<div dir="ltr">Hi all, <div><br></div><div>I just uploaded current whole digiKam git/master implementation to Coverity SCAN. New reports are available to review...</div><div><br></div><div>Best</div><div><br></div><div>Gilles Caulier<br>
<br><div class="gmail_quote">---------- Forwarded message ----------<br>From: <b class="gmail_sendername"></b> <span dir="ltr"><<a href="mailto:scan-admin@coverity.com">scan-admin@coverity.com</a>></span><br>Date: 2013/2/24<br>
Subject: New Defects reported by Coverity Scan for digiKam<br>To: <a href="mailto:caulier.gilles@gmail.com">caulier.gilles@gmail.com</a><br>Cc: <a href="mailto:dvyas@coverity.com">dvyas@coverity.com</a><br><br><br><br>
Hi,<br>
<br>
Please find the latest report on new defect(s) introduced to digiKam found with Coverity SCAN<br>
<br>
Defect(s) Reported-by: Coverity Scan<br>
Showing 7 of 73 defects<br>
<br>
** CID 986607: Unintended sign extension (SIGN_EXTENSION)<br>
/mnt/devel/GIT/3.x/extra/libkdcraw/libkdcraw/kdcraw.cpp: 410<br>
<a href="http://scan5.coverity.com:8080//sourcebrowser.htm?projectId=10358#mergedDefectId=986607" target="_blank">http://scan5.coverity.com:8080//sourcebrowser.htm?projectId=10358#mergedDefectId=986607</a><br>
<br>
** CID 986606: Unintended sign extension (SIGN_EXTENSION)<br>
/mnt/devel/GIT/3.x/extra/libkdcraw/libkdcraw/kdcraw.cpp: 410<br>
<a href="http://scan5.coverity.com:8080//sourcebrowser.htm?projectId=10358#mergedDefectId=986606" target="_blank">http://scan5.coverity.com:8080//sourcebrowser.htm?projectId=10358#mergedDefectId=986606</a><br>
<br>
** CID 986605: Unintended sign extension (SIGN_EXTENSION)<br>
/mnt/devel/GIT/3.x/core/libs/dimg/dimgscale.cpp: 2031<br>
<a href="http://scan5.coverity.com:8080//sourcebrowser.htm?projectId=10358#mergedDefectId=986605" target="_blank">http://scan5.coverity.com:8080//sourcebrowser.htm?projectId=10358#mergedDefectId=986605</a><br>
<br>
** CID 986604: Unintended sign extension (SIGN_EXTENSION)<br>
/mnt/devel/GIT/3.x/core/libs/dimg/dimgscale.cpp: 1609<br>
<a href="http://scan5.coverity.com:8080//sourcebrowser.htm?projectId=10358#mergedDefectId=986604" target="_blank">http://scan5.coverity.com:8080//sourcebrowser.htm?projectId=10358#mergedDefectId=986604</a><br>
<br>
** CID 986603: Printf arg type mismatch (PW.PRINTF_ARG_MISMATCH)<br>
/mnt/devel/GIT/3.x/extra/kipi-plugins/dngconverter/dngwriter/extra/xmp_sdk/common/XML_Node.cpp: 217<br>
<a href="http://scan5.coverity.com:8080//sourcebrowser.htm?projectId=10358#mergedDefectId=986603" target="_blank">http://scan5.coverity.com:8080//sourcebrowser.htm?projectId=10358#mergedDefectId=986603</a><br>
<br>
** CID 986602: Printf arg type mismatch (PW.PRINTF_ARG_MISMATCH)<br>
/mnt/devel/GIT/3.x/extra/kipi-plugins/dngconverter/dngwriter/extra/xmp_sdk/XMPCore/XMPUtils.cpp: 704<br>
<a href="http://scan5.coverity.com:8080//sourcebrowser.htm?projectId=10358#mergedDefectId=986602" target="_blank">http://scan5.coverity.com:8080//sourcebrowser.htm?projectId=10358#mergedDefectId=986602</a><br>
<br>
** CID 986601: Printf arg type mismatch (PW.PRINTF_ARG_MISMATCH)<br>
/mnt/devel/GIT/3.x/extra/kipi-plugins/dngconverter/dngwriter/extra/xmp_sdk/XMPCore/XMPUtils.cpp: 1090<br>
<a href="http://scan5.coverity.com:8080//sourcebrowser.htm?projectId=10358#mergedDefectId=986601" target="_blank">http://scan5.coverity.com:8080//sourcebrowser.htm?projectId=10358#mergedDefectId=986601</a><br>
<br>
<br>
________________________________________________________________________<br>
CID 986607: Unintended sign extension (SIGN_EXTENSION)<br>
<br>
/mnt/devel/GIT/3.x/extra/libkdcraw/libkdcraw/kdcraw.cpp: 410 ( sign_extension)<br>
407 }<br>
408 else<br>
409 {<br>
>>> CID 986607: Unintended sign extension (SIGN_EXTENSION)<br>
>>> Suspicious implicit sign extension: "raw.imgdata.sizes.iwidth" with type "unsigned short" (16 bits, unsigned) is promoted in "raw.imgdata.sizes.iwidth * raw.imgdata.sizes.iheight" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned). If "raw.imgdata.sizes.iwidth * raw.imgdata.sizes.iheight" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.<br>
410 rawData.resize((int)(raw.imgdata.sizes.iwidth * raw.imgdata.sizes.iheight * sizeof(unsigned short)));<br>
411<br>
412 unsigned short* output = (unsigned short*)rawData.data();<br>
413<br>
414 for (uint row = 0; row < raw.imgdata.sizes.iheight; row++)<br>
<br>
________________________________________________________________________<br>
CID 986606: Unintended sign extension (SIGN_EXTENSION)<br>
<br>
/mnt/devel/GIT/3.x/extra/libkdcraw/libkdcraw/kdcraw.cpp: 410 ( sign_extension)<br>
407 }<br>
408 else<br>
409 {<br>
>>> CID 986606: Unintended sign extension (SIGN_EXTENSION)<br>
>>> Suspicious implicit sign extension: "raw.imgdata.sizes.iheight" with type "unsigned short" (16 bits, unsigned) is promoted in "raw.imgdata.sizes.iwidth * raw.imgdata.sizes.iheight" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned). If "raw.imgdata.sizes.iwidth * raw.imgdata.sizes.iheight" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.<br>
410 rawData.resize((int)(raw.imgdata.sizes.iwidth * raw.imgdata.sizes.iheight * sizeof(unsigned short)));<br>
411<br>
412 unsigned short* output = (unsigned short*)rawData.data();<br>
413<br>
414 for (uint row = 0; row < raw.imgdata.sizes.iheight; row++)<br>
<br>
________________________________________________________________________<br>
CID 986605: Unintended sign extension (SIGN_EXTENSION)<br>
<br>
/mnt/devel/GIT/3.x/core/libs/dimg/dimgscale.cpp: 2031 ( sign_extension)<br>
2028 if (XAP > 0)<br>
2029 {<br>
2030 pix = ypoints[dyy + y] + xpoints[x];<br>
>>> CID 986605: Unintended sign extension (SIGN_EXTENSION)<br>
>>> Suspicious implicit sign extension: "(ushort *)pix[2]" with type "unsigned short" (16 bits, unsigned) is promoted in "(ushort *)pix[2] * (256 - xapoints[x])" to type "int" (32 bits, signed), then sign-extended to type "long" (64 bits, signed). If "(ushort *)pix[2] * (256 - xapoints[x])" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.<br>
2031 r = R_VAL16(pix) * INV_XAP;<br>
2032 g = G_VAL16(pix) * INV_XAP;<br>
2033 b = B_VAL16(pix) * INV_XAP;<br>
2034 a = A_VAL16(pix) * INV_XAP;<br>
2035 ++pix;<br>
<br>
________________________________________________________________________<br>
CID 986604: Unintended sign extension (SIGN_EXTENSION)<br>
<br>
/mnt/devel/GIT/3.x/core/libs/dimg/dimgscale.cpp: 1609 ( sign_extension)<br>
1606 if (XAP > 0)<br>
1607 {<br>
1608 pix = ypoints[dyy + y] + xpoints[x];<br>
>>> CID 986604: Unintended sign extension (SIGN_EXTENSION)<br>
>>> Suspicious implicit sign extension: "(ushort *)pix[2]" with type "unsigned short" (16 bits, unsigned) is promoted in "(ushort *)pix[2] * (256 - xapoints[x])" to type "int" (32 bits, signed), then sign-extended to type "long" (64 bits, signed). If "(ushort *)pix[2] * (256 - xapoints[x])" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.<br>
1609 r = R_VAL16(pix) * INV_XAP;<br>
1610 g = G_VAL16(pix) * INV_XAP;<br>
1611 b = B_VAL16(pix) * INV_XAP;<br>
1612 ++pix;<br>
1613 r += R_VAL16(pix) * XAP;<br>
<br>
________________________________________________________________________<br>
CID 986603: Printf arg type mismatch (PW.PRINTF_ARG_MISMATCH)<br>
<br>
/mnt/devel/GIT/3.x/extra/kipi-plugins/dngconverter/dngwriter/extra/xmp_sdk/common/XML_Node.cpp: 217 ( printf_arg_mismatch)<br>
214 if ( node->nsPrefixLen != 0 ) {<br>
215 *buffer += ", prefixLen=";<br>
216 char numBuf [20];<br>
>>> CID 986603: Printf arg type mismatch (PW.PRINTF_ARG_MISMATCH)<br>
>>> argument is incompatible with corresponding format string conversion<br>
217 snprintf ( numBuf, sizeof(numBuf), "%d", node->nsPrefixLen );<br>
218 *buffer += numBuf;<br>
219 }<br>
220 *buffer += "\n";<br>
221<br>
<br>
________________________________________________________________________<br>
CID 986602: Printf arg type mismatch (PW.PRINTF_ARG_MISMATCH)<br>
<br>
/mnt/devel/GIT/3.x/extra/kipi-plugins/dngconverter/dngwriter/extra/xmp_sdk/XMPCore/XMPUtils.cpp: 704 ( printf_arg_mismatch)<br>
701<br>
702 if ( itemIndex != kXMP_ArrayLastItem ) {<br>
703 // AUDIT: Using string->size() for the snprintf length is safe.<br>
>>> CID 986602: Printf arg type mismatch (PW.PRINTF_ARG_MISMATCH)<br>
>>> argument is incompatible with corresponding format string conversion<br>
704 snprintf ( const_cast<char*>(sComposedPath->c_str()), sComposedPath->size(), "%s[%d]", arrayName, itemIndex );<br>
705 } else {<br>
706 *sComposedPath = arrayName;<br>
707 *sComposedPath += "[last()] ";<br>
708 (*sComposedPath)[sComposedPath->size()-1] = 0; // ! Final null is for the strlen at exit.<br>
<br>
________________________________________________________________________<br>
CID 986601: Printf arg type mismatch (PW.PRINTF_ARG_MISMATCH)<br>
<br>
/mnt/devel/GIT/3.x/extra/kipi-plugins/dngconverter/dngwriter/extra/xmp_sdk/XMPCore/XMPUtils.cpp: 1090 ( printf_arg_mismatch)<br>
1087 // Output YYYY-MM-DD.<br>
1088 if ( (tempDate.month < 1) || (tempDate.month > 12) ) XMP_Throw ( "Month is out of range", kXMPErr_BadParam);<br>
1089 if ( (tempDate.day < 1) || (tempDate.day > 31) ) XMP_Throw ( "Day is out of range", kXMPErr_BadParam);<br>
>>> CID 986601: Printf arg type mismatch (PW.PRINTF_ARG_MISMATCH)<br>
>>> argument is incompatible with corresponding format string conversion<br>
1090 snprintf ( buffer, sizeof(buffer), "%.4d-%02d-%02d", tempDate.year, tempDate.month, tempDate.day ); // AUDIT: Using sizeof for snprintf length is safe.<br>
1091<br>
1092 } else {<br>
1093<br>
1094 FormatFullDateTime ( tempDate, buffer, sizeof(buffer) );<br>
<br>
________________________________________________________________________<br>
To view the defects in Coverity Scan visit, <a href="http://scan5.coverity.com:8080" target="_blank">http://scan5.coverity.com:8080</a><br>
<br>
If you don't have a username, you can request one by emailing: <a href="mailto:scan-admin@coverity.com">scan-admin@coverity.com</a><br>
<br>
To unsubscribe from the email notification for new defects, <a href="http://scan.coverity.com/email_unsubscribe.html" target="_blank">http://scan.coverity.com/email_unsubscribe.html</a><br>
If you are project owner, you can subscribe your team member by accessing <a href="http://scan.coverity.com/email_subscription.html" target="_blank">http://scan.coverity.com/email_subscription.html</a><br>
</div><br></div></div>