From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id D051B4AB70 for ; Mon, 13 May 2024 23:38:27 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 1DFA968D65F; Tue, 14 May 2024 02:38:25 +0300 (EEST) Received: from relay3-d.mail.gandi.net (relay3-d.mail.gandi.net [217.70.183.195]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 4340A68D5F4 for ; Tue, 14 May 2024 02:38:18 +0300 (EEST) Received: by mail.gandi.net (Postfix) with ESMTPSA id 93F0160002 for ; Mon, 13 May 2024 23:38:17 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=niedermayer.cc; s=gm1; t=1715643497; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type; bh=2v1aLctUNX6bh6o0R7tL/NMoeRxMG+O87a+n3r2n7Hw=; b=PB6lTbeLfmqGN1Z9Ngjr9nB2DKkTxQHlbDFThSD+aSR/cnTkbFMrOM/u/T0O+CUQwTb8PP 36LCwRId03N5a8dOc90yJxejes11CagXKagalS6m45ZlOSaPThDOpD0IfsEwTb/YZcyvKX SNCO+ZW1GWhtZGr9+9oP7DYZAc7L6aGn7g3BJJvz0/JMfcH4Ap+SMjym8re/BCBN9jwzkA V+kuuiAgioF76zeOoil0J+qxZ9B66V0OV/lOw39sBg7uwn7KfldzTwwv8zKLDOc1Ty+nZr lLupVWzgRf6dr0ppnP4efToWIWDl09WeWGycNudCx/Dw4M4RCwgYs2noJcUy9Q== Date: Tue, 14 May 2024 01:38:16 +0200 From: Michael Niedermayer To: FFmpeg development discussions and patches Message-ID: <20240513233816.GL6420@pb2> MIME-Version: 1.0 X-GND-Sasl: michael@niedermayer.cc Subject: [FFmpeg-devel] [WIP] False positives on Coverity X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Type: multipart/mixed; boundary="===============8205523077921883346==" Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: --===============8205523077921883346== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="QUoLvQIwyqhk2owQ" Content-Disposition: inline --QUoLvQIwyqhk2owQ Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi all To keep people updated (and as this is not vissible on the ML) heres my current list of issues marked as false positives / intentional in = Mai & April 2024 (in case anyone wants to review, i presume noone wants but just in case) 1409917 Unintentional integer overflow No overflow happens as dimensions = and sprite accuracy are too limited 1409920 Unintentional integer overflow The involved variables are too res= tricted for overflow 1416963 Unintentional integer overflow No overflow happens as bytes of an= image are addressible by int 1417663 Uninitialized scalar variable par_m_source is 0..3 and mid is in= itialized 1419522 Unintentional integer overflow No overflow can happen, the values= are too restricted 1419833 Untrusted loop bound The loop bound is limited to 65535 I also submit a patch to check the 2nd case better 1500345 Uninitialized scalar variable Not a bugf strictly but bad practi= ce and fix submitted 1503083 Uninitialized pointer read nb_channels is non negative, coverity = assumes it could be negative 1452594 Free of array-typed value passed flags are 0 but assumed by cove= rity to be non 0 1452451 Use after free coverity assumes FLAGS has values it d= oes not 1452474 Use after free coverity assumes FLAGS has values it d= oes not 1452532 Use after free coverity assumes FLAGS has values it d= oes not 1524728 Free of array-typed value coverity assumes 0 (flags) is not 0 1591440 Free of array-typed value coverity assumes 0 (flags) is not 0 1452617 Free of array-typed value coverity assumes AV_DICT_DONT_STRDUP_= KEY but that is not set 1520670 Dereference after null check either frame or pkt is NULL 1524701 Free of array-typed value coverity assumes flags to be non 0 wh= ile it is 0 1538859 Dereference after null check frame is always non-NULL for audio an= d video 1596536 Dereference null return value There should be a descriptor for eve= ry type that is used 1518989 Missing break in switch no break is intentional 1559177 Resource leak av_fifo_write() either succeeds or the= frame is freed 1559181 Resource leak av_fifo_write() either succeeds or the= frame is freed 1596530 Free of array-typed value coverity assumes flags to be non 0 whi= le it is 0 1516444 Free of array-typed value coverity assumes flags to be non 0 whi= le it is 0 1524729 Free of array-typed value coverity assumes flags to be non 0 whi= le it is 0 1596628 Free of array-typed value coverity assumes flags to be non 0 whi= le it is 0 1452412 Free of array-typed value coverity assumes flags to be non 0 whi= le it is 0 1452415 Free of array-typed value coverity assumes flags to be non 0 whi= le it is 0 1452551 Free of array-typed value coverity assumes flags to be a value i= t is not 1559186 Resource leak The value is stored by av_fifo_write(= ) and thus not lost 1452419 Free of array-typed value coverity assumes flags to be non 0 whi= le it is 0 1452457 Missing break in switch this looks intentional 1500328 Resource leak packet_queue_put_private() either stor= es pkt1 or it fails and its freed 1452606 Free of array-typed value coverity assumes AV_DICT_DONT_STRDUP_V= AL is set while it is not 1551681 Data race condition The mutex is in the caller 1475938 Uninitialized array index read all of dither seems to be intiial= ized 1465483 Unintentional integer overflow the clip limits len 1473539 Explicit null dereferenced new_rematrixing_strategy is always set = for block 0 1596532 Copy of overlapping memory num_blocks ia positive so the loop does= at least one iteration 1500322 Out-of-bounds read the mode is simply not possible 1473499 Uninitialized scalar variable the default case seems unreachable 1595709 Uninitialized scalar variable num_uv_points cannot be set when pre= dict_uv_scaling is uninitialized 1595705 Uninitialized scalar variable the parts of scaling used and initia= lized 1595706 Uninitialized scalar variable the parts of scaling used and initia= lized 1595707 Unintended sign extension the array is not gb sized, the shift is = not nearly that large 1467648 Untrusted loop bound loop bound is 16bit and thus bound by 65535, = its also bound by the data length 1504415 Untrusted value as argument av_grow_packet() will allocate a buffe= r matching the value or it will fail 1545117 Division or modulo by zero coverity assumes the loop never execut= es but thats not currently possible 1473510 Untrusted loop bound the read values are checked when they are re= ad 1507875 Untrusted array index read seq_parameter_set_id is checked when re= ad (also coverity seems to have alot of problems with the multiple layers o= f macros and functions in the CBS system) 1452623 Free of address-of expression coverity fails to keep track of data= _ref/data_buf 1458177 Free of address-of expression coverity assumes data_ref is NULL 1465491 Unintentional integer overflow 8 is smaller than 32 1465864 Out-of-bounds read coverity assumes planes can be more than 4 1543204 Logically dead code Lynne preferres to keep this code 1500292 Unintentional integer overflow the error is too small for an overf= low to happen 1443722 Unintentional integer overflow image dimensions do not overflow 32= bit 1467656 Out-of-bounds access There is enough space allocated for what is a= ccessed 1427586 Out-of-bounds read coverity assumes (x&511) >=3D 512 1465486 Unintentional integer overflow 16bit + 8bit doesnt need 64bit 1496852 Macro compares unsigned to 0 macro tests the valid range, one side= is 0 1596606 Unintentional integer overflow valid width * height must fit in int 1452461 Free of array-typed value coverity 0 !=3D 0 flags issue 1473505 Untrusted loop bound The loop is checking the upper bound 1466634 Missing break in switch fallthrough initializes [0] 1516445 Out-of-bounds read a j=3D0; j<1; j++ loops does not execute twice 1473591 Untrusted loop bound The loop checks if more data remains 1496615 Explicit null dereferenced code is not reachable with frame =3D NU= LL 1532404 Untrusted loop bound the loop tests if data is remaining 1452436 Free of array-typed value 0 is really 0 1485002 Unintentional integer overflow dc_w and dc_h (xsize * ysize) is te= sted by av_image_check_size2() 1500327 Unintentional integer overflow width *planes does not overflow 1452485 Free of array-typed value flags 0 is really 0 1500307 Unintentional integer overflow The arguments to the multiplication= are small numbers 1500324 Unintentional integer overflow The arguments to the multiplicatio= n are small numbers 1500335 Unintentional integer overflow The arguments to the multiplicatio= n are small numbers 1500337 Unintentional integer overflow The arguments to the multiplicatio= n are small numbers 1551680 Check of thread-shared field evades lock acquisition thread1 and t= hread2 are the same and the main thread so they dont need a mutex between e= ach other 1551686 Data race condition task index is not changed by another thread 1551692 Data race condition the return code is not changed once the task= has returned a code 1452477 Untrusted value as argument zsize is positve and its maximum is ch= ecked 1500326 Unintentional integer overflow no overflow 1500323 Unintentional integer overflow ccr_bur*cb_tbl cannot overflow here= atm 1500348 Unintentional integer overflow f*ff_g723_1_cos_tab will not overfl= ow here atm 1500352 Unintentional integer overflow 16bit * 16384 will not overflow 1515882 Unintentional integer overflow 1515883 Unintentional integer overflow 1515884 Unintentional integer overflow 1473559 Uninitialized scalar variable coverity hallucinates different sub_= mb_type values each time it looks 1465261 Free of array-typed value and 0 is still 0 1413314 Untrusted pointer read The code seems ok, just ugly 1430928 Untrusted loop bound The values are checked against size 1430929 Untrusted value as argument The values are checked against side_da= ta_size 1452417 Free of array-typed value coverity still fails to consider the fla= g value 1452423 Free of array-typed value 0 is REALLY 0 1452553 Free of array-typed value 0 AV_DICT_DONT_OVERWRITE is not AV_DICT_= DONT_STRDUP_VAL 1452575 Free of array-typed value 0 is REALLY 0 1466602 Free of array-typed value if flags 0 is passed then the flags argu= ment is 0 1473502 Untrusted loop bound seeking to a "untrusted value" is fine 1473502 Untrusted loop bound avio_seek() checks the offset 1473544 Untrusted loop bound allocate then store 1473561 Untrusted pointer write a non negative variable only needs a uppe= r bound check, i will suggest to add a assert though. This code does have a= feeling of fragility to it 1473589 Untrusted value as argument mode_blocksize is 0 or 1 1477411 Free of array-typed value another 0 is not 0 in coverity 1477412 Untrusted divisor the pcrs are checked so they are not equal 1477435 Untrusted loop bound inside the loop there are checks 1477437 Untrusted loop bound the code just skips over the chunk size with = avio_skip() 1500301 String not null terminated the profile_string const and 0 termina= ted. p is initialized to all 0, there is remaining space after the memcpy t= hus p is 0 terminated 1500302 Uninitialized scalar variable is_pipe and ts_from_file is contrad= icting 1452430 Free of array-typed value 0 !=3D 0 again 1442565 Untrusted loop bound dict_entries is checked against extradata_s= ize 1596608 Dereference after null check a new frame is allocated by ff_progre= ss_frame_get_buffer 1455684 Unintentional integer overflow w*h doesnt overflow w*h/256*100 als= o wont 1361959 Untrusted loop bound cnt is checked against bytestream2_get_bytes_= left(&dgb 1473503 Untrusted loop bound the loop checks if there is input data remain= ing 1473551 Untrusted loop bound the loop is checked by height and linesize 1473573 Untrusted loop bound the loop checks if there is input data remain= ing 1473506 Missing break in switch intentional 1466603 Uninitialized scalar variable good_thresh is given inconsistant v= alues by coverity 1528149 Unintended sign extension width * height < 4096 1547074 Missing break in switch intentional fallthrough 1547075 Missing break in switch intentional fallthrough 1477413 Missing break in switch intentional fallthrough 1512411 Dereference after null check pkt_out is NULL for alpha, the derefe= rence is under !ctx->is_alpha 1530136 Operands don't affect result LONG may be the same as uint64_t but = it doesnt have to be 1465488 Unintentional integer overflow with 1U this is now a false posit= ive 1500294 Unintentional integer overflow the shift is limited to 7+15 1465264 Free of array-typed value 0 & x =3D=3D 0 1521983 Unintentional integer overflow 1465484 Unintentional integer overflow the dc chroma vlcs dont overflow 32= bit 1465485 Unintentional integer overflow the dc luma vlcs dont overflow 32bit 1473497 Uninitialized scalar variable switch case default is impossible 1473517 Uninitialized scalar variable switch case default is impossible 1500291 Unintentional integer overflow Straight above the use its checked 1500295 Unintentional integer overflow Straight above the use its checked 1465480 Unintentional integer overflow mb num doesnt overflow 1465490 Unintentional integer overflow ESC3 should not overflow 1473567 Result is not floating-point yes thats how the mp3 dequant works 1503079 Division or modulo by zero coverity assumes frames =3D 0 but this= is impossible 1465482 Unintentional integer overflow the number of bits written is max = 10 so no overflow is possible 1596736 Untrusted loop bound the flags are 0, coverity assumes they are n= ot and taking an impossible branch / The 2 of 3 case is unrelated, and simp= ly checks strcasecmps the given filename 1596737 Free of array-typed value the flags are 0, coverity assumes they a= re not and taking an impossible branch 1441937 Unintentional integer overflow MB num doesnt overflow 1500279 Unintentional integer overflow libopus uses 16bit so 32 will suffi= ce 1452479 Out-of-bounds access coverity disregards thath the nlsf[] access = is after a i !=3D order check 1452618 Out-of-bounds access coverity assumes impossible subframes, this = begins with the assumtation of duration_ms=3D60 and nb_frames =3D 1, which = is already not possible at the same time 1447467 Free of address-of expression the flags are 0, coverity assumes th= ey are not and taking an impossible branch 1521984 Free of array-typed value the flags are 0, coverity assumes they a= re not and taking an impossible branch 1465489 Unintentional integer overflow put_bits() already asserts a limit = in k of 30 indirectly 1500333 Uninitialized scalar variable lpc should be initialzed in all cas= es in subframe 0, other subframes follow and thus have it initialized from = subframe 0 1505357 Unintentional integer overflow w*h*4 doesnt overflow --=20 Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB I know you won't believe me, but the highest form of Human Excellence is to question oneself and others. -- Socrates --QUoLvQIwyqhk2owQ Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iF0EABEKAB0WIQSf8hKLFH72cwut8TNhHseHBAsPqwUCZkKkaAAKCRBhHseHBAsP qzr+AJ9iAwu8cU7CYpMMpDE7Lr2IGqGOsgCeLPQwSakqDhrwluBCIcAQc9mX59A= =pL4X -----END PGP SIGNATURE----- --QUoLvQIwyqhk2owQ-- --===============8205523077921883346== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe". --===============8205523077921883346==--