digiKam › digikam-devel

New Defects reported by Coverity Scan for digiKam

Classic

List

Threaded

1 message

scan-admin

May 28, 2021; 9:37am

New Defects reported by Coverity Scan for digiKam

120 posts

Hi,

Please find the latest report on new defect(s) introduced to digiKam found with Coverity Scan.

75 new defect(s) introduced to digiKam found with Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 20 of 75 defect(s)

** CID 1485073: Error handling issues (CHECKED_RETURN)
/mnt/devel/GIT/7.x/core/tests/metadataengine/exiftool/exiftoolexport_cli.cpp: 94 in main()

________________________________________________________________________________________________________
*** CID 1485073: Error handling issues (CHECKED_RETURN)
/mnt/devel/GIT/7.x/core/tests/metadataengine/exiftool/exiftoolexport_cli.cpp: 94 in main()
88 {
89 qDebug() << "EXV chunk size" << exv.size();
90 meta.loadFromData(exv);
91 }
92
93 QFile ef(QLatin1String("output.exv"));
>>> CID 1485073: Error handling issues (CHECKED_RETURN)
>>> Calling "open" without checking return value (as is done elsewhere 50 out of 51 times).
94 ef.open(QIODevice::WriteOnly);
95 ef.write(exv);
96 ef.close();
97
98 DImg file(1, 1, false);
99 file.setMetadata(meta.data());
100 file.save(QLatin1String("output.jpg"), DImg::JPEG);
101
102 return 0;

** CID 1485072: (INVALIDATE_ITERATOR)
/mnt/devel/GIT/7.x/core/libs/dngwriter/extra/xmp_sdk/XMPCore/source/XMPUtils-FileInfo.cpp: 813 in AppendSubtree(const XMP_Node *, XMP_Node *, bool, bool, bool)()
/mnt/devel/GIT/7.x/core/libs/dngwriter/extra/xmp_sdk/XMPCore/source/XMPUtils-FileInfo.cpp: 787 in AppendSubtree(const XMP_Node *, XMP_Node *, bool, bool, bool)()

________________________________________________________________________________________________________
*** CID 1485072: (INVALIDATE_ITERATOR)
/mnt/devel/GIT/7.x/core/libs/dngwriter/extra/xmp_sdk/XMPCore/source/XMPUtils-FileInfo.cpp: 813 in AppendSubtree(const XMP_Node *, XMP_Node *, bool, bool, bool)()
807
808 if ( deleteEmpty && (destIndex != -1) ) {
809 delete ( destNode->children[destIndex] );
810 destNode->children.erase ( destNode->children.begin() + destIndex );
811 if ( destNode->children.empty() ) {
812 delete ( destNode );
>>> CID 1485072: (INVALIDATE_ITERATOR)
>>> Using invalid iterator "destPos".
813 destParent->children.erase ( destPos );
814 }
815 }
816
817 } else {
818
/mnt/devel/GIT/7.x/core/libs/dngwriter/extra/xmp_sdk/XMPCore/source/XMPUtils-FileInfo.cpp: 787 in AppendSubtree(const XMP_Node *, XMP_Node *, bool, bool, bool)()
781
782 for ( size_t sourceNum = 0, sourceLim = sourceNode->children.size(); sourceNum != sourceLim && destNode!= NULL; ++sourceNum ) {
783 const XMP_Node * sourceField = sourceNode->children[sourceNum];
784 AppendSubtree ( sourceField, destNode, mergeCompound, replaceOld, deleteEmpty );
785 if ( deleteEmpty && destNode->children.empty() ) {
786 delete ( destNode );
>>> CID 1485072: (INVALIDATE_ITERATOR)
>>> Using invalid iterator "destPos".
787 destParent->children.erase ( destPos );
788 }
789 }
790
791 } else if ( sourceForm & kXMP_PropArrayIsAltText ) {
792

** CID 1485071: (TAINTED_SCALAR)
/mnt/devel/GIT/7.x/core/libs/rawengine/libraw/src/decoders/load_mfbacks.cpp: 359 in LibRaw::phase_one_correct()()
/mnt/devel/GIT/7.x/core/libs/rawengine/libraw/src/decoders/load_mfbacks.cpp: 359 in LibRaw::phase_one_correct()()
/mnt/devel/GIT/7.x/core/libs/rawengine/libraw/src/decoders/load_mfbacks.cpp: 359 in LibRaw::phase_one_correct()()
/mnt/devel/GIT/7.x/core/libs/rawengine/libraw/src/decoders/load_mfbacks.cpp: 359 in LibRaw::phase_one_correct()()
/mnt/devel/GIT/7.x/core/libs/rawengine/libraw/src/decoders/load_mfbacks.cpp: 359 in LibRaw::phase_one_correct()()
/mnt/devel/GIT/7.x/core/libs/rawengine/libraw/src/decoders/load_mfbacks.cpp: 359 in LibRaw::phase_one_correct()()
/mnt/devel/GIT/7.x/core/libs/rawengine/libraw/src/decoders/load_mfbacks.cpp: 359 in LibRaw::phase_one_correct()()
/mnt/devel/GIT/7.x/core/libs/rawengine/libraw/src/decoders/load_mfbacks.cpp: 241 in LibRaw::phase_one_correct()()
/mnt/devel/GIT/7.x/core/libs/rawengine/libraw/src/decoders/load_mfbacks.cpp: 359 in LibRaw::phase_one_correct()()
/mnt/devel/GIT/7.x/core/libs/rawengine/libraw/src/decoders/load_mfbacks.cpp: 359 in LibRaw::phase_one_correct()()

________________________________________________________________________________________________________
*** CID 1485071: (TAINTED_SCALAR)
/mnt/devel/GIT/7.x/core/libs/rawengine/libraw/src/decoders/load_mfbacks.cpp: 359 in LibRaw::phase_one_correct()()
353 num = RAW(row, col) * 0.5;
354 for (i = cip; i < cip + 2; i++)
355 {
356 for (k = j = 0; j < head[1]; j++)
357 if (num < xval[0][k = head[1] * i + j])
358 break;
>>> CID 1485071: (TAINTED_SCALAR)
>>> Using tainted expression "xval[0][k] - xval[0][k - 1]" as the divisor in "(xval[0][k] - num) / (xval[0][k] - xval[0][k - 1])".
359 frac = (j == 0 || j == head[1])
360 ? 0
361 : (xval[0][k] - num) / (xval[0][k] - xval[0][k - 1]);
362 mult[i - cip] = yval[0][k - 1] * frac + yval[0][k] * (1 - frac);
363 }
364 i = ((mult[0] * (1 - cfrac) + mult[1] * cfrac) * row + num) * 2;
/mnt/devel/GIT/7.x/core/libs/rawengine/libraw/src/decoders/load_mfbacks.cpp: 359 in LibRaw::phase_one_correct()()
353 num = RAW(row, col) * 0.5;
354 for (i = cip; i < cip + 2; i++)
355 {
356 for (k = j = 0; j < head[1]; j++)
357 if (num < xval[0][k = head[1] * i + j])
358 break;
>>> CID 1485071: (TAINTED_SCALAR)
>>> Using tainted expression "xval[0][k] - xval[0][k - 1]" as the divisor in "(xval[0][k] - num) / (xval[0][k] - xval[0][k - 1])".
359 frac = (j == 0 || j == head[1])
360 ? 0
361 : (xval[0][k] - num) / (xval[0][k] - xval[0][k - 1]);
362 mult[i - cip] = yval[0][k - 1] * frac + yval[0][k] * (1 - frac);
363 }
364 i = ((mult[0] * (1 - cfrac) + mult[1] * cfrac) * row + num) * 2;
/mnt/devel/GIT/7.x/core/libs/rawengine/libraw/src/decoders/load_mfbacks.cpp: 359 in LibRaw::phase_one_correct()()
353 num = RAW(row, col) * 0.5;
354 for (i = cip; i < cip + 2; i++)
355 {
356 for (k = j = 0; j < head[1]; j++)
357 if (num < xval[0][k = head[1] * i + j])
358 break;
>>> CID 1485071: (TAINTED_SCALAR)
>>> Using tainted expression "xval[0][k] - xval[0][k - 1]" as the divisor in "(xval[0][k] - num) / (xval[0][k] - xval[0][k - 1])".
359 frac = (j == 0 || j == head[1])
360 ? 0
361 : (xval[0][k] - num) / (xval[0][k] - xval[0][k - 1]);
362 mult[i - cip] = yval[0][k - 1] * frac + yval[0][k] * (1 - frac);
363 }
364 i = ((mult[0] * (1 - cfrac) + mult[1] * cfrac) * row + num) * 2;
/mnt/devel/GIT/7.x/core/libs/rawengine/libraw/src/decoders/load_mfbacks.cpp: 359 in LibRaw::phase_one_correct()()
353 num = RAW(row, col) * 0.5;
354 for (i = cip; i < cip + 2; i++)
355 {
356 for (k = j = 0; j < head[1]; j++)
357 if (num < xval[0][k = head[1] * i + j])
358 break;
>>> CID 1485071: (TAINTED_SCALAR)
>>> Using tainted expression "xval[0][k] - xval[0][k - 1]" as the divisor in "(xval[0][k] - num) / (xval[0][k] - xval[0][k - 1])".
359 frac = (j == 0 || j == head[1])
360 ? 0
361 : (xval[0][k] - num) / (xval[0][k] - xval[0][k - 1]);
362 mult[i - cip] = yval[0][k - 1] * frac + yval[0][k] * (1 - frac);
363 }
364 i = ((mult[0] * (1 - cfrac) + mult[1] * cfrac) * row + num) * 2;
/mnt/devel/GIT/7.x/core/libs/rawengine/libraw/src/decoders/load_mfbacks.cpp: 359 in LibRaw::phase_one_correct()()
353 num = RAW(row, col) * 0.5;
354 for (i = cip; i < cip + 2; i++)
355 {
356 for (k = j = 0; j < head[1]; j++)
357 if (num < xval[0][k = head[1] * i + j])
358 break;
>>> CID 1485071: (TAINTED_SCALAR)
>>> Using tainted expression "xval[0][k] - xval[0][k - 1]" as the divisor in "(xval[0][k] - num) / (xval[0][k] - xval[0][k - 1])".
359 frac = (j == 0 || j == head[1])
360 ? 0
361 : (xval[0][k] - num) / (xval[0][k] - xval[0][k - 1]);
362 mult[i - cip] = yval[0][k - 1] * frac + yval[0][k] * (1 - frac);
363 }
364 i = ((mult[0] * (1 - cfrac) + mult[1] * cfrac) * row + num) * 2;
/mnt/devel/GIT/7.x/core/libs/rawengine/libraw/src/decoders/load_mfbacks.cpp: 359 in LibRaw::phase_one_correct()()
353 num = RAW(row, col) * 0.5;
354 for (i = cip; i < cip + 2; i++)
355 {
356 for (k = j = 0; j < head[1]; j++)
357 if (num < xval[0][k = head[1] * i + j])
358 break;
>>> CID 1485071: (TAINTED_SCALAR)
>>> Using tainted expression "xval[0][k] - xval[0][k - 1]" as the divisor in "(xval[0][k] - num) / (xval[0][k] - xval[0][k - 1])".
359 frac = (j == 0 || j == head[1])
360 ? 0
361 : (xval[0][k] - num) / (xval[0][k] - xval[0][k - 1]);
362 mult[i - cip] = yval[0][k - 1] * frac + yval[0][k] * (1 - frac);
363 }
364 i = ((mult[0] * (1 - cfrac) + mult[1] * cfrac) * row + num) * 2;
/mnt/devel/GIT/7.x/core/libs/rawengine/libraw/src/decoders/load_mfbacks.cpp: 359 in LibRaw::phase_one_correct()()
353 num = RAW(row, col) * 0.5;
354 for (i = cip; i < cip + 2; i++)
355 {
356 for (k = j = 0; j < head[1]; j++)
357 if (num < xval[0][k = head[1] * i + j])
358 break;
>>> CID 1485071: (TAINTED_SCALAR)
>>> Using tainted expression "xval[0][k] - xval[0][k - 1]" as the divisor in "(xval[0][k] - num) / (xval[0][k] - xval[0][k - 1])".
359 frac = (j == 0 || j == head[1])
360 ? 0
361 : (xval[0][k] - num) / (xval[0][k] - xval[0][k - 1]);
362 mult[i - cip] = yval[0][k - 1] * frac + yval[0][k] * (1 - frac);
363 }
364 i = ((mult[0] * (1 - cfrac) + mult[1] * cfrac) * row + num) * 2;
/mnt/devel/GIT/7.x/core/libs/rawengine/libraw/src/decoders/load_mfbacks.cpp: 241 in LibRaw::phase_one_correct()()
235 for (i = 0; i < 16; i++)
236 {
237 cx[1 + i] = lc[qr][qc][i];
238 cf[1 + i] = ref[i];
239 }
240 cx[0] = cf[0] = 0;
>>> CID 1485071: (TAINTED_SCALAR)
>>> Using tainted expression "lc[qr][qc][15]" as the divisor in "(unsigned int)ref[15] * 65535U / lc[qr][qc][15]".
241 cx[17] = cf[17] = ((unsigned int)ref[15] * 65535) / lc[qr][qc][15];
242 cf[18] = cx[18] = 65535;
243 cubic_spline(cx, cf, 19);
244
245 for (row = (qr ? ph1.split_row : 0);
246 row < unsigned(qr ? raw_height : ph1.split_row); row++)
/mnt/devel/GIT/7.x/core/libs/rawengine/libraw/src/decoders/load_mfbacks.cpp: 359 in LibRaw::phase_one_correct()()
353 num = RAW(row, col) * 0.5;
354 for (i = cip; i < cip + 2; i++)
355 {
356 for (k = j = 0; j < head[1]; j++)
357 if (num < xval[0][k = head[1] * i + j])
358 break;
>>> CID 1485071: (TAINTED_SCALAR)
>>> Using tainted expression "xval[0][k] - xval[0][k - 1]" as the divisor in "(xval[0][k] - num) / (xval[0][k] - xval[0][k - 1])".
359 frac = (j == 0 || j == head[1])
360 ? 0
361 : (xval[0][k] - num) / (xval[0][k] - xval[0][k - 1]);
362 mult[i - cip] = yval[0][k - 1] * frac + yval[0][k] * (1 - frac);
363 }
364 i = ((mult[0] * (1 - cfrac) + mult[1] * cfrac) * row + num) * 2;
/mnt/devel/GIT/7.x/core/libs/rawengine/libraw/src/decoders/load_mfbacks.cpp: 359 in LibRaw::phase_one_correct()()
353 num = RAW(row, col) * 0.5;
354 for (i = cip; i < cip + 2; i++)
355 {
356 for (k = j = 0; j < head[1]; j++)
357 if (num < xval[0][k = head[1] * i + j])
358 break;
>>> CID 1485071: (TAINTED_SCALAR)
>>> Using tainted expression "xval[0][k] - xval[0][k - 1]" as the divisor in "(xval[0][k] - num) / (xval[0][k] - xval[0][k - 1])".
359 frac = (j == 0 || j == head[1])
360 ? 0
361 : (xval[0][k] - num) / (xval[0][k] - xval[0][k - 1]);
362 mult[i - cip] = yval[0][k - 1] * frac + yval[0][k] * (1 - frac);
363 }
364 i = ((mult[0] * (1 - cfrac) + mult[1] * cfrac) * row + num) * 2;

** CID 1485070: Null pointer dereferences (REVERSE_INULL)
/mnt/devel/GIT/7.x/core/libs/dngwriter/extra/dng_sdk/dng_string.cpp: 2341 in dng_string::Compare(const dng_string&, bool) const()

________________________________________________________________________________________________________
*** CID 1485070: Null pointer dereferences (REVERSE_INULL)
/mnt/devel/GIT/7.x/core/libs/dngwriter/extra/dng_sdk/dng_string.cpp: 2341 in dng_string::Compare(const dng_string&, bool) const()
2335
2336 if (!bPtr)
2337 {
2338 return 1;
2339 }
2340
>>> CID 1485070: Null pointer dereferences (REVERSE_INULL)
>>> Null-checking "aPtr" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
2341 else if (!aPtr)
2342 {
2343 return -1;
2344 }
2345
2346 uint32 a = DecodeUTF8 (aPtr);

** CID 1485069: Control flow issues (MISSING_BREAK)
/mnt/devel/GIT/7.x/core/libs/rawengine/libraw/src/metadata/olympus.cpp: 623 in LibRaw::parseOlympusMakernotes(int, unsigned int, unsigned int, unsigned int, unsigned int)()

________________________________________________________________________________________________________
*** CID 1485069: Control flow issues (MISSING_BREAK)
/mnt/devel/GIT/7.x/core/libs/rawengine/libraw/src/metadata/olympus.cpp: 623 in LibRaw::parseOlympusMakernotes(int, unsigned int, unsigned int, unsigned int, unsigned int)()
617 if (imOly.FocusStepInfinity == 0xffff) imOly.FocusStepInfinity = get2();
618 break;
619 case 0x103c:
620 if (imOly.FocusStepNear == 0xffff) imOly.FocusStepNear = get2();
621 break;
622 case 0x20300108:
>>> CID 1485069: Control flow issues (MISSING_BREAK)
>>> The case for value "540082441U" is not terminated by a "break" statement.
623 case 0x20310109:
624 if (dng_writer == nonDNG) {
625 imOly.ColorSpace = get2();
626 switch (imOly.ColorSpace) {
627 case 0:
628 imCommon.ColorSpace = LIBRAW_COLORSPACE_sRGB;

** CID 1485068: Integer handling issues (DIVIDE_BY_ZERO)
/mnt/devel/GIT/7.x/core/libs/dngwriter/extra/dng_sdk/dng_linearization_info.cpp: 260 in dng_linearize_plane::dng_linearize_plane(dng_host &, dng_linearization_info &, unsigned short, bool, const dng_image &, dng_image &, unsigned int)()

________________________________________________________________________________________________________
*** CID 1485068: Integer handling issues (DIVIDE_BY_ZERO)
/mnt/devel/GIT/7.x/core/libs/dngwriter/extra/dng_sdk/dng_linearization_info.cpp: 260 in dng_linearize_plane::dng_linearize_plane(dng_host &, dng_linearization_info &, unsigned short, bool, const dng_image &, dng_image &, unsigned int)()
254
255 real64 x = 0.0;
256
257 if (fBlack_2D_rows == 0)
258 {
259
>>> CID 1485068: Integer handling issues (DIVIDE_BY_ZERO)
>>> In expression "j % info.fBlackLevelRepeatRows", modulo by expression "info.fBlackLevelRepeatRows" which may be zero has undefined behavior.
260 x = info.fBlackLevel [j % info.fBlackLevelRepeatRows]
261 [0]
262 [plane];
263
264 }
265

** CID 1485067: Low impact quality (MISSING_MOVE_ASSIGNMENT)
/mnt/devel/GIT/7.x/core/libs/dngwriter/extra/dng_sdk/dng_big_table.h: 341 in ()

________________________________________________________________________________________________________
*** CID 1485067: Low impact quality (MISSING_MOVE_ASSIGNMENT)
/mnt/devel/GIT/7.x/core/libs/dngwriter/extra/dng_sdk/dng_big_table.h: 341 in ()
335 bool forFingerprint) const;
336
337 };
338
339 /*****************************************************************************/
340
>>> CID 1485067: Low impact quality (MISSING_MOVE_ASSIGNMENT)
>>> Class "dng_rgb_table" may benefit from adding a move assignment operator. See other events which show the copy assignment operator being applied to rvalues, where a move assignment may be faster.
341 class dng_rgb_table : public dng_big_table
342 {
343
344 friend class dng_rgb_table_cache;
345
346 public:

** CID 1485066: Incorrect expression (DIVIDE_BY_ZERO)

________________________________________________________________________________________________________
*** CID 1485066: Incorrect expression (DIVIDE_BY_ZERO)
/mnt/devel/GIT/7.x/core/libs/dngwriter/extra/dng_sdk/dng_resample.cpp: 628 in dng_resample_task::Start(unsigned int, const dng_rect &, const dng_point &, dng_memory_allocator *, dng_abort_sniffer *)()
622 dng_abort_sniffer *sniffer)
623 {
624
625 // Compute sub-pixel resolution coordinates in the source image for
626 // each row and column of the destination area.
627
>>> CID 1485066: Incorrect expression (DIVIDE_BY_ZERO)
>>> In function call "Initialize", division by expression "this->fDstBounds.H()" which may be zero has undefined behavior.
628 fRowCoords.Initialize (fSrcBounds.t,
629 fDstBounds.t,
630 fSrcBounds.H (),
631 fDstBounds.H (),
632 *allocator);
633

** CID 1485065: Insecure data handling (TAINTED_SCALAR)
/mnt/devel/GIT/7.x/core/libs/rawengine/libraw/src/decoders/decoders_dcraw.cpp: 805 in LibRaw::pentax_load_raw()()

________________________________________________________________________________________________________
*** CID 1485065: Insecure data handling (TAINTED_SCALAR)
/mnt/devel/GIT/7.x/core/libs/rawengine/libraw/src/decoders/decoders_dcraw.cpp: 805 in LibRaw::pentax_load_raw()()
799 fseek(ifp, meta_offset, SEEK_SET);
800 dep = (get2() + 12) & 15;
801 fseek(ifp, 12, SEEK_CUR);
802 FORC(dep) bit[0][c] = get2();
803 FORC(dep) bit[1][c] = fgetc(ifp);
804 FORC(dep)
>>> CID 1485065: Insecure data handling (TAINTED_SCALAR)
>>> Using tainted variable "i" as a loop boundary.
805 for (i = bit[0][c]; i <= ((bit[0][c] + (4096 >> bit[1][c]) - 1) & 4095);)
806 huff[++i] = bit[1][c] << 8 | c;
807 huff[0] = 12;
808 fseek(ifp, data_offset, SEEK_SET);
809 getbits(-1);
810 for (row = 0; row < raw_height; row++)

** CID 1485064: Null pointer dereferences (FORWARD_NULL)

________________________________________________________________________________________________________
*** CID 1485064: Null pointer dereferences (FORWARD_NULL)
/mnt/devel/GIT/7.x/core/libs/widgets/metadata/exiftool/exiftoolwidget.cpp: 230 in Digikam::ExifToolWidget::metadataToText() const()
224
225 int j = 0;
226 QTreeWidgetItem* item2 = nullptr;
227
228 do
229 {
>>> CID 1485064: Null pointer dereferences (FORWARD_NULL)
>>> Passing null pointer "dynamic_cast <QTreeWidgetItem *>(lvItem)" to "child", which dereferences it.
230 item2 = dynamic_cast<QTreeWidgetItem*>(lvItem)->child(j);
231
232 if (item2)
233 {
234 ExifToolListViewItem* const lvItem2 = dynamic_cast<ExifToolListViewItem*>(item2);
235

** CID 1485063: Insecure data handling (TAINTED_SCALAR)

________________________________________________________________________________________________________
*** CID 1485063: Insecure data handling (TAINTED_SCALAR)
/mnt/devel/GIT/7.x/core/libs/rawengine/libraw/src/decoders/smal.cpp: 176 in LibRaw::smal_v9_load_raw()()
170 fseek(ifp, 78, SEEK_SET);
171 holes = fgetc(ifp);
172 fseek(ifp, 88, SEEK_SET);
173 seg[nseg][0] = raw_height * raw_width;
174 seg[nseg][1] = get4() + data_offset;
175 for (i = 0; i < nseg; i++)
>>> CID 1485063: Insecure data handling (TAINTED_SCALAR)
>>> Passing tainted expression "seg" to "smal_decode_segment", which uses it as a loop boundary.
176 smal_decode_segment(seg + i, holes);
177 if (holes)
178 fill_holes(holes);
179 }
180

** CID 1485062: Integer handling issues (BAD_SHIFT)
/mnt/devel/GIT/7.x/core/libs/rawengine/libraw/src/decoders/crx.cpp: 1116 in crxDecodeLineWithIQuantization(CrxSubband *, CrxQStep *)()

________________________________________________________________________________________________________
*** CID 1485062: Integer handling issues (BAD_SHIFT)
/mnt/devel/GIT/7.x/core/libs/rawengine/libraw/src/decoders/crx.cpp: 1116 in crxDecodeLineWithIQuantization(CrxSubband *, CrxQStep *)()
1110 }
1111 else
1112 {
1113 // prev. version
1114 int32_t qScale = q_step_tbl[band->qParam % 6] >> (6 - band->qParam / 6);
1115 if (band->qParam / 6 >= 6)
>>> CID 1485062: Integer handling issues (BAD_SHIFT)
>>> In expression "1 << band->qParam / 6 + 26", left shifting by more than 31 bits has undefined behavior. The shift amount, "band->qParam / 6 + 26", is at least 32.
1116 qScale = q_step_tbl[band->qParam % 6] * (1 << (band->qParam / 6 + 26));
1117
1118 if (qScale != 1)
1119 for (int32_t i = 0; i < band->width; ++i)
1120 bandBuf[i] *= qScale;
1121 }

** CID 1485061: Null pointer dereferences (FORWARD_NULL)

________________________________________________________________________________________________________
*** CID 1485061: Null pointer dereferences (FORWARD_NULL)
/mnt/devel/GIT/7.x/core/libs/dngwriter/extra/xmp_sdk/XMPCore/source/XMPMeta-GetSet.cpp: 977 in XMPMeta::SetLocalizedText(const char *, const char *, const char *, const char *, const char *, unsigned int)()
971 SetNodeValue ( itemNode, itemValue ); // ! Do this after the x-default check!
972 } else {
973 // Update all items whose values match the old x-default value.
974 XMP_Assert ( xdItem != NULL && haveXDefault && (xdItem == itemNode) );
975 for ( itemNum = 0, itemLim = arrayNode->children.size(); itemNum < itemLim; ++itemNum ) {
976 XMP_Node * currItem = arrayNode->children[itemNum];
>>> CID 1485061: Null pointer dereferences (FORWARD_NULL)
>>> Passing null pointer "xdItem->value" to "operator !=", which dereferences it.
977 if ( (currItem == xdItem) || (currItem->value != xdItem->value) ) continue;
978 SetNodeValue ( currItem, itemValue );
979 }
980 SetNodeValue ( xdItem, itemValue ); // And finally do the x-default item.
981 }
982 break;

** CID 1485060: (UNINIT)

________________________________________________________________________________________________________
*** CID 1485060: (UNINIT)
/mnt/devel/GIT/7.x/core/libs/database/history/itemhistorygraph_boost.h: 1422 in Digikam::Graph<Digikam::HistoryVertexProperties, Digikam::HistoryEdgeProperties>::GraphSearch::depthFirstSearch<boost::adjacency_list<boost::vecS, boost::vecS, boost::bidirectionalS, boost::property<boost::vertex_index_t, int, boost::property<vertex_properties_t, Digikam::HistoryVertexProperties, boost::no_property>>, boost::property<edge_properties_t, Digikam::HistoryEdgeProperties, boost::no_property>, boost::no_property, boost::listS>>(const T1 &, const Digikam::Graph<Digikam::HistoryVertexProperties, Digikam::HistoryEdgeProperties>::Vertex &, bool)()
1416 if (invertGraph)
1417 {
1418 boost::depth_first_search(boost::make_reverse_graph(graph), visitor(vis).root_vertex(v));
1419 }
1420 else
1421 {
>>> CID 1485060: (UNINIT)
>>> Using uninitialized value "vis". Field "vis.m_vis" is uninitialized when calling "visitor".
1422 boost::depth_first_search(graph, visitor(vis).root_vertex(v));
1423 }
1424 }
1425 catch (boost::bad_graph& e)
1426 {
1427 qCDebug(DIGIKAM_DATABASE_LOG) << e.what();
/mnt/devel/GIT/7.x/core/libs/database/history/itemhistorygraph_boost.h: 1418 in Digikam::Graph<Digikam::HistoryVertexProperties, Digikam::HistoryEdgeProperties>::GraphSearch::depthFirstSearch<boost::adjacency_list<boost::vecS, boost::vecS, boost::bidirectionalS, boost::property<boost::vertex_index_t, int, boost::property<vertex_properties_t, Digikam::HistoryVertexProperties, boost::no_property>>, boost::property<edge_properties_t, Digikam::HistoryEdgeProperties, boost::no_property>, boost::no_property, boost::listS>>(const T1 &, const Digikam::Graph<Digikam::HistoryVertexProperties, Digikam::HistoryEdgeProperties>::Vertex &, bool)()
1412 DepthFirstSearchVisitor vis(this);
1413
1414 try
1415 {
1416 if (invertGraph)
1417 {
>>> CID 1485060: (UNINIT)
>>> Using uninitialized value "vis". Field "vis.m_vis" is uninitialized when calling "visitor".
1418 boost::depth_first_search(boost::make_reverse_graph(graph), visitor(vis).root_vertex(v));
1419 }
1420 else
1421 {
1422 boost::depth_first_search(graph, visitor(vis).root_vertex(v));
1423 }

** CID 1485059: Incorrect expression (DIVIDE_BY_ZERO)

________________________________________________________________________________________________________
*** CID 1485059: Incorrect expression (DIVIDE_BY_ZERO)
/mnt/devel/GIT/7.x/core/libs/dngwriter/extra/dng_sdk/dng_resample.cpp: 634 in dng_resample_task::Start(unsigned int, const dng_rect &, const dng_point &, dng_memory_allocator *, dng_abort_sniffer *)()
628 fRowCoords.Initialize (fSrcBounds.t,
629 fDstBounds.t,
630 fSrcBounds.H (),
631 fDstBounds.H (),
632 *allocator);
633
>>> CID 1485059: Incorrect expression (DIVIDE_BY_ZERO)
>>> In function call "Initialize", division by expression "this->fDstBounds.W()" which may be zero has undefined behavior.
634 fColCoords.Initialize (fSrcBounds.l,
635 fDstBounds.l,
636 fSrcBounds.W (),
637 fDstBounds.W (),
638 *allocator);
639

** CID 1485058: Resource leaks (RESOURCE_LEAK)
/mnt/devel/GIT/7.x/core/libs/album/treeview/albumlabelssearchhandler.cpp: 519 in Digikam::AlbumLabelsSearchHandler::slotCheckStateChanged()()

________________________________________________________________________________________________________
*** CID 1485058: Resource leaks (RESOURCE_LEAK)
/mnt/devel/GIT/7.x/core/libs/album/treeview/albumlabelssearchhandler.cpp: 519 in Digikam::AlbumLabelsSearchHandler::slotCheckStateChanged()()
513 }
514
515 emit checkStateChanged(album, Qt::Checked);
516 }
517
518 d->oldXml = currentXml;
>>> CID 1485058: Resource leaks (RESOURCE_LEAK)
>>> Variable "album" going out of scope leaks the storage it points to.
519 }
520
521 void AlbumLabelsSearchHandler::slotSetCurrentAlbum()
522 {
523 slotSelectionChanged();
524 }

** CID 1485057: Integer handling issues (BAD_SHIFT)
/mnt/devel/GIT/7.x/core/libs/rawengine/libraw/src/decoders/crx.cpp: 2114 in crxMakeQStep(CrxImage *, CrxTile *, int *, unsigned int)()

________________________________________________________________________________________________________
*** CID 1485057: Integer handling issues (BAD_SHIFT)
/mnt/devel/GIT/7.x/core/libs/rawengine/libraw/src/decoders/crx.cpp: 2114 in crxMakeQStep(CrxImage *, CrxTile *, int *, unsigned int)()
2108 qStep->qStepTbl = qStepTbl;
2109 qStep->width = qpWidth;
2110 qStep->height = qpHeight;
2111 for (int qpRow = 0; qpRow < qpHeight; ++qpRow)
2112 for (int qpCol = 0; qpCol < qpWidth; ++qpCol, ++qStepTbl, ++qpTable)
2113 if (*qpTable / 6 >= 6)
>>> CID 1485057: Integer handling issues (BAD_SHIFT)
>>> In expression "1 << *qpTable / 6 + 26", left shifting by more than 31 bits has undefined behavior. The shift amount, "*qpTable / 6 + 26", is at least 32.
2114 *qStepTbl = q_step_tbl[*qpTable % 6] * (1 << (*qpTable / 6 + 26));
2115 else
2116 *qStepTbl = q_step_tbl[*qpTable % 6] >> (6 - *qpTable / 6);
2117
2118 break;
2119 }

** CID 1485055: Integer handling issues (DIVIDE_BY_ZERO)
/mnt/devel/GIT/7.x/core/libs/dngwriter/extra/dng_sdk/dng_jpeg_image.cpp: 119 in dng_jpeg_image_encode_task::Process(unsigned int, const dng_rect &, dng_abort_sniffer *)()

________________________________________________________________________________________________________
*** CID 1485055: Integer handling issues (DIVIDE_BY_ZERO)
/mnt/devel/GIT/7.x/core/libs/dngwriter/extra/dng_sdk/dng_jpeg_image.cpp: 119 in dng_jpeg_image_encode_task::Process(unsigned int, const dng_rect &, dng_abort_sniffer *)()
113 {
114 return;
115 }
116
117 dng_abort_sniffer::SniffForAbort (sniffer);
118
>>> CID 1485055: Integer handling issues (DIVIDE_BY_ZERO)
>>> In expression "tileIndex / tilesAcross", division by expression "tilesAcross" which may be zero has undefined behavior.
119 uint32 rowIndex = tileIndex / tilesAcross;
120 uint32 colIndex = tileIndex % tilesAcross;
121
122 dng_rect tileArea = fIFD.TileArea (rowIndex, colIndex);
123
124 dng_memory_stream stream (fHost.Allocator ());

** CID 1485054: Uninitialized members (UNINIT_CTOR)
/mnt/devel/GIT/7.x/core/libs/dngwriter/extra/xmp_sdk/XMPCore/source/ExpatAdapter.cpp: 112 in ExpatAdapter::ExpatAdapter(bool)()

________________________________________________________________________________________________________
*** CID 1485054: Uninitialized members (UNINIT_CTOR)
/mnt/devel/GIT/7.x/core/libs/dngwriter/extra/xmp_sdk/XMPCore/source/ExpatAdapter.cpp: 112 in ExpatAdapter::ExpatAdapter(bool)()
106 XML_SetStartDoctypeDeclHandler ( this->parser, StartDoctypeDeclHandler );
107 isAborted = false;
108 #endif
109
110 this->parseStack.push_back ( &this->tree ); // Push the XML root node.
111 }
>>> CID 1485054: Uninitialized members (UNINIT_CTOR)
>>> Non-static class member "isAborted" is not initialized in this constructor nor in any functions that it calls.
112 } // ExpatAdapter::ExpatAdapter
113
114 // =================================================================================================
115
116 ExpatAdapter::~ExpatAdapter()
117 {

** CID 1485053: Null pointer dereferences (FORWARD_NULL)

________________________________________________________________________________________________________
*** CID 1485053: Null pointer dereferences (FORWARD_NULL)
/mnt/devel/GIT/7.x/core/libs/dngwriter/extra/dng_sdk/dng_validate.cpp: 455 in dng_validate(const char *)()
449
450 if (!useCompressedPreview)
451 {
452
453 dng_image_preview *imagePreview = dynamic_cast<dng_image_preview *> (preview.Get ());
454
>>> CID 1485053: Null pointer dereferences (FORWARD_NULL)
>>> Passing null pointer "imagePreview->fImage" to "Reset", which dereferences it.
455 imagePreview->fImage.Reset (previewImage.Release ());
456
457 }
458
459 else
460 {

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp2OAl-2Fauo86CB28HCT0-2BnD-2F6eFMYt863B1-2B0FLvU5y-2FRWSl8rMA4vGwCkGPp0f1hg-3D9PqR_IpEMwFcbl-2BY9RHaL2m6a3nuAxB4hfm4MTniX0gHjADURpWS8SUSiHPBNy5kgHXnWJ0U5J0zH0IQOb-2FUbcjNOfwWaCrNIcadph4hXYc0Xqlbwt6ahuwtLt4QM2th47pTC1rKkavJcVh9qwcQr-2FhlsN4kfaC0xLRojmp8eW6WTiSIeawX1f-2BLljKe8JznvRn3d9aeiHtL53dx-2BRgWHeY4LTQ-3D-3D