New Defects reported by Coverity Scan for digiKam
scan-admin at coverity.com
scan-admin at coverity.com
Wed Aug 10 13:10:17 BST 2016
Hi,
Please find the latest report on new defect(s) introduced to digiKam found with Coverity Scan.
15 new defect(s) introduced to digiKam found with Coverity Scan.
4 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 15 of 15 defect(s)
** CID 1368981: Control flow issues (UNREACHABLE)
/home/gilles/Devel/5.x/core/libs/rawengine/libraw/internal/dcraw_common.cpp: 9862 in LibRaw::parse_tiff_ifd(int)()
________________________________________________________________________________________________________
*** CID 1368981: Control flow issues (UNREACHABLE)
/home/gilles/Devel/5.x/core/libs/rawengine/libraw/internal/dcraw_common.cpp: 9862 in LibRaw::parse_tiff_ifd(int)()
9856 imgdata.color.WB_Coeffs[tWB][2] = get2();
9857 } else fseek(ifp, 6, SEEK_CUR);
9858 }
9859 }
9860 break;
9861 #endif
>>> CID 1368981: Control flow issues (UNREACHABLE)
>>> This code cannot be reached: "if (len < 50U || this->imgd...".
9862 if (len < 50 || cam_mul[0]) break;
9863 fseek (ifp, 12, SEEK_CUR);
9864 FORC3 cam_mul[c] = get2();
9865 break;
9866 case 46:
9867 if (type != 7 || fgetc(ifp) != 0xff || fgetc(ifp) != 0xd8) break;
** CID 1368980: Uninitialized members (UNINIT_CTOR)
/home/gilles/Devel/5.x/core/libs/rawengine/libraw/libraw/libraw_datastream.h: 266 in libraw_dng_stream::libraw_dng_stream(LibRaw_abstract_datastream *)()
________________________________________________________________________________________________________
*** CID 1368980: Uninitialized members (UNINIT_CTOR)
/home/gilles/Devel/5.x/core/libs/rawengine/libraw/libraw/libraw_datastream.h: 266 in libraw_dng_stream::libraw_dng_stream(LibRaw_abstract_datastream *)()
260 {
261 if(parent_stream)
262 {
263 off = parent_stream->tell();
264 parent_stream->seek(0UL,SEEK_SET); /* seek to start */
265 }
>>> CID 1368980: Uninitialized members (UNINIT_CTOR)
>>> Non-static class member "off" is not initialized in this constructor nor in any functions that it calls.
266 }
267 ~libraw_dng_stream(){
268 if(parent_stream)
269 parent_stream->seek(off,SEEK_SET);
270 }
271 virtual uint64 DoGetLength (){
** CID 1368979: Uninitialized variables (UNINIT)
/home/gilles/Devel/5.x/core/libs/rawengine/libraw/internal/dcraw_common.cpp: 1313 in LibRaw::nikon_yuv_load_raw()()
________________________________________________________________________________________________________
*** CID 1368979: Uninitialized variables (UNINIT)
/home/gilles/Devel/5.x/core/libs/rawengine/libraw/internal/dcraw_common.cpp: 1313 in LibRaw::nikon_yuv_load_raw()()
1307
1308 void CLASS nikon_yuv_load_raw()
1309 {
1310 int row, col, yuv[4], rgb[3], b, c;
1311 UINT64 bitbuf=0;
1312 float cmul[4];
>>> CID 1368979: Uninitialized variables (UNINIT)
>>> Using uninitialized value "cmul[c]".
1313 FORC4 { cmul[c] == cam_mul[c]>0.001f?cam_mul[c]:1.f; }
1314 for (row=0; row < raw_height; row++)
1315 {
1316 #ifdef LIBRAW_LIBRARY_BUILD
1317 checkCancel();
1318 #endif
** CID 1368978: Integer handling issues (SIGN_EXTENSION)
/home/gilles/Devel/5.x/core/libs/rawengine/libraw/src/libraw_cxx.cpp: 1501 in LibRaw::pentax_4shot_load_raw()()
________________________________________________________________________________________________________
*** CID 1368978: Integer handling issues (SIGN_EXTENSION)
/home/gilles/Devel/5.x/core/libs/rawengine/libraw/src/libraw_cxx.cpp: 1501 in LibRaw::pentax_4shot_load_raw()()
1495 imgdata.rawdata.float3_image = 0;
1496 imgdata.rawdata.float4_image = 0;
1497 }
1498
1499 void LibRaw::pentax_4shot_load_raw()
1500 {
>>> CID 1368978: Integer handling issues (SIGN_EXTENSION)
>>> Suspicious implicit sign extension: "this->imgdata.sizes.raw_height" with type "unsigned short" (16 bits, unsigned) is promoted in "this->imgdata.sizes.raw_width * this->imgdata.sizes.raw_height" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned). If "this->imgdata.sizes.raw_width * this->imgdata.sizes.raw_height" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
1501 ushort *plane = (ushort*)malloc(imgdata.sizes.raw_width*imgdata.sizes.raw_height*sizeof(ushort));
1502 int alloc_sz = imgdata.sizes.raw_width*(imgdata.sizes.raw_height+16)*4*sizeof(ushort);
1503 ushort (*result)[4] = (ushort(*)[4]) malloc(alloc_sz);
1504 struct movement_t
1505 {
1506 int row,col;
** CID 1368977: Integer handling issues (SIGN_EXTENSION)
/home/gilles/Devel/5.x/core/libs/rawengine/libraw/src/libraw_cxx.cpp: 1501 in LibRaw::pentax_4shot_load_raw()()
________________________________________________________________________________________________________
*** CID 1368977: Integer handling issues (SIGN_EXTENSION)
/home/gilles/Devel/5.x/core/libs/rawengine/libraw/src/libraw_cxx.cpp: 1501 in LibRaw::pentax_4shot_load_raw()()
1495 imgdata.rawdata.float3_image = 0;
1496 imgdata.rawdata.float4_image = 0;
1497 }
1498
1499 void LibRaw::pentax_4shot_load_raw()
1500 {
>>> CID 1368977: Integer handling issues (SIGN_EXTENSION)
>>> Suspicious implicit sign extension: "this->imgdata.sizes.raw_width" with type "unsigned short" (16 bits, unsigned) is promoted in "this->imgdata.sizes.raw_width * this->imgdata.sizes.raw_height" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned). If "this->imgdata.sizes.raw_width * this->imgdata.sizes.raw_height" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.
1501 ushort *plane = (ushort*)malloc(imgdata.sizes.raw_width*imgdata.sizes.raw_height*sizeof(ushort));
1502 int alloc_sz = imgdata.sizes.raw_width*(imgdata.sizes.raw_height+16)*4*sizeof(ushort);
1503 ushort (*result)[4] = (ushort(*)[4]) malloc(alloc_sz);
1504 struct movement_t
1505 {
1506 int row,col;
** CID 1368976: Null pointer dereferences (REVERSE_INULL)
/home/gilles/Devel/5.x/core/libs/album/albumtreeview.cpp: 1105 in Digikam::AbstractAlbumTreeView::contextMenuEvent(QContextMenuEvent *)()
________________________________________________________________________________________________________
*** CID 1368976: Null pointer dereferences (REVERSE_INULL)
/home/gilles/Devel/5.x/core/libs/album/albumtreeview.cpp: 1105 in Digikam::AbstractAlbumTreeView::contextMenuEvent(QContextMenuEvent *)()
1099 if (!showContextMenuAt(event, album))
1100 {
1101 return;
1102 }
1103
1104 // switch to the selected album if need
>>> CID 1368976: Null pointer dereferences (REVERSE_INULL)
>>> Null-checking "album" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
1105 if (d->selectOnContextMenu && album)
1106 {
1107 setCurrentAlbums(QList<Album*>() << album);
1108 }
1109
1110 // --------------------------------------------------------
** CID 1368975: Incorrect expression (PW.ASSIGN_WHERE_COMPARE_MEANT)
/home/gilles/Devel/5.x/core/libs/rawengine/libraw/internal/dcraw_common.cpp: 10711 in ()
________________________________________________________________________________________________________
*** CID 1368975: Incorrect expression (PW.ASSIGN_WHERE_COMPARE_MEANT)
/home/gilles/Devel/5.x/core/libs/rawengine/libraw/internal/dcraw_common.cpp: 10711 in ()
10705 if (max_samp > 3) max_samp = 3;
10706 os = raw_width*raw_height;
10707 ns = tiff_ifd[i].t_width*tiff_ifd[i].t_height;
10708 if ((tiff_ifd[i].comp != 6 || tiff_ifd[i].samples != 3) &&
10709 unsigned(tiff_ifd[i].t_width | tiff_ifd[i].t_height) < 0x10000 &&
10710 (unsigned)tiff_ifd[i].bps < 33 && (unsigned)tiff_ifd[i].samples < 13 &&
>>> CID 1368975: Incorrect expression (PW.ASSIGN_WHERE_COMPARE_MEANT)
>>> use of "=" where "==" may have been intended
10711 ns && ((ns > os && (ties = 1)) ||
10712 (ns == os && shot_select == ties++))) {
10713 raw_width = tiff_ifd[i].t_width;
10714 raw_height = tiff_ifd[i].t_height;
10715 tiff_bps = tiff_ifd[i].bps;
10716 tiff_compress = tiff_ifd[i].comp;
** CID 1368974: Memory - illegal accesses (OVERRUN)
/home/gilles/Devel/5.x/core/libs/rawengine/libraw/src/libraw_cxx.cpp: 1518 in LibRaw::pentax_4shot_load_raw()()
________________________________________________________________________________________________________
*** CID 1368974: Memory - illegal accesses (OVERRUN)
/home/gilles/Devel/5.x/core/libs/rawengine/libraw/src/libraw_cxx.cpp: 1518 in LibRaw::pentax_4shot_load_raw()()
1512 };
1513
1514 int tidx = 0;
1515 for(int i=0; i<4; i++)
1516 {
1517 for(; tidx<16; tidx++)
>>> CID 1368974: Memory - illegal accesses (OVERRUN)
>>> Overrunning array "this->tiff_ifd" of 10 88-byte elements at element index 15 (byte offset 1320) using index "tidx" (which evaluates to 15).
1518 if(tiff_ifd[tidx].t_width == imgdata.sizes.raw_width && tiff_ifd[tidx].t_height == imgdata.sizes.raw_height && tiff_ifd[tidx].bps>8 && tiff_ifd[tidx].samples == 1 )
1519 break;
1520 if(tidx>=16)
1521 break;
1522 imgdata.rawdata.raw_image = plane;
1523 ID.input->seek(tiff_ifd[tidx].offset, SEEK_SET);
** CID 1368973: Integer handling issues (NO_EFFECT)
/home/gilles/Devel/5.x/core/libs/rawengine/libraw/internal/dcraw_common.cpp: 6755 in LibRaw::parseSonyLensFeatures(unsigned char, unsigned char)()
________________________________________________________________________________________________________
*** CID 1368973: Integer handling issues (NO_EFFECT)
/home/gilles/Devel/5.x/core/libs/rawengine/libraw/internal/dcraw_common.cpp: 6755 in LibRaw::parseSonyLensFeatures(unsigned char, unsigned char)()
6749 strnXcat(imgdata.lens.makernotes.LensFeatures_suf, " OSS");
6750
6751 if (features & 0x2000)
6752 strnXcat(imgdata.lens.makernotes.LensFeatures_suf, " LE");
6753
6754 if (features & 0x0800)
>>> CID 1368973: Integer handling issues (NO_EFFECT)
>>> This less-than-zero comparison of an unsigned value is never true. "0UL > ((16UL - strlen(this->imgdata.lens.makernotes.LensFeatures_suf) - 1UL < 16UL) ? 16UL - strlen(this->imgdata.lens.makernotes.LensFeatures_suf) - 1UL : 16UL)".
6755 strnXcat(imgdata.lens.makernotes.LensFeatures_suf, " II");
6756
6757 if (imgdata.lens.makernotes.LensFeatures_suf[0] == ' ')
6758 memmove(imgdata.lens.makernotes.LensFeatures_suf, imgdata.lens.makernotes.LensFeatures_suf+1, strlen(imgdata.lens.makernotes.LensFeatures_suf));
6759
6760 return;
** CID 1368972: Incorrect expression (NO_EFFECT)
/home/gilles/Devel/5.x/core/libs/rawengine/libraw/internal/dcraw_common.cpp: 4670 in LibRaw::vng_interpolate()()
________________________________________________________________________________________________________
*** CID 1368972: Incorrect expression (NO_EFFECT)
/home/gilles/Devel/5.x/core/libs/rawengine/libraw/internal/dcraw_common.cpp: 4670 in LibRaw::vng_interpolate()()
4664 if (filters == 9) prow = pcol = 6;
4665 ip = (int *) calloc (prow*pcol, 1280);
4666 merror (ip, "vng_interpolate()");
4667 for (row=0; row < prow; row++) /* Precalculate for VNG */
4668 for (col=0; col < pcol; col++) {
4669 code[row][col] = ip;
>>> CID 1368972: Incorrect expression (NO_EFFECT)
>>> Part "t < 64" of statement "(t < 64) , (cpt = &terms[t])" has no effect due to the comma.
4670 for (cpt=&terms[0], t=0; t < 64, cpt = &terms[t]; t++) {
4671 y1 = cpt->y1; x1 = cpt->x1;
4672 y2 = cpt->y2; x2 = cpt->x2;
4673 weight = cpt->weight;
4674 grads = cpt->grads;
4675 color = fcol(row+y1,col+x1);
** CID 1368971: Control flow issues (DEADCODE)
/home/gilles/Devel/5.x/core/libs/rawengine/libraw/internal/dcraw_common.cpp: 4667 in LibRaw::vng_interpolate()()
________________________________________________________________________________________________________
*** CID 1368971: Control flow issues (DEADCODE)
/home/gilles/Devel/5.x/core/libs/rawengine/libraw/internal/dcraw_common.cpp: 4667 in LibRaw::vng_interpolate()()
4661 #endif
4662
4663 if (filters == 1) prow = pcol = 16;
4664 if (filters == 9) prow = pcol = 6;
4665 ip = (int *) calloc (prow*pcol, 1280);
4666 merror (ip, "vng_interpolate()");
>>> CID 1368971: Control flow issues (DEADCODE)
>>> Execution cannot reach the expression "row" inside this statement: "row++;".
4667 for (row=0; row < prow; row++) /* Precalculate for VNG */
4668 for (col=0; col < pcol; col++) {
4669 code[row][col] = ip;
4670 for (cpt=&terms[0], t=0; t < 64, cpt = &terms[t]; t++) {
4671 y1 = cpt->y1; x1 = cpt->x1;
4672 y2 = cpt->y2; x2 = cpt->x2;
** CID 1368970: Control flow issues (DEADCODE)
/home/gilles/Devel/5.x/core/libs/rawengine/libraw/internal/dcraw_common.cpp: 4697 in LibRaw::vng_interpolate()()
________________________________________________________________________________________________________
*** CID 1368970: Control flow issues (DEADCODE)
/home/gilles/Devel/5.x/core/libs/rawengine/libraw/internal/dcraw_common.cpp: 4697 in LibRaw::vng_interpolate()()
4691 if (fcol(row+y,col+x) != color && fcol(row+y*2,col+x*2) == color)
4692 *ip++ = (y*width + x) * 8 + color;
4693 else
4694 *ip++ = 0;
4695 }
4696 }
>>> CID 1368970: Control flow issues (DEADCODE)
>>> Execution cannot reach this statement: "brow[4] = (unsigned short (...".
4697 brow[4] = (ushort (*)[4]) calloc (width*3, sizeof **brow);
4698 merror (brow[4], "vng_interpolate()");
4699 for (row=0; row < 3; row++)
4700 brow[row] = brow[4] + row*width;
4701 for (row=2; row < height-2; row++) { /* Do VNG interpolation */
4702 #ifdef LIBRAW_LIBRARY_BUILD
** CID 1368969: Control flow issues (DEADCODE)
/home/gilles/Devel/5.x/core/libs/rawengine/libraw/internal/dcraw_common.cpp: 4686 in LibRaw::vng_interpolate()()
________________________________________________________________________________________________________
*** CID 1368969: Control flow issues (DEADCODE)
/home/gilles/Devel/5.x/core/libs/rawengine/libraw/internal/dcraw_common.cpp: 4686 in LibRaw::vng_interpolate()()
4680 *ip++ = (y2*width + x2)*4 + color;
4681 *ip++ = weight;
4682 for (g=0; g < 8; g++)
4683 if (grads & 1<<g) *ip++ = g;
4684 *ip++ = -1;
4685 }
>>> CID 1368969: Control flow issues (DEADCODE)
>>> Execution cannot reach this statement: "*ip++ = 2147483647;".
4686 *ip++ = INT_MAX;
4687 for (cp=chood, g=0; g < 8; g++) {
4688 y = *cp++; x = *cp++;
4689 *ip++ = (y*width + x) * 4;
4690 color = fcol(row,col);
4691 if (fcol(row+y,col+x) != color && fcol(row+y*2,col+x*2) == color)
** CID 1368968: Control flow issues (DEADCODE)
/home/gilles/Devel/5.x/core/libs/rawengine/libraw/src/libraw_cxx.cpp: 1580 in LibRaw::nikon_load_striped_packed_raw()()
________________________________________________________________________________________________________
*** CID 1368968: Control flow issues (DEADCODE)
/home/gilles/Devel/5.x/core/libs/rawengine/libraw/src/libraw_cxx.cpp: 1580 in LibRaw::nikon_load_striped_packed_raw()()
1574 return; // not unpacked
1575 int stripcnt = 0;
1576
1577 bwide = S.raw_width * tiff_bps / 8;
1578 bwide += bwide & load_flags >> 7;
1579 rbits = bwide * 8 - S.raw_width * tiff_bps;
>>> CID 1368968: Control flow issues (DEADCODE)
>>> Execution cannot reach this statement: "bwide = bwide * 16 / 15;".
1580 if (load_flags & 1) bwide = bwide * 16 / 15;
1581 bite = 8 + (load_flags & 24);
1582 for (row=0; row < S.raw_height; row++)
1583 {
1584 checkCancel();
1585 if(!(row%ifd->rows_per_strip))
** CID 1368967: Integer handling issues (BAD_SHIFT)
/home/gilles/Devel/5.x/core/libs/rawengine/libraw/internal/dcraw_common.cpp: 1048 in LibRaw::ljpeg_idct(jhead *)()
________________________________________________________________________________________________________
*** CID 1368967: Integer handling issues (BAD_SHIFT)
/home/gilles/Devel/5.x/core/libs/rawengine/libraw/internal/dcraw_common.cpp: 1048 in LibRaw::ljpeg_idct(jhead *)()
1042 work[0][0][0] = jh->vpred[0] += ljpeg_diff (jh->huff[0]) * jh->quant[0];
1043 for (i=1; i < 64; i++ ) {
1044 len = gethuff (jh->huff[16]);
1045 i += skip = len >> 4;
1046 if (!(len &= 15) && skip < 15) break;
1047 coef = getbits(len);
>>> CID 1368967: Integer handling issues (BAD_SHIFT)
>>> In expression "1 << len - 1", shifting by a negative amount has undefined behavior. The shift amount, "len - 1", is -1.
1048 if ((coef & (1 << (len-1))) == 0)
1049 coef -= (1 << len) - 1;
1050 ((float *)work)[zigzag[i]] = coef * jh->quant[i];
1051 }
1052 FORC(8) work[0][0][c] *= M_SQRT1_2;
1053 FORC(8) work[0][c][0] *= M_SQRT1_2;
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRZIlZa20oQ0xtvekoaSXYBwgZYh7yqZ4T857KvBwnvzEg-3D-3D_Vulo-2FzB1zz6bqp-2F-2Bl-2FpBD-2BzKk1Nu56XtBupWJitvnTDwmvffd-2F5mF1Posw1DKmgdhsD-2Fes3bJURPQh8XajBolO-2BK7yEgQbnS8yAi3lKW1evD5KLCJ80OwTas0B3IAois2fuYABt8xHwE8CMtOs15RmZOxKFLpU8hfkYH03Fex2UmZ-2FtTCErT6hx5A-2F1ixQfe7SoWKgrx6E1JKJVCwpN6Q8ldyypk-2Bwt4fCbObb-2B1n1A-3D
To manage Coverity Scan email notifications for "digikam-devel at kde.org", click https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4g-2BkTwi3e7HlDkvMAkUMj2-2FFhZ2O-2BELTTy-2Fl1ea1gxKqmntchu8-2BeAOkExRtki0102MqL9th0o1rOws5-2F-2FQDFdjkpeJaB-2FdUMxPk-2B7ZQUGV0-3D_Vulo-2FzB1zz6bqp-2F-2Bl-2FpBD-2BzKk1Nu56XtBupWJitvnTDwmvffd-2F5mF1Posw1DKmgdhNuJmwG3oYXMq7muZdkL1tg7CoageDIWlyymi2znfzeyloVH6R5WF3CM1H5LiG1tF0yFPBq3m5kP43yexHRIF41-2Bbh7bJngP1dKg0NBssBfQj2Y05Lh3dFYNCo-2FalbVhro9XzF869B9vzciZxlHh00X9AqG3xvAn2OXm-2B6aiYYE-3D
More information about the Digikam-devel
mailing list