digiKam - New Defects reported by Coverity Scan for digiKam

New Defects reported by Coverity Scan for digiKam

Posted by scan-admin on
URL: http://digikam.185.s1.nabble.com/New-Defects-reported-by-Coverity-Scan-for-digiKam-tp4716877.html

Hi,

Please find the latest report on new defect(s) introduced to digiKam found with Coverity Scan.

75 new defect(s) introduced to digiKam found with Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 20 of 75 defect(s)

** CID 1485073: Error handling issues (CHECKED_RETURN)
/mnt/devel/GIT/7.x/core/tests/metadataengine/exiftool/exiftoolexport_cli.cpp: 94 in main()

________________________________________________________________________________________________________
*** CID 1485073: Error handling issues (CHECKED_RETURN)
/mnt/devel/GIT/7.x/core/tests/metadataengine/exiftool/exiftoolexport_cli.cpp: 94 in main()
88 {
89 qDebug() << "EXV chunk size" << exv.size();
90 meta.loadFromData(exv);
91 }
92
93 QFile ef(QLatin1String("output.exv"));
>>> CID 1485073: Error handling issues (CHECKED_RETURN)
>>> Calling "open" without checking return value (as is done elsewhere 50 out of 51 times).
94 ef.open(QIODevice::WriteOnly);
95 ef.write(exv);
96 ef.close();
97
98 DImg file(1, 1, false);
99 file.setMetadata(meta.data());
100 file.save(QLatin1String("output.jpg"), DImg::JPEG);
101
102 return 0;

** CID 1485072: (INVALIDATE_ITERATOR)
/mnt/devel/GIT/7.x/core/libs/dngwriter/extra/xmp_sdk/XMPCore/source/XMPUtils-FileInfo.cpp: 813 in AppendSubtree(const XMP_Node *, XMP_Node *, bool, bool, bool)()
/mnt/devel/GIT/7.x/core/libs/dngwriter/extra/xmp_sdk/XMPCore/source/XMPUtils-FileInfo.cpp: 787 in AppendSubtree(const XMP_Node *, XMP_Node *, bool, bool, bool)()

________________________________________________________________________________________________________
*** CID 1485072: (INVALIDATE_ITERATOR)
/mnt/devel/GIT/7.x/core/libs/dngwriter/extra/xmp_sdk/XMPCore/source/XMPUtils-FileInfo.cpp: 813 in AppendSubtree(const XMP_Node *, XMP_Node *, bool, bool, bool)()
807
808 if ( deleteEmpty && (destIndex != -1) ) {
809 delete ( destNode->children[destIndex] );
810 destNode->children.erase ( destNode->children.begin() + destIndex );
811 if ( destNode->children.empty() ) {
812 delete ( destNode );
>>> CID 1485072: (INVALIDATE_ITERATOR)
>>> Using invalid iterator "destPos".
813 destParent->children.erase ( destPos );
814 }
815 }
816
817 } else {
818
/mnt/devel/GIT/7.x/core/libs/dngwriter/extra/xmp_sdk/XMPCore/source/XMPUtils-FileInfo.cpp: 787 in AppendSubtree(const XMP_Node *, XMP_Node *, bool, bool, bool)()
781
782 for ( size_t sourceNum = 0, sourceLim = sourceNode->children.size(); sourceNum != sourceLim && destNode!= NULL; ++sourceNum ) {
783 const XMP_Node * sourceField = sourceNode->children[sourceNum];
784 AppendSubtree ( sourceField, destNode, mergeCompound, replaceOld, deleteEmpty );
785 if ( deleteEmpty && destNode->children.empty() ) {
786 delete ( destNode );
>>> CID 1485072: (INVALIDATE_ITERATOR)
>>> Using invalid iterator "destPos".
787 destParent->children.erase ( destPos );
788 }
789 }
790
791 } else if ( sourceForm & kXMP_PropArrayIsAltText ) {
792

** CID 1485071: (TAINTED_SCALAR)
/mnt/devel/GIT/7.x/core/libs/rawengine/libraw/src/decoders/load_mfbacks.cpp: 359 in LibRaw::phase_one_correct()()
/mnt/devel/GIT/7.x/core/libs/rawengine/libraw/src/decoders/load_mfbacks.cpp: 359 in LibRaw::phase_one_correct()()
/mnt/devel/GIT/7.x/core/libs/rawengine/libraw/src/decoders/load_mfbacks.cpp: 359 in LibRaw::phase_one_correct()()
/mnt/devel/GIT/7.x/core/libs/rawengine/libraw/src/decoders/load_mfbacks.cpp: 359 in LibRaw::phase_one_correct()()
/mnt/devel/GIT/7.x/core/libs/rawengine/libraw/src/decoders/load_mfbacks.cpp: 359 in LibRaw::phase_one_correct()()
/mnt/devel/GIT/7.x/core/libs/rawengine/libraw/src/decoders/load_mfbacks.cpp: 359 in LibRaw::phase_one_correct()()
/mnt/devel/GIT/7.x/core/libs/rawengine/libraw/src/decoders/load_mfbacks.cpp: 359 in LibRaw::phase_one_correct()()
/mnt/devel/GIT/7.x/core/libs/rawengine/libraw/src/decoders/load_mfbacks.cpp: 241 in LibRaw::phase_one_correct()()
/mnt/devel/GIT/7.x/core/libs/rawengine/libraw/src/decoders/load_mfbacks.cpp: 359 in LibRaw::phase_one_correct()()
/mnt/devel/GIT/7.x/core/libs/rawengine/libraw/src/decoders/load_mfbacks.cpp: 359 in LibRaw::phase_one_correct()()

________________________________________________________________________________________________________
*** CID 1485071: (TAINTED_SCALAR)
/mnt/devel/GIT/7.x/core/libs/rawengine/libraw/src/decoders/load_mfbacks.cpp: 359 in LibRaw::phase_one_correct()()
353 num = RAW(row, col) * 0.5;
354 for (i = cip; i < cip + 2; i++)
355 {
356 for (k = j = 0; j < head[1]; j++)
357 if (num < xval[0][k = head[1] * i + j])
358 break;
>>> CID 1485071: (TAINTED_SCALAR)
>>> Using tainted expression "xval[0][k] - xval[0][k - 1]" as the divisor in "(xval[0][k] - num) / (xval[0][k] - xval[0][k - 1])".
359 frac = (j == 0 || j == head[1])
360 ? 0
361 : (xval[0][k] - num) / (xval[0][k] - xval[0][k - 1]);
362 mult[i - cip] = yval[0][k - 1] * frac + yval[0][k] * (1 - frac);
363 }
364 i = ((mult[0] * (1 - cfrac) + mult[1] * cfrac) * row + num) * 2;
/mnt/devel/GIT/7.x/core/libs/rawengine/libraw/src/decoders/load_mfbacks.cpp: 359 in LibRaw::phase_one_correct()()
353 num = RAW(row, col) * 0.5;
354 for (i = cip; i < cip + 2; i++)
355 {
356 for (k = j = 0; j < head[1]; j++)
357 if (num < xval[0][k = head[1] * i + j])
358 break;
>>> CID 1485071: (TAINTED_SCALAR)
>>> Using tainted expression "xval[0][k] - xval[0][k - 1]" as the divisor in "(xval[0][k] - num) / (xval[0][k] - xval[0][k - 1])".
359 frac = (j == 0 || j == head[1])
360 ? 0
361 : (xval[0][k] - num) / (xval[0][k] - xval[0][k - 1]);
362 mult[i - cip] = yval[0][k - 1] * frac + yval[0][k] * (1 - frac);
363 }
364 i = ((mult[0] * (1 - cfrac) + mult[1] * cfrac) * row + num) * 2;
/mnt/devel/GIT/7.x/core/libs/rawengine/libraw/src/decoders/load_mfbacks.cpp: 359 in LibRaw::phase_one_correct()()
353 num = RAW(row, col) * 0.5;
354 for (i = cip; i < cip + 2; i++)
355 {
356 for (k = j = 0; j < head[1]; j++)
357 if (num < xval[0][k = head[1] * i + j])
358 break;
>>> CID 1485071: (TAINTED_SCALAR)
>>> Using tainted expression "xval[0][k] - xval[0][k - 1]" as the divisor in "(xval[0][k] - num) / (xval[0][k] - xval[0][k - 1])".
359 frac = (j == 0 || j == head[1])
360 ? 0
361 : (xval[0][k] - num) / (xval[0][k] - xval[0][k - 1]);
362 mult[i - cip] = yval[0][k - 1] * frac + yval[0][k] * (1 - frac);
363 }
364 i = ((mult[0] * (1 - cfrac) + mult[1] * cfrac) * row + num) * 2;
/mnt/devel/GIT/7.x/core/libs/rawengine/libraw/src/decoders/load_mfbacks.cpp: 359 in LibRaw::phase_one_correct()()
353 num = RAW(row, col) * 0.5;
354 for (i = cip; i < cip + 2; i++)
355 {
356 for (k = j = 0; j < head[1]; j++)
357 if (num < xval[0][k = head[1] * i + j])
358 break;
>>> CID 1485071: (TAINTED_SCALAR)
>>> Using tainted expression "xval[0][k] - xval[0][k - 1]" as the divisor in "(xval[0][k] - num) / (xval[0][k] - xval[0][k - 1])".
359 frac = (j == 0 || j == head[1])
360 ? 0
361 : (xval[0][k] - num) / (xval[0][k] - xval[0][k - 1]);
362 mult[i - cip] = yval[0][k - 1] * frac + yval[0][k] * (1 - frac);
363 }
364 i = ((mult[0] * (1 - cfrac) + mult[1] * cfrac) * row + num) * 2;
/mnt/devel/GIT/7.x/core/libs/rawengine/libraw/src/decoders/load_mfbacks.cpp: 359 in LibRaw::phase_one_correct()()
353 num = RAW(row, col) * 0.5;
354 for (i = cip; i < cip + 2; i++)
355 {
356 for (k = j = 0; j < head[1]; j++)
357 if (num < xval[0][k = head[1] * i + j])
358 break;
>>> CID 1485071: (TAINTED_SCALAR)
>>> Using tainted expression "xval[0][k] - xval[0][k - 1]" as the divisor in "(xval[0][k] - num) / (xval[0][k] - xval[0][k - 1])".
359 frac = (j == 0 || j == head[1])
360 ? 0
361 : (xval[0][k] - num) / (xval[0][k] - xval[0][k - 1]);
362 mult[i - cip] = yval[0][k - 1] * frac + yval[0][k] * (1 - frac);
363 }
364 i = ((mult[0] * (1 - cfrac) + mult[1] * cfrac) * row + num) * 2;
/mnt/devel/GIT/7.x/core/libs/rawengine/libraw/src/decoders/load_mfbacks.cpp: 359 in LibRaw::phase_one_correct()()
353 num = RAW(row, col) * 0.5;
354 for (i = cip; i < cip + 2; i++)
355 {
356 for (k = j = 0; j < head[1]; j++)
357 if (num < xval[0][k = head[1] * i + j])
358 break;
>>> CID 1485071: (TAINTED_SCALAR)
>>> Using tainted expression "xval[0][k] - xval[0][k - 1]" as the divisor in "(xval[0][k] - num) / (xval[0][k] - xval[0][k - 1])".
359 frac = (j == 0 || j == head[1])
360 ? 0
361 : (xval[0][k] - num) / (xval[0][k] - xval[0][k - 1]);
362 mult[i - cip] = yval[0][k - 1] * frac + yval[0][k] * (1 - frac);
363 }
364 i = ((mult[0] * (1 - cfrac) + mult[1] * cfrac) * row + num) * 2;
/mnt/devel/GIT/7.x/core/libs/rawengine/libraw/src/decoders/load_mfbacks.cpp: 359 in LibRaw::phase_one_correct()()
353 num = RAW(row, col) * 0.5;
354 for (i = cip; i < cip + 2; i++)
355 {
356 for (k = j = 0; j < head[1]; j++)
357 if (num < xval[0][k = head[1] * i + j])
358 break;
>>> CID 1485071: (TAINTED_SCALAR)
>>> Using tainted expression "xval[0][k] - xval[0][k - 1]" as the divisor in "(xval[0][k] - num) / (xval[0][k] - xval[0][k - 1])".
359 frac = (j == 0 || j == head[1])
360 ? 0
361 : (xval[0][k] - num) / (xval[0][k] - xval[0][k - 1]);
362 mult[i - cip] = yval[0][k - 1] * frac + yval[0][k] * (1 - frac);
363 }
364 i = ((mult[0] * (1 - cfrac) + mult[1] * cfrac) * row + num) * 2;
/mnt/devel/GIT/7.x/core/libs/rawengine/libraw/src/decoders/load_mfbacks.cpp: 241 in LibRaw::phase_one_correct()()
235 for (i = 0; i < 16; i++)
236 {
237 cx[1 + i] = lc[qr][qc][i];
238 cf[1 + i] = ref[i];
239 }
240 cx[0] = cf[0] = 0;
>>> CID 1485071: (TAINTED_SCALAR)
>>> Using tainted expression "lc[qr][qc][15]" as the divisor in "(unsigned int)ref[15] * 65535U / lc[qr][qc][15]".
241 cx[17] = cf[17] = ((unsigned int)ref[15] * 65535) / lc[qr][qc][15];
242 cf[18] = cx[18] = 65535;
243 cubic_spline(cx, cf, 19);
244
245 for (row = (qr ? ph1.split_row : 0);
246 row < unsigned(qr ? raw_height : ph1.split_row); row++)
/mnt/devel/GIT/7.x/core/libs/rawengine/libraw/src/decoders/load_mfbacks.cpp: 359 in LibRaw::phase_one_correct()()
353 num = RAW(row, col) * 0.5;
354 for (i = cip; i < cip + 2; i++)
355 {
356 for (k = j = 0; j < head[1]; j++)
357 if (num < xval[0][k = head[1] * i + j])
358 break;
>>> CID 1485071: (TAINTED_SCALAR)
>>> Using tainted expression "xval[0][k] - xval[0][k - 1]" as the divisor in "(xval[0][k] - num) / (xval[0][k] - xval[0][k - 1])".
359 frac = (j == 0 || j == head[1])
360 ? 0
361 : (xval[0][k] - num) / (xval[0][k] - xval[0][k - 1]);
362 mult[i - cip] = yval[0][k - 1] * frac + yval[0][k] * (1 - frac);
363 }
364 i = ((mult[0] * (1 - cfrac) + mult[1] * cfrac) * row + num) * 2;
/mnt/devel/GIT/7.x/core/libs/rawengine/libraw/src/decoders/load_mfbacks.cpp: 359 in LibRaw::phase_one_correct()()
353 num = RAW(row, col) * 0.5;
354 for (i = cip; i < cip + 2; i++)
355 {
356 for (k = j = 0; j < head[1]; j++)
357 if (num < xval[0][k = head[1] * i + j])
358 break;
>>> CID 1485071: (TAINTED_SCALAR)
>>> Using tainted expression "xval[0][k] - xval[0][k - 1]" as the divisor in "(xval[0][k] - num) / (xval[0][k] - xval[0][k - 1])".
359 frac = (j == 0 || j == head[1])
360 ? 0
361 : (xval[0][k] - num) / (xval[0][k] - xval[0][k - 1]);
362 mult[i - cip] = yval[0][k - 1] * frac + yval[0][k] * (1 - frac);
363 }
364 i = ((mult[0] * (1 - cfrac) + mult[1] * cfrac) * row + num) * 2;

** CID 1485070: Null pointer dereferences (REVERSE_INULL)
/mnt/devel/GIT/7.x/core/libs/dngwriter/extra/dng_sdk/dng_string.cpp: 2341 in dng_string::Compare(const dng_string&, bool) const()

________________________________________________________________________________________________________
*** CID 1485070: Null pointer dereferences (REVERSE_INULL)
/mnt/devel/GIT/7.x/core/libs/dngwriter/extra/dng_sdk/dng_string.cpp: 2341 in dng_string::Compare(const dng_string&, bool) const()
2335
2336 if (!bPtr)
2337 {
2338 return 1;
2339 }
2340
>>> CID 1485070: Null pointer dereferences (REVERSE_INULL)
>>> Null-checking "aPtr" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
2341 else if (!aPtr)
2342 {
2343 return -1;
2344 }
2345
2346 uint32 a = DecodeUTF8 (aPtr);

** CID 1485069: Control flow issues (MISSING_BREAK)
/mnt/devel/GIT/7.x/core/libs/rawengine/libraw/src/metadata/olympus.cpp: 623 in LibRaw::parseOlympusMakernotes(int, unsigned int, unsigned int, unsigned int, unsigned int)()

________________________________________________________________________________________________________
*** CID 1485069: Control flow issues (MISSING_BREAK)
/mnt/devel/GIT/7.x/core/libs/rawengine/libraw/src/metadata/olympus.cpp: 623 in LibRaw::parseOlympusMakernotes(int, unsigned int, unsigned int, unsigned int, unsigned int)()
617 if (imOly.FocusStepInfinity == 0xffff) imOly.FocusStepInfinity = get2();
618 break;
619 case 0x103c:
620 if (imOly.FocusStepNear == 0xffff) imOly.FocusStepNear = get2();
621 break;
622 case 0x20300108:
>>> CID 1485069: Control flow issues (MISSING_BREAK)
>>> The case for value "540082441U" is not terminated by a "break" statement.
623 case 0x20310109:
624 if (dng_writer == nonDNG) {
625 imOly.ColorSpace = get2();
626 switch (imOly.ColorSpace) {
627 case 0:
628 imCommon.ColorSpace = LIBRAW_COLORSPACE_sRGB;

** CID 1485068: Integer handling issues (DIVIDE_BY_ZERO)
/mnt/devel/GIT/7.x/core/libs/dngwriter/extra/dng_sdk/dng_linearization_info.cpp: 260 in dng_linearize_plane::dng_linearize_plane(dng_host &, dng_linearization_info &, unsigned short, bool, const dng_image &, dng_image &, unsigned int)()

________________________________________________________________________________________________________
*** CID 1485068: Integer handling issues (DIVIDE_BY_ZERO)
/mnt/devel/GIT/7.x/core/libs/dngwriter/extra/dng_sdk/dng_linearization_info.cpp: 260 in dng_linearize_plane::dng_linearize_plane(dng_host &, dng_linearization_info &, unsigned short, bool, const dng_image &, dng_image &, unsigned int)()
254
255 real64 x = 0.0;
256
257 if (fBlack_2D_rows == 0)
258 {
259
>>> CID 1485068: Integer handling issues (DIVIDE_BY_ZERO)
>>> In expression "j % info.fBlackLevelRepeatRows", modulo by expression "info.fBlackLevelRepeatRows" which may be zero has undefined behavior.
260 x = info.fBlackLevel [j % info.fBlackLevelRepeatRows]
261 [0]
262 [plane];
263
264 }
265

** CID 1485067: Low impact quality (MISSING_MOVE_ASSIGNMENT)
/mnt/devel/GIT/7.x/core/libs/dngwriter/extra/dng_sdk/dng_big_table.h: 341 in ()

________________________________________________________________________________________________________
*** CID 1485067: Low impact quality (MISSING_MOVE_ASSIGNMENT)
/mnt/devel/GIT/7.x/core/libs/dngwriter/extra/dng_sdk/dng_big_table.h: 341 in ()
335 bool forFingerprint) const;
336
337 };
338
339 /*****************************************************************************/
340
>>> CID 1485067: Low impact quality (MISSING_MOVE_ASSIGNMENT)
>>> Class "dng_rgb_table" may benefit from adding a move assignment operator. See other events which show the copy assignment operator being applied to rvalues, where a move assignment may be faster.
341 class dng_rgb_table : public dng_big_table
342 {
343
344 friend class dng_rgb_table_cache;
345
346 public:

** CID 1485066: Incorrect expression (DIVIDE_BY_ZERO)

________________________________________________________________________________________________________
*** CID 1485066: Incorrect expression (DIVIDE_BY_ZERO)
/mnt/devel/GIT/7.x/core/libs/dngwriter/extra/dng_sdk/dng_resample.cpp: 628 in dng_resample_task::Start(unsigned int, const dng_rect &, const dng_point &, dng_memory_allocator *, dng_abort_sniffer *)()
622 dng_abort_sniffer *sniffer)
623 {
624
625 // Compute sub-pixel resolution coordinates in the source image for
626 // each row and column of the destination area.
627
>>> CID 1485066: Incorrect expression (DIVIDE_BY_ZERO)
>>> In function call "Initialize", division by expression "this->fDstBounds.H()" which may be zero has undefined behavior.
628 fRowCoords.Initialize (fSrcBounds.t,
629 fDstBounds.t,
630 fSrcBounds.H (),
631 fDstBounds.H (),
632 *allocator);
633

** CID 1485065: Insecure data handling (TAINTED_SCALAR)
/mnt/devel/GIT/7.x/core/libs/rawengine/libraw/src/decoders/decoders_dcraw.cpp: 805 in LibRaw::pentax_load_raw()()

________________________________________________________________________________________________________
*** CID 1485065: Insecure data handling (TAINTED_SCALAR)
/mnt/devel/GIT/7.x/core/libs/rawengine/libraw/src/decoders/decoders_dcraw.cpp: 805 in LibRaw::pentax_load_raw()()
799 fseek(ifp, meta_offset, SEEK_SET);
800 dep = (get2() + 12) & 15;
801 fseek(ifp, 12, SEEK_CUR);
802 FORC(dep) bit[0][c] = get2();
803 FORC(dep) bit[1][c] = fgetc(ifp);
804 FORC(dep)
>>> CID 1485065: Insecure data handling (TAINTED_SCALAR)
>>> Using tainted variable "i" as a loop boundary.
805 for (i = bit[0][c]; i <= ((bit[0][c] + (4096 >> bit[1][c]) - 1) & 4095);)
806 huff[++i] = bit[1][c] << 8 | c;
807 huff[0] = 12;
808 fseek(ifp, data_offset, SEEK_SET);
809 getbits(-1);
810 for (row = 0; row < raw_height; row++)

** CID 1485064: Null pointer dereferences (FORWARD_NULL)

________________________________________________________________________________________________________
*** CID 1485064: Null pointer dereferences (FORWARD_NULL)
/mnt/devel/GIT/7.x/core/libs/widgets/metadata/exiftool/exiftoolwidget.cpp: 230 in Digikam::ExifToolWidget::metadataToText() const()
224
225 int j = 0;
226 QTreeWidgetItem* item2 = nullptr;
227
228 do
229 {
>>> CID 1485064: Null pointer dereferences (FORWARD_NULL)
>>> Passing null pointer "dynamic_cast <QTreeWidgetItem *>(lvItem)" to "child", which dereferences it.
230 item2 = dynamic_cast<QTreeWidgetItem*>(lvItem)->child(j);
231
232 if (item2)
233 {
234 ExifToolListViewItem* const lvItem2 = dynamic_cast<ExifToolListViewItem*>(item2);
235

** CID 1485063: Insecure data handling (TAINTED_SCALAR)

________________________________________________________________________________________________________
*** CID 1485063: Insecure data handling (TAINTED_SCALAR)
/mnt/devel/GIT/7.x/core/libs/rawengine/libraw/src/decoders/smal.cpp: 176 in LibRaw::smal_v9_load_raw()()
170 fseek(ifp, 78, SEEK_SET);
171 holes = fgetc(ifp);
172 fseek(ifp, 88, SEEK_SET);
173 seg[nseg][0] = raw_height * raw_width;
174 seg[nseg][1] = get4() + data_offset;
175 for (i = 0; i < nseg; i++)
>>> CID 1485063: Insecure data handling (TAINTED_SCALAR)
>>> Passing tainted expression "seg" to "smal_decode_segment", which uses it as a loop boundary.
176 smal_decode_segment(seg + i, holes);
177 if (holes)
178 fill_holes(holes);
179 }
180

** CID 1485062: Integer handling issues (BAD_SHIFT)
/mnt/devel/GIT/7.x/core/libs/rawengine/libraw/src/decoders/crx.cpp: 1116 in crxDecodeLineWithIQuantization(CrxSubband *, CrxQStep *)()

________________________________________________________________________________________________________
*** CID 1485062: Integer handling issues (BAD_SHIFT)
/mnt/devel/GIT/7.x/core/libs/rawengine/libraw/src/decoders/crx.cpp: 1116 in crxDecodeLineWithIQuantization(CrxSubband *, CrxQStep *)()
1110 }
1111 else
1112 {
1113 // prev. version
1114 int32_t qScale = q_step_tbl[band->qParam % 6] >> (6 - band->qParam / 6);
1115 if (band->qParam / 6 >= 6)
>>> CID 1485062: Integer handling issues (BAD_SHIFT)
>>> In expression "1 << band->qParam / 6 + 26", left shifting by more than 31 bits has undefined behavior. The shift amount, "band->qParam / 6 + 26", is at least 32.
1116 qScale = q_step_tbl[band->qParam % 6] * (1 << (band->qParam / 6 + 26));
1117
1118 if (qScale != 1)
1119 for (int32_t i = 0; i < band->width; ++i)
1120 bandBuf[i] *= qScale;
1121 }

** CID 1485061: Null pointer dereferences (FORWARD_NULL)

________________________________________________________________________________________________________
*** CID 1485061: Null pointer dereferences (FORWARD_NULL)
/mnt/devel/GIT/7.x/core/libs/dngwriter/extra/xmp_sdk/XMPCore/source/XMPMeta-GetSet.cpp: 977 in XMPMeta::SetLocalizedText(const char *, const char *, const char *, const char *, const char *, unsigned int)()
971 SetNodeValue ( itemNode, itemValue ); // ! Do this after the x-default check!
972 } else {
973 // Update all items whose values match the old x-default value.
974 XMP_Assert ( xdItem != NULL && haveXDefault && (xdItem == itemNode) );
975 for ( itemNum = 0, itemLim = arrayNode->children.size(); itemNum < itemLim; ++itemNum ) {
976 XMP_Node * currItem = arrayNode->children[itemNum];
>>> CID 1485061: Null pointer dereferences (FORWARD_NULL)
>>> Passing null pointer "xdItem->value" to "operator !=", which dereferences it.
977 if ( (currItem == xdItem) || (currItem->value != xdItem->value) ) continue;
978 SetNodeValue ( currItem, itemValue );
979 }
980 SetNodeValue ( xdItem, itemValue ); // And finally do the x-default item.
981 }
982 break;

** CID 1485060: (UNINIT)

________________________________________________________________________________________________________
*** CID 1485060: (UNINIT)
/mnt/devel/GIT/7.x/core/libs/database/history/itemhistorygraph_boost.h: 1422 in Digikam::Graph<Digikam::HistoryVertexProperties, Digikam::HistoryEdgeProperties>::GraphSearch::depthFirstSearch<boost::adjacency_list<boost::vecS, boost::vecS, boost::bidirectionalS, boost::property<boost::vertex_index_t, int, boost::property<vertex_properties_t, Digikam::HistoryVertexProperties, boost::no_property>>, boost::property<edge_properties_t, Digikam::HistoryEdgeProperties, boost::no_property>, boost::no_property, boost::listS>>(const T1 &, const Digikam::Graph<Digikam::HistoryVertexProperties, Digikam::HistoryEdgeProperties>::Vertex &, bool)()
1416 if (invertGraph)
1417 {
1418 boost::depth_first_search(boost::make_reverse_graph(graph), visitor(vis).root_vertex(v));
1419 }
1420 else
1421 {
>>> CID 1485060: (UNINIT)
>>> Using uninitialized value "vis". Field "vis.m_vis" is uninitialized when calling "visitor".
1422 boost::depth_first_search(graph, visitor(vis).root_vertex(v));
1423 }
1424 }
1425 catch (boost::bad_graph& e)
1426 {
1427 qCDebug(DIGIKAM_DATABASE_LOG) << e.what();
/mnt/devel/GIT/7.x/core/libs/database/history/itemhistorygraph_boost.h: 1418 in Digikam::Graph<Digikam::HistoryVertexProperties, Digikam::HistoryEdgeProperties>::GraphSearch::depthFirstSearch<boost::adjacency_list<boost::vecS, boost::vecS, boost::bidirectionalS, boost::property<boost::vertex_index_t, int, boost::property<vertex_properties_t, Digikam::HistoryVertexProperties, boost::no_property>>, boost::property<edge_properties_t, Digikam::HistoryEdgeProperties, boost::no_property>, boost::no_property, boost::listS>>(const T1 &, const Digikam::Graph<Digikam::HistoryVertexProperties, Digikam::HistoryEdgeProperties>::Vertex &, bool)()
1412 DepthFirstSearchVisitor vis(this);
1413
1414 try
1415 {
1416 if (invertGraph)
1417 {
>>> CID 1485060: (UNINIT)
>>> Using uninitialized value "vis". Field "vis.m_vis" is uninitialized when calling "visitor".
1418 boost::depth_first_search(boost::make_reverse_graph(graph), visitor(vis).root_vertex(v));
1419 }
1420 else
1421 {
1422 boost::depth_first_search(graph, visitor(vis).root_vertex(v));
1423 }

** CID 1485059: Incorrect expression (DIVIDE_BY_ZERO)

________________________________________________________________________________________________________
*** CID 1485059: Incorrect expression (DIVIDE_BY_ZERO)
/mnt/devel/GIT/7.x/core/libs/dngwriter/extra/dng_sdk/dng_resample.cpp: 634 in dng_resample_task::Start(unsigned int, const dng_rect &, const dng_point &, dng_memory_allocator *, dng_abort_sniffer *)()
628 fRowCoords.Initialize (fSrcBounds.t,
629 fDstBounds.t,
630 fSrcBounds.H (),
631 fDstBounds.H (),
632 *allocator);
633
>>> CID 1485059: Incorrect expression (DIVIDE_BY_ZERO)
>>> In function call "Initialize", division by expression "this->fDstBounds.W()" which may be zero has undefined behavior.
634 fColCoords.Initialize (fSrcBounds.l,
635 fDstBounds.l,
636 fSrcBounds.W (),
637 fDstBounds.W (),
638 *allocator);
639

** CID 1485058: Resource leaks (RESOURCE_LEAK)
/mnt/devel/GIT/7.x/core/libs/album/treeview/albumlabelssearchhandler.cpp: 519 in Digikam::AlbumLabelsSearchHandler::slotCheckStateChanged()()

________________________________________________________________________________________________________
*** CID 1485058: Resource leaks (RESOURCE_LEAK)
/mnt/devel/GIT/7.x/core/libs/album/treeview/albumlabelssearchhandler.cpp: 519 in Digikam::AlbumLabelsSearchHandler::slotCheckStateChanged()()
513 }
514
515 emit checkStateChanged(album, Qt::Checked);
516 }
517
518 d->oldXml = currentXml;
>>> CID 1485058: Resource leaks (RESOURCE_LEAK)
>>> Variable "album" going out of scope leaks the storage it points to.
519 }
520
521 void AlbumLabelsSearchHandler::slotSetCurrentAlbum()
522 {
523 slotSelectionChanged();
524 }

** CID 1485057: Integer handling issues (BAD_SHIFT)
/mnt/devel/GIT/7.x/core/libs/rawengine/libraw/src/decoders/crx.cpp: 2114 in crxMakeQStep(CrxImage *, CrxTile *, int *, unsigned int)()

________________________________________________________________________________________________________
*** CID 1485057: Integer handling issues (BAD_SHIFT)
/mnt/devel/GIT/7.x/core/libs/rawengine/libraw/src/decoders/crx.cpp: 2114 in crxMakeQStep(CrxImage *, CrxTile *, int *, unsigned int)()
2108 qStep->qStepTbl = qStepTbl;
2109 qStep->width = qpWidth;
2110 qStep->height = qpHeight;
2111 for (int qpRow = 0; qpRow < qpHeight; ++qpRow)
2112 for (int qpCol = 0; qpCol < qpWidth; ++qpCol, ++qStepTbl, ++qpTable)
2113 if (*qpTable / 6 >= 6)
>>> CID 1485057: Integer handling issues (BAD_SHIFT)
>>> In expression "1 << *qpTable / 6 + 26", left shifting by more than 31 bits has undefined behavior. The shift amount, "*qpTable / 6 + 26", is at least 32.
2114 *qStepTbl = q_step_tbl[*qpTable % 6] * (1 << (*qpTable / 6 + 26));
2115 else
2116 *qStepTbl = q_step_tbl[*qpTable % 6] >> (6 - *qpTable / 6);
2117
2118 break;
2119 }

** CID 1485055: Integer handling issues (DIVIDE_BY_ZERO)
/mnt/devel/GIT/7.x/core/libs/dngwriter/extra/dng_sdk/dng_jpeg_image.cpp: 119 in dng_jpeg_image_encode_task::Process(unsigned int, const dng_rect &, dng_abort_sniffer *)()

________________________________________________________________________________________________________
*** CID 1485055: Integer handling issues (DIVIDE_BY_ZERO)
/mnt/devel/GIT/7.x/core/libs/dngwriter/extra/dng_sdk/dng_jpeg_image.cpp: 119 in dng_jpeg_image_encode_task::Process(unsigned int, const dng_rect &, dng_abort_sniffer *)()
113 {
114 return;
115 }
116
117 dng_abort_sniffer::SniffForAbort (sniffer);
118
>>> CID 1485055: Integer handling issues (DIVIDE_BY_ZERO)
>>> In expression "tileIndex / tilesAcross", division by expression "tilesAcross" which may be zero has undefined behavior.
119 uint32 rowIndex = tileIndex / tilesAcross;
120 uint32 colIndex = tileIndex % tilesAcross;
121
122 dng_rect tileArea = fIFD.TileArea (rowIndex, colIndex);
123
124 dng_memory_stream stream (fHost.Allocator ());

** CID 1485054: Uninitialized members (UNINIT_CTOR)
/mnt/devel/GIT/7.x/core/libs/dngwriter/extra/xmp_sdk/XMPCore/source/ExpatAdapter.cpp: 112 in ExpatAdapter::ExpatAdapter(bool)()

________________________________________________________________________________________________________
*** CID 1485054: Uninitialized members (UNINIT_CTOR)
/mnt/devel/GIT/7.x/core/libs/dngwriter/extra/xmp_sdk/XMPCore/source/ExpatAdapter.cpp: 112 in ExpatAdapter::ExpatAdapter(bool)()
106 XML_SetStartDoctypeDeclHandler ( this->parser, StartDoctypeDeclHandler );
107 isAborted = false;
108 #endif
109
110 this->parseStack.push_back ( &this->tree ); // Push the XML root node.
111 }
>>> CID 1485054: Uninitialized members (UNINIT_CTOR)
>>> Non-static class member "isAborted" is not initialized in this constructor nor in any functions that it calls.
112 } // ExpatAdapter::ExpatAdapter
113
114 // =================================================================================================
115
116 ExpatAdapter::~ExpatAdapter()
117 {

** CID 1485053: Null pointer dereferences (FORWARD_NULL)

________________________________________________________________________________________________________
*** CID 1485053: Null pointer dereferences (FORWARD_NULL)
/mnt/devel/GIT/7.x/core/libs/dngwriter/extra/dng_sdk/dng_validate.cpp: 455 in dng_validate(const char *)()
449
450 if (!useCompressedPreview)
451 {
452
453 dng_image_preview *imagePreview = dynamic_cast<dng_image_preview *> (preview.Get ());
454
>>> CID 1485053: Null pointer dereferences (FORWARD_NULL)
>>> Passing null pointer "imagePreview->fImage" to "Reset", which dereferences it.
455 imagePreview->fImage.Reset (previewImage.Release ());
456
457 }
458
459 else
460 {

________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u15810271.ct.sendgrid.net/ls/click?upn=HRESupC-2F2Czv4BOaCWWCy7my0P0qcxCbhZ31OYv50yp2OAl-2Fauo86CB28HCT0-2BnD-2F6eFMYt863B1-2B0FLvU5y-2FRWSl8rMA4vGwCkGPp0f1hg-3D9PqR_IpEMwFcbl-2BY9RHaL2m6a3nuAxB4hfm4MTniX0gHjADURpWS8SUSiHPBNy5kgHXnWJ0U5J0zH0IQOb-2FUbcjNOfwWaCrNIcadph4hXYc0Xqlbwt6ahuwtLt4QM2th47pTC1rKkavJcVh9qwcQr-2FhlsN4kfaC0xLRojmp8eW6WTiSIeawX1f-2BLljKe8JznvRn3d9aeiHtL53dx-2BRgWHeY4LTQ-3D-3D