[Digikam-devel] New Defects reported by Coverity Scan for digiKam
scan-admin at coverity.com
scan-admin at coverity.com
Sat Oct 17 01:55:40 BST 2015
Hi,
Please find the latest report on new defect(s) introduced to digiKam found with Coverity Scan.
52 new defect(s) introduced to digiKam found with Coverity Scan.
4 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 20 of 52 defect(s)
** CID 1327514: Code maintainability issues (UNUSED_VALUE)
/home/gilles/Devel/5.x/core/libs/rawengine/libraw/demosaic-pack-GPL2/afd_interpolate_pl.c: 195 in LibRaw::afd_interpolate_pl(int, int)()
________________________________________________________________________________________________________
*** CID 1327514: Code maintainability issues (UNUSED_VALUE)
/home/gilles/Devel/5.x/core/libs/rawengine/libraw/demosaic-pack-GPL2/afd_interpolate_pl.c: 195 in LibRaw::afd_interpolate_pl(int, int)()
189 }
190 }
191 free(w);
192
193 // Interpolate green pixels at RED/BLUE
194 for (rr=2; rr < rr1-2; rr++)
>>> CID 1327514: Code maintainability issues (UNUSED_VALUE)
>>> Assigning value from "2 - this->FC(rr, cc)" to "c" here, but that stored value is overwritten before it can be used.
195 for (cc=2+(FC(rr,2)&1), c=2-FC(rr,cc); cc < cc1-2; cc+=2) {
196 pix = dimage + rr*cc1+cc;
197 // green
198 pix[0][1] = pix[0][3] + 0.25*(pix[ -1][1] - pix[ -1][3] +
199 pix[ 1][1] - pix[ 1][3] +
200 pix[p23][1] - pix[p23][3] +
** CID 1327513: Code maintainability issues (UNUSED_VALUE)
/home/gilles/Devel/5.x/core/libs/rawengine/libraw/demosaic-pack-GPL2/lmmse_interpolate.c: 240 in LibRaw::lmmse_interpolate(int)()
________________________________________________________________________________________________________
*** CID 1327513: Code maintainability issues (UNUSED_VALUE)
/home/gilles/Devel/5.x/core/libs/rawengine/libraw/demosaic-pack-GPL2/lmmse_interpolate.c: 240 in LibRaw::lmmse_interpolate(int)()
234 PIX_SORT(p5,p8); PIX_SORT(p5,p3); PIX_SORT(p7,p5);
235 PIX_SORT(p5,p3);
236 rix[0][4] = p5; }
237 for (ii=0; ii < rr1*cc1; ii++) qix[ii][d] = qix[ii][4]; }
238 // red/blue at GREEN pixel locations
239 for (rr=0; rr < rr1; rr++)
>>> CID 1327513: Code maintainability issues (UNUSED_VALUE)
>>> Assigning value from "this->FC(rr, cc + 1)" to "c" here, but that stored value is overwritten before it can be used.
240 for (cc=(FC(rr,1)&1), c=FC(rr,cc+1); cc < cc1; cc+=2) {
241 rix = qix + rr*cc1 + cc;
242 rix[0][0] = rix[0][1] + rix[0][3];
243 rix[0][2] = rix[0][1] + rix[0][5]; }
244 // red/blue and green at BLUE/RED pixel locations
245 for (rr=0; rr < rr1; rr++)
** CID 1327512: (UNUSED_VALUE)
/home/gilles/Devel/5.x/core/libs/rawengine/libraw/demosaic-pack-GPL2/lmmse_interpolate.c: 233 in LibRaw::lmmse_interpolate(int)()
/home/gilles/Devel/5.x/core/libs/rawengine/libraw/demosaic-pack-GPL2/lmmse_interpolate.c: 232 in LibRaw::lmmse_interpolate(int)()
________________________________________________________________________________________________________
*** CID 1327512: (UNUSED_VALUE)
/home/gilles/Devel/5.x/core/libs/rawengine/libraw/demosaic-pack-GPL2/lmmse_interpolate.c: 233 in LibRaw::lmmse_interpolate(int)()
227 p7 = rix[ w1-1][d]; p8 = rix[ w1][d]; p9 = rix[ w1+1][d];
228 // Sort for median of 9 values
229 PIX_SORT(p2,p3); PIX_SORT(p5,p6); PIX_SORT(p8,p9);
230 PIX_SORT(p1,p2); PIX_SORT(p4,p5); PIX_SORT(p7,p8);
231 PIX_SORT(p2,p3); PIX_SORT(p5,p6); PIX_SORT(p8,p9);
232 PIX_SORT(p1,p4); PIX_SORT(p6,p9); PIX_SORT(p5,p8);
>>> CID 1327512: (UNUSED_VALUE)
>>> Assigning value from "temp" to "p6" here, but that stored value is overwritten before it can be used.
233 PIX_SORT(p4,p7); PIX_SORT(p2,p5); PIX_SORT(p3,p6);
234 PIX_SORT(p5,p8); PIX_SORT(p5,p3); PIX_SORT(p7,p5);
235 PIX_SORT(p5,p3);
236 rix[0][4] = p5; }
237 for (ii=0; ii < rr1*cc1; ii++) qix[ii][d] = qix[ii][4]; }
238 // red/blue at GREEN pixel locations
/home/gilles/Devel/5.x/core/libs/rawengine/libraw/demosaic-pack-GPL2/lmmse_interpolate.c: 232 in LibRaw::lmmse_interpolate(int)()
226 p4 = rix[ -1][d]; p5 = rix[ 0][d]; p6 = rix[ 1][d];
227 p7 = rix[ w1-1][d]; p8 = rix[ w1][d]; p9 = rix[ w1+1][d];
228 // Sort for median of 9 values
229 PIX_SORT(p2,p3); PIX_SORT(p5,p6); PIX_SORT(p8,p9);
230 PIX_SORT(p1,p2); PIX_SORT(p4,p5); PIX_SORT(p7,p8);
231 PIX_SORT(p2,p3); PIX_SORT(p5,p6); PIX_SORT(p8,p9);
>>> CID 1327512: (UNUSED_VALUE)
>>> Assigning value from "temp" to "p9" here, but that stored value is overwritten before it can be used.
232 PIX_SORT(p1,p4); PIX_SORT(p6,p9); PIX_SORT(p5,p8);
233 PIX_SORT(p4,p7); PIX_SORT(p2,p5); PIX_SORT(p3,p6);
234 PIX_SORT(p5,p8); PIX_SORT(p5,p3); PIX_SORT(p7,p5);
235 PIX_SORT(p5,p3);
236 rix[0][4] = p5; }
237 for (ii=0; ii < rr1*cc1; ii++) qix[ii][d] = qix[ii][4]; }
** CID 1327511: (UNUSED_VALUE)
/home/gilles/Devel/5.x/core/libs/rawengine/libraw/demosaic-pack-GPL2/lmmse_interpolate.c: 233 in LibRaw::lmmse_interpolate(int)()
/home/gilles/Devel/5.x/core/libs/rawengine/libraw/demosaic-pack-GPL2/lmmse_interpolate.c: 234 in LibRaw::lmmse_interpolate(int)()
________________________________________________________________________________________________________
*** CID 1327511: (UNUSED_VALUE)
/home/gilles/Devel/5.x/core/libs/rawengine/libraw/demosaic-pack-GPL2/lmmse_interpolate.c: 233 in LibRaw::lmmse_interpolate(int)()
227 p7 = rix[ w1-1][d]; p8 = rix[ w1][d]; p9 = rix[ w1+1][d];
228 // Sort for median of 9 values
229 PIX_SORT(p2,p3); PIX_SORT(p5,p6); PIX_SORT(p8,p9);
230 PIX_SORT(p1,p2); PIX_SORT(p4,p5); PIX_SORT(p7,p8);
231 PIX_SORT(p2,p3); PIX_SORT(p5,p6); PIX_SORT(p8,p9);
232 PIX_SORT(p1,p4); PIX_SORT(p6,p9); PIX_SORT(p5,p8);
>>> CID 1327511: (UNUSED_VALUE)
>>> Assigning value from "p5" to "p2" here, but that stored value is overwritten before it can be used.
233 PIX_SORT(p4,p7); PIX_SORT(p2,p5); PIX_SORT(p3,p6);
234 PIX_SORT(p5,p8); PIX_SORT(p5,p3); PIX_SORT(p7,p5);
235 PIX_SORT(p5,p3);
236 rix[0][4] = p5; }
237 for (ii=0; ii < rr1*cc1; ii++) qix[ii][d] = qix[ii][4]; }
238 // red/blue at GREEN pixel locations
/home/gilles/Devel/5.x/core/libs/rawengine/libraw/demosaic-pack-GPL2/lmmse_interpolate.c: 234 in LibRaw::lmmse_interpolate(int)()
228 // Sort for median of 9 values
229 PIX_SORT(p2,p3); PIX_SORT(p5,p6); PIX_SORT(p8,p9);
230 PIX_SORT(p1,p2); PIX_SORT(p4,p5); PIX_SORT(p7,p8);
231 PIX_SORT(p2,p3); PIX_SORT(p5,p6); PIX_SORT(p8,p9);
232 PIX_SORT(p1,p4); PIX_SORT(p6,p9); PIX_SORT(p5,p8);
233 PIX_SORT(p4,p7); PIX_SORT(p2,p5); PIX_SORT(p3,p6);
>>> CID 1327511: (UNUSED_VALUE)
>>> Assigning value from "p5" to "p7" here, but that stored value is overwritten before it can be used.
234 PIX_SORT(p5,p8); PIX_SORT(p5,p3); PIX_SORT(p7,p5);
235 PIX_SORT(p5,p3);
236 rix[0][4] = p5; }
237 for (ii=0; ii < rr1*cc1; ii++) qix[ii][d] = qix[ii][4]; }
238 // red/blue at GREEN pixel locations
239 for (rr=0; rr < rr1; rr++)
** CID 1327510: Incorrect expression (UNINTENDED_INTEGER_DIVISION)
/home/gilles/Devel/5.x/core/libs/rawengine/libraw/demosaic-pack-GPL2/dcraw_foveon.c: 427 in LibRaw::foveon_camf_matrix(unsigned int *, const char *)()
________________________________________________________________________________________________________
*** CID 1327510: Incorrect expression (UNINTENDED_INTEGER_DIVISION)
/home/gilles/Devel/5.x/core/libs/rawengine/libraw/demosaic-pack-GPL2/dcraw_foveon.c: 427 in LibRaw::foveon_camf_matrix(unsigned int *, const char *)()
421 if ((ndim = sget4(cp+4)) > 3) break;
422 dp = pos + sget4(cp+8);
423 for (i=ndim; i--; ) {
424 cp += 12;
425 dim[i] = sget4(cp);
426 }
>>> CID 1327510: Incorrect expression (UNINTENDED_INTEGER_DIVISION)
>>> Dividing integer expressions "this->libraw_internal_data.unpacker_data.meta_length" and "4U", and then converting the integer quotient to type "double". Any remainder, or fractional part of the quotient, is ignored.
427 if ((dsize = (double) dim[0]*dim[1]*dim[2]) > meta_length/4) break;
428 mat = (unsigned *) malloc ((size = dsize) * 4);
429 merror (mat, "foveon_camf_matrix()");
430 for (i=0; i < size; i++)
431 if (type && type != 6)
432 mat[i] = sget4(dp + i*4);
** CID 1327509: Uninitialized members (UNINIT_CTOR)
/home/gilles/Devel/5.x/extra/kipi-plugins/expoblending/manager/actionthread.cpp: 87 in KIPIExpoBlendingPlugin::ActionThread::Private::Private()()
________________________________________________________________________________________________________
*** CID 1327509: Uninitialized members (UNINIT_CTOR)
/home/gilles/Devel/5.x/extra/kipi-plugins/expoblending/manager/actionthread.cpp: 87 in KIPIExpoBlendingPlugin::ActionThread::Private::Private()()
81 PluginLoader* const pl = PluginLoader::instance();
82
83 if (pl)
84 {
85 iface = pl->interface();
86 }
>>> CID 1327509: Uninitialized members (UNINIT_CTOR)
>>> Non-static class member "iface" is not initialized in this constructor nor in any functions that it calls.
87 }
88
89 struct Task
90 {
91 bool align;
92 QList<QUrl> urls;
** CID 1327508: (UNINIT)
/home/gilles/Devel/5.x/core/libs/rawengine/libraw/internal/dcraw_common.cpp: 8481 in LibRaw::parse_makernote(int, int)()
/home/gilles/Devel/5.x/core/libs/rawengine/libraw/internal/dcraw_common.cpp: 8486 in LibRaw::parse_makernote(int, int)()
________________________________________________________________________________________________________
*** CID 1327508: (UNINIT)
/home/gilles/Devel/5.x/core/libs/rawengine/libraw/internal/dcraw_common.cpp: 8481 in LibRaw::parse_makernote(int, int)()
8475 }
8476 if(!strncasecmp(make,"Samsung",7))
8477 {
8478 if (tag == 0xa020) // get the full Samsung encryption key
8479 for (i=0; i<11; i++) SamsungKey[i] = get4();
8480 if (tag == 0xa021) // get and decode Samsung cam_mul array
>>> CID 1327508: (UNINIT)
>>> Using uninitialized value "SamsungKey[c]".
8481 FORC4 cam_mul[c ^ (c >> 1)] = get4() - SamsungKey[c];
8482 if (tag == 0xa030 && len == 9) // get and decode Samsung color matrix
8483 for (i=0; i < 3; i++)
8484 FORC3 cmatrix[i][c] = (short)((get4() + SamsungKey[i*3+c]))/256.0;
8485 if (tag == 0xa028)
8486 FORC4 cblack[c ^ (c >> 1)] = get4() - SamsungKey[c];
/home/gilles/Devel/5.x/core/libs/rawengine/libraw/internal/dcraw_common.cpp: 8486 in LibRaw::parse_makernote(int, int)()
8480 if (tag == 0xa021) // get and decode Samsung cam_mul array
8481 FORC4 cam_mul[c ^ (c >> 1)] = get4() - SamsungKey[c];
8482 if (tag == 0xa030 && len == 9) // get and decode Samsung color matrix
8483 for (i=0; i < 3; i++)
8484 FORC3 cmatrix[i][c] = (short)((get4() + SamsungKey[i*3+c]))/256.0;
8485 if (tag == 0xa028)
>>> CID 1327508: (UNINIT)
>>> Using uninitialized value "SamsungKey[c]".
8486 FORC4 cblack[c ^ (c >> 1)] = get4() - SamsungKey[c];
8487 }
8488 else
8489 {
8490 // Somebody else use 0xa021 and 0xa028?
8491 if (tag == 0xa021)
** CID 1327507: Uninitialized variables (UNINIT)
/home/gilles/Devel/5.x/core/libs/rawengine/libraw/internal/dcraw_common.cpp: 8695 in LibRaw::parse_mos(int)()
________________________________________________________________________________________________________
*** CID 1327507: Uninitialized variables (UNINIT)
/home/gilles/Devel/5.x/core/libs/rawengine/libraw/internal/dcraw_common.cpp: 8695 in LibRaw::parse_mos(int)()
8689 static const char *mod[] =
8690 { "","DCB2","Volare","Cantare","CMost","Valeo 6","Valeo 11","Valeo 22",
8691 "Valeo 11p","Valeo 17","","Aptus 17","Aptus 22","Aptus 75","Aptus 65",
8692 "Aptus 54S","Aptus 65S","Aptus 75S","AFi 5","AFi 6","AFi 7",
8693 "AFi-II 7","Aptus-II 7","","Aptus-II 6","","","Aptus-II 10","Aptus-II 5",
8694 "","","","","Aptus-II 10R","Aptus-II 8","","Aptus-II 12","","AFi-II 12" };
>>> CID 1327507: Uninitialized variables (UNINIT)
>>> Declaring variable "romm_cam" without initializer.
8695 float romm_cam[3][3];
8696
8697 fseek (ifp, offset, SEEK_SET);
8698 while (1) {
8699 if (get4() != 0x504b5453) break;
8700 get4();
** CID 1327506: Memory - illegal accesses (UNINIT)
/home/gilles/Devel/5.x/core/libs/rawengine/libraw/internal/dcraw_common.cpp: 5893 in LibRaw::processNikonLensData(unsigned char *, unsigned int)()
________________________________________________________________________________________________________
*** CID 1327506: Memory - illegal accesses (UNINIT)
/home/gilles/Devel/5.x/core/libs/rawengine/libraw/internal/dcraw_common.cpp: 5893 in LibRaw::processNikonLensData(unsigned char *, unsigned int)()
5887 i = 7;
5888 break;
5889 case 16:
5890 i = 8;
5891 break;
5892 }
>>> CID 1327506: Memory - illegal accesses (UNINIT)
>>> Using uninitialized value "i".
5893 imgdata.lens.nikon.NikonLensIDNumber = LensData[i];
5894 imgdata.lens.nikon.NikonLensFStops = LensData[i + 1];
5895 imgdata.lens.makernotes.LensFStops = (float)imgdata.lens.nikon.NikonLensFStops /12.0f;
5896 if (fabsf(imgdata.lens.makernotes.MinFocal) < 1.1f)
5897 {
5898 if ((imgdata.lens.nikon.NikonLensType ^ (uchar)0x01) || LensData[i + 2])
** CID 1327505: Uninitialized variables (UNINIT)
/home/gilles/Devel/5.x/core/libs/rawengine/libraw/internal/dcraw_common.cpp: 3285 in LibRaw::sony_arw2_load_raw()()
________________________________________________________________________________________________________
*** CID 1327505: Uninitialized variables (UNINIT)
/home/gilles/Devel/5.x/core/libs/rawengine/libraw/internal/dcraw_common.cpp: 3285 in LibRaw::sony_arw2_load_raw()()
3279 LIM(((slope*step*1000)/(curve[pix[i]<<1]-black)),0,10000):0;
3280 }
3281 }
3282 else
3283 {
3284 for (i=0; i < 16; i++, col+=2)
>>> CID 1327505: Uninitialized variables (UNINIT)
>>> Using uninitialized value "pix[i]".
3285 RAW(row,col) = curve[pix[i] << 1];
3286 }
3287 #else
3288 for (i=0; i < 16; i++, col+=2)
3289 RAW(row,col) = curve[pix[i] << 1] >> 2;
3290 #endif
** CID 1327504: Uninitialized variables (UNINIT)
/home/gilles/Devel/5.x/core/libs/rawengine/libraw/internal/dcraw_common.cpp: 3409 in LibRaw::samsung3_load_raw()()
________________________________________________________________________________________________________
*** CID 1327504: Uninitialized variables (UNINIT)
/home/gilles/Devel/5.x/core/libs/rawengine/libraw/internal/dcraw_common.cpp: 3409 in LibRaw::samsung3_load_raw()()
3403 FORC(16) {
3404 col = tab + (((c & 7) << 1)^(c >> 3)^(row & 1));
3405 pred = (pmode == 7 || row < 2)
3406 ? (tab ? RAW(row,tab-2+(col & 1)) : init)
3407 : (prow[col & 1][col-'4'+"0224468"[pmode]] +
3408 prow[col & 1][col-'4'+"0244668"[pmode]] + 1) >> 1;
>>> CID 1327504: Uninitialized variables (UNINIT)
>>> Using uninitialized value "len[c >> 2]".
3409 diff = ph1_bits (i = len[c >> 2]);
3410 if (diff >> (i-1)) diff -= 1 << i;
3411 diff = diff * (mag*2+1) + mag;
3412 RAW(row,col) = pred + diff;
3413 }
3414 }
** CID 1327503: Uninitialized variables (UNINIT)
/home/gilles/Devel/5.x/core/libs/rawengine/libraw/internal/dcraw_common.cpp: 10152 in LibRaw::parse_phase_one(int)()
________________________________________________________________________________________________________
*** CID 1327503: Uninitialized variables (UNINIT)
/home/gilles/Devel/5.x/core/libs/rawengine/libraw/internal/dcraw_common.cpp: 10152 in LibRaw::parse_phase_one(int)()
10146 maximum = 0x3fff;
10147 }
10148
10149 void CLASS parse_phase_one (int base)
10150 {
10151 unsigned entries, tag, type, len, data, save, i, c;
>>> CID 1327503: Uninitialized variables (UNINIT)
>>> Declaring variable "romm_cam" without initializer.
10152 float romm_cam[3][3];
10153 char *cp;
10154
10155 #ifdef LIBRAW_LIBRARY_BUILD
10156 char body_id[3];
10157 body_id[0] = 0;
** CID 1327502: Insecure data handling (TAINTED_SCALAR)
/home/gilles/Devel/5.x/core/libs/rawengine/libraw/internal/dcraw_common.cpp: 1022 in LibRaw::lossless_dng_load_raw()()
________________________________________________________________________________________________________
*** CID 1327502: Insecure data handling (TAINTED_SCALAR)
/home/gilles/Devel/5.x/core/libs/rawengine/libraw/internal/dcraw_common.cpp: 1022 in LibRaw::lossless_dng_load_raw()()
1016 jwide = jh.wide;
1017 if (filters) jwide *= jh.clrs;
1018 jwide /= is_raw;
1019 #ifdef LIBRAW_LIBRARY_BUILD
1020 try {
1021 #endif
>>> CID 1327502: Insecure data handling (TAINTED_SCALAR)
>>> Using tainted variable "jh.high" as a loop boundary.
1022 for (row=col=jrow=0; jrow < jh.high; jrow++) {
1023 #ifdef LIBRAW_LIBRARY_BUILD
1024 checkCancel();
1025 #endif
1026 rp = ljpeg_row (jrow, &jh);
1027 for (jcol=0; jcol < jwide; jcol++) {
** CID 1327501: Insecure data handling (TAINTED_SCALAR)
/home/gilles/Devel/5.x/core/libs/rawengine/libraw/demosaic-pack-GPL2/dcraw_foveon.c: 240 in LibRaw::foveon_thumb()()
________________________________________________________________________________________________________
*** CID 1327501: Insecure data handling (TAINTED_SCALAR)
/home/gilles/Devel/5.x/core/libs/rawengine/libraw/demosaic-pack-GPL2/dcraw_foveon.c: 240 in LibRaw::foveon_thumb()()
234 struct decode *dindex;
235 short pred[3];
236
237 bwide = get4();
238 fprintf (ofp, "P6\n%d %d\n255\n", thumb_width, thumb_height);
239 if (bwide > 0) {
>>> CID 1327501: Insecure data handling (TAINTED_SCALAR)
>>> Checking lower bounds of unsigned scalar "bwide" by "bwide < this->imgdata.thumbnail.twidth * 3".
240 if (bwide < thumb_width*3) return;
241 buf = (char *) malloc (bwide);
242 merror (buf, "foveon_thumb()");
243 for (row=0; row < thumb_height; row++) {
244 fread (buf, 1, bwide, ifp);
245 fwrite (buf, 3, thumb_width, ofp);
** CID 1327500: Insecure data handling (TAINTED_SCALAR)
/home/gilles/Devel/5.x/core/libs/rawengine/libraw/demosaic-pack-GPL2/dcraw_foveon.c: 184 in LibRaw::foveon_thumb_loader()()
________________________________________________________________________________________________________
*** CID 1327500: Insecure data handling (TAINTED_SCALAR)
/home/gilles/Devel/5.x/core/libs/rawengine/libraw/demosaic-pack-GPL2/dcraw_foveon.c: 184 in LibRaw::foveon_thumb_loader()()
178 if(T.thumb) free(T.thumb);
179 T.thumb = NULL;
180
181 bwide = get4();
182 if (bwide > 0)
183 {
>>> CID 1327500: Insecure data handling (TAINTED_SCALAR)
>>> Checking lower bounds of unsigned scalar "bwide" by "bwide < (unsigned int)this->imgdata.thumbnail.twidth * 3U".
184 if (bwide < (unsigned)T.twidth*3) return;
185 T.thumb = (char*)malloc(3*T.twidth * T.theight);
186 merror (T.thumb, "foveon_thumb()");
187 char *buf = (char*)malloc(bwide);
188 merror (buf, "foveon_thumb()");
189 for (row=0; row < T.theight; row++)
** CID 1327499: (TAINTED_SCALAR)
/home/gilles/Devel/5.x/core/libs/rawengine/libraw/demosaic-pack-GPL2/dcraw_foveon.c: 370 in LibRaw::foveon_load_camf()()
/home/gilles/Devel/5.x/core/libs/rawengine/libraw/demosaic-pack-GPL2/dcraw_foveon.c: 369 in LibRaw::foveon_load_camf()()
________________________________________________________________________________________________________
*** CID 1327499: (TAINTED_SCALAR)
/home/gilles/Devel/5.x/core/libs/rawengine/libraw/demosaic-pack-GPL2/dcraw_foveon.c: 370 in LibRaw::foveon_load_camf()()
364 meta_data = (char *) malloc (meta_length = wide*high*3/2);
365 merror (meta_data, "foveon_load_camf()");
366 foveon_huff (huff);
367 get4();
368 getbits(-1);
369 for (j=row=0; row < high; row++) {
>>> CID 1327499: (TAINTED_SCALAR)
>>> Using tainted variable "wide" as a loop boundary.
370 for (col=0; col < wide; col++) {
371 diff = ljpeg_diff(huff);
372 if (col < 2) hpred[col] = vpred[row & 1][col] += diff;
373 else hpred[col & 1] += diff;
374 if (col & 1) {
375 meta_data[j++] = hpred[0] >> 4;
/home/gilles/Devel/5.x/core/libs/rawengine/libraw/demosaic-pack-GPL2/dcraw_foveon.c: 369 in LibRaw::foveon_load_camf()()
363 free (meta_data);
364 meta_data = (char *) malloc (meta_length = wide*high*3/2);
365 merror (meta_data, "foveon_load_camf()");
366 foveon_huff (huff);
367 get4();
368 getbits(-1);
>>> CID 1327499: (TAINTED_SCALAR)
>>> Using tainted variable "high" as a loop boundary.
369 for (j=row=0; row < high; row++) {
370 for (col=0; col < wide; col++) {
371 diff = ljpeg_diff(huff);
372 if (col < 2) hpred[col] = vpred[row & 1][col] += diff;
373 else hpred[col & 1] += diff;
374 if (col & 1) {
** CID 1327498: Insecure data handling (TAINTED_SCALAR)
/home/gilles/Devel/5.x/core/libs/rawengine/libraw/demosaic-pack-GPL2/dcraw_foveon.c: 425 in LibRaw::foveon_camf_matrix(unsigned int *, const char *)()
________________________________________________________________________________________________________
*** CID 1327498: Insecure data handling (TAINTED_SCALAR)
/home/gilles/Devel/5.x/core/libs/rawengine/libraw/demosaic-pack-GPL2/dcraw_foveon.c: 425 in LibRaw::foveon_camf_matrix(unsigned int *, const char *)()
419 cp = pos + sget4(pos+16);
420 type = sget4(cp);
421 if ((ndim = sget4(cp+4)) > 3) break;
422 dp = pos + sget4(cp+8);
423 for (i=ndim; i--; ) {
424 cp += 12;
>>> CID 1327498: Insecure data handling (TAINTED_SCALAR)
>>> Using tainted variable "i" as an index to pointer "dim".
425 dim[i] = sget4(cp);
426 }
427 if ((dsize = (double) dim[0]*dim[1]*dim[2]) > meta_length/4) break;
428 mat = (unsigned *) malloc ((size = dsize) * 4);
429 merror (mat, "foveon_camf_matrix()");
430 for (i=0; i < size; i++)
** CID 1327497: Insecure data handling (TAINTED_SCALAR)
/home/gilles/Devel/5.x/core/libs/rawengine/libraw/internal/dcraw_common.cpp: 2743 in LibRaw::lossy_dng_load_raw()()
________________________________________________________________________________________________________
*** CID 1327497: Insecure data handling (TAINTED_SCALAR)
/home/gilles/Devel/5.x/core/libs/rawengine/libraw/internal/dcraw_common.cpp: 2743 in LibRaw::lossy_dng_load_raw()()
2737 if ((deg = get4()) > 8) break;
2738 for (i=0; i <= deg && i < 9; i++)
2739 coeff[i] = getreal(12);
2740 for (i=0; i < 256; i++) {
2741 for (tot=j=0; j <= deg; j++)
2742 tot += coeff[j] * pow(i/255.0, (int)j);
>>> CID 1327497: Insecure data handling (TAINTED_SCALAR)
>>> Using tainted variable "c" as an index into an array "cur".
2743 cur[c][i] = tot*0xffff;
2744 }
2745 }
2746 order = sorder;
2747 } else {
2748 gamma_curve (1/2.4, 12.92, 1, 255);
** CID 1327496: (TAINTED_SCALAR)
/home/gilles/Devel/5.x/core/libs/rawengine/libraw/internal/libraw_x3f.cpp: 670 in x3f_new_from_file(LibRaw_abstract_datastream *)()
/home/gilles/Devel/5.x/core/libs/rawengine/libraw/internal/libraw_x3f.cpp: 674 in x3f_new_from_file(LibRaw_abstract_datastream *)()
________________________________________________________________________________________________________
*** CID 1327496: (TAINTED_SCALAR)
/home/gilles/Devel/5.x/core/libs/rawengine/libraw/internal/libraw_x3f.cpp: 670 in x3f_new_from_file(LibRaw_abstract_datastream *)()
664 GET4(DS->identifier);
665 GET4(DS->version);
666 GET4(DS->num_directory_entries);
667
668 if (DS->num_directory_entries > 0) {
669 size_t size = DS->num_directory_entries * sizeof(x3f_directory_entry_t);
>>> CID 1327496: (TAINTED_SCALAR)
>>> Passing tainted variable "size" to a tainted sink.
670 DS->directory_entry = (x3f_directory_entry_t *)calloc(1, size);
671 }
672
673 /* Traverse the directory */
674 for (d=0; d<DS->num_directory_entries; d++) {
675 x3f_directory_entry_t *DE = &DS->directory_entry[d];
/home/gilles/Devel/5.x/core/libs/rawengine/libraw/internal/libraw_x3f.cpp: 674 in x3f_new_from_file(LibRaw_abstract_datastream *)()
668 if (DS->num_directory_entries > 0) {
669 size_t size = DS->num_directory_entries * sizeof(x3f_directory_entry_t);
670 DS->directory_entry = (x3f_directory_entry_t *)calloc(1, size);
671 }
672
673 /* Traverse the directory */
>>> CID 1327496: (TAINTED_SCALAR)
>>> Using tainted variable "DS->num_directory_entries" as a loop boundary.
674 for (d=0; d<DS->num_directory_entries; d++) {
675 x3f_directory_entry_t *DE = &DS->directory_entry[d];
676 x3f_directory_entry_header_t *DEH = &DE->header;
677 uint32_t save_dir_pos;
678
679 /* Read the directory entry info */
** CID 1327495: Security best practices violations (STRING_OVERFLOW)
/home/gilles/Devel/5.x/core/libs/rawengine/libraw/internal/dcraw_common.cpp: 9344 in LibRaw::parse_tiff_ifd(int)()
________________________________________________________________________________________________________
*** CID 1327495: Security best practices violations (STRING_OVERFLOW)
/home/gilles/Devel/5.x/core/libs/rawengine/libraw/internal/dcraw_common.cpp: 9344 in LibRaw::parse_tiff_ifd(int)()
9338 is_raw = 1;
9339 break;
9340 case 50708: /* UniqueCameraModel */
9341 if (model[0]) break;
9342 fgets (make, 64, ifp);
9343 if ((cp = strchr(make,' '))) {
>>> CID 1327495: Security best practices violations (STRING_OVERFLOW)
>>> You might overrun the 64 byte fixed-size string "this->imgdata.idata.model" by copying "cp + 1" without checking the length.
9344 strcpy(model,cp+1);
9345 *cp = 0;
9346 }
9347 break;
9348 case 50710: /* CFAPlaneColor */
9349 if (filters == 9) break;
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/digikam?tab=overview
To manage Coverity Scan email notifications for "digikam-devel at kde.org", click https://scan.coverity.com/subscriptions/edit?email=digikam-devel%40kde.org&token=621bfe7450f4a870432a2a9c106aa3a8
More information about the Digikam-devel
mailing list