[Ffmpeg-devel] Coverity defect scan

Michael Niedermayer michaelni
Fri Mar 10 23:43:54 CET 2006


On Fri, Mar 10, 2006 at 11:34:07AM +0100, Diego Biurrun wrote:
> Michael (and others),
> I recommend you to sign up with Coverity and get access to the list of
> bugs they found in MPlayer:
> http://scan.coverity.com/
> Quite a few of them are FFmpeg bugs.

libavutil: 0
    * vc9.c: 7 (unfinished code)
    * false positives:8
    * check for NULL after deref in h263dec.c (marked as resolved though its
      not a bug)
    * dc_pred_dir not initalzed (known bug, just fixed it finally)
    * 2 tables in svq1.c too small, values never used though reported 5 times
    * table in h263.c too small, extra value undefined in spec and doesnt
      really matter as such a video isnt valid anyway reported 2 times
    * read over end of array in the rangecoder, value never used though
      and its a struct so it cant even segfault
    * uninspected by me: 20 or so

calling these bugs or errors stretches the definition by quite a large 
amount id call them warnings which is what they are, and like the gcc 
warnings some of them point to actual bugs but most are irrelevant
in practice IMHO, so yeah if someone how too much time checking through
them is a good idea, but i rather review some of the patches laying
around on this list ...

btw, why is the list not available to the public? why does one need to
register, ok only name & email is needed (yes i got my reg without
telling them my phone number :) )



More information about the ffmpeg-devel mailing list