Changes between Initial Version and Version 1 of Ticket #3466


Ignore:
Timestamp:
Mar 16, 2014, 11:25:48 AM (5 years ago)
Author:
cehoyos
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #3466

    • Property Component changed from ffmpeg to undetermined
    • Property Summary changed from PVS-Studio to PVS-Studio static code analysis
  • Ticket #3466 – Description

    initial v1  
    11Analyzer PVS-Studio (http://www.viva64.com/) slowly learns to check Linux projects. Currently can not very well. However, tool was able to find some suspicious code. I checked the project FFmpeg. Maybe something here is errors:
    2 
     2{{{
    33V501 There are identical sub-expressions '!srcSlice' to the left and to the right of the '||' operator. swscale.c 924
    44
     
    2020  ....
    2121}
    22 -------------------------------------------------------------------------------
     22}}}
     23{{{
    2324V512 A call of the 'memcpy' function will lead to underflow of the buffer 'frame->data'. vf_shuffleplanes.c 98
    2425
     
    3637  ....
    3738}
    38 -------------------------------------------------------------------------------
     39}}}
     40{{{
    3941V557 Array overrun is possible. The '8' index is pointing beyond array bound. mjpegenc.c 497
    4042V557 Array overrun is possible. The '9' index is pointing beyond array bound. mjpegenc.c 499
     
    5254  ....
    5355}
    54 
    5556#add
    5657V557 Array overrun is possible. The '6' index is pointing beyond array bound. mjpegenc.c 504
     
    6061V557 Array overrun is possible. The '6' index is pointing beyond array bound. mjpegenc.c 516
    6162V557 Array overrun is possible. The '7' index is pointing beyond array bound. mjpegenc.c 518
    62 -------------------------------------------------------------------------------
     63}}}
     64{{{
    6365V564 The '&' operator is applied to bool type value. You've probably forgotten to include parentheses or intended to use the '&&' operator. dcadec.c 1373
    6466
     
    7375  ....
    7476}
    75 -------------------------------------------------------------------------------
     77}}}
     78{{{
    7679V564 The '&' operator is applied to bool type value. You've probably forgotten to include parentheses or intended to use the '&&' operator. vc1dec.c 3675
    7780
     
    8588  ....
    8689}
    87 -------------------------------------------------------------------------------
     90}}}
     91{{{
    8892V593 Consider reviewing the expression of the 'A = B < C' kind. The expression is calculated as following: 'A = (B < C)'. fic.c 245
    8993
     
    96100  ....
    97101}
    98 -------------------------------------------------------------------------------
     102}}}
     103{{{
    99104V595 The 'ts->pids[pid]' pointer was utilized before it was verified against nullptr. Check lines: 1377, 1379. mpegts.c 1377
    100105
     
    107112  ....
    108113}
    109 -------------------------------------------------------------------------------
     114}}}
     115{{{
    110116V610 Undefined behavior. Check the shift operator '<<. The left operand '-1' is negative. diracdec.c 1358
    111117
     
    170176V610 Undefined behavior. Check the shift operator '<<. The left operand '-128' is negative. output.c 1036
    171177V610 Undefined behavior. Check the shift operator '<<. The left operand '-128' is negative. output.c 1037
    172 -------------------------------------------------------------------------------
     178}}}
     179{{{
    173180V614 Potentially uninitialized variable 'info_bits' used. g723_1.c 2335
    174181
     
    185192  return frame_size[info_bits];
    186193}
    187 -------------------------------------------------------------------------------
     194}}}
     195{{{
    188196V636 The 'i / 4' expression was implicitly casted from 'int' type to 'double' type. Consider utilizing an explicit type cast to avoid the loss of a fractional part. An example: double A = (double)(X) / Y;. mpegaudio_tablegen.h 48
    189197
     
    205213V636 The 's->avctx->rc_buffer_size / 2' expression was implicitly casted from 'int' type to 'double' type. Consider utilizing an explicit type cast to avoid the loss of a fractional part. An example: double A = (double)(X) / Y;. ratecontrol.c 961
    206214V636 The '1 * s->out.ch_count / s->in.ch_count' expression was implicitly casted from 'int' type to 'double' type. Consider utilizing an explicit type cast to avoid the loss of a fractional part. An example: double A = (double)(X) / Y;. swresample.c 386
    207 -------------------------------------------------------------------------------
     215}}}
     216{{{
    208217V640 The code's operational logic does not correspond with its formatting. The statement is indented to the right, but it is always executed. It is possible that curly brackets are missing. vc1dec.c 1917
    209218
     
    218227  ....
    219228}
    220 -------------------------------------------------------------------------------
    221 
     229}}}
    222230P.S. Errors description: http://www.viva64.com/en/d/
    223231