[FFmpeg-devel] New Defects reported by Coverity Scan for FFmpeg/FFmpeg (fwd)

Marton Balint cus at passwd.hu
Sat Jan 11 23:54:10 EET 2020 

Hi,

Has anybody reported these and similar false positives involving 
av_dict_set() with a 0 flag to Coverity?

These are popping up all over the codebase, something should be done to 
make Coverity smarter about them. Any ideas?

Thanks,
Marton

---------- Forwarded message ----------
Date: Sat, 11 Jan 2020 00:16:31 +0000 (UTC)
From: scan-admin at coverity.com
To: cus at passwd.hu
Subject: New Defects reported by Coverity Scan for FFmpeg/FFmpeg

Hi,

Please find the latest report on new defect(s) introduced to FFmpeg/FFmpeg found with Coverity Scan.

3 new defect(s) introduced to FFmpeg/FFmpeg found with Coverity Scan.
4 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.

New defect(s) Reported-by: Coverity Scan
Showing 3 of 3 defect(s)


** CID 1457612:  Memory - corruptions  (BAD_FREE)


________________________________________________________________________________________________________
*** CID 1457612:  Memory - corruptions  (BAD_FREE)
/libavformat/img2dec.c: 387 in add_filename_as_pkt_side_data()
381     static int add_filename_as_pkt_side_data(char *filename, AVPacket *pkt) {
382         uint8_t* metadata;
383         int metadata_len;
384         AVDictionary *d = NULL;
385         char *packed_metadata = NULL;
386
>>>     CID 1457612:  Memory - corruptions  (BAD_FREE)
>>>     "av_dict_set" frees array ""lavf.image2dec.source_path"".
387         av_dict_set(&d, "lavf.image2dec.source_path", filename, 0);
388         av_dict_set(&d, "lavf.image2dec.source_basename", av_basename(filename), 0);
389
390         packed_metadata = av_packet_pack_dictionary(d, &metadata_len);
391         av_dict_free(&d);
392         if (!packed_metadata)

** CID 1457611:  Memory - corruptions  (BAD_FREE)


________________________________________________________________________________________________________
*** CID 1457611:  Memory - corruptions  (BAD_FREE)
/libavformat/img2dec.c: 522 in ff_img_read_packet()
516         /*
517          * export_path_metadata must be explicitly enabled via
518          * command line options for path metadata to be exported
519          * as packet side_data.
520          */
521         if (!s->is_pipe && s->export_path_metadata == 1) {
>>>     CID 1457611:  Memory - corruptions  (BAD_FREE)
>>>     "add_filename_as_pkt_side_data" frees incorrect pointer "filename".
522             res = add_filename_as_pkt_side_data(filename, pkt);
523             if (res < 0)
524                 goto fail;
525         }
526
527         pkt->size = 0;

** CID 1457610:  Memory - illegal accesses  (USE_AFTER_FREE)
/libavformat/img2dec.c: 388 in add_filename_as_pkt_side_data()


________________________________________________________________________________________________________
*** CID 1457610:  Memory - illegal accesses  (USE_AFTER_FREE)
/libavformat/img2dec.c: 388 in add_filename_as_pkt_side_data()
382         uint8_t* metadata;
383         int metadata_len;
384         AVDictionary *d = NULL;
385         char *packed_metadata = NULL;
386
387         av_dict_set(&d, "lavf.image2dec.source_path", filename, 0);
>>>     CID 1457610:  Memory - illegal accesses  (USE_AFTER_FREE)
>>>     Passing freed pointer "filename" as an argument to "av_basename".
388         av_dict_set(&d, "lavf.image2dec.source_basename", av_basename(filename), 0);
389
390         packed_metadata = av_packet_pack_dictionary(d, &metadata_len);
391         av_dict_free(&d);
392         if (!packed_metadata)
393             return AVERROR(ENOMEM);


________________________________________________________________________________________________________
To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRaqasF6Uk2bO40DRQinvhHXkt8Nls-2F5NS-2BxBTpKqgEzgg-3D-3D_iLiXcktl7KXGjSQAr3vGdzTcLOyVPdi-2FBYEhWvx6cOoPLZW2npBAP5ETvXBhWGQ-2BgGJ0akoMF82ThsW9C-2F8kD7NGEkYmCVuwItSQDN-2F4UiEw3JkP-2FsfAH5o75w0HStCw5boTnud6r9LTKGs6m8KQdVh-2FG-2FTXdOBD93QMYdqvm3u0nIoqo5mLxL1vbe508XZaxAMLhX8G0C3DdM2zlivjwq6YtDCr35ABndfcAK6nJBE-3D

   To manage Coverity Scan email notifications for "cus at passwd.hu", click https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4KxDzmpfyD-2F0l0XIVTmMtZD7ylWpUIkhWLZ-2FqTpdzByKR1etBqRMP9Gr8p3ndILxSbjDX9BckY-2F41HYDCOY7v3gsXsVPM0ldLTEl8rIsTJxw-3D_iLiXcktl7KXGjSQAr3vGdzTcLOyVPdi-2FBYEhWvx6cOoPLZW2npBAP5ETvXBhWGQ-2BU3-2BqjFTr8yNdZAvCs7njXlOq2sv2NxTYVnecxAhviSfimYN-2BCgZ-2BLA9CtqCpFfl46oybryC4cyLFEb4qC-2FgzBgmaX-2B-2FDQg4VD4eVWKgYCTGxJyZCCm6W9y4-2For0hWKj-2BcpP9pd4gEimyi3f2fW7AX3ff2au-2BKxQVNznvqdFqYeM-3D

More information about the ffmpeg-devel mailing list