[FFmpeg-devel] New Defects reported by Coverity Scan for FFmpeg/FFmpeg (fwd)

mypopy at gmail.com mypopy at gmail.com
Mon Jan 13 03:06:00 EET 2020 

On Sun, Jan 12, 2020 at 5:54 AM Marton Balint <cus at passwd.hu> wrote:
>
> Hi,
>
> Has anybody reported these and similar false positives involving
> av_dict_set() with a 0 flag to Coverity?
>
> These are popping up all over the codebase, something should be done to
> make Coverity smarter about them. Any ideas?
In my local coverity scan system , av_dict_set() with a 0 flag always
be marked with "serious problems" in Coverity system, after  a brief
glance, I think Coverity system given a wrong mark in this case. maybe
I missed something

Will double-check av_dict_set() with a 0 flag.
>
> Thanks,
> Marton
>
> ---------- Forwarded message ----------
> Date: Sat, 11 Jan 2020 00:16:31 +0000 (UTC)
> From: scan-admin at coverity.com
> To: cus at passwd.hu
> Subject: New Defects reported by Coverity Scan for FFmpeg/FFmpeg
>
> Hi,
>
> Please find the latest report on new defect(s) introduced to FFmpeg/FFmpeg found with Coverity Scan.
>
> 3 new defect(s) introduced to FFmpeg/FFmpeg found with Coverity Scan.
> 4 defect(s), reported by Coverity Scan earlier, were marked fixed in the recent build analyzed by Coverity Scan.
>
> New defect(s) Reported-by: Coverity Scan
> Showing 3 of 3 defect(s)
>
>
> ** CID 1457612:  Memory - corruptions  (BAD_FREE)
>
>
> ________________________________________________________________________________________________________
> *** CID 1457612:  Memory - corruptions  (BAD_FREE)
> /libavformat/img2dec.c: 387 in add_filename_as_pkt_side_data()
> 381     static int add_filename_as_pkt_side_data(char *filename, AVPacket *pkt) {
> 382         uint8_t* metadata;
> 383         int metadata_len;
> 384         AVDictionary *d = NULL;
> 385         char *packed_metadata = NULL;
> 386
> >>>     CID 1457612:  Memory - corruptions  (BAD_FREE)
> >>>     "av_dict_set" frees array ""lavf.image2dec.source_path"".
> 387         av_dict_set(&d, "lavf.image2dec.source_path", filename, 0);
> 388         av_dict_set(&d, "lavf.image2dec.source_basename", av_basename(filename), 0);
> 389
> 390         packed_metadata = av_packet_pack_dictionary(d, &metadata_len);
> 391         av_dict_free(&d);
> 392         if (!packed_metadata)
>
> ** CID 1457611:  Memory - corruptions  (BAD_FREE)
>
>
> ________________________________________________________________________________________________________
> *** CID 1457611:  Memory - corruptions  (BAD_FREE)
> /libavformat/img2dec.c: 522 in ff_img_read_packet()
> 516         /*
> 517          * export_path_metadata must be explicitly enabled via
> 518          * command line options for path metadata to be exported
> 519          * as packet side_data.
> 520          */
> 521         if (!s->is_pipe && s->export_path_metadata == 1) {
> >>>     CID 1457611:  Memory - corruptions  (BAD_FREE)
> >>>     "add_filename_as_pkt_side_data" frees incorrect pointer "filename".
> 522             res = add_filename_as_pkt_side_data(filename, pkt);
> 523             if (res < 0)
> 524                 goto fail;
> 525         }
> 526
> 527         pkt->size = 0;
>
> ** CID 1457610:  Memory - illegal accesses  (USE_AFTER_FREE)
> /libavformat/img2dec.c: 388 in add_filename_as_pkt_side_data()
>
>
> ________________________________________________________________________________________________________
> *** CID 1457610:  Memory - illegal accesses  (USE_AFTER_FREE)
> /libavformat/img2dec.c: 388 in add_filename_as_pkt_side_data()
> 382         uint8_t* metadata;
> 383         int metadata_len;
> 384         AVDictionary *d = NULL;
> 385         char *packed_metadata = NULL;
> 386
> 387         av_dict_set(&d, "lavf.image2dec.source_path", filename, 0);
> >>>     CID 1457610:  Memory - illegal accesses  (USE_AFTER_FREE)
> >>>     Passing freed pointer "filename" as an argument to "av_basename".
> 388         av_dict_set(&d, "lavf.image2dec.source_basename", av_basename(filename), 0);
> 389
> 390         packed_metadata = av_packet_pack_dictionary(d, &metadata_len);
> 391         av_dict_free(&d);
> 392         if (!packed_metadata)
> 393             return AVERROR(ENOMEM);
>
>
> ________________________________________________________________________________________________________
> To view the defects in Coverity Scan visit, https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRaqasF6Uk2bO40DRQinvhHXkt8Nls-2F5NS-2BxBTpKqgEzgg-3D-3D_iLiXcktl7KXGjSQAr3vGdzTcLOyVPdi-2FBYEhWvx6cOoPLZW2npBAP5ETvXBhWGQ-2BgGJ0akoMF82ThsW9C-2F8kD7NGEkYmCVuwItSQDN-2F4UiEw3JkP-2FsfAH5o75w0HStCw5boTnud6r9LTKGs6m8KQdVh-2FG-2FTXdOBD93QMYdqvm3u0nIoqo5mLxL1vbe508XZaxAMLhX8G0C3DdM2zlivjwq6YtDCr35ABndfcAK6nJBE-3D
>
>    To manage Coverity Scan email notifications for "cus at passwd.hu", click https://u2389337.ct.sendgrid.net/wf/click?upn=08onrYu34A-2BWcWUl-2F-2BfV0V05UPxvVjWch-2Bd2MGckcRbVDbis712qZDP-2FA8y06Nq4KxDzmpfyD-2F0l0XIVTmMtZD7ylWpUIkhWLZ-2FqTpdzByKR1etBqRMP9Gr8p3ndILxSbjDX9BckY-2F41HYDCOY7v3gsXsVPM0ldLTEl8rIsTJxw-3D_iLiXcktl7KXGjSQAr3vGdzTcLOyVPdi-2FBYEhWvx6cOoPLZW2npBAP5ETvXBhWGQ-2BU3-2BqjFTr8yNdZAvCs7njXlOq2sv2NxTYVnecxAhviSfimYN-2BCgZ-2BLA9CtqCpFfl46oybryC4cyLFEb4qC-2FgzBgmaX-2B-2FDQg4VD4eVWKgYCTGxJyZCCm6W9y4-2For0hWKj-2BcpP9pd4gEimyi3f2fW7AX3ff2au-2BKxQVNznvqdFqYeM-3D
> _______________________________________________
> ffmpeg-devel mailing list
> ffmpeg-devel at ffmpeg.org
> https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
>
> To unsubscribe, visit link above, or email
> ffmpeg-devel-request at ffmpeg.org with subject "unsubscribe".



-- 
=======================================
Jun zhao/赵军
+++++++++++++++++++++++++++++++++++++++

More information about the ffmpeg-devel mailing list