From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100]) by master.gitmailbox.com (Postfix) with ESMTP id 980194B140 for ; Mon, 1 Jul 2024 13:39:35 +0000 (UTC) Received: from [127.0.1.1] (localhost [127.0.0.1]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 92BAC68D7C3; Mon, 1 Jul 2024 16:39:32 +0300 (EEST) Received: from relay8-d.mail.gandi.net (relay8-d.mail.gandi.net [217.70.183.201]) by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTPS id 50D2168D60D for ; Mon, 1 Jul 2024 16:39:25 +0300 (EEST) Received: by mail.gandi.net (Postfix) with ESMTPSA id 6204A1BF20A for ; Mon, 1 Jul 2024 13:39:24 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=niedermayer.cc; s=gm1; t=1719841164; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type; bh=G39aSsPGWFTH9DESa9AXl4LtsNMceWj6rBlF328RZO8=; b=dtaazvT8Ht6o40L3Dvz+avXBCspkNvEnQDgDKBuDTtofZKJoGqu0oKPXviH1WykGQRhjct 0qabes1I/oXAXihCyV1Xus+RnYObd5LhQSudkj4da+3pDCYQUbCHmbSHDLTg0NnoB0BtTH ccwJDc1Jn9ajrQoQA9AecP+GKSIVb1xaYc0jnNnY2yBw0ywD8tNzldDuUVILje+KE+48cJ HJp/ieqQ75/yXsd9SG9s62EZyqYCzY+QveWz7n6Chk9Jo81o1RyMMXdwC0qGUAuiRtikf/ tvhtiW2phMfsR5hnFOI+lPlmCNwkVR8zfYobMS7szyzH6HnGcvSvQFBUVh2rSw== Date: Mon, 1 Jul 2024 15:39:23 +0200 From: Michael Niedermayer To: FFmpeg development discussions and patches Message-ID: <20240701133923.GF4991@pb2> MIME-Version: 1.0 X-GND-Sasl: michael@niedermayer.cc Subject: [FFmpeg-devel] [RFC] av_rescale() coverity X-BeenThere: ffmpeg-devel@ffmpeg.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: FFmpeg development discussions and patches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: FFmpeg development discussions and patches Content-Type: multipart/mixed; boundary="===============7977144739208702574==" Errors-To: ffmpeg-devel-bounces@ffmpeg.org Sender: "ffmpeg-devel" Archived-At: List-Archive: List-Post: --===============7977144739208702574== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="ZcSASNCKFtrdv99s" Content-Disposition: inline --ZcSASNCKFtrdv99s Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi all coverity seems to have started to do a new thing. Namely if theres a return statement it assumes it can independant of everything occurr an example would be av_rescale() which on overflow returns INT64_MIN also with the right flags av_rescale() will pass INT64_MIN and INT64_MAX th= rough =66rom the input So coverity since a few days seems to treat every av_rescale() call as if i= t returns INT64_MIN and INT64_MAX. coverity doesnt care if that return statement is r= eachable or if the flags even include the execution path. An example is this: AVRational time_base_q =3D AV_TIME_BASE_Q; int64_t next_dts =3D av_rescale_q(ds->next_dts, time_base_q, av= _inv_q(ist->framerate)); ds->next_dts =3D av_rescale_q(next_dts + 1, av_inv_q(ist->frame= rate), time_base_q); Here coverity as a initial statement claims next_dts is INT64_MAX and next_dts + 1 would overflow 8. function_return: Function av_rescale_q(ds->next_dts, time_base_q, av= _inv_q(ist->framerate)) returns 9223372036854775807. 9. known_value_assign: next_dts =3D av_rescale_q(ds->next_dts, = time_base_q, av_inv_q(ist->framerate)), its value is now 922337203685477580= 7. 331 int64_t next_dts =3D av_rescale_q(ds->next_dts, time_bas= e_q, av_inv_q(ist->framerate)); CID 1604545: (#1 of 1): Overflowed constant (INTEGER_OVERFLOW) 10. overflow_const: Expression next_dts + 1LL, which is equal to -92233= 72036854775808, where next_dts is known to be equal to 9223372036854775807,= overflows the type that receives it, a signed integer 64 bits wide. another example is this: #define AV_TIME_BASE 1000000 pts =3D av_rescale(ds->dts, 1000000, AV_TIME_BASE); coverity hallucinates pts as a tainted negative number here nothing says an= ything about the input ds->dts (and thats what would matter) In the past coverity provided a detailed list of steps on how a case is reached. One could then check these assumtions and mark things as false positive when one assumtion is wrong. (coverity was most of the ti= me wrong) Now coverity just hallucinates claims out of the blue without any explanation how that can happen. Iam a bit at a loss how to deal with this and also why exactly this new behavior appeared. Has anyone changed any setting or anything in coverity ? The number of issues shot up to over 400 on the 22th june "194 new defect(s) introduced to FFmpeg/FFmpeg found with Coverity Scan." before this i thought iam mostly done with my coverity work. now truth is, the STF text speaks about 673 issues at the time and not what appears after the work started, but it makes me a bit sad if i categor= ize ~700+ issues and then fix the ones that are bugs just to find coverity hallucinate 200 new issues a month that ill have to leave open for future efforts. I did not expect that years of ignoring coverity accumulate 673 issues and then suddenly the rate of new issues to shoot up like this. I kind of expec= ted that i can fix all new issues appearing during the work with insignificant = extra effort thx --=20 Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB Why not whip the teacher when the pupil misbehaves? -- Diogenes of Sinope --ZcSASNCKFtrdv99s Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iF0EABEKAB0WIQSf8hKLFH72cwut8TNhHseHBAsPqwUCZoKxhwAKCRBhHseHBAsP qwkhAJ97cT3aoPRETJ0+iPMcnx1xe6LVnACeKUT1bWYcnnQkoxElmZ53igvrKKY= =7t7f -----END PGP SIGNATURE----- --ZcSASNCKFtrdv99s-- --===============7977144739208702574== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe". --===============7977144739208702574==--