New Defects reported by Coverity Scan for digiKam
scan-admin at coverity.com
scan-admin at coverity.com
Thu Jul 31 18:28:56 BST 2025
Hi,
Please find the latest report on new defect(s) introduced to digiKam found with Coverity Scan.
9 new defect(s) introduced to digiKam found with Coverity Scan.
39 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 9 of 9 defect(s)
** CID 1660837: Memory - illegal accesses (OVERRUN)
/home/gilles/devel/GIT/8.x/core/libs/rawengine/libraw/src/metadata/makernotes.cpp: 267 in LibRaw::parse_makernote_0xc634(long long, int, unsigned int)()
_____________________________________________________________________________________________
*** CID 1660837: Memory - illegal accesses (OVERRUN)
/home/gilles/devel/GIT/8.x/core/libs/rawengine/libraw/src/metadata/makernotes.cpp: 267 in LibRaw::parse_makernote_0xc634(long long, int, unsigned int)()
261 } else if (!strncasecmp(make, "Hasselblad", 10) && !is_Sony) {
262 if (tag == 0x0011) {
263 imHassy.SensorCode = getint(type);
264 } else if ((tag == 0x0015) && tagtypeIs(LIBRAW_EXIFTAG_TYPE_ASCII)) {
265 stmread (imHassy.SensorUnitConnector, len, ifp);
266 for (int i=0; i<(int)len; i++) {
>>> CID 1660837: Memory - illegal accesses (OVERRUN)
>>> Overrunning array "this->imgdata.makernotes.hasselblad.SensorUnitConnector" of 64 bytes at byte offset 104857599 using index "i" (which evaluates to 104857599).
267 if(!isalnum(imHassy.SensorUnitConnector[i]) &&
268 (imHassy.SensorUnitConnector[i]!=' ') &&
269 (imHassy.SensorUnitConnector[i]!='/') &&
270 (imHassy.SensorUnitConnector[i]!='-')) {
271 imHassy.SensorUnitConnector[0] = 0;
272 break;
** CID 1660836: Integer handling issues (INTEGER_OVERFLOW)
/home/gilles/devel/GIT/8.x/core/libs/dngwriter/extra/dng_sdk/dng_iptc.cpp: 345 in dng_iptc::Parse(const void *, unsigned int, unsigned long)()
_____________________________________________________________________________________________
*** CID 1660836: Integer handling issues (INTEGER_OVERFLOW)
/home/gilles/devel/GIT/8.x/core/libs/dngwriter/extra/dng_sdk/dng_iptc.cpp: 345 in dng_iptc::Parse(const void *, unsigned int, unsigned long)()
339
340 nextOffset = stream.Position () + dataSize;
341
342 if (record == 2)
343 {
344
>>> CID 1660836: Integer handling issues (INTEGER_OVERFLOW)
>>> Expression "stream.Position() - 2UL", where "stream.Position()" is known to be equal to 0, underflows the type of "stream.Position() - 2UL", which is type "unsigned long".
345 stream.SetReadPosition (stream.Position () - 2);
346
347 switch ((DataSet) dataSet)
348 {
349
350 case kObjectNameSet:
** CID 1660835: (USE_AFTER_MOVE)
/usr/include/boost/smart_ptr/detail/sp_counted_impl.hpp: 163 in boost::detail::sp_counted_impl_pd<unsigned char *, boost::checked_array_deleter<unsigned char>>::sp_counted_impl_pd(unsigned char *, boost::checked_array_deleter<unsigned char> &)()
/usr/include/boost/smart_ptr/detail/sp_counted_impl.hpp: 163 in boost::detail::sp_counted_impl_pd<boost::default_color_type *, boost::checked_array_deleter<boost::default_color_type>>::sp_counted_impl_pd(boost::default_color_type *, boost::checked_array_deleter<boost::default_color_type> &)()
_____________________________________________________________________________________________
*** CID 1660835: (USE_AFTER_MOVE)
/usr/include/boost/smart_ptr/detail/sp_counted_impl.hpp: 163 in boost::detail::sp_counted_impl_pd<unsigned char *, boost::checked_array_deleter<unsigned char>>::sp_counted_impl_pd(unsigned char *, boost::checked_array_deleter<unsigned char> &)()
157 // pre: d(p) must not throw
158
159 #if !defined( BOOST_NO_CXX11_RVALUE_REFERENCES )
160
161 sp_counted_impl_pd( P p, D & d ): ptr( p ), del( static_cast< D&& >( d ) )
162 {
>>> CID 1660835: (USE_AFTER_MOVE)
>>> Returning while reference parameter "d" is in a moved state.
163 }
164
165 #else
166
167 sp_counted_impl_pd( P p, D & d ): ptr( p ), del( d )
168 {
/usr/include/boost/smart_ptr/detail/sp_counted_impl.hpp: 163 in boost::detail::sp_counted_impl_pd<boost::default_color_type *, boost::checked_array_deleter<boost::default_color_type>>::sp_counted_impl_pd(boost::default_color_type *, boost::checked_array_deleter<boost::default_color_type> &)()
157 // pre: d(p) must not throw
158
159 #if !defined( BOOST_NO_CXX11_RVALUE_REFERENCES )
160
161 sp_counted_impl_pd( P p, D & d ): ptr( p ), del( static_cast< D&& >( d ) )
162 {
>>> CID 1660835: (USE_AFTER_MOVE)
>>> Returning while reference parameter "d" is in a moved state.
163 }
164
165 #else
166
167 sp_counted_impl_pd( P p, D & d ): ptr( p ), del( d )
168 {
** CID 1660834: (USE_AFTER_MOVE)
/usr/include/c++/13/format: 629 in std::__format::__write_padded<std::__format::_Sink_iter<char>, char>(T1, std::basic_string_view<T2, std::char_traits<T2>>, std::__format::_Align, unsigned long, T2)::[lambda(unsigned long, std::__format::_Sink_iter<char> &) (instance 1)]::operator ()(unsigned long, std::__format::_Sink_iter<char> &) const()
/usr/include/c++/13/format: 629 in std::__format::__write_padded<std::__format::_Sink_iter<char>, char>(T1, std::basic_string_view<T2, std::char_traits<T2>>, std::__format::_Align, unsigned long, T2)::[lambda(unsigned long, std::__format::_Sink_iter<char> &) (instance 1)]::operator ()(unsigned long, std::__format::_Sink_iter<char> &) const()
/usr/include/c++/13/format: 629 in std::__format::__write_padded<std::__format::_Sink_iter<char>, char>(T1, std::basic_string_view<T2, std::char_traits<T2>>, std::__format::_Align, unsigned long, T2)::[lambda(unsigned long, std::__format::_Sink_iter<char> &) (instance 1)]::operator ()(unsigned long, std::__format::_Sink_iter<char> &) const()
/usr/include/c++/13/format: 629 in std::__format::__write_padded<std::__format::_Sink_iter<char>, char>(T1, std::basic_string_view<T2, std::char_traits<T2>>, std::__format::_Align, unsigned long, T2)::[lambda(unsigned long, std::__format::_Sink_iter<char> &) (instance 1)]::operator ()(unsigned long, std::__format::_Sink_iter<char> &) const()
_____________________________________________________________________________________________
*** CID 1660834: (USE_AFTER_MOVE)
/usr/include/c++/13/format: 629 in std::__format::__write_padded<std::__format::_Sink_iter<char>, char>(T1, std::basic_string_view<T2, std::char_traits<T2>>, std::__format::_Align, unsigned long, T2)::[lambda(unsigned long, std::__format::_Sink_iter<char> &) (instance 1)]::operator ()(unsigned long, std::__format::_Sink_iter<char> &) const()
623 {
624 __o = __format::__write(std::move(__o), __padding);
625 __n -= __padding.size();
626 }
627 if (__n != 0)
628 __o = __format::__write(std::move(__o), __padding.substr(0, __n));
>>> CID 1660834: (USE_AFTER_MOVE)
>>> Returning while reference parameter "__o" is in a moved state.
629 };
630
631 size_t __l, __r, __max;
632 if (__align == _Align_centre)
633 {
634 __l = __nfill / 2;
/usr/include/c++/13/format: 629 in std::__format::__write_padded<std::__format::_Sink_iter<char>, char>(T1, std::basic_string_view<T2, std::char_traits<T2>>, std::__format::_Align, unsigned long, T2)::[lambda(unsigned long, std::__format::_Sink_iter<char> &) (instance 1)]::operator ()(unsigned long, std::__format::_Sink_iter<char> &) const()
623 {
624 __o = __format::__write(std::move(__o), __padding);
625 __n -= __padding.size();
626 }
627 if (__n != 0)
628 __o = __format::__write(std::move(__o), __padding.substr(0, __n));
>>> CID 1660834: (USE_AFTER_MOVE)
>>> Returning while reference parameter "__o" is in a moved state.
629 };
630
631 size_t __l, __r, __max;
632 if (__align == _Align_centre)
633 {
634 __l = __nfill / 2;
/usr/include/c++/13/format: 629 in std::__format::__write_padded<std::__format::_Sink_iter<char>, char>(T1, std::basic_string_view<T2, std::char_traits<T2>>, std::__format::_Align, unsigned long, T2)::[lambda(unsigned long, std::__format::_Sink_iter<char> &) (instance 1)]::operator ()(unsigned long, std::__format::_Sink_iter<char> &) const()
623 {
624 __o = __format::__write(std::move(__o), __padding);
625 __n -= __padding.size();
626 }
627 if (__n != 0)
628 __o = __format::__write(std::move(__o), __padding.substr(0, __n));
>>> CID 1660834: (USE_AFTER_MOVE)
>>> Returning while reference parameter "__o" is in a moved state.
629 };
630
631 size_t __l, __r, __max;
632 if (__align == _Align_centre)
633 {
634 __l = __nfill / 2;
/usr/include/c++/13/format: 629 in std::__format::__write_padded<std::__format::_Sink_iter<char>, char>(T1, std::basic_string_view<T2, std::char_traits<T2>>, std::__format::_Align, unsigned long, T2)::[lambda(unsigned long, std::__format::_Sink_iter<char> &) (instance 1)]::operator ()(unsigned long, std::__format::_Sink_iter<char> &) const()
623 {
624 __o = __format::__write(std::move(__o), __padding);
625 __n -= __padding.size();
626 }
627 if (__n != 0)
628 __o = __format::__write(std::move(__o), __padding.substr(0, __n));
>>> CID 1660834: (USE_AFTER_MOVE)
>>> Returning while reference parameter "__o" is in a moved state.
629 };
630
631 size_t __l, __r, __max;
632 if (__align == _Align_centre)
633 {
634 __l = __nfill / 2;
** CID 1660833: (OVERRUN)
/home/gilles/devel/GIT/8.x/core/libs/rawengine/libraw/src/demosaic/xtrans_demosaic.cpp: 314 in LibRaw::xtrans_interpolate(int)()
/home/gilles/devel/GIT/8.x/core/libs/rawengine/libraw/src/demosaic/xtrans_demosaic.cpp: 332 in LibRaw::xtrans_interpolate(int)()
_____________________________________________________________________________________________
*** CID 1660833: (OVERRUN)
/home/gilles/devel/GIT/8.x/core/libs/rawengine/libraw/src/demosaic/xtrans_demosaic.cpp: 314 in LibRaw::xtrans_interpolate(int)()
308 ((ABS(rix[0][1] - rix[c][1]) +
309 ABS(rix[0][1] - rix[-c][1])) <
310 2 * (ABS(rix[0][1] - rix[h][1]) +
311 ABS(rix[0][1] - rix[-h][1])))
312 ? c
313 : h;
>>> CID 1660833: (OVERRUN)
>>> Overrunning array of 262144 6-byte elements at element index 788476 (byte offset 4730861) by dereferencing pointer "rix + 0".
314 rix[0][f] = CLIP((rix[i][f] + rix[-i][f] + 2 * rix[0][1] -
315 rix[i][1] - rix[-i][1]) /
316 2);
317 }
318 }
319
/home/gilles/devel/GIT/8.x/core/libs/rawengine/libraw/src/demosaic/xtrans_demosaic.cpp: 332 in LibRaw::xtrans_interpolate(int)()
326 rix = &rgb[0][row - top][col - left];
327 short* hex = allhex[row % 3][col % 3][1];
328 for (int d = 0; d < 8;
329 d += 2, rix += LIBRAW_AHD_TILE * LIBRAW_AHD_TILE)
330 if (hex[d] + hex[d + 1])
331 {
>>> CID 1660833: (OVERRUN)
>>> Overrunning array of 262144 6-byte elements at element index 787458 (byte offset 4724753) by dereferencing pointer "rix + 0".
332 int g = 3 * rix[0][1] - 2 * rix[hex[d]][1] - rix[hex[d + 1]][1];
333 for (c = 0; c < 4; c += 2)
334 rix[0][c] = CLIP(
335 (g + 2 * rix[hex[d]][c] + rix[hex[d + 1]][c]) / 3);
336 }
337 else
** CID 1660832: Performance inefficiencies (COPY_INSTEAD_OF_MOVE)
_____________________________________________________________________________________________
*** CID 1660832: Performance inefficiencies (COPY_INSTEAD_OF_MOVE)
/home/gilles/devel/GIT/8.x/core/dplugins/generic/tools/wallpaper/wallpaperplugin.cpp: 124 in DigikamGenericWallpaperPlugin::WallpaperPlugin::slotWallpaper()()
118 QPointer<WallpaperPluginDlg> dlg = new WallpaperPluginDlg(this);
119 dlg->show();
120
121 QEventLoop loop;
122
123 connect(dlg, &QDialog::finished,
>>> CID 1660832: Performance inefficiencies (COPY_INSTEAD_OF_MOVE)
>>> "images" is passed-by-value as parameter to "connect", when it could be moved instead.
124 this, [this, &loop, dlg, images](int result)
125 {
126 if (result == QDialog::Accepted)
127 {
128 setWallpaper(images[0].toString(), dlg->wallpaperLayout());
129 }
** CID 1660779: Uninitialized variables (USE_AFTER_MOVE)
/usr/include/c++/13/bits/alloc_traits.h: 737 in std::__do_alloc_on_move<std::allocator<GemRB::Action *>>(T1 &, T1 &, std::integral_constant<bool, (bool)1>)()
_____________________________________________________________________________________________
*** CID 1660779: Uninitialized variables (USE_AFTER_MOVE)
/usr/include/c++/13/bits/alloc_traits.h: 737 in std::__do_alloc_on_move<std::allocator<GemRB::Action *>>(T1 &, T1 &, std::integral_constant<bool, (bool)1>)()
731 }
732
733 #if __cplusplus < 201703L
734 template<typename _Alloc>
735 [[__gnu__::__always_inline__]]
736 inline void __do_alloc_on_move(_Alloc& __one, _Alloc& __two, true_type)
>>> CID 1660779: Uninitialized variables (USE_AFTER_MOVE)
>>> Returning while reference parameter "__two" is in a moved state.
737 { __one = std::move(__two); }
738
739 template<typename _Alloc>
740 [[__gnu__::__always_inline__]]
741 inline void __do_alloc_on_move(_Alloc&, _Alloc&, false_type)
742 { }
** CID 1659412: Uninitialized variables (USE_AFTER_MOVE)
/usr/include/c++/13/bits/stl_list.h: 1632 in std::__cxx11::list<GemRB::Effect, std::allocator<GemRB::Effect>>::splice(std::_List_const_iterator<GemRB::Effect>, std::__cxx11::list<GemRB::Effect, std::allocator<GemRB::Effect>>&)()
_____________________________________________________________________________________________
*** CID 1659412: Uninitialized variables (USE_AFTER_MOVE)
/usr/include/c++/13/bits/stl_list.h: 1632 in std::__cxx11::list<GemRB::Effect, std::allocator<GemRB::Effect>>::splice(std::_List_const_iterator<GemRB::Effect>, std::__cxx11::list<GemRB::Effect, std::allocator<GemRB::Effect>>&)()
1626 }
1627 }
1628
1629 #if __cplusplus >= 201103L
1630 void
1631 splice(const_iterator __position, list& __x) noexcept
>>> CID 1659412: Uninitialized variables (USE_AFTER_MOVE)
>>> Returning while reference parameter "__x" is in a moved state.
1632 { splice(__position, std::move(__x)); }
1633 #endif
1634
1635 #if __cplusplus >= 201103L
1636 /**
1637 * @brief Insert element from another %list.
** CID 1659228: (USE_AFTER_MOVE)
/usr/include/c++/13/bits/alloc_traits.h: 759 in std::__alloc_on_move<std::allocator<std::_Rb_tree_node<std::pair<const double, QString>>>>(T1 &, T1 &)()
/usr/include/c++/13/bits/alloc_traits.h: 759 in std::__alloc_on_move<std::allocator<std::_Rb_tree_node<std::pair<const double, QString>>>>(T1 &, T1 &)()
/usr/include/c++/13/bits/alloc_traits.h: 759 in std::__alloc_on_move<std::allocator<std::_Rb_tree_node<std::pair<const double, QString>>>>(T1 &, T1 &)()
/usr/include/c++/13/bits/alloc_traits.h: 759 in std::__alloc_on_move<std::allocator<std::_Rb_tree_node<std::pair<const double, QString>>>>(T1 &, T1 &)()
/usr/include/c++/13/bits/alloc_traits.h: 759 in std::__alloc_on_move<std::allocator<std::_Rb_tree_node<std::pair<const double, QString>>>>(T1 &, T1 &)()
/usr/include/c++/13/bits/alloc_traits.h: 759 in std::__alloc_on_move<std::allocator<std::_Rb_tree_node<std::pair<const double, QString>>>>(T1 &, T1 &)()
/usr/include/c++/13/bits/alloc_traits.h: 759 in std::__alloc_on_move<std::allocator<std::_Rb_tree_node<std::pair<const double, QString>>>>(T1 &, T1 &)()
/usr/include/c++/13/bits/alloc_traits.h: 759 in std::__alloc_on_move<std::allocator<std::_Rb_tree_node<std::pair<const double, QString>>>>(T1 &, T1 &)()
_____________________________________________________________________________________________
*** CID 1659228: (USE_AFTER_MOVE)
/usr/include/c++/13/bits/alloc_traits.h: 759 in std::__alloc_on_move<std::allocator<std::_Rb_tree_node<std::pair<const double, QString>>>>(T1 &, T1 &)()
753 #if __cplusplus >= 201703L
754 if constexpr (__pocma::value)
755 __one = std::move(__two);
756 #else
757 __do_alloc_on_move(__one, __two, __pocma());
758 #endif
>>> CID 1659228: (USE_AFTER_MOVE)
>>> Returning while reference parameter "__two" is in a moved state.
759 }
760
761 #if __cplusplus < 201703L
762 template<typename _Alloc>
763 [[__gnu__::__always_inline__]]
764 inline void __do_alloc_on_swap(_Alloc& __one, _Alloc& __two, true_type)
/usr/include/c++/13/bits/alloc_traits.h: 759 in std::__alloc_on_move<std::allocator<std::_Rb_tree_node<std::pair<const double, QString>>>>(T1 &, T1 &)()
753 #if __cplusplus >= 201703L
754 if constexpr (__pocma::value)
755 __one = std::move(__two);
756 #else
757 __do_alloc_on_move(__one, __two, __pocma());
758 #endif
>>> CID 1659228: (USE_AFTER_MOVE)
>>> Returning while reference parameter "__two" is in a moved state.
759 }
760
761 #if __cplusplus < 201703L
762 template<typename _Alloc>
763 [[__gnu__::__always_inline__]]
764 inline void __do_alloc_on_swap(_Alloc& __one, _Alloc& __two, true_type)
/usr/include/c++/13/bits/alloc_traits.h: 759 in std::__alloc_on_move<std::allocator<std::_Rb_tree_node<std::pair<const double, QString>>>>(T1 &, T1 &)()
753 #if __cplusplus >= 201703L
754 if constexpr (__pocma::value)
755 __one = std::move(__two);
756 #else
757 __do_alloc_on_move(__one, __two, __pocma());
758 #endif
>>> CID 1659228: (USE_AFTER_MOVE)
>>> Returning while reference parameter "__two" is in a moved state.
759 }
760
761 #if __cplusplus < 201703L
762 template<typename _Alloc>
763 [[__gnu__::__always_inline__]]
764 inline void __do_alloc_on_swap(_Alloc& __one, _Alloc& __two, true_type)
/usr/include/c++/13/bits/alloc_traits.h: 759 in std::__alloc_on_move<std::allocator<std::_Rb_tree_node<std::pair<const double, QString>>>>(T1 &, T1 &)()
753 #if __cplusplus >= 201703L
754 if constexpr (__pocma::value)
755 __one = std::move(__two);
756 #else
757 __do_alloc_on_move(__one, __two, __pocma());
758 #endif
>>> CID 1659228: (USE_AFTER_MOVE)
>>> Returning while reference parameter "__two" is in a moved state.
759 }
760
761 #if __cplusplus < 201703L
762 template<typename _Alloc>
763 [[__gnu__::__always_inline__]]
764 inline void __do_alloc_on_swap(_Alloc& __one, _Alloc& __two, true_type)
/usr/include/c++/13/bits/alloc_traits.h: 759 in std::__alloc_on_move<std::allocator<std::_Rb_tree_node<std::pair<const double, QString>>>>(T1 &, T1 &)()
753 #if __cplusplus >= 201703L
754 if constexpr (__pocma::value)
755 __one = std::move(__two);
756 #else
757 __do_alloc_on_move(__one, __two, __pocma());
758 #endif
>>> CID 1659228: (USE_AFTER_MOVE)
>>> Returning while reference parameter "__two" is in a moved state.
759 }
760
761 #if __cplusplus < 201703L
762 template<typename _Alloc>
763 [[__gnu__::__always_inline__]]
764 inline void __do_alloc_on_swap(_Alloc& __one, _Alloc& __two, true_type)
/usr/include/c++/13/bits/alloc_traits.h: 759 in std::__alloc_on_move<std::allocator<std::_Rb_tree_node<std::pair<const double, QString>>>>(T1 &, T1 &)()
753 #if __cplusplus >= 201703L
754 if constexpr (__pocma::value)
755 __one = std::move(__two);
756 #else
757 __do_alloc_on_move(__one, __two, __pocma());
758 #endif
>>> CID 1659228: (USE_AFTER_MOVE)
>>> Returning while reference parameter "__two" is in a moved state.
759 }
760
761 #if __cplusplus < 201703L
762 template<typename _Alloc>
763 [[__gnu__::__always_inline__]]
764 inline void __do_alloc_on_swap(_Alloc& __one, _Alloc& __two, true_type)
/usr/include/c++/13/bits/alloc_traits.h: 759 in std::__alloc_on_move<std::allocator<std::_Rb_tree_node<std::pair<const double, QString>>>>(T1 &, T1 &)()
753 #if __cplusplus >= 201703L
754 if constexpr (__pocma::value)
755 __one = std::move(__two);
756 #else
757 __do_alloc_on_move(__one, __two, __pocma());
758 #endif
>>> CID 1659228: (USE_AFTER_MOVE)
>>> Returning while reference parameter "__two" is in a moved state.
759 }
760
761 #if __cplusplus < 201703L
762 template<typename _Alloc>
763 [[__gnu__::__always_inline__]]
764 inline void __do_alloc_on_swap(_Alloc& __one, _Alloc& __two, true_type)
/usr/include/c++/13/bits/alloc_traits.h: 759 in std::__alloc_on_move<std::allocator<std::_Rb_tree_node<std::pair<const double, QString>>>>(T1 &, T1 &)()
753 #if __cplusplus >= 201703L
754 if constexpr (__pocma::value)
755 __one = std::move(__two);
756 #else
757 __do_alloc_on_move(__one, __two, __pocma());
758 #endif
>>> CID 1659228: (USE_AFTER_MOVE)
>>> Returning while reference parameter "__two" is in a moved state.
759 }
760
761 #if __cplusplus < 201703L
762 template<typename _Alloc>
763 [[__gnu__::__always_inline__]]
764 inline void __do_alloc_on_swap(_Alloc& __one, _Alloc& __two, true_type)
________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://scan.coverity.com/projects/digikam?tab=overview
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/digikam-devel/attachments/20250731/bc13ecbf/attachment-0001.htm>
More information about the Digikam-devel
mailing list