7","Aptus-II 7","","Aptus-II 6","","","Aptus-II 10","Aptus-II 5", 8694 "","","","","Aptus-II 10R","Aptus-II 8","","Aptus-II 12","","AFi-II 12" }; >>> CID 1327507: Uninitialized variables (UNINIT) >>> Declaring variable "romm_cam" without initializer. 8695 float romm_cam[3][3]; 8696 8697 fseek (ifp, offset, SEEK_SET); 8698 while (1) { 8699 if (get4() != 0x504b5453) break; 8700 get4(); ** CID 1327506: Memory - illegal accesses (UNINIT) /home/gilles/Devel/5.x/core/libs/rawengine/libraw/internal/dcraw_common.cpp: 5893 in LibRaw::processNikonLensData(unsigned char *, unsigned int)() ________________________________________________________________________________________________________ *** CID 1327506: Memory - illegal accesses (UNINIT) /home/gilles/Devel/5.x/core/libs/rawengine/libraw/internal/dcraw_common.cpp: 5893 in LibRaw::processNikonLensData(unsigned char *, unsigned int)() 5887 i = 7; 5888 break; 5889 case 16: 5890 i = 8; 5891 break; 5892 } >>> CID 1327506: Memory - illegal accesses (UNINIT) >>> Using uninitialized value "i". 5893 imgdata.lens.nikon.NikonLensIDNumber = LensData[i]; 5894 imgdata.lens.nikon.NikonLensFStops = LensData[i + 1]; 5895 imgdata.lens.makernotes.LensFStops = (float)imgdata.lens.nikon.NikonLensFStops /12.0f; 5896 if (fabsf(imgdata.lens.makernotes.MinFocal) < 1.1f) 5897 { 5898 if ((imgdata.lens.nikon.NikonLensType ^ (uchar)0x01) || LensData[i + 2]) ** CID 1327505: Uninitialized variables (UNINIT) /home/gilles/Devel/5.x/core/libs/rawengine/libraw/internal/dcraw_common.cpp: 3285 in LibRaw::sony_arw2_load_raw()() ________________________________________________________________________________________________________ *** CID 1327505: Uninitialized variables (UNINIT) /home/gilles/Devel/5.x/core/libs/rawengine/libraw/internal/dcraw_common.cpp: 3285 in LibRaw::sony_arw2_load_raw()() 3279 LIM(((slope*step*1000)/(curve[pix[i]<<1]-black)),0,10000):0; 3280 } 3281 } 3282 else 3283 { 3284 for (i=0; i < 16; i++, col+=2) >>> CID 1327505: Uninitialized variables (UNINIT) >>> Using uninitialized value "pix[i]". 3285 RAW(row,col) = curve[pix[i] << 1]; 3286 } 3287 #else 3288 for (i=0; i < 16; i++, col+=2) 3289 RAW(row,col) = curve[pix[i] << 1] >> 2; 3290 #endif ** CID 1327504: Uninitialized variables (UNINIT) /home/gilles/Devel/5.x/core/libs/rawengine/libraw/internal/dcraw_common.cpp: 3409 in LibRaw::samsung3_load_raw()() ________________________________________________________________________________________________________ *** CID 1327504: Uninitialized variables (UNINIT) /home/gilles/Devel/5.x/core/libs/rawengine/libraw/internal/dcraw_common.cpp: 3409 in LibRaw::samsung3_load_raw()() 3403 FORC(16) { 3404 col = tab + (((c & 7) << 1)^(c >> 3)^(row & 1)); 3405 pred = (pmode == 7 || row < 2) 3406 ? (tab ? RAW(row,tab-2+(col & 1)) : init) 3407 : (prow[col & 1][col-'4'+"0224468"[pmode]] + 3408 prow[col & 1][col-'4'+"0244668"[pmode]] + 1) >> 1; >>> CID 1327504: Uninitialized variables (UNINIT) >>> Using uninitialized value "len[c >> 2]". 3409 diff = ph1_bits (i = len[c >> 2]); 3410 if (diff >> (i-1)) diff -= 1 << i; 3411 diff = diff * (mag*2+1) + mag; 3412 RAW(row,col) = pred + diff; 3413 } 3414 } ** CID 1327503: Uninitialized variables (UNINIT) /home/gilles/Devel/5.x/core/libs/rawengine/libraw/internal/dcraw_common.cpp: 10152 in LibRaw::parse_phase_one(int)() ________________________________________________________________________________________________________ *** CID 1327503: Uninitialized variables (UNINIT) /home/gilles/Devel/5.x/core/libs/rawengine/libraw/internal/dcraw_common.cpp: 10152 in LibRaw::parse_phase_one(int)() 10146 maximum = 0x3fff; 10147 } 10148 10149 void CLASS parse_phase_one (int base) 10150 { 10151 unsigned entries, tag, type, len, data, save, i, c; >>> CID 1327503: Uninitialized variables (UNINIT) >>> Declaring variable "romm_cam" without initializer. 10152 float romm_cam[3][3]; 10153 char *cp; 10154 10155 #ifdef LIBRAW_LIBRARY_BUILD 10156 char body_id[3]; 10157 body_id[0] = 0; ** CID 1327502: Insecure data handling (TAINTED_SCALAR) /home/gilles/Devel/5.x/core/libs/rawengine/libraw/internal/dcraw_common.cpp: 1022 in LibRaw::lossless_dng_load_raw()() ________________________________________________________________________________________________________ *** CID 1327502: Insecure data handling (TAINTED_SCALAR) /home/gilles/Devel/5.x/core/libs/rawengine/libraw/internal/dcraw_common.cpp: 1022 in LibRaw::lossless_dng_load_raw()() 1016 jwide = jh.wide; 1017 if (filters) jwide *= jh.clrs; 1018 jwide /= is_raw; 1019 #ifdef LIBRAW_LIBRARY_BUILD 1020 try { 1021 #endif >>> CID 1327502: Insecure data handling (TAINTED_SCALAR) >>> Using tainted variable "jh.high" as a loop boundary. 1022 for (row=col=jrow=0; jrow < jh.high; jrow++) { 1023 #ifdef LIBRAW_LIBRARY_BUILD 1024 checkCancel(); 1025 #endif 1026 rp = ljpeg_row (jrow, &jh); 1027 for (jcol=0; jcol < jwide; jcol++) { ** CID 1327501: Insecure data handling (TAINTED_SCALAR) /home/gilles/Devel/5.x/core/libs/rawengine/libraw/demosaic-pack-GPL2/dcraw_foveon.c: 240 in LibRaw::foveon_thumb()() ________________________________________________________________________________________________________ *** CID 1327501: Insecure data handling (TAINTED_SCALAR) /home/gilles/Devel/5.x/core/libs/rawengine/libraw/demosaic-pack-GPL2/dcraw_foveon.c: 240 in LibRaw::foveon_thumb()() 234 struct decode *dindex; 235 short pred[3]; 236 237 bwide = get4(); 238 fprintf (ofp, "P6\n%d %d\n255\n", thumb_width, thumb_height); 239 if (bwide > 0) { >>> CID 1327501: Insecure data handling (TAINTED_SCALAR) >>> Checking lower bounds of unsigned scalar "bwide" by "bwide < this->imgdata.thumbnail.twidth * 3". 240 if (bwide < thumb_width*3) return; 241 buf = (char *) malloc (bwide); 242 merror (buf, "foveon_thumb()"); 243 for (row=0; row < thumb_height; row++) { 244 fread (buf, 1, bwide, ifp); 245 fwrite (buf, 3, thumb_width, ofp); ** CID 1327500: Insecure data handling (TAINTED_SCALAR) /home/gilles/Devel/5.x/core/libs/rawengine/libraw/demosaic-pack-GPL2/dcraw_foveon.c: 184 in LibRaw::foveon_thumb_loader()() ________________________________________________________________________________________________________ *** CID 1327500: Insecure data handling (TAINTED_SCALAR) /home/gilles/Devel/5.x/core/libs/rawengine/libraw/demosaic-pack-GPL2/dcraw_foveon.c: 184 in LibRaw::foveon_thumb_loader()() 178 if(T.thumb) free(T.thumb); 179 T.thumb = NULL; 180 181 bwide = get4(); 182 if (bwide > 0) 183 { >>> CID 1327500: Insecure data handling (TAINTED_SCALAR) >>> Checking lower bounds of unsigned scalar "bwide" by "bwide < (unsigned int)this->imgdata.thumbnail.twidth * 3U". 184 if (bwide < (unsigned)T.twidth*3) return; 185 T.thumb = (char*)malloc(3*T.twidth * T.theight); 186 merror (T.thumb, "foveon_thumb()"); 187 char *buf = (char*)malloc(bwide); 188 merror (buf, "foveon_thumb()"); 189 for (row=0; row < T.theight; row++) ** CID 1327499: (TAINTED_SCALAR) /home/gilles/Devel/5.x/core/libs/rawengine/libraw/demosaic-pack-GPL2/dcraw_foveon.c: 370 in LibRaw::foveon_load_camf()() /home/gilles/Devel/5.x/core/libs/rawengine/libraw/demosaic-pack-GPL2/dcraw_foveon.c: 369 in LibRaw::foveon_load_camf()() ________________________________________________________________________________________________________ *** CID 1327499: (TAINTED_SCALAR) /home/gilles/Devel/5.x/core/libs/rawengine/libraw/demosaic-pack-GPL2/dcraw_foveon.c: 370 in LibRaw::foveon_load_camf()() 364 meta_data = (char *) malloc (meta_length = wide*high*3/2); 365 merror (meta_data, "foveon_load_camf()"); 366 foveon_huff (huff); 367 get4(); 368 getbits(-1); 369 for (j=row=0; row < high; row++) { >>> CID 1327499: (TAINTED_SCALAR) >>> Using tainted variable "wide" as a loop boundary. 370 for (col=0; col < wide; col++) { 371 diff = ljpeg_diff(huff); 372 if (col < 2) hpred[col] = vpred[row & 1][col] += diff; 373 else hpred[col & 1] += diff; 374 if (col & 1) { 375 meta_data[j++] = hpred[0] >> 4; /home/gilles/Devel/5.x/core/libs/rawengine/libraw/demosaic-pack-GPL2/dcraw_foveon.c: 369 in LibRaw::foveon_load_camf()() 363 free (meta_data); 364 meta_data = (char *) malloc (meta_length = wide*high*3/2); 365 merror (meta_data, "foveon_load_camf()"); 366 foveon_huff (huff); 367 get4(); 368 getbits(-1); >>> CID 1327499: (TAINTED_SCALAR) >>> Using tainted variable "high" as a loop boundary. 369 for (j=row=0; row < high; row++) { 370 for (col=0; col < wide; col++) { 371 diff = ljpeg_diff(huff); 372 if (col < 2) hpred[col] = vpred[row & 1][col] += diff; 373 else hpred[col & 1] += diff; 374 if (col & 1) { ** CID 1327498: Insecure data handling (TAINTED_SCALAR) /home/gilles/Devel/5.x/core/libs/rawengine/libraw/demosaic-pack-GPL2/dcraw_foveon.c: 425 in LibRaw::foveon_camf_matrix(unsigned int *, const char *)() ________________________________________________________________________________________________________ *** CID 1327498: Insecure data handling (TAINTED_SCALAR) /home/gilles/Devel/5.x/core/libs/rawengine/libraw/demosaic-pack-GPL2/dcraw_foveon.c: 425 in LibRaw::foveon_camf_matrix(unsigned int *, const char *)() 419 cp = pos + sget4(pos+16); 420 type = sget4(cp); 421 if ((ndim = sget4(cp+4)) > 3) break; 422 dp = pos + sget4(cp+8); 423 for (i=ndim; i--; ) { 424 cp += 12; >>> CID 1327498: Insecure data handling (TAINTED_SCALAR) >>> Using tainted variable "i" as an index to pointer "dim". 425 dim[i] = sget4(cp); 426 } 427 if ((dsize = (double) dim[0]*dim[1]*dim[2]) > meta_length/4) break; 428 mat = (unsigned *) malloc ((size = dsize) * 4); 429 merror (mat, "foveon_camf_matrix()"); 430 for (i=0; i < size; i++) ** CID 1327497: Insecure data handling (TAINTED_SCALAR) /home/gilles/Devel/5.x/core/libs/rawengine/libraw/internal/dcraw_common.cpp: 2743 in LibRaw::lossy_dng_load_raw()() ________________________________________________________________________________________________________ *** CID 1327497: Insecure data handling (TAINTED_SCALAR) /home/gilles/Devel/5.x/core/libs/rawengine/libraw/internal/dcraw_common.cpp: 2743 in LibRaw::lossy_dng_load_raw()() 2737 if ((deg = get4()) > 8) break; 2738 for (i=0; i <= deg && i < 9; i++) 2739 coeff[i] = getreal(12); 2740 for (i=0; i < 256; i++) { 2741 for (tot=j=0; j <= deg; j++) 2742 tot += coeff[j] * pow(i/255.0, (int)j); >>> CID 1327497: Insecure data handling (TAINTED_SCALAR) >>> Using tainted variable "c" as an index into an array "cur". 2743 cur[c][i] = tot*0xffff; 2744 } 2745 } 2746 order = sorder; 2747 } else { 2748 gamma_curve (1/2.4, 12.92, 1, 255); ** CID 1327496: (TAINTED_SCALAR) /home/gilles/Devel/5.x/core/libs/rawengine/libraw/internal/libraw_x3f.cpp: 670 in x3f_new_from_file(LibRaw_abstract_datastream *)() /home/gilles/Devel/5.x/core/libs/rawengine/libraw/internal/libraw_x3f.cpp: 674 in x3f_new_from_file(LibRaw_abstract_datastream *)() ________________________________________________________________________________________________________ *** CID 1327496: (TAINTED_SCALAR) /home/gilles/Devel/5.x/core/libs/rawengine/libraw/internal/libraw_x3f.cpp: 670 in x3f_new_from_file(LibRaw_abstract_datastream *)() 664 GET4(DS->identifier); 665 GET4(DS->version); 666 GET4(DS->num_directory_entries); 667 668 if (DS->num_directory_entries > 0) { 669 size_t size = DS->num_directory_entries * sizeof(x3f_directory_entry_t); >>> CID 1327496: (TAINTED_SCALAR) >>> Passing tainted variable "size" to a tainted sink. 670 DS->directory_entry = (x3f_directory_entry_t *)calloc(1, size); 671 } 672 673 /* Traverse the directory */ 674 for (d=0; d<DS->num_directory_entries; d++) { 675 x3f_directory_entry_t *DE = &DS->directory_entry[d]; /home/gilles/Devel/5.x/core/libs/rawengine/libraw/internal/libraw_x3f.cpp: 674 in x3f_new_from_file(LibRaw_abstract_datastream *)() 668 if (DS->num_directory_entries > 0) { 669 size_t size = DS->num_directory_entries * sizeof(x3f_directory_entry_t); 670 DS->directory_entry = (x3f_directory_entry_t *)calloc(1, size); 671 } 672 673 /* Traverse the directory */ >>> CID 1327496: (TAINTED_SCALAR) >>> Using tainted variable "DS->num_directory_entries" as a loop boundary. 674 for (d=0; d<DS->num_directory_entries; d++) { 675 x3f_directory_entry_t *DE = &DS->directory_entry[d]; 676 x3f_directory_entry_header_t *DEH = &DE->header; 677 uint32_t save_dir_pos; 678 679 /* Read the directory entry info */ ** CID 1327495: Security best practices violations (STRING_OVERFLOW) /home/gilles/Devel/5.x/core/libs/rawengine/libraw/internal/dcraw_common.cpp: 9344 in LibRaw::parse_tiff_ifd(int)() ________________________________________________________________________________________________________ *** CID 1327495: Security best practices violations (STRING_OVERFLOW) /home/gilles/Devel/5.x/core/libs/rawengine/libraw/internal/dcraw_common.cpp: 9344 in LibRaw::parse_tiff_ifd(int)() 9338 is_raw = 1; 9339 break; 9340 case 50708: /* UniqueCameraModel */ 9341 if (model[0]) break; 9342 fgets (make, 64, ifp); 9343 if ((cp = strchr(make,' '))) { >>> CID 1327495: Security best practices violations (STRING_OVERFLOW) >>> You might overrun the 64 byte fixed-size string "this->imgdata.idata.model" by copying "cp + 1" without checking the length. 9344 strcpy(model,cp+1); 9345 *cp = 0; 9346 } 9347 break; 9348 case 50710: /* CFAPlaneColor */ 9349 if (filters == 9) break; ________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/digikam?tab=overview To manage Coverity Scan email notifications for "[hidden email]", click https://scan.coverity.com/subscriptions/edit?email=digikam-devel%40kde.org&token=621bfe7450f4a870432a2a9c106aa3a8 _______________________________________________ Digikam-devel mailing list [hidden email] https://mail.kde.org/mailman/listinfo/digikam-devel |
«
Return to digikam-devel
|
1 view|%1 views
| Free forum by Nabble | Edit this page |