[FFmpeg-devel] [WIP] False positives on Coverity
Michael Niedermayer
michael at niedermayer.cc
Mon Aug 12 20:40:41 EEST 2024
On Thu, Jul 25, 2024 at 04:41:26PM +0200, Michael Niedermayer wrote:
> On Sat, Jul 13, 2024 at 01:20:23AM +0200, Michael Niedermayer wrote:
> > On Fri, Jul 12, 2024 at 01:55:42AM +0200, Michael Niedermayer wrote:
> > [...]
> > > Only 7 outstanding remain from prior may. and 19 total. So 99% of issues
> >
> > down to 3 outstanding prior may and 8 overall
> >
> >
> > [...]
> > > 1604599 Overflowed constant; intentional
> > > 1604530 Infinite loop ; "intentional"
> > > 700368 Explicit null dereferenced ; the loop will exit after this and the code cannot be reached
> > > 1559187 Data race condition ; intentional
> > > 1591898 Unsigned compared against 0 ; pollfd has a signed fd on some platforms
> > > 1559180 Check of thread-shared field evades lock acquisition ; See source code
> >
> > 4 more false positives:
> > 1604428 Overflowed return value ; avio_tell() misanalysis
> > 1604511 Overflowed constant ; intentional
> > 1604570 Overflowed constant ; not possible
> > 1591857 Resource leak ; I think this works like intended
>
> Heres a CSV of the fate of the issues from the 22nd april outstanding set
> (this should match the other things posted)
>
> Some of the issues where categorized and or fixed by Andreas or possibly
> other people. These are listed too now as far as it could be inferred
> from git and coverity CSVs and various notes easily. Sadly coverity does
> not export the usernames of people updating an entry in any CSV.
>
> If you see any errors, dont hesitate to post corrections
Jonatas from SPI found some errors, so here are corrected files :)
--
Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB
Modern terrorism, a quick summary: Need oil, start war with country that
has oil, kill hundread thousand in war. Let country fall into chaos,
be surprised about raise of fundamantalists. Drop more bombs, kill more
people, be surprised about them taking revenge and drop even more bombs
and strip your own citizens of their rights and freedoms. to be continued
-------------- next part --------------
A non-text attachment was scrubbed...
Name: All+In-2024-08-12.csv
Type: text/csv
Size: 525777 bytes
Desc: not available
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20240812/875f8bc8/attachment.csv>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Classification-08-12.csv
Type: text/csv
Size: 84854 bytes
Desc: not available
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20240812/875f8bc8/attachment-0001.csv>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Outstanding+Defects-2024-08-12.csv
Type: text/csv
Size: 1746 bytes
Desc: not available
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20240812/875f8bc8/attachment-0002.csv>
-------------- next part --------------
1409917 Unintentional integer overflow ; No overflow happens as dimensions and sprite accuracy are too limited
1409920 Unintentional integer overflow ; The involved variables are too restricted for overflow
1416963 Unintentional integer overflow ; No overflow happens as bytes of an image are addressible by int
1417663 Uninitialized scalar variable ; par_m_source is 0..3 and mid is initialized
1419522 Unintentional integer overflow ; No overflow can happen, the values are too restricted
1419833 Untrusted loop bound ; The loop bound is limited to 65535
1500345 Uninitialized scalar variable ; Not a bugf strictly but bad practice and fix submitted
1503083 Uninitialized pointer read ; nb_channels is non negative, coverity assumes it could be negative
1452594 Free of array-typed value ; passed flags are 0 but assumed by coverity to be non 0
1452451 Use after free ; coverity assumes FLAGS has values it does not
1452474 Use after free ; coverity assumes FLAGS has values it does not
1452532 Use after free ; coverity assumes FLAGS has values it does not
1524728 Free of array-typed value ; coverity assumes 0 (flags) is not 0
1591440 Free of array-typed value ; coverity assumes 0 (flags) is not 0
1452617 Free of array-typed value ; coverity assumes AV_DICT_DONT_STRDUP_KEY but that is not set
1520670 Dereference after null check ; either frame or pkt is NULL
1524701 Free of array-typed value ; coverity assumes flags to be non 0 while it is 0
1538859 Dereference after null check ; frame is always non-NULL for audio and video
1596536 Dereference null return value ; There should be a descriptor for every type that is used
1518989 Missing break in switch ; no break is intentional
1559177 Resource leak ; av_fifo_write() either succeeds or the frame is freed
1559181 Resource leak ; av_fifo_write() either succeeds or the frame is freed
1596530 Free of array-typed value ; coverity assumes flags to be non 0 while it is 0
1516444 Free of array-typed value ; coverity assumes flags to be non 0 while it is 0
1524729 Free of array-typed value ; coverity assumes flags to be non 0 while it is 0
1596628 Free of array-typed value ; coverity assumes flags to be non 0 while it is 0
1452412 Free of array-typed value ; coverity assumes flags to be non 0 while it is 0
1452415 Free of array-typed value ; coverity assumes flags to be non 0 while it is 0
1452551 Free of array-typed value ; coverity assumes flags to be a value it is not
1559186 Resource leak ; The value is stored by av_fifo_write() and thus not lost
1452419 Free of array-typed value ; coverity assumes flags to be non 0 while it is 0
1452457 Missing break in switch ; this looks intentional
1500328 Resource leak ; packet_queue_put_private() either stores pkt1 or it fails and its freed
1452606 Free of array-typed value ; coverity assumes AV_DICT_DONT_STRDUP_VAL is set while it is not
1551681 Data race condition ; The mutex is in the caller
1475938 Uninitialized array index read ; all of dither seems to be intiialized
1465483 Unintentional integer overflow ; the clip limits len
1473539 Explicit null dereferenced ; new_rematrixing_strategy is always set for block 0
1596532 Copy of overlapping memory ; num_blocks ia positive so the loop does at least one iteration
1500322 Out-of-bounds read ; the mode is simply not possible
1473499 Uninitialized scalar variable ; the default case seems unreachable
1595709 Uninitialized scalar variable ; num_uv_points cannot be set when predict_uv_scaling is uninitialized
1595705 Uninitialized scalar variable ; the parts of scaling used and initialized
1595706 Uninitialized scalar variable ; the parts of scaling used and initialized
1595707 Unintended sign extension ; the array is not gb sized, the shift is not nearly that large
1467648 Untrusted loop bound ; loop bound is 16bit and thus bound by 65535, its also bound by the data length
1504415 Untrusted value as argument ; av_grow_packet() will allocate a buffer matching the value or it will fail
1545117 Division or modulo by zero ; coverity assumes the loop never executes but thats not currently possible
1473510 Untrusted loop bound ; the read values are checked when they are read
1507875 Untrusted array index read ; seq_parameter_set_id is checked when read (also coverity seems to have alot of problems with the multiple layers of macros and functions in the CBS system)
1452623 Free of address-of expression ; coverity fails to keep track of data_ref/data_buf
1458177 Free of address-of expression ; coverity assumes data_ref is NULL
1465491 Unintentional integer overflow ; 8 is smaller than 32
1465864 Out-of-bounds read ; coverity assumes planes can be more than 4
1543204 Logically dead code ; Lynne preferres to keep this code
1500292 Unintentional integer overflow ; the error is too small for an overflow to happen
1443722 Unintentional integer overflow ; image dimensions do not overflow 32bit
1467656 Out-of-bounds access ; There is enough space allocated for what is accessed
1427586 Out-of-bounds read ; coverity assumes (x&511) >= 512
1465486 Unintentional integer overflow ; 16bit + 8bit doesnt need 64bit
1496852 Macro compares unsigned to 0 ; macro tests the valid range, one side is 0
1596606 Unintentional integer overflow ; valid width * height must fit in int
1452461 Free of array-typed value ; coverity 0 != 0 flags issue
1473505 Untrusted loop bound ; The loop is checking the upper bound
1466634 Missing break in switch ; fallthrough initializes [0]
1516445 Out-of-bounds read ; a j=0; j<1; j++ loops does not execute twice
1473591 Untrusted loop bound ; The loop checks if more data remains
1496615 Explicit null dereferenced ; code is not reachable with frame = NULL
1532404 Untrusted loop bound ; the loop tests if data is remaining
1452436 Free of array-typed value ; 0 is really 0
1485002 Unintentional integer overflow ; dc_w and dc_h (xsize * ysize) is tested by av_image_check_size2()
1500327 Unintentional integer overflow ; width *planes does not overflow
1452485 Free of array-typed value ; flags 0 is really 0
1500307 Unintentional integer overflow ; The arguments to the multiplication are small numbers
1500324 Unintentional integer overflow ; The arguments to the multiplication are small numbers
1500335 Unintentional integer overflow ; The arguments to the multiplication are small numbers
1500337 Unintentional integer overflow ; The arguments to the multiplication are small numbers
1551680 Check of thread-shared field evades lock acquisition ; thread1 and thread2 are the same and the main thread so they dont need a mutex between each other
1551686 Data race condition ; task index is not changed by another thread
1551692 Data race condition ; the return code is not changed once the task has returned a code
1452477 Untrusted value as argument ; zsize is positve and its maximum is checked
1500326 Unintentional integer overflow ; no overflow
1500323 Unintentional integer overflow ; ccr_bur*cb_tbl cannot overflow here atm
1500348 Unintentional integer overflow ; f*ff_g723_1_cos_tab will not overflow here atm
1500352 Unintentional integer overflow ; 16bit * 16384 will not overflow
1515882 Unintentional integer overflow ;
1515883 Unintentional integer overflow ;
1515884 Unintentional integer overflow ;
1473559 Uninitialized scalar variable ; coverity hallucinates different sub_mb_type values each time it looks
1465261 Free of array-typed value ; and 0 is still 0
1413314 Untrusted pointer read ; The code seems ok, just ugly
1430928 Untrusted loop bound ; The values are checked against size
1430929 Untrusted value as argument ; The values are checked against side_data_size
1452417 Free of array-typed value ; coverity still fails to consider the flag value
1452423 Free of array-typed value ; 0 is REALLY 0
1452553 Free of array-typed value ; 0 AV_DICT_DONT_OVERWRITE is not AV_DICT_DONT_STRDUP_VAL
1452575 Free of array-typed value ; 0 is REALLY 0
1466602 Free of array-typed value ; if flags 0 is passed then the flags argument is 0
1473502 Untrusted loop bound ; seeking to a "untrusted value" is fine
1473502 Untrusted loop bound ; avio_seek() checks the offset
1473544 Untrusted loop bound ; allocate then store
1473561 Untrusted pointer write ; a non negative variable only needs a upper bound check, i will suggest to add a assert though. This code does have a feeling of fragility to it
1473589 Untrusted value as argument ; mode_blocksize is 0 or 1
1477411 Free of array-typed value ; another 0 is not 0 in coverity
1477412 Untrusted divisor ; the pcrs are checked so they are not equal
1477435 Untrusted loop bound ; inside the loop there are checks
1477437 Untrusted loop bound ; the code just skips over the chunk size with avio_skip()
1500301 String not null terminated the ; profile_string const and 0 terminated. p is initialized to all 0, there is remaining space after the memcpy thus p is 0 terminated
1500302 Uninitialized scalar variable ; is_pipe and ts_from_file is contradicting
1452430 Free of array-typed value ; 0 != 0 again
1442565 Untrusted loop bound ; dict_entries is checked against extradata_size
1596608 Dereference after null check ; a new frame is allocated by ff_progress_frame_get_buffer
1455684 Unintentional integer overflow ; w*h doesnt overflow w*h/256*100 also wont
1361959 Untrusted loop bound ; cnt is checked against bytestream2_get_bytes_left(&dgb
1473503 Untrusted loop bound ; the loop checks if there is input data remaining
1473551 Untrusted loop bound ; the loop is checked by height and linesize
1473573 Untrusted loop bound ; the loop checks if there is input data remaining
1473506 Missing break in switch ; intentional
1466603 Uninitialized scalar variable ; good_thresh is given inconsistant values by coverity
1528149 Unintended sign extension ; width * height < 4096
1547074 Missing break in switch ; intentional fallthrough
1547075 Missing break in switch ; intentional fallthrough
1477413 Missing break in switch ; intentional fallthrough
1512411 Dereference after null check ; pkt_out is NULL for alpha, the dereference is under !ctx->is_alpha
1530136 Operands don't affect result ; LONG may be the same as uint64_t but it doesnt have to be
1500294 Unintentional integer overflow ; the shift is limited to 7+15
1465264 Free of array-typed value ; 0 & x == 0
1521983 Unintentional integer overflow
1465484 Unintentional integer overflow ; the dc chroma vlcs dont overflow 32bit
1465485 Unintentional integer overflow ; the dc luma vlcs dont overflow 32bit
1473497 Uninitialized scalar variable ; switch case default is impossible
1473517 Uninitialized scalar variable ; switch case default is impossible
1500291 Unintentional integer overflow ; Straight above the use its checked
1500295 Unintentional integer overflow ; Straight above the use its checked
1465480 Unintentional integer overflow ; mb num doesnt overflow
1465490 Unintentional integer overflow ; ESC3 should not overflow
1473567 Result is not floating-point ; yes thats how the mp3 dequant works
1503079 Division or modulo by zero ; coverity assumes frames = 0 but this is impossible
1465482 Unintentional integer overflow ; the number of bits written is max 10 so no overflow is possible
1596736 Untrusted loop bound ; the flags are 0, coverity assumes they are not and taking an impossible branch / The 2 of 3 case is unrelated, and simply checks strcasecmps the given filename
1596737 Free of array-typed value ; the flags are 0, coverity assumes they are not and taking an impossible branch
1441937 Unintentional integer overflow ; MB num doesnt overflow
1500279 Unintentional integer overflow ; libopus uses 16bit so 32 will suffice
1452479 Out-of-bounds access ; coverity disregards thath the nlsf[] access is after a i != order check
1452618 Out-of-bounds access ; coverity assumes impossible subframes, this begins with the assumtation of duration_ms=60 and nb_frames = 1, which is already not possible at the same time
1447467 Free of address-of expression ; the flags are 0, coverity assumes they are not and taking an impossible branch
1521984 Free of array-typed value ; the flags are 0, coverity assumes they are not and taking an impossible branch
1465489 Unintentional integer overflow ; put_bits() already asserts a limit in k of 30 indirectly
1500333 Uninitialized scalar variable lpc ; should be initialzed in all cases in subframe 0, other subframes follow and thus have it initialized from subframe 0
1505357 Unintentional integer overflow ; w*h*4 doesnt overflow
1495853 Missing break in switch ; Looks like intended fallthrough
1465487 Unintentional integer overflow ; Check is above
1548380 Uninitialized scalar variable ; This is possible if size is 0 but it is never 0
1429858 Unintended sign extension ; 8bit * 1 is not overflowing
1473496 Unchecked return value ; With a fixed size, a failure is not expected
1473581 Missing break in switch ;
1515890 Out-of-bounds access ; width is not a negative value
1500282 Uninitialized scalar variable ; Either vlc table is set or value is, coverity assumes a invalid state
1473508 Untrusted array index read ; The indexes are limited to the array sizes
1500353 Unintentional integer overflow ; The line above checks for this
1500293 Unintentional integer overflow ; the product of 2 8 bit numbers does not overflow 32bit
1469450 Unintentional integer overflow ; dc vlc should fit in 32bit
1469451 Unintentional integer overflow ; dc vlc should fit in 32bit
1473582 Uninitialized scalar variable ; frame and block need to be intra OR inter they cannot be neither
1500311 Uninitialized scalar variable ; frame and block need to be intra OR inter they cannot be neither
1452495 Uninitialized scalar variable ; 3bits are within 0..7
1452628 Uninitialized scalar variable ; 3bits are within 0..7
1518967 Unchecked return value ; buf cant be NULL and 157 isnt 0 nor is it overflowing
1518968 Unchecked return value ; buf cant be NULL and 157 isnt 0 nor is it overflowing
1429859 Unintentional integer overflow ; The range of hscale and delta_size is too l imited and w h are checked
1465479 Unintentional integer overflow ; unary is 31 or lower here
1427156 Uninitialized pointer read ; the implied pix fmts and pack are incompatible, thus the execution path is impossible
1591438 Division or modulo by zero ; I dont think widest_tile_sb can be 0 here
1441935 Unchecked return value ; DUP ; The buffer used is a fixed size buffer from the context, it cannot be too large nor can it be NULL
1544628 Unintentional integer overflow ; no len is all checked
1544629 Unintentional integer overflow ; no len is all checked
1473569 Untrusted array index read ; mode_blocksize is 0 or 1, header_len is checked < 7 and not negative
1452622 Logically dead code ; coverity treats a unisgned check as if it was signed
1516089 Negative array index write ; unsigned values are not negative
1560038 Negative array index read ; The invalid case implies CHROMA_FORMAT_444 while the array index is under CHROMA_FORMAT_422
1560043 Uninitialized scalar variable ; pred_flag should not magically change
1560045 Unintended comparison to logical negation ; looks intentional to me
1593172 Unintended sign extension ; 16bit shifted by v/hshift will not overflow
1593173 Unintended sign extension ; 16bit shifted by v/hshift will not overflow
1593174 Unintended sign extension ; 16bit shifted by v/hshift will not overflow
1593175 Unintended sign extension ; 16bit shifted by v/hshift will not overflow
1507877 Unintentional integer overflow ; w*h doesnt overflow
1560039 Logically dead code ; Work in progress, see review on ML
1458126 Result is not floating-point ; The exact value doesnt matter as it becomes infinite anyway
1441930 Unintentional integer overflow ; w*h doesnt overflow
1473557 Uninitialized scalar variable ; coverity doesnt understand the inline asm
1473585 Uninitialized scalar variable ; coverity doesnt understand the inline asm
1591975 Explicit null dereferenced ; u.map is set by av_channel_layout_custom_init()
1458153 Structurally dead code ; coverity seems to not test CONFIG_VULKAN
1583741 Resource leak ; the leak is inconsistant with the checks on fd
1593009 Dereference after null check ; if its NULL, then len is 0
1593010 Out-of-bounds read ; out_len may be large but that doesnt imply out still points to buf
1583742 Unchecked return value "We're not checking for errors here because the kernel may not support the ioctl, in which case its okay to carry on""
1516764 Dereference null return value ; the value that has just been stored will not fail to be found
1500313 Out-of-bounds read ; the sample formats input are valid
1509371 Use of 32-bit time_t ; the exact value of time doesnt matter
1473549 Untrusted divisor ; Its a float and it is checked "Value inf for parameter 'flags' is not a valid set of 32bit integer flags"
1500289 Unintentional integer overflow ; squaring 8bit will not overflow 32bit
1500296 Unintentional integer overflow ; w*h will not overflow 32bit
1592142 Unintentional integer overflow ; squaring 8bit (9bit signed) will not overflow 32bit
1497114 Missing break in switch ;
1473525 Untrusted loop bound ; we check the user provided name against a list
1506707 Uninitialized scalar variable ; FFmpeg does not ship a avisynth_c.h anymore
1529991 Arguments in wrong order ; num/den are xchanged as framerate vs timebase have them exchanged
1482088 Missing break in switch ;
1507242 Untrusted pointer read ; The data is checked, the code is ugly though
1473538 Untrusted loop bound ; reading till EOF if there is nothing better
1497470 Operands don't affect result ;
1500278 Uninitialized scalar variable ; uninitialized implies len = 0
1512404 Use after free ; 0 flags is 0
1464083 Use after free ; 0 flags are still 0 in the function
1500310 Uninitialized scalar variable ; data_end would be 0 if data_start had not been initialized
1532406 Untrusted loop bound ; this simply iterates over NALs
1538299 Untrusted loop bound ; this simply iterates over NALs
1500346 Uninitialized scalar variable ; uninitialized implies len = 0
1485969 Result is not floating-point ; its just a limit
1452541 Use after free ; 0 flags are 0 even inside av_dict_set()
1598551 Unintentional integer overflow ; the vertical coordinate fits in int
1598560 Unintentional integer overflow ; the vertical coordinate fits in int
1591879 Explicit null dereferenced ;inconsistant avctx->pix_fmt
1591921 Unchecked return value ; A check is not needed here as its not in a loop
1591895 Unintentional integer overflow ; mb width *4 doesnt overflow
1591893 Unintentional integer overflow ; height * linesize should not overflow
1591900 Unintentional integer overflow ; height * linesize should not overflow
1591904 Unintentional integer overflow ; height * linesize should not overflow
1591907 Unintentional integer overflow ; height * linesize should not overflow
1591920 Unintentional integer overflow ; height * linesize should not overflow
1591934 Unintentional integer overflow ; height * linesize should not overflow
1591940 Unintentional integer overflow ; height * linesize should not overflow
1591945 Unintentional integer overflow ; height * linesize should not overflow
1591950 Unintentional integer overflow ; height * linesize should not overflow
1591922 Unintentional integer overflow ; pixel shift wont exceed 32bit
1591943 Unintentional integer overflow ; pixel shift wont exceed 32bit
1591873 Unintentional integer overflow ; pixel 80 << pixel shift will not exceed 32bit
1591917 Unintentional integer overflow ; w and h are checked to be within 16bit
1591883 Unintentional integer overflow ; height * linesize should not overflow
1591860 Unintentional integer overflow ; multiplying linesize by 1 or 2 doesnt overflow
1591865 Unintentional integer overflow ; multiplying linesize by 1 or 2 doesnt overflow
1591871 Unintentional integer overflow ; linesize *2 does not overflow
1591869 Unintentional integer overflow ; linesize *2 does not overflow
1591936 Unintentional integer overflow ; linesize *2 does not overflow
1505358 Untrusted loop bound ; w,h,channels are checked
1591890 Unintentional integer overflow ; linesize will fit in int
1598554 Unchecked return value ; the return does not need to be checked here
1591863 Unintentional integer overflow ; should not be able to overflow
1591908 Unintentional integer overflow ; should not be able to overflow
1591949 Unintentional integer overflow ; 8 * sb_cols should not overflow
1591872 Unintentional integer overflow offset_v << ps should not overflow
1591905 Unintentional integer overflow w << ps should not overflow
1591910 Unintentional integer overflow the pixel size will not overflow 32bit
1591912 Unintentional integer overflow border << pixel_shift should not overflow
1591927 Unintentional integer overflow w << ps should not overflow
1591947 Unintentional integer overflow 1<< ps, w << ps should not overflow
1591882 Unintentional integer overflow the edge buffer stride doesnt overflow
1591919 Unintentional integer overflow the edge buffer stride doesnt overflow
1591941 Unintentional integer overflow the edge buffer stride doesnt overflow
1530245 Out-of-bounds read If the list has 1 element then this element is NULL
1598565 Uninitialized pointer write (see ML)
1598561 Uninitialized pointer write (see ML)
1551690 Check of thread-shared field evades lock acquisition ; async_seek() is not called from 2 threads at the same time
1457610 Use after free ; 0 = 0
1473574 Untrusted loop bound ; i is in a permissible range if its within the buffer, the loop checks this
1591946 Structurally dead code ; It is only dead on some platforms
1492156 Unintentional integer overflow ; nb_index_entries is 16bit here
1452604 Use after free ; 0 flags is 0
1473558 Untrusted loop bound ; header_len is bound by the extradata size
1515516 Use after free ; another form of the eternal 0 becomes non 0 coverity bug
1596702 Explicit null dereferenced ; coverity ignores av_channel_layout_custom_init()
1595708 Explicit null dereferenced ; 1595708 Explicit null dereferenced
1591902 Operands don't affect result ; platform dependant
1477409 Use after free ; The eternal 0 flags bug from coverity, 0 has no flags set the codepath is impossible
1594483 Explicit null dereferenced ; coverity ignores av_channel_layout_custom_init()
1490845 Use after free ; AV_DICT_APPEND is also not the right flag to free the argument
1473547 Untrusted pointer read ; The values are tested a few lines before use
1591794 Out-of-bounds read ; The end check resets the index
1530185 Missing break in switch ; intentional
1530298 Missing break in switch ; intentional
1530313 Untrusted loop bound ; The loop is bounded by bytestream2_get_bytes_left()
1530166 Free of array-typed value ; a flags of 1 also doesnt trigger teh free() code
1530258 Copy of overlapping memory ; username and auth_params are separate fields they do not overlap
1530312 Untrusted loop bound ; we read size, we allocate and process the data, coverity points to no issue
1494441 Untrusted value as argument ; length is checked one line above the coverity warning
1494532 Read from pointer after free ; The 0 flags bugs
1494635 Untrusted loop bound ; Simple alloc + read code
1473580 Untrusted value as argument ; alloc + read, the size is arbitrary thats how it is
1452449 Uninitialized scalar variable ; whence should not be random
1452593 Missing break in switch ; intentional
1257658 Uninitialized scalar variable ; avisynth headers where removed in 2020 from ffmpeg
1591948 Dereference after null check ; d3d11va_create_staging_texture() allocates it or fails
1591870 Bad bit shift operation ; intentional / platform dependant
1591942 Operands don't affect result ; intentional / platform dependant
1452619 Out-of-bounds access ; coverity shows incomplete traces, but there are checks on keylen
1591885 Unintentional integer overflow ; i goes up to 5 it does not overflow 32bit
1591899 Operands don't affect result ; platform dependant
1477398 Operands don't affect result ; platform dependant
1515514 Uninitialized scalar variable ; format is float or double
1515517 Uninitialized scalar variable ; format is float or double
1516805 Uninitialized scalar variable ; format is float or double
1454838 Out-of-bounds access ; nb_neurons of the last layer is checked
1503077 Bad bit shift operation ; We assume the channel is valid
1473555 Uninitialized scalar variable ; format is set to float or double
1503081 Bad bit shift operation ; channel is being checked for not being negative
1502874 Uninitialized pointer write ; mode is 0 or 1
1517103 Uninitialized pointer write ; coverity assumes a 5th direction
1517305 Uninitialized pointer read ; coverity assumes a 5th direction
1452640 Division or modulo by float zero ; there should be at least 1 pixel and 1 plane
1596627 Division or modulo by float zero ; a goodfcount of 0 should be smaller or equal to a non negative number
1519127 Unchecked return value ; intentional according to comments
1492299 Unintended sign extension ; radius is limited to 1024 it thus cannot overflow 31bit with a 16bit multiplication
1492300 Unintended sign extension ; radius is limited to 1024 it thus cannot overflow 31bit with a 16bit multiplication
1492301 Unintended sign extension ; radius is limited to 1024 it thus cannot overflow 31bit with a 16bit multiplication
1492302 Unintended sign extension ; radius is limited to 1024 it thus cannot overflow 31bit with a 16bit multiplication
1492303 Unintended sign extension ; radius is limited to 1024 it thus cannot overflow 31bit with a 16bit multiplication
1492305 Unintended sign extension ; radius is limited to 1024 it thus cannot overflow 31bit with a 16bit multiplication
1452498 Use after free ; coverity mixes up tblend and !tblend
1439572 Uninitialized pointer read ; the filter name is one fo the filters
1473583 Uninitialized scalar variable ; The code only reads what has been set
1604493 Overflowed constant ; x*s/s does does not result in a MIN_INT64 also the following assert would have caught this if it did, coverity provides no details on how this should be happening
1604480 Overflowed constant ; Value is downscaled it cannot overflow
1604443 Overflowed constant ; the smaller timestamp should be representable in the larger ones timebase
1604491 Overflowed integer argument ; the analysis is based on the false assumtation of av_rescale() overflow
1604581 Overflowed constant ; API says "Allowed range is between 1 (good) and FF_LAMBDA_MAX (bad)." so no its not allowed to be negative
1538860 Bad bit shift operation ; no, type is not negative just because the enum has a negative entry
1604554 Overflowed constant ; if(nb_filter_stack) is not true when nb_filter_stack is 0
1604458 Overflowed integer argument ; teh loop counter i does not overflow
1604430 Overflowed integer argument ; teh loop counter i does not overflow
1603198 Logically dead code ; work in progress
1604547 Overflowed array index read ; its called clip because it clips its input in the given range so its output is not outside that range
1604407 Overflowed constant ; unsigned overflow is not undefined
1603195 Missing break in switch ; intentional
1603197 Missing break in switch ; intentional
1500345 Uninitialized scalar variable
1604418 Overflowed constant ; Not possible due to else if above
1604432 Overflowed constant ; intentional
1604596 Overflowed integer argument ; This is checked a few lines above
1604454 Overflowed constant ; intentional
1604497 Overflowed return value ; code looks reasonable, just unsigned variables
1604534 Overflowed constant (INTEGER_OVERFLOW) : no
1604357 Overflowed constant ; intentional
1604387 Overflowed constant ; 0=1 in the reasoning
1604393 Overflowed constant ;intentional
1604539 Overflowed constant ;intentional
1604520 Overflowed constant;intentional
1604372 Overflowed constant;intentional
1604425 Overflowed constant;intentional
1604377 Overflowed return value ; no sense
1604386 Overflowed constant ; Yes theres a bug in the next line but what is found here is fine
1604460 Overflowed constant ; intentional
1604484 Overflowed constant ; intentional
1604499 Overflowed constant ; apparently unreachable code is assumed to have been reached
1604467 Overflowed constant ; intentional
1604402 Overflowed constant ; intentional
1604500 Overflowed constant ; intentional
1604385 Overflowed constant ; intentional
1604358 Overflowed constant ; Mix of false positive, intentional
1604551 Overflowed constant ; intentional
1604564 Overflowed constant ; intentional
1604578 Overflowed constant ; intentional
1604362 Overflowed constant ; not possible the count is at least 1
1604409 Overflowed return value
1604488 Overflowed return value ; nonsense, when k is less than 24 it doesnt overflow, not the only nonsense here
1604563 Overflowed return value ;
1603597 Unintentional integer overflow ; no 160 does not overflow 32bit
1603598 Unintentional integer overflow ; no 160 does not overflow 32bit
1604590 Overflowed array index write ; nonsense, 1-1 doesnt underflow, values are checked, ....
1604553 Overflowed constant ; intentional
1604471 Overflowed constant ; intentional
1604583 Overflowed constant ; intentional
1604392 Overflowed constant ; intentional
1604523 Overflowed return value ; Sorry, you cannot claim a value negative and positive at the same time
1604515 Overflowed constant ; useless hallucination
1604373 Overflowed array index read ; num_substreams is checked a few lines before the claimed overflow
1604508 Overflowed array index read ; min_channels is 0-15 it does not overflow when stored in 8 bits
1604381 Overflowed array index read ; theres an assert before the other case is nonsense
1604370 Overflowed constant ; intentional
1604422 Copy-paste error
1604441 Overflowed constant ; signed int = -1 is not a overflow
1604434 Overflowed constant ; no, unsigned overflow is not an issue
1604365 Overflowed constant
1551682 Data race condition ; The variable tells us that we need to unlock its not protected by the mutex
1551691 Check of thread-shared field evades lock acquisition ; The variable tells us that we need to unlock its not protected by the mutex
1551693 Data race condition ; The variable tells us that we need to unlock its not protected by the mutex
1604369 Overflowed constant ; No chain of reasoning provided, just a hallucinated impossible initial value
1604420 Overflowed integer argument ; 16bits >> x is not larger than 16bits
1604580 Overflowed constant ; intentional
1604411 Overflowed constant ; more -1 overflows
1604455 Overflowed constant ; more -1 overflows
1604569 Overflowed return value ; The code doesnt check for errors, but it doesnt have to
1551689 Data race condition ; intentional
1605475 Logically dead code ; will be used in the future
1609591 Use after free ; 0&x is 0
1609592 Free of array-typed value ; flags 0 bug
1604568 Overflowed constant ; assumed 0 block_width is impossible
1604423 Overflowed constant ; intentional
1603751 Unintentional integer overflow ; not overflowing 32bits
not overflowing 32bits
1604518 Overflowed constant ; intentional
1604397 Overflowed constant ; intentional
1604457 Overflowed constant ; intentional
1604466 Overflowed constant ; inconsistant
1604575 Overflowed constant ; c->slices cannot be 0
1604406 Overflowed constant ; not possible
1500287 Untrusted value as argument ; Not a useful report, coverity is just confused about the AC decoder.
1605474 Unintentional integer overflow ; no 2 is not overflowing 32bit
1603564 Unintentional integer overflow ; no, 0x500 << 1 doesnt overflow 32bit
1603566 Unintentional integer overflow ; no, 0x500 << 1 doesnt overflow 32bit
1604361 Overflowed constant ; (int)~0
1604501 Overflowed constant ; intentional
1604521 Overflowed constant ; intentional
1604598 Overflowed constant ; intentional
1604447 Overflowed constant ; intentional
1604464 Overflowed constant ; intentional
1604562 Overflowed constant ; intentional
1604591 Overflowed constant ; intentional
1604382 Overflowed constant ; Coverity does not understand code
1604382 Overflowed constant ; no channel is written over
1604528 Overflowed integer argument ; no, minimum of 32 and 64 bit is not more than 32 bit
1591878 Uninitialized scalar variable; avcodec/dxva2: Initialize dxva_size and check it
1591928 Uninitialized pointer read ; avcodec/dxva2: Initialize dxva_size and check it
1591924 Uninitialized scalar variable ; avcodec/dxva2: initialize hr in ff_dxva2_common_end_frame()
1591938 Uninitialized scalar variable ; avcodec/dxva2: initialize hr in ff_dxva2_common_end_frame()
1591915 Uninitialized scalar variable ; avcodec/dxva2: initialize validate
1591894 Uninitialized scalar variable ;avcodec/dxva2: Initialize ConfigBitstreamRaw
1591906 Uninitialized scalar variable ; avcodec/dxva2: Initialize ConfigBitstreamRaw
1591888 Uninitialized scalar variable ; avcodec/dxva2_av1: Initialize dxva_data_ptr
1591925 Uninitialized pointer read ; avcodec/dxva2_av1: Initialize dxva_data_ptr
1591933 Uninitialized scalar variable ; avcodec/dxva2_av1: Initialize dxva_data_ptr
1604475 Overflowed integer argument ; minimum of 32 and 64 bit is not more than 32 bit
1452754 Uninitialized pointer read ; The first plane should not be NULL
1452755 Uninitialized pointer read ; The first plane should not be NULL
1504412 Uninitialized scalar variable ; method is 0 or 1
1504414 Uninitialized scalar variable ; method is 0 or 1
1504417 Uninitialized scalar variable ; method is 0 or 1
1500303 Unintentional integer overflow ; an 8bit product doesnt overflow 32bit
1500332 Unintentional integer overflow ; an 8bit product doesnt overflow 32bit
1500340 Unintentional integer overflow ; an 8bit product doesnt overflow 32bit
1490880 Division or modulo by float zero ; not 0
1493275 Missing break in switch ; intended
1493276 Missing break in switch ; intended
1439571 Uninitialized pointer read ; It can only be one of the filters
1439575 Out-of-bounds read ; No case has more than 4, a change to a named constant is submitted
1604371 Overflowed constant
1591868 Unintentional integer overflow ; the horizontal index doesnt overflow 32bit
1591886 Unintentional integer overflow; the horizontal index doesnt overflow 32bit
1591914 Unintentional integer overflow ; As long as linesize is int, teh index must be representable as int
1591937 Unintentional integer overflow ; As long as linesize is int, teh index must be representable as int
1458428 Unchecked return value ; the x_expr is retested a few lines later
1596535 Unchecked return value ; the x_expr is retested a few lines later
1604452 Overflowed return value ; w*h doesnt overflow 32bit
1604465 Overflowed return value; w*h doesnt overflow 32bit
1435164 Out-of-bounds read ; No case has more than 4, a change to a named constant is submitted
1435165 Out-of-bounds read ; No case has more than 4, a change to a named constant is submitted
1435167 Out-of-bounds read ; No case has more than 4, a change to a named constant is submitted
1435169 Out-of-bounds read ; No case has more than 4, a change to a named constant is submitted
1551679 Data race condition
1551687 Data race condition
1604567 Overflowed constant ; intentional
1492906 Out-of-bounds read ; w cannot be 3 if the side data is valid
1500319 Unintentional integer overflow ; no 16*16 doesnt overflow uint32
1500330 Unintentional integer overflow ; no 16*16 doesnt overflow uint32
1500347 Unintentional integer overflow ; no 16*16 doesnt overflow uint32
1520672 Unintentional integer overflow ; no 16*16 doesnt overflow uint32
1520673 Unintentional integer overflow ; no 16*16 doesnt overflow uint32
1520676 Unintentional integer overflow ; no 16*16 doesnt overflow uint32
1520674 Result is not floating-point ; intentional
1423281 Out-of-bounds read ; planes are not above 4
1504571 Uninitialized scalar variable
1598555 Macro compares unsigned to 0 ; intentional
1503782 Uninitialized scalar variable ; type is 0 to 4
1503783 Uninitialized scalar variable ; type is 0 to 4
1604453 Overflowed constant ; Theres a check 2 lines afterwards
1604355 Overflowed constant ; intentional
1604595 Overflowed integer argument ; coverity showing no overflow
1604363 Overflowed integer argument ; avio_tell() doesnt error on non NULL context
1604585 Overflowed constant ; intentional
1515515 Free of array-typed value ; 0 flags hallucinated into non 0
1604514 Overflowed integer argument ; avio_tell() does not fail like this
1604390 Overflowed constant ; Coverity just assumed no overflow happens before assuming it does
1604417 Overflowed constant ; no obvious problem
1604556 Overflowed constant ; hallucinated random statement
1604395 Overflowed constant ; hallucinated ccount
1604436 Overflowed integer argument ; avio_tell() misanalyzed
1604517 Overflowed integer argument ; Its checked one line above
1604558 Overflowed constant ; intentional
1604405 Overflowed constant ; intentional
1604391 Overflowed constant ; intentional
1604353 Overflowed return value ; avio_tell() misanalysis
1604421 Overflowed constant ; intentional
1604472 Overflowed return value ; avio_tell() misanalysis
1604555 Overflowed constant ; avio_tell() misanalysis
1604584 Overflowed constant; avio_tell() misanalysis
1604462 Overflowed constant; intentional
1604368 Overflowed constant; intentional
1604440 Overflowed integer argument ; FFMIN() limits it to 32bit
1604541 Overflowed integer argument ; avio_tell() misanalysis
1604559 Overflowed integer argument ; avio_tell() misanalysis
1604526 Overflowed constant ;intentional
1604572 Overflowed return value ; all is false positive, submitted fix is unneeded
1604582 Overflowed integer argument ; avio_tell() misanalysis
1604413 Overflowed integer argument ; coverity confused
1604468 Overflowed return value ; error codes fit in 32bit
1604505 Overflowed integer argument ; limited by FFMIN()
1604533 Overflowed constant ; avio_tell() misanalysis
1604594 Overflowed constant ; absolute pos should be above 8
1604414 Overflowed constant ; intentional
1604483 Overflowed constant ; intentional
1604485 Overflowed constant ; intentional
1604463 Overflowed constant ; intentional
1604128 Operands don't affect result ; intentional
1604524 Overflowed constant; intentional
1604481 Overflowed constant ; intentional
1608713 Overflowed integer argument ; avio_tell() misanalysis
1604401 Overflowed constant; avio_tell() misanalysis
1604502 Overflowed constant; intentional
1604380 Overflowed constant; intentional
1604538 Overflowed integer argument; avio_tell() misanalysis
1604469 Overflowed constant; avio_tell() misanalysis
1604442 Overflowed constant ; Thats how loops work
1604451 Overflowed integer argument ; avio_tell() misanalysis
1604388 Overflowed integer argument ; index is <0 ohh its >= 0 coverity logic
1604366 Overflowed constant ; size is checked straight above
1604509 Overflowed constant ; intentional
1604587 Overflowed constant; intentional
1604448 Overflowed array index read ; on the es_offset1 >= branch es_offset1 can have overflowed because it can be negative, coverity logic
1604560 Overflowed integer argument ; on the es_offset1 != -1 branch es_offset1 can have overflowed because it can be -1, coverity logic
1604426 Overflowed integer argument ; len is checked
1604496 Overflowed integer argument ; confused coverity
1610051 Data race condition
1604550 Overflowed constant ; intentional
1604438 Overflowed constant ; intentional
1604456 Overflowed integer argument ; avio_tell() misanalysis
1604389 Overflowed integer argument ; avio_tell() misanalysis
1604474 Overflowed integer argument ; avio_tell() misanalysis
1604376 Overflowed constant ; the multiplication is checked for overflow before
1604519 Overflowed integer argument ; the allocation is limited to INT_MAX bytes so this will not overflow after allocation
1604404 Overflowed constant ; lim is not 0
1604374 Overflowed constant ; intentional
1604412 Overflowed constant ; intentional
1604576 Overflowed constant ; intentional
1604510 Overflowed array index read ; input should be valid
1604364 Overflowed constant ; intentional
1604599 Overflowed constant; intentional
1604530 Infinite loop ; "intentional"
700368 Explicit null dereferenced ; the loop will exit after this and the code cannot be reached
1559187 Data race condition ; intentional
1591898 Unsigned compared against 0 ; pollfd has a signed fd on some platforms
1559180 Check of thread-shared field evades lock acquisition ; See source code
1591859 Unintentional integer overflow ; The loop stops once FLAC_MIN_HEADERS are found so this cannot overflow
1604600 Overflowed constant ; intentional
1604428 Overflowed return value ; avio_tell() misanalysis
1604511 Overflowed constant ; intentional
1604570 Overflowed constant ; not possible
1591857 Resource leak ; I think this works like intended
1518905 Division or modulo by zero ; empty boxes seem not possible
1473527 Result is not floating-point ; INT64_MAX / 2 is fine
1473562 Unchecked return value ; Failure is not possible, see mailing list
1473592 Unchecked return value ; Failure is not possible, see mailing list
1604588 Overflowed integer argument ; useless report
-------------- next part --------------
1435168 ; avcodec/vc1_loopfilter: Factor duplicate code in vc1_b_h_intfi_loop_filter()
1463550 Logically dead code ; doc/examples/demux_decode: Simplify loop
1539100 Negative loop bound ; tools/opt_common: Check for malloc failure
1550133 Unchecked return value ; fftools/ffplay: Check vulkan_params
1503080 Unchecked return value ; fftools/ffplay: Check return of swr_alloc_set_opts2()
1592383 Unused value ; fftools/ffmpeg_sched: Remove dead assignments in sch_dec_send()
1539099 Resource leak ; fftools/ffmpeg_mux_init: Cleanup on error return in set_dispositions()
1538863 Resource leak ; fftools/ffmpeg_mux_init: Free pts on error
1559178 Unused value ; fftools/ffmpeg_mux: Remove unneeded initialization
1591439 Uninitialized pointer read ; fftools/ffmpeg_enc: Initialize Decoder
1520677 Uninitialized pointer read ; fftools/ffmpeg_enc: Initialize fd
1439654 Untrusted pointer read ; avcodec/cbs_jpeg: Try to move the read entity to one side in a test
1465488 Unintentional integer overflow ; avcodec/cbs_av1: Avoid shift overflow
1529220 Unused value ; avcodec/fmvc: remove dead assignment
1454676 Out-of-bounds read ; avcodec/flac_parser: Assert that we do not overrun the link_penalty array
1515456 Unintentional integer overflow ; avcodec/exr: Fix preview overflow
1596604 Uninitialized scalar variable ; avcodec/dovi_rpuenc: initialize profile
1538861 Uninitialized scalar variable ; avcodec/decode: decode_simple_internal() only implements audio and video
1596534 Dereference after null check ; avcodec/h2645_sei: Remove dead checks
1439574 Dereference after null check ; avcodec/h264_slice: Remove dead sps check
1596607 Uninitialized scalar variable ; avcodec/dovi_rpuenc: Initialize bl_compat_id
1544265 Logically dead code ; avcodec/av1dec: bit_depth cannot be another values than 8,10,12
1492867 Unchecked return value ; avcodec/avs3_parser: assert the return value of init_get_bits()
1506708 Unchecked return value ; avcodec/avs2_parser: Assert init_get_bits8() success with const size 15
1397741 Unchecked return value ; avfilter/avfiltergraph: return value of ff_request_frame() is unused
1439569 Unchecked return value ;avcodec/atrac9dec: Check init_get_bits8() for failure
1439578 Unchecked return value ;avcodec/atrac9dec: Check init_get_bits8() for failure
1420393 Unchecked return value ; avcodec/ac3_parser: Check init_get_bits8() for failure
1517023 Uninitialized pointer read ; doc/examples/qsv_transcode: Initialize pointer before free
1517022 Logically dead code ; doc/examples/qsv_transcode: Simplify str_to_dict() loop
1428858 (1/2) Logically dead code ; doc/examples/vaapi_transcode: Simplify loop
1428858 (2/2) Logically dead code ; doc/examples/qsv_transcode: Simplify loop
1418336 Logically dead code ; avfilter/vf_thumbnail_cuda: Set ret before checking it
1403238 Uninitialized pointer read ; avfilter/signature_lookup: Dont copy uninitialized stuff around
1403239 Uninitialized pointer read ; avfilter/signature_lookup: Dont copy uninitialized stuff around
1403227 Division or modulo by float zero ; avfilter/signature_lookup: Fix 2 differences to the refernce SW
1509370 Logically dead code ; avcodec/ilbcdec: Remove dead code
1460979 Logically dead code ; avcodec/jpeg2000dec: remove ST=3 case
1594529 Unchecked return value ; avcodec/libx264: Check init_get_bits8() return code
1473514 Uninitialized scalar variable ; avcodec/lpc: copy levenson coeffs only when they have been computed
1500285 Unintentional integer overflow ; avcodec/mpegvideo_enc: Fix potential overflow in RD
1439568 Untrusted loop bound ; avcodec/mscc & mwsc: Check loop counts before use
1500300 Unchecked return value ; avcodec/notchlc: Check init_get_bits8() for failure
1441934 Unintentional integer overflow ; avcodec/pcm-dvdenc: 64bit pkt-size
1477406 Improper use of negative value ; avcodec/qsvdec: Check av_image_get_buffer_size() for failure
1441459 Improper use of negative value ; avcodec/scpr3: Check add_dec() for failure
1500284 Unintentional integer overflow ; avcodec/tests/dct: Use 64bit in intermediate for error computation
1500309 Unintentional integer overflow ; avcodec/tests/jpeg2000dwt: Use 64bit in err2 computation (only an issue if the function is called with parameters which allow an overflow)
1461482 Improper use of negative value ; avcodec/vble: Check av_image_get_buffer_size() for failure
1435166 Unused value ; avcodec/vc1_block: remove unused off from vc1_decode_p_mb_intfr()
1529221 Unused value ; avcodec/vc1_block: remove unused off from vc1_decode_p_mb_intfr()
1544630 Resource leak ;avcodec/vlc; Cleanup on multi table alloc failure in ff_vlc_init_multi_from_lengths()
1507483 Unchecked return value ; avcodec/vp8: Forward return of ff_vpx_init_range_decoder()
1452425 Logically dead code ; avcodec/vp3: Replace check by assert
1516090 Unchecked return value ; avcodec/vqcdec: Check init_get_bits8() for failure
1560036 Logically dead code ; avcodec/vvc/ctu: Simplify code at the end of pred_mode_decode()
1560040 Logically dead code ; avcodec/vvc/ctu: Remove dead ret check
1560041 'Constant' variable guards dead code; avcodec/vvc/dec: Remove constant eos_at_start
1560042 Unchecked return value ; avcodec/vvc/dec: Check init_get_bits8() for failure
1442018 Unused value ; avcodec/wavpack; Remove dead assignments
1465481 Unintentional integer overflow ; avcodec/wavpackenc: Use unsigned for potential 31bit shift
1538296 Structurally dead code ; avutil/random_seed: Avoid dead returns
1518990 Unchecked return value ; avutil/tests/opt: Check av_set_options_string() for failure
1500280 Unintentional integer overflow ; swscale/yuv2rgb: Use 64bit for brightness computation
1489999 Unchecked return value ; tools/decode_simple: Check avcodec_send_packet() for errors on flushing
1538298 Untrusted loop bound ; avformat/ac4dec: Check remaining space in ac4_probe()
1503075 Unintentional integer overflow ; avdevice/pulse_audio_enc: Use av_rescale() to avoid integer overflow
1505963 Unintentional integer overflow ; avformat/ape: Use 64bit for final frame size
1467435 Unintentional integer overflow ; avformat/argo_asf: Use 64bit in offset intermediate
1500342 Unintentional integer overflow : avformat/asfdec_f: Use 64bit for preroll computation
1473512 Unused value ; avformat/demux: Remove dead stores
1529228 Unused value ; avformat/demux: Remove dead stores
1559855 Unchecked return value from library ; avformat/file: heck for lseek() failure [Code was removed in add8c46215397541210a4e7bc0e401ef52843698]
1460758 Operands don't affect result ; avformat/fwse: Remove always false expression
1529222 Unused value ; avformat/hlsenc; Remove dead ret stores
1591911 Logically dead code ; avcodec/mfenc: check IMFSample_ConvertToContiguousBuffer() for failure
1598556 Unchecked return value ; avcodec/vp8: Check mutex init
1598563 Unchecked return value ; avcodec/vp8: Check cond init
1591884 Dereference before null check ; avdevice/dshow: Remove NULL check on pin
1591931 Explicit null dereferenced ; avdevice/dshow: Check device_filter_unique_name before use
1591939 Logically dead code ; avdevice/dshow: Check ICaptureGraphBuilder2_SetFiltergraph() for failure
1598550 Resource leak ; avdevice/dshow: Cleanup also on av_log case
1598557 Explicit null dereferenced ; avdevice/dshow: check ff_dshow_pin_ConnectionMediaType() for failure
1591929 Copy into fixed size buffer ; avdevice/dshow_filter: Use wcscpy_s()
1598562 Unchecked return value ; avdevice/xcbgrab: Check sscanf() return
1559546 Logically dead code ; avformat/iamf_parse: Remove dead case
1512414 Uninitialized pointer read ; avformat/imfdec: Simplify get_next_track_with_minimum_timestamp()
1494636 Missing break in switch ; avformat/img2dec: Move DQT after unrelated if()
1494637 Missing break in switch ; avformat/img2dec: Little JFIF / Exif cleanup
1453457 Unchecked return value ; avformat/libzmq: Check av_strstart()
1500304 Unintentional integer overflow ; avformat/mov: Use 64bit in intermediate for current_dts
1500312 Unintentional integer overflow ; avformat/mov: Use int64_t in intermediate for corrected_dts
1500318 Unintentional integer overflow ; avformat/mov: Use 64bit in intermediate for current_dts
1598441 Improper use of negative value ; avformat/mov: Check requested_sample before using it
1473590 Untrusted loop bound ; avformat/mpeg: Check len in mpegps_probe()
1592939 Dereference after null check ; avformat/mxfdec: Check container_ul->desc before use
1524681 Logically dead code ; avformat/mxfenc: Remove dead code
1473553 Untrusted loop bound ; avformat/rdt: Check pkt_len
1491898 Unintentional integer overflow ; avformat/rmdec: use 64bit for audio_framesize checks
1452585 Untrusted loop bound ; avformat/rtpenc_vc2hq: Check sizes
1473532 Uninitialized scalar variable ; avformat/rtsp: initialize reply1
1473554 Uninitialized scalar variable ; avformat/rtsp: Check that lower transport is handled in one of the if()
1591881 Uninitialized scalar variable ; avformat/tls_schannel: Initialize re
1551685 Uninitialized scalar variable ; avformat/usmdec: Initialize value
1591909 Wrong sizeof argument ; avutil/hwcontext_d3d11va: correct sizeof AVD3D11FrameDescriptor
1598558 Resource leak ; avutil/hwcontext_d3d11va: Free AVD3D11FrameDescriptor on error
1591944 Wrong sizeof argument ; avutil/hwcontext_d3d11va: correct sizeof IDirect3DSurface9
1591930 Wrong sizeof argument ; avutil/wchar_filename: Correct sizeof
1591896 Unintentional integer overflow ; swscale/swscale: Use ptrdiff_t for linesize computations
1591901 Unintentional integer overflow ; swscale/swscale: Use ptrdiff_t for linesize computations
1503088 Resource leak ; avfilter/af_amerge: Cleanup on av_channel_layout_copy() failure
1503078 Resource leak ; avfilter/af_aresample: Cleanup on av_channel_layout_copy() failure
1422217 Result is not floating-point ; avfilter/af_mcompand: compute half frequency in double
1500281 Out-of-bounds write ; avfilter/af_pan: check nb_output_channels before use
1500331 Out-of-bounds write ; avfilter/af_pan: check nb_output_channels before use
1539147 Unused value ; avfilter/avf_showcwt: Check av_parse_video_rate() for failure
1496940 Logically dead code ; avfilter/drawutils: Fix depthb computation
1598548 Logically dead code ; avfilter/qsvvpp: Remove unreachable code
1437470 Out-of-bounds read ; avfilter/vf_avgblur_opencl: Use AV_VIDEO_MAX_PLANES
1439581 Result is not floating-point ; avfilter/vf_bm3d: Dont round MSE2SSE to an integer
1452758 Out-of-bounds read ; avfilter/vf_deshake_opencl: Use AV_VIDEO_MAX_PLANES
1452759 Uninitialized scalar variable ; avfilter/vf_deshake_opencl: Ensure that the first iteration initializes the best variables
1604548 Unused value ; doc/examples/vaapi_encode: Try to check fwrite() for failure
1591932 Ignoring number of bytes read ; fftools/ffmpeg: Check read() for failure
1603194 Logically dead code ; avcodec/aac/aacdec_usac: Avoid doing the same thing twice each iteration
1604490 Overflowed constant ; avcodec/xsubdec: Check parse_timecode()
1604394 Overflowed constant ; avcodec/cri: Check length
1604573 Overflowed constant ; avcodec/imm4: Check cbphi for error in inter
1604356 Overflowed constant ; avcodec/imm4: check cbphi in intra for error
1604416 Unchecked return value ; avcodec/leaddec: Check init_get_bits8() for failure
1604400 Overflowed constant ; avcodec/loco: check get_ur_golomb_jpegls() for failure
1604375 Out-of-bounds read ; avcodec/me_cmp: Fix type check
1604429 Overflowed constant ; avcodec/mlpenc: Use 64 for ml, mr
1604552 Overflowed constant ; avcodec/motion_est: Fix score squaring overflow
1604593 Overflowed constant ; avcodec/tiff: Check value on positive signed targets
1591856 Resource leak ; avdevice/dshow_capture: Fix error handling in ff_dshow_##prefix##_Create()
1591887 Resource leak ; avdevice/dshow_capture: Fix error handling in ff_dshow_##prefix##_Create()
1591874 Resource leak ; avdevice/dshow_capture: Fix error handling in ff_dshow_##prefix##_Create()
1197065 Resource leak ; avfilter: Free out on error
1516994 Out-of-bounds access ; avfilter/af_surround: Check output format
1516996 Out-of-bounds access ; avfilter/af_surround: Check output format
1516999 Out-of-bounds access ; avfilter/af_surround: Check output format
1509373 Logically dead code ; avfilter/vf_fftfilt: Remove dead depth code
1604398 Unchecked return value ; avfilter/vf_lut3d: Check av_scanf()
1604542 Unchecked return value ; avfilter/vf_lut3d: Check av_scanf()
1513722 Operands don't affect result ; avfilter/vf_scale: Cleanup some checks
1559901 Resource leak ; avfilter/vf_tiltandshift: Free dst on error
1437472 Dereference before null check ; avfilter/vf_tonemap_opencl: Dereference after NULL check
1440836 Dereference after null check ; avfilter/vf_tpad: Dont clone NULL
1458148 Result is not floating-point ; avfilter/vf_xfade: Compute w2, h2 with float
1458149 Result is not floating-point ; avfilter/vf_xfade: Compute w2, h2 with float
1458150 Result is not floating-point ; avfilter/vf_xfade: Compute w2, h2 with float
1458151 Result is not floating-point ; avfilter/vf_xfade: Compute w2, h2 with float
1458152 Result is not floating-point ; avfilter/vf_xfade: Compute w2, h2 with float
1458154 Result is not floating-point ; avfilter/vf_xfade: Compute w2, h2 with float
1458155 Result is not floating-point ; avfilter/vf_xfade: Compute w2, h2 with float
1458156 Result is not floating-point ; avfilter/vf_xfade: Compute w2, h2 with float
1604482 Overflowed constant ; avformat/asfdec_o: Check size of index object
1604503 Overflowed constant ; avformat/bintext: Check avio_size() return
1604566 Overflowed constant ; avformat/bintext: Check avio_size() return
1604589 Overflowed constant ; avformat/bintext: Check avio_size() return
1609624 Unused value ; avformat/hlsenc: Check ret
1604419 Overflowed constant; avformat/hnm: Check superchunk_size
1220824 Overflowed constant ; avformat/mm: Check length
1604544 Overflowed integer argument ; avformat/mov: Use 64bit for str_size
1608710 Improper use of negative value ; avformat/mp3dec; Check for avio_size() failure
1608714 Division or modulo by float zero ;avformat/mp3dec: Check header_filesize
1604527 Overflowed constant ; avformat/nsvdec: Check asize for PCM
1604506 Overflowed constant ; avformat/sapdec: Check ffurl_get_file_handle() for error
1604592 Overflowed constant ; avformat/sauce: Check avio_size() for failure
1258461 Overflowed constant ;avformat/siff: Basic pkt_size check
1220824 Overflowed constant ; avformat/tty: Check avio_size()
1604446 Overflowed constant ; avformat/webpenc: Check filesize in trailer
1604498 Structurally dead code ; avutil/avsscanf: Remove dead code
1604487 Unchecked return value ;avutil/buffer: Check ff_mutex_init() for failure
1604494 Unchecked return value ;avutil/buffer: Check ff_mutex_init() for failure
1604586 Overflowed constant ; avutil/frame: Check log2_crop_align
1604383 Unchecked return value ; avutil/slicethread: Check pthread_*_init() for failure
1604439 Unchecked return value ; avutil/slicethread: Check pthread_*_init() for failure
1458043 Unchecked return value ; avfilter/vf_xfade: Check ff_inlink_consume_frame() for failure
1458127 Unchecked return value
732224 Overflowed constant ; avformat/lmlm4: Move subtraction after check
1551694 Use after free ; avfilter/vf_avgblur: Check plane instead of AVFrame
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <https://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20240812/875f8bc8/attachment.sig>
More information about the ffmpeg-devel
mailing list