New Defects reported by Coverity Scan for digiKam
Locked
New Defects reported by Coverity Scan for digiKam
 
|
Hi, Please find the latest report on new defect(s) introduced to digiKam found with Coverity Scan. 15 new defect(s) introduced to digiKam found with Coverity Scan. 4 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan. New defect(s) Reported-by: Coverity Scan Showing 15 of 15 defect(s) ** CID 1368981: Control flow issues (UNREACHABLE) /home/gilles/Devel/5.x/core/libs/rawengine/libraw/internal/dcraw_common.cpp: 9862 in LibRaw::parse_tiff_ifd(int)() ________________________________________________________________________________________________________ *** CID 1368981: Control flow issues (UNREACHABLE) /home/gilles/Devel/5.x/core/libs/rawengine/libraw/internal/dcraw_common.cpp: 9862 in LibRaw::parse_tiff_ifd(int)() 9856 imgdata.color.WB_Coeffs[tWB][2] = get2(); 9857 } else fseek(ifp, 6, SEEK_CUR); 9858 } 9859 } 9860 break; 9861 #endif >>> CID 1368981: Control flow issues (UNREACHABLE) >>> This code cannot be reached: "if (len < 50U || this->imgd...". 9862 if (len < 50 || cam_mul[0]) break; 9863 fseek (ifp, 12, SEEK_CUR); 9864 FORC3 cam_mul[c] = get2(); 9865 break; 9866 case 46: 9867 if (type != 7 || fgetc(ifp) != 0xff || fgetc(ifp) != 0xd8) break; ** CID 1368980: Uninitialized members (UNINIT_CTOR) /home/gilles/Devel/5.x/core/libs/rawengine/libraw/libraw/libraw_datastream.h: 266 in libraw_dng_stream::libraw_dng_stream(LibRaw_abstract_datastream *)() ________________________________________________________________________________________________________ *** CID 1368980: Uninitialized members (UNINIT_CTOR) /home/gilles/Devel/5.x/core/libs/rawengine/libraw/libraw/libraw_datastream.h: 266 in libraw_dng_stream::libraw_dng_stream(LibRaw_abstract_datastream *)() 260 { 261 if(parent_stream) 262 { 263 off = parent_stream->tell(); 264 parent_stream->seek(0UL,SEEK_SET); /* seek to start */ 265 } >>> CID 1368980: Uninitialized members (UNINIT_CTOR) >>> Non-static class member "off" is not initialized in this constructor nor in any functions that it calls. 266 } 267 ~libraw_dng_stream(){ 268 if(parent_stream) 269 parent_stream->seek(off,SEEK_SET); 270 } 271 virtual uint64 DoGetLength (){ ** CID 1368979: Uninitialized variables (UNINIT) /home/gilles/Devel/5.x/core/libs/rawengine/libraw/internal/dcraw_common.cpp: 1313 in LibRaw::nikon_yuv_load_raw()() ________________________________________________________________________________________________________ *** CID 1368979: Uninitialized variables (UNINIT) /home/gilles/Devel/5.x/core/libs/rawengine/libraw/internal/dcraw_common.cpp: 1313 in LibRaw::nikon_yuv_load_raw()() 1307 1308 void CLASS nikon_yuv_load_raw() 1309 { 1310 int row, col, yuv[4], rgb[3], b, c; 1311 UINT64 bitbuf=0; 1312 float cmul[4]; >>> CID 1368979: Uninitialized variables (UNINIT) >>> Using uninitialized value "cmul[c]". 1313 FORC4 { cmul[c] == cam_mul[c]>0.001f?cam_mul[c]:1.f; } 1314 for (row=0; row < raw_height; row++) 1315 { 1316 #ifdef LIBRAW_LIBRARY_BUILD 1317 checkCancel(); 1318 #endif ** CID 1368978: Integer handling issues (SIGN_EXTENSION) /home/gilles/Devel/5.x/core/libs/rawengine/libraw/src/libraw_cxx.cpp: 1501 in LibRaw::pentax_4shot_load_raw()() ________________________________________________________________________________________________________ *** CID 1368978: Integer handling issues (SIGN_EXTENSION) /home/gilles/Devel/5.x/core/libs/rawengine/libraw/src/libraw_cxx.cpp: 1501 in LibRaw::pentax_4shot_load_raw()() 1495 imgdata.rawdata.float3_image = 0; 1496 imgdata.rawdata.float4_image = 0; 1497 } 1498 1499 void LibRaw::pentax_4shot_load_raw() 1500 { >>> CID 1368978: Integer handling issues (SIGN_EXTENSION) >>> Suspicious implicit sign extension: "this->imgdata.sizes.raw_height" with type "unsigned short" (16 bits, unsigned) is promoted in "this->imgdata.sizes.raw_width * this->imgdata.sizes.raw_height" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned). If "this->imgdata.sizes.raw_width * this->imgdata.sizes.raw_height" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1. 1501 ushort *plane = (ushort*)malloc(imgdata.sizes.raw_width*imgdata.sizes.raw_height*sizeof(ushort)); 1502 int alloc_sz = imgdata.sizes.raw_width*(imgdata.sizes.raw_height+16)*4*sizeof(ushort); 1503 ushort (*result)[4] = (ushort(*)[4]) malloc(alloc_sz); 1504 struct movement_t 1505 { 1506 int row,col; ** CID 1368977: Integer handling issues (SIGN_EXTENSION) /home/gilles/Devel/5.x/core/libs/rawengine/libraw/src/libraw_cxx.cpp: 1501 in LibRaw::pentax_4shot_load_raw()() ________________________________________________________________________________________________________ *** CID 1368977: Integer handling issues (SIGN_EXTENSION) /home/gilles/Devel/5.x/core/libs/rawengine/libraw/src/libraw_cxx.cpp: 1501 in LibRaw::pentax_4shot_load_raw()() 1495 imgdata.rawdata.float3_image = 0; 1496 imgdata.rawdata.float4_image = 0; 1497 } 1498 1499 void LibRaw::pentax_4shot_load_raw() 1500 { >>> CID 1368977: Integer handling issues (SIGN_EXTENSION) >>> Suspicious implicit sign extension: "this->imgdata.sizes.raw_width" with type "unsigned short" (16 bits, unsigned) is promoted in "this->imgdata.sizes.raw_width * this->imgdata.sizes.raw_height" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned). If "this->imgdata.sizes.raw_width * this->imgdata.sizes.raw_height" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1. 1501 ushort *plane = (ushort*)malloc(imgdata.sizes.raw_width*imgdata.sizes.raw_height*sizeof(ushort)); 1502 int alloc_sz = imgdata.sizes.raw_width*(imgdata.sizes.raw_height+16)*4*sizeof(ushort); 1503 ushort (*result)[4] = (ushort(*)[4]) malloc(alloc_sz); 1504 struct movement_t 1505 { 1506 int row,col; ** CID 1368976: Null pointer dereferences (REVERSE_INULL) /home/gilles/Devel/5.x/core/libs/album/albumtreeview.cpp: 1105 in Digikam::AbstractAlbumTreeView::contextMenuEvent(QContextMenuEvent *)() ________________________________________________________________________________________________________ *** CID 1368976: Null pointer dereferences (REVERSE_INULL) /home/gilles/Devel/5.x/core/libs/album/albumtreeview.cpp: 1105 in Digikam::AbstractAlbumTreeView::contextMenuEvent(QContextMenuEvent *)() 1099 if (!showContextMenuAt(event, album)) 1100 { 1101 return; 1102 } 1103 1104 // switch to the selected album if need >>> CID 1368976: Null pointer dereferences (REVERSE_INULL) >>> Null-checking "album" suggests that it may be null, but it has already been dereferenced on all paths leading to the check. 1105 if (d->selectOnContextMenu && album) 1106 { 1107 setCurrentAlbums(QList<Album*>() << album); 1108 } 1109 1110 // -------------------------------------------------------- ** CID 1368975: Incorrect expression (PW.ASSIGN_WHERE_COMPARE_MEANT) /home/gilles/Devel/5.x/core/libs/rawengine/libraw/internal/dcraw_common.cpp: 10711 in () ________________________________________________________________________________________________________ *** CID 1368975: Incorrect expression (PW.ASSIGN_WHERE_COMPARE_MEANT) /home/gilles/Devel/5.x/core/libs/rawengine/libraw/internal/dcraw_common.cpp: 10711 in () 10705 if (max_samp > 3) max_samp = 3; 10706 os = raw_width*raw_height; 10707 ns = tiff_ifd[i].t_width*tiff_ifd[i].t_height; 10708 if ((tiff_ifd[i].comp != 6 || tiff_ifd[i].samples != 3) && 10709 unsigned(tiff_ifd[i].t_width | tiff_ifd[i].t_height) < 0x10000 && 10710 (unsigned)tiff_ifd[i].bps < 33 && (unsigned)tiff_ifd[i].samples < 13 && >>> CID 1368975: Incorrect expression (PW.ASSIGN_WHERE_COMPARE_MEANT) >>> use of "=" where "==" may have been intended 10711 ns && ((ns > os && (ties = 1)) || 10712 (ns == os && shot_select == ties++))) { 10713 raw_width = tiff_ifd[i].t_width; 10714 raw_height = tiff_ifd[i].t_height; 10715 tiff_bps = tiff_ifd[i].bps; 10716 tiff_compress = tiff_ifd[i].comp; ** CID 1368974: Memory - illegal accesses (OVERRUN) /home/gilles/Devel/5.x/core/libs/rawengine/libraw/src/libraw_cxx.cpp: 1518 in LibRaw::pentax_4shot_load_raw()() ________________________________________________________________________________________________________ *** CID 1368974: Memory - illegal accesses (OVERRUN) /home/gilles/Devel/5.x/core/libs/rawengine/libraw/src/libraw_cxx.cpp: 1518 in LibRaw::pentax_4shot_load_raw()() 1512 }; 1513 1514 int tidx = 0; 1515 for(int i=0; i<4; i++) 1516 { 1517 for(; tidx<16; tidx++) >>> CID 1368974: Memory - illegal accesses (OVERRUN) >>> Overrunning array "this->tiff_ifd" of 10 88-byte elements at element index 15 (byte offset 1320) using index "tidx" (which evaluates to 15). 1518 if(tiff_ifd[tidx].t_width == imgdata.sizes.raw_width && tiff_ifd[tidx].t_height == imgdata.sizes.raw_height && tiff_ifd[tidx].bps>8 && tiff_ifd[tidx].samples == 1 ) 1519 break; 1520 if(tidx>=16) 1521 break; 1522 imgdata.rawdata.raw_image = plane; 1523 ID.input->seek(tiff_ifd[tidx].offset, SEEK_SET); ** CID 1368973: Integer handling issues (NO_EFFECT) /home/gilles/Devel/5.x/core/libs/rawengine/libraw/internal/dcraw_common.cpp: 6755 in LibRaw::parseSonyLensFeatures(unsigned char, unsigned char)() ________________________________________________________________________________________________________ *** CID 1368973: Integer handling issues (NO_EFFECT) /home/gilles/Devel/5.x/core/libs/rawengine/libraw/internal/dcraw_common.cpp: 6755 in LibRaw::parseSonyLensFeatures(unsigned char, unsigned char)() 6749 strnXcat(imgdata.lens.makernotes.LensFeatures_suf, " OSS"); 6750 6751 if (features & 0x2000) 6752 strnXcat(imgdata.lens.makernotes.LensFeatures_suf, " LE"); 6753 6754 if (features & 0x0800) >>> CID 1368973: Integer handling issues (NO_EFFECT) >>> This less-than-zero comparison of an unsigned value is never true. "0UL > ((16UL - strlen(this->imgdata.lens.makernotes.LensFeatures_suf) - 1UL < 16UL) ? 16UL - strlen(this->imgdata.lens.makernotes.LensFeatures_suf) - 1UL : 16UL)". 6755 strnXcat(imgdata.lens.makernotes.LensFeatures_suf, " II"); 6756 6757 if (imgdata.lens.makernotes.LensFeatures_suf[0] == ' ') 6758 memmove(imgdata.lens.makernotes.LensFeatures_suf, imgdata.lens.makernotes.LensFeatures_suf+1, strlen(imgdata.lens.makernotes.LensFeatures_suf)); 6759 6760 return; ** CID 1368972: Incorrect expression (NO_EFFECT) /home/gilles/Devel/5.x/core/libs/rawengine/libraw/internal/dcraw_common.cpp: 4670 in LibRaw::vng_interpolate()() ________________________________________________________________________________________________________ *** CID 1368972: Incorrect expression (NO_EFFECT) /home/gilles/Devel/5.x/core/libs/rawengine/libraw/internal/dcraw_common.cpp: 4670 in LibRaw::vng_interpolate()() 4664 if (filters == 9) prow = pcol = 6; 4665 ip = (int *) calloc (prow*pcol, 1280); 4666 merror (ip, "vng_interpolate()"); 4667 for (row=0; row < prow; row++) /* Precalculate for VNG */ 4668 for (col=0; col < pcol; col++) { 4669 code[row][col] = ip; >>> CID 1368972: Incorrect expression (NO_EFFECT) >>> Part "t < 64" of statement "(t < 64) , (cpt = &terms[t])" has no effect due to the comma. 4670 for (cpt=&terms[0], t=0; t < 64, cpt = &terms[t]; t++) { 4671 y1 = cpt->y1; x1 = cpt->x1; 4672 y2 = cpt->y2; x2 = cpt->x2; 4673 weight = cpt->weight; 4674 grads = cpt->grads; 4675 color = fcol(row+y1,col+x1); ** CID 1368971: Control flow issues (DEADCODE) /home/gilles/Devel/5.x/core/libs/rawengine/libraw/internal/dcraw_common.cpp: 4667 in LibRaw::vng_interpolate()() ________________________________________________________________________________________________________ *** CID 1368971: Control flow issues (DEADCODE) /home/gilles/Devel/5.x/core/libs/rawengine/libraw/internal/dcraw_common.cpp: 4667 in LibRaw::vng_interpolate()() 4661 #endif 4662 4663 if (filters == 1) prow = pcol = 16; 4664 if (filters == 9) prow = pcol = 6; 4665 ip = (int *) calloc (prow*pcol, 1280); 4666 merror (ip, "vng_interpolate()"); >>> CID 1368971: Control flow issues (DEADCODE) >>> Execution cannot reach the expression "row" inside this statement: "row++;". 4667 for (row=0; row < prow; row++) /* Precalculate for VNG */ 4668 for (col=0; col < pcol; col++) { 4669 code[row][col] = ip; 4670 for (cpt=&terms[0], t=0; t < 64, cpt = &terms[t]; t++) { 4671 y1 = cpt->y1; x1 = cpt->x1; 4672 y2 = cpt->y2; x2 = cpt->x2; ** CID 1368970: Control flow issues (DEADCODE) /home/gilles/Devel/5.x/core/libs/rawengine/libraw/internal/dcraw_common.cpp: 4697 in LibRaw::vng_interpolate()() ________________________________________________________________________________________________________ *** CID 1368970: Control flow issues (DEADCODE) /home/gilles/Devel/5.x/core/libs/rawengine/libraw/internal/dcraw_common.cpp: 4697 in LibRaw::vng_interpolate()() 4691 if (fcol(row+y,col+x) != color && fcol(row+y*2,col+x*2) == color) 4692 *ip++ = (y*width + x) * 8 + color; 4693 else 4694 *ip++ = 0; 4695 } 4696 } >>> CID 1368970: Control flow issues (DEADCODE) >>> Execution cannot reach this statement: "brow[4] = (unsigned short (...". 4697 brow[4] = (ushort (*)[4]) calloc (width*3, sizeof **brow); 4698 merror (brow[4], "vng_interpolate()"); 4699 for (row=0; row < 3; row++) 4700 brow[row] = brow[4] + row*width; 4701 for (row=2; row < height-2; row++) { /* Do VNG interpolation */ 4702 #ifdef LIBRAW_LIBRARY_BUILD ** CID 1368969: Control flow issues (DEADCODE) /home/gilles/Devel/5.x/core/libs/rawengine/libraw/internal/dcraw_common.cpp: 4686 in LibRaw::vng_interpolate()() ________________________________________________________________________________________________________ *** CID 1368969: Control flow issues (DEADCODE) /home/gilles/Devel/5.x/core/libs/rawengine/libraw/internal/dcraw_common.cpp: 4686 in LibRaw::vng_interpolate()() 4680 *ip++ = (y2*width + x2)*4 + color; 4681 *ip++ = weight; 4682 for (g=0; g < 8; g++) 4683 if (grads & 1<<g) *ip++ = g; 4684 *ip++ = -1; 4685 } >>> CID 1368969: Control flow issues (DEADCODE) >>> Execution cannot reach this statement: "*ip++ = 2147483647;". 4686 *ip++ = INT_MAX; 4687 for (cp=chood, g=0; g < 8; g++) { 4688 y = *cp++; x = *cp++; 4689 *ip++ = (y*width + x) * 4; 4690 color = fcol(row,col); 4691 if (fcol(row+y,col+x) != color && fcol(row+y*2,col+x*2) == color) ** CID 1368968: Control flow issues (DEADCODE) /home/gilles/Devel/5.x/core/libs/rawengine/libraw/src/libraw_cxx.cpp: 1580 in LibRaw::nikon_load_striped_packed_raw()() ________________________________________________________________________________________________________ *** CID 1368968: Control flow issues (DEADCODE) /home/gilles/Devel/5.x/core/libs/rawengine/libraw/src/libraw_cxx.cpp: 1580 in LibRaw::nikon_load_striped_packed_raw()() 1574 return; // not unpacked 1575 int stripcnt = 0; 1576 1577 bwide = S.raw_width * tiff_bps / 8; 1578 bwide += bwide & load_flags >> 7; 1579 rbits = bwide * 8 - S.raw_width * tiff_bps; >>> CID 1368968: Control flow issues (DEADCODE) >>> Execution cannot reach this statement: "bwide = bwide * 16 / 15;". 1580 if (load_flags & 1) bwide = bwide * 16 / 15; 1581 bite = 8 + (load_flags & 24); 1582 for (row=0; row < S.raw_height; row++) 1583 { 1584 checkCancel(); 1585 if(!(row%ifd->rows_per_strip)) ** CID 1368967: Integer handling issues (BAD_SHIFT) /home/gilles/Devel/5.x/core/libs/rawengine/libraw/internal/dcraw_common.cpp: 1048 in LibRaw::ljpeg_idct(jhead *)() ________________________________________________________________________________________________________ *** CID 1368967: Integer handling issues (BAD_SHIFT) /home/gilles/Devel/5.x/core/libs/rawengine/libraw/internal/dcraw_common.cpp: 1048 in LibRaw::ljpeg_idct(jhead *)() 1042 work[0][0][0] = jh->vpred[0] += ljpeg_diff (jh->huff[0]) * jh->quant[0]; 1043 for (i=1; i < 64; i++ ) { 1044 len = gethuff (jh->huff[16]); 1045 i += skip = len >> 4; 1046 if (!(len &= 15) && skip < 15) break; 1047 coef = getbits(len); >>> CID 1368967: Integer handling issues (BAD_SHIFT) >>> In expression "1 << len - 1", shifting by a negative amount has undefined behavior. The shift amount, "len - 1", is -1. 1048 if ((coef & (1 << (len-1))) == 0) 1049 coef -= (1 << len) - 1; 1050 ((float *)work)[zigzag[i]] = coef * jh->quant[i]; 1051 } 1052 FORC(8) work[0][0][c] *= M_SQRT1_2; 1053 FORC(8) work[0][c][0] *= M_SQRT1_2; ________________________________________________________________________________________________________ To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRZIlZa20oQ0xtvekoaSXYBwgZYh7yqZ4T857KvBwnvzEg-3D-3D_Vulo-2FzB1zz6bqp-2F-2Bl-2FpBD-2BzKk1Nu56XtBupWJitvnTDwmvffd-2F5mF1Posw1DKmgdhsD-2Fes3bJURPQh8XajBolO-2BK7yEgQbnS8yAi3lKW1evD5KLCJ80OwTas0B3IAois2fuYABt8xHwE8CMtOs15RmZOxKFLpU8hfkYH03Fex2UmZ-2FtTCErT6hx5A-2F1ixQfe7SoWKgrx6E1JKJVCwpN6Q8ldyypk-2Bwt4fCbObb-2B1n1A-3D To manage Coverity Scan email notifications for "[hidden email]", click https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4g-2BkTwi3e7HlDkvMAkUMj2-2FFhZ2O-2BELTTy-2Fl1ea1gxKqmntchu8-2BeAOkExRtki0102MqL9th0o1rOws5-2F-2FQDFdjkpeJaB-2FdUMxPk-2B7ZQUGV0-3D_Vulo-2FzB1zz6bqp-2F-2Bl-2FpBD-2BzKk1Nu56XtBupWJitvnTDwmvffd-2F5mF1Posw1DKmgdhNuJmwG3oYXMq7muZdkL1tg7CoageDIWlyymi2znfzeyloVH6R5WF3CM1H5LiG1tF0yFPBq3m5kP43yexHRIF41-2Bbh7bJngP1dKg0NBssBfQj2Y05Lh3dFYNCo-2FalbVhro9XzF869B9vzciZxlHh00X9AqG3xvAn2OXm-2B6aiYYE-3D |
«
Return to digikam-devel
|
1 view|%1 views
| Free forum by Nabble | Edit this page |