[FFmpeg-devel] [PATCH] avcodec/pngdec: initialize "foreground_alpha"

Michael Niedermayer michael at niedermayer.cc
Sun Oct 11 04:06:07 CEST 2015 

On Mon, Oct 05, 2015 at 05:08:56AM +0200, Michael Niedermayer wrote:
> On Sun, Oct 04, 2015 at 10:39:26PM -0400, Ganesh Ajjanagadde wrote:
> > On Sun, Oct 4, 2015 at 10:16 PM, Michael Niedermayer <michaelni at gmx.at> wrote:
> > > On Sun, Oct 04, 2015 at 09:21:55PM -0400, Ganesh Ajjanagadde wrote:
> > >> Fixes CID 1322359, CID 1322358.
> > >>
> > >> Signed-off-by: Ganesh Ajjanagadde <gajjanagadde at gmail.com>
> > >> ---
> > >>  libavcodec/pngdec.c | 2 +-
> > >>  1 file changed, 1 insertion(+), 1 deletion(-)
> > >>
> > >> diff --git a/libavcodec/pngdec.c b/libavcodec/pngdec.c
> > >> index d180141..fe22225 100644
> > >> --- a/libavcodec/pngdec.c
> > >> +++ b/libavcodec/pngdec.c
> > >> @@ -1006,7 +1006,7 @@ static int handle_p_frame_apng(AVCodecContext *avctx, PNGDecContext *s,
> > >>              uint8_t *background = buffer + s->image_linesize * y + s->bpp * s->x_offset;
> > >>              for (x = s->x_offset; x < s->x_offset + s->cur_w; ++x, foreground += s->bpp, background += s->bpp) {
> > >>                  size_t b;
> > >> -                uint8_t foreground_alpha, background_alpha, output_alpha;
> > >> +                uint8_t foreground_alpha = 0, background_alpha, output_alpha;
> > >
> > > this looks very odd
> > > have you checked that the reference png implementation and png spec
> > > set foreground_alpha to 0 for cases that FFmpeg doesnt implement ? ;)
> > >
> > > warnings can point to bugs and if so the bug should be fixed which
> > > should make the warning disappear. If a warning doesnt point to a bug
> > > then it should be silenced in some clean way
> > >
> > > It seems you try to silence this one without really realizing
> > > what is wrong with the codepath in which this warning occurs
> > 
> > I did not look at this deeply. Furthermore, I assumed that the
> > Coverity scan does not report false positives. More precisely, I
> > assumed (incorrectly) that when Coverity says a code path is reached,
> > etc it is based on an actual runtime input or a guaranteed static
> > analysis, and not simply on some heuristics. Good to know for future
> > use of Coverity.
> 
> 50-70% of the coverity issues are "false positives" thats according
> to my feeling from what ive seen, not a hard statistic

i wouldnt consider CID 1322359, CID 1322358.to be false positives
though. Allthough its quite likely coverity will fail to detect that
checking blend_op makes it impossible so after
1e7e4f13f95227d79bc8ab9a2167f02f7a3e063f, if coverity still detects
them in the next pass they would be false positives

[...]

-- 
Michael     GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB

During times of universal deceit, telling the truth becomes a
revolutionary act. -- George Orwell
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: Digital signature
URL: <http://ffmpeg.org/pipermail/ffmpeg-devel/attachments/20151011/e27d3314/attachment.sig>

More information about the ffmpeg-devel mailing list