jpegxl-0.10.3-5.fc42

List of Findings

Error: CPPCHECK_WARNING (CWE-758): [#def1]
jpegxl-0.10.3-build/libjxl-0.10.3/lib/extras/dec/pnm.cc:358: error[missingReturn]: Found an exit path from function with non-void return type that has missing return statement
#  356|                                       size_t xsize, size_t ysize,
#  357|                                       size_t* row_offset) {
#  358|->     JXL_ABORT("Not implemented");
#  359|     }
#  360|   

Error: CPPCHECK_WARNING (CWE-909): [#def2]
jpegxl-0.10.3-build/libjxl-0.10.3/lib/extras/dec/pnm.cc:479: error[uninitStructMember]: Uninitialized struct member: pec.index
#  477|       pec.ec_info.bits_per_sample = ppf->info.bits_per_sample;
#  478|       pec.ec_info.type = type;
#  479|->     ppf->extra_channels_info.emplace_back(std::move(pec));
#  480|     }
#  481|   

Error: CPPCHECK_WARNING (CWE-457): [#def3]
jpegxl-0.10.3-build/libjxl-0.10.3/lib/extras/dec/pnm.cc:479: error[uninitvar]: Uninitialized variable: pec.index
#  477|       pec.ec_info.bits_per_sample = ppf->info.bits_per_sample;
#  478|       pec.ec_info.type = type;
#  479|->     ppf->extra_channels_info.emplace_back(std::move(pec));
#  480|     }
#  481|   

Error: CPPCHECK_WARNING (CWE-786): [#def4]
jpegxl-0.10.3-build/libjxl-0.10.3/lib/jpegli/encode.cc:575: error[negativeIndex]: Array 'row[0]' accessed at index row[*][-1], which is out of bounds.
#  573|         row[c][x] = last_val;
#  574|       }
#  575|->     row[c][-1] = row[c][0];
#  576|     }
#  577|     if (m->next_input_row == cinfo->image_height) {

Error: CPPCHECK_WARNING (CWE-909): [#def5]
jpegxl-0.10.3-build/libjxl-0.10.3/lib/jxl/dec_patch_dictionary.cc:230: error[uninitStructMember]: Uninitialized struct member: root.left_child
#  228|     root.start = 0;
#  229|     root.num = intervals.size();
#  230|->   patch_tree_.push_back(root);
#  231|     size_t next = 0;
#  232|     while (next < patch_tree_.size()) {

Error: CPPCHECK_WARNING (CWE-909): [#def6]
jpegxl-0.10.3-build/libjxl-0.10.3/lib/jxl/dec_patch_dictionary.cc:230: error[uninitStructMember]: Uninitialized struct member: root.right_child
#  228|     root.start = 0;
#  229|     root.num = intervals.size();
#  230|->   patch_tree_.push_back(root);
#  231|     size_t next = 0;
#  232|     while (next < patch_tree_.size()) {

Error: CPPCHECK_WARNING (CWE-909): [#def7]
jpegxl-0.10.3-build/libjxl-0.10.3/lib/jxl/dec_patch_dictionary.cc:230: error[uninitStructMember]: Uninitialized struct member: root.y_center
#  228|     root.start = 0;
#  229|     root.num = intervals.size();
#  230|->   patch_tree_.push_back(root);
#  231|     size_t next = 0;
#  232|     while (next < patch_tree_.size()) {

Error: CPPCHECK_WARNING (CWE-457): [#def8]
jpegxl-0.10.3-build/libjxl-0.10.3/lib/jxl/dec_patch_dictionary.cc:230: error[uninitvar]: Uninitialized variables: root.left_child, root.right_child, root.y_center
#  228|     root.start = 0;
#  229|     root.num = intervals.size();
#  230|->   patch_tree_.push_back(root);
#  231|     size_t next = 0;
#  232|     while (next < patch_tree_.size()) {

Error: CPPCHECK_WARNING (CWE-909): [#def9]
jpegxl-0.10.3-build/libjxl-0.10.3/lib/jxl/dec_patch_dictionary.cc:271: error[uninitStructMember]: Uninitialized struct member: left.left_child
#  269|         left.num = left_end - left.start;
#  270|         patch_tree_[next].left_child = patch_tree_.size();
#  271|->       patch_tree_.push_back(left);
#  272|       }
#  273|       if (right_start < end) {

Error: CPPCHECK_WARNING (CWE-909): [#def10]
jpegxl-0.10.3-build/libjxl-0.10.3/lib/jxl/dec_patch_dictionary.cc:271: error[uninitStructMember]: Uninitialized struct member: left.right_child
#  269|         left.num = left_end - left.start;
#  270|         patch_tree_[next].left_child = patch_tree_.size();
#  271|->       patch_tree_.push_back(left);
#  272|       }
#  273|       if (right_start < end) {

Error: CPPCHECK_WARNING (CWE-909): [#def11]
jpegxl-0.10.3-build/libjxl-0.10.3/lib/jxl/dec_patch_dictionary.cc:271: error[uninitStructMember]: Uninitialized struct member: left.y_center
#  269|         left.num = left_end - left.start;
#  270|         patch_tree_[next].left_child = patch_tree_.size();
#  271|->       patch_tree_.push_back(left);
#  272|       }
#  273|       if (right_start < end) {

Error: CPPCHECK_WARNING (CWE-457): [#def12]
jpegxl-0.10.3-build/libjxl-0.10.3/lib/jxl/dec_patch_dictionary.cc:271: error[uninitvar]: Uninitialized variables: left.left_child, left.right_child, left.y_center
#  269|         left.num = left_end - left.start;
#  270|         patch_tree_[next].left_child = patch_tree_.size();
#  271|->       patch_tree_.push_back(left);
#  272|       }
#  273|       if (right_start < end) {

Error: CPPCHECK_WARNING (CWE-909): [#def13]
jpegxl-0.10.3-build/libjxl-0.10.3/lib/jxl/dec_patch_dictionary.cc:278: error[uninitStructMember]: Uninitialized struct member: right.left_child
#  276|         right.num = end - right.start;
#  277|         patch_tree_[next].right_child = patch_tree_.size();
#  278|->       patch_tree_.push_back(right);
#  279|       }
#  280|       ++next;

Error: CPPCHECK_WARNING (CWE-909): [#def14]
jpegxl-0.10.3-build/libjxl-0.10.3/lib/jxl/dec_patch_dictionary.cc:278: error[uninitStructMember]: Uninitialized struct member: right.right_child
#  276|         right.num = end - right.start;
#  277|         patch_tree_[next].right_child = patch_tree_.size();
#  278|->       patch_tree_.push_back(right);
#  279|       }
#  280|       ++next;

Error: CPPCHECK_WARNING (CWE-909): [#def15]
jpegxl-0.10.3-build/libjxl-0.10.3/lib/jxl/dec_patch_dictionary.cc:278: error[uninitStructMember]: Uninitialized struct member: right.y_center
#  276|         right.num = end - right.start;
#  277|         patch_tree_[next].right_child = patch_tree_.size();
#  278|->       patch_tree_.push_back(right);
#  279|       }
#  280|       ++next;

Error: CPPCHECK_WARNING (CWE-457): [#def16]
jpegxl-0.10.3-build/libjxl-0.10.3/lib/jxl/dec_patch_dictionary.cc:278: error[uninitvar]: Uninitialized variables: right.left_child, right.right_child, right.y_center
#  276|         right.num = end - right.start;
#  277|         patch_tree_[next].right_child = patch_tree_.size();
#  278|->       patch_tree_.push_back(right);
#  279|       }
#  280|       ++next;

Error: CPPCHECK_WARNING (CWE-457): [#def17]
jpegxl-0.10.3-build/libjxl-0.10.3/lib/jxl/enc_fast_lossless.cc:421: warning[uninitvar]: Uninitialized variable: compact_freqs
#  419|       }
#  420|       uint8_t num_bits[kMaxNumSymbols] = {};
#  421|->     ComputeCodeLengthsNonZero(compact_freqs, ni, min_limit, max_limit,
#  422|                                 num_bits);
#  423|       ni = 0;

Error: COMPILER_WARNING (CWE-457): [#def18]
jpegxl-0.10.3-build/libjxl-0.10.3/lib/jxl/enc_fast_lossless.cc: scope_hint: In function ‘(anonymous namespace)::PrefixCode::ComputeCodeLengths(unsigned long const*, unsigned long, unsigned char const*, unsigned char const*, unsigned char*)’
jpegxl-0.10.3-build/libjxl-0.10.3/lib/jxl/enc_fast_lossless.cc:421:30: warning[-Wmaybe-uninitialized]: ‘compact_freqs’ may be used uninitialized
#  421 |     ComputeCodeLengthsNonZero(compact_freqs, ni, min_limit, max_limit,
#      |     ~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#  422 |                               num_bits);
#      |                               ~~~~~~~~~
jpegxl-0.10.3-build/libjxl-0.10.3/lib/jxl/enc_fast_lossless.cc:374:15: note: by argument 1 of type ‘const uint64_t *’ to ‘(anonymous namespace)::PrefixCode::ComputeCodeLengthsNonZero(unsigned long const*, unsigned long, unsigned char*, unsigned char*, unsigned char*)’ declared here
#  374 |   static void ComputeCodeLengthsNonZero(const uint64_t* freqs, size_t n,
#      |               ^~~~~~~~~~~~~~~~~~~~~~~~~
jpegxl-0.10.3-build/libjxl-0.10.3/lib/jxl/enc_fast_lossless.cc:408:14: note: ‘compact_freqs’ declared here
#  408 |     uint64_t compact_freqs[kMaxNumSymbols];
#      |              ^~~~~~~~~~~~~
#  419|       }
#  420|       uint8_t num_bits[kMaxNumSymbols] = {};
#  421|->     ComputeCodeLengthsNonZero(compact_freqs, ni, min_limit, max_limit,
#  422|                                 num_bits);
#  423|       ni = 0;

Error: CPPCHECK_WARNING (CWE-398): [#def19]
jpegxl-0.10.3-build/libjxl-0.10.3/lib/jxl/enc_icc_codec.cc:164: error[containerOutOfBounds]: Out of bounds access in 'kTagStrings[j]', if 'kTagStrings' size is 4 and 'j' is 16
#  162|         uint8_t tagcode = kCommandTagUnknown;
#  163|         for (size_t j = 0; j < kNumTagStrings; j++) {
#  164|->         if (tag == *kTagStrings[j]) {
#  165|             tagcode = j + kCommandTagStringFirst;
#  166|             break;

Error: CPPCHECK_WARNING (CWE-398): [#def20]
jpegxl-0.10.3-build/libjxl-0.10.3/lib/jxl/enc_icc_codec.cc:389: error[containerOutOfBounds]: Out of bounds access in 'kTypeStrings[i]', if 'kTypeStrings' size is 4 and 'i' is 7
#  387|           Tag subTag = DecodeKeyword(icc, size, pos);
#  388|           for (size_t i = 0; i < kNumTypeStrings; i++) {
#  389|->           if (subTag == *kTypeStrings[i]) {
#  390|               commands_add.push_back(kCommandTypeStartFirst + i);
#  391|               pos += 8;

Error: CPPCHECK_WARNING (CWE-562): [#def21]
jpegxl-0.10.3-build/libjxl-0.10.3/lib/jxl/encode.cc:179: error[danglingLifetime]: Non-local variable 'next_out_' will use pointer to local variable 'next_out'.
#  177|     if (external_output_processor_) return false;
#  178|     avail_out_ = avail_out;
#  179|->   next_out_ = next_out;
#  180|     FlushOutput();
#  181|     return true;

Error: CPPCHECK_WARNING (CWE-562): [#def22]
jpegxl-0.10.3-build/libjxl-0.10.3/lib/jxl/test_utils.cc:73: error[returnDanglingLifetime]: Returning object that points to local variable 'str' that will be invalid when returning.
#   71|     printf("Test data %s is %d bytes long.\n", filename.c_str(),
#   72|            static_cast<int>(data.size()));
#   73|->   return data;
#   74|   }
#   75|   

Error: CPPCHECK_WARNING (CWE-457): [#def23]
jpegxl-0.10.3-build/libjxl-0.10.3/third_party/sjpeg/src/enc.cc:1341: warning[uninitvar]: Uninitialized variable: sorted_freq
# 1339|     // initial sort
# 1340|     // TODO(skal): replace by counting-sort?? (merged with previous loop?)
# 1341|->   qsort(sorted_freq, nb_syms, sizeof(sorted_freq[0]), cmp);
# 1342|   
# 1343|     // fake last symbol, with lowest frequency: will be assigned to the forbidden

Error: CPPCHECK_WARNING (CWE-786): [#def24]
jpegxl-0.10.3-build/libjxl-0.10.3/third_party/sjpeg/src/enc.cc:1432: error[negativeIndex]: Array 'start[32]' accessed at index -1, which is out of bounds.
# 1430|       }
# 1431|     }
# 1432|->   assert(start[max_bit_size - 1] == nb_syms - 1);
# 1433|   
# 1434|     // Fix codes with length greater than 16 bits. We move too long

Error: CPPCHECK_WARNING (CWE-823): [#def25]
jpegxl-0.10.3-build/libjxl-0.10.3/third_party/sjpeg/src/jpeg_tools.cc:243: error[arrayIndexOutOfBounds]: Array 'yuv[24]' accessed at index 127, which is out of bounds.
#  241|     uint16_t idx[64];
#  242|     for (int k = 0; k < 64; ++k) {
#  243|->     idx[k] = YUVToRiskIdx(yuv[k + 0 * 64], yuv[k + 1 * 64],  yuv[k + 2 * 64]);
#  244|     }
#  245|     const int kRGB3 = sjpeg::kRGBSize * sjpeg::kRGBSize * sjpeg::kRGBSize;

Error: CPPCHECK_WARNING (CWE-823): [#def26]
jpegxl-0.10.3-build/libjxl-0.10.3/third_party/sjpeg/src/jpeg_tools.cc:243: error[arrayIndexOutOfBounds]: Array 'yuv[24]' accessed at index 191, which is out of bounds.
#  241|     uint16_t idx[64];
#  242|     for (int k = 0; k < 64; ++k) {
#  243|->     idx[k] = YUVToRiskIdx(yuv[k + 0 * 64], yuv[k + 1 * 64],  yuv[k + 2 * 64]);
#  244|     }
#  245|     const int kRGB3 = sjpeg::kRGBSize * sjpeg::kRGBSize * sjpeg::kRGBSize;

Error: CPPCHECK_WARNING (CWE-823): [#def27]
jpegxl-0.10.3-build/libjxl-0.10.3/third_party/sjpeg/src/jpeg_tools.cc:243: error[arrayIndexOutOfBounds]: Array 'yuv[24]' accessed at index 63, which is out of bounds.
#  241|     uint16_t idx[64];
#  242|     for (int k = 0; k < 64; ++k) {
#  243|->     idx[k] = YUVToRiskIdx(yuv[k + 0 * 64], yuv[k + 1 * 64],  yuv[k + 2 * 64]);
#  244|     }
#  245|     const int kRGB3 = sjpeg::kRGBSize * sjpeg::kRGBSize * sjpeg::kRGBSize;

Error: COMPILER_WARNING (CWE-457): [#def28]
jpegxl-0.10.3-build/libjxl-0.10.3/third_party/skcms/src/Transform_inl.h:119:14: warning[-Wmaybe-uninitialized]: ‘d’ may be used uninitialized
#  119 |         d[i] = v[i];
#      |         ~~~~~^~~~
jpegxl-0.10.3-build/libjxl-0.10.3/third_party/skcms/src/Transform_inl.h: scope_hint: In function ‘baseline::exec_ops(skcms_private::Op const*, void const**, char const*, char*, int)’
jpegxl-0.10.3-build/libjxl-0.10.3/third_party/skcms/src/Transform_inl.h:117:7: note: ‘d’ was declared here
#  117 |     D d;
#      |       ^
#  117|       D d;
#  118|       for (int i = 0; i < N; i++) {
#  119|->         d[i] = v[i];
#  120|       }
#  121|       return d;

Error: GCC_ANALYZER_WARNING (CWE-688): [#def29]
jpegxl-0.10.3-build/libjxl-0.10.3/tools/jxlinfo.c: scope_hint: In function ‘PrintBasicInfo’
jpegxl-0.10.3-build/libjxl-0.10.3/tools/jxlinfo.c:59:9: warning[-Wanalyzer-null-argument]: use of NULL ‘data’ where non-null expected
<built-in>: note: argument 1 of ‘__builtin_memmove’ must be non-null
#   57|         // move any remaining bytes to the front if necessary
#   58|         if (remaining != 0) {
#   59|->         memmove(data, data + data_size - remaining, remaining);
#   60|         }
#   61|         // resize the buffer to append one more chunk of data

Error: CPPCHECK_WARNING (CWE-401): [#def30]
jpegxl-0.10.3-build/libjxl-0.10.3/tools/jxlinfo.c:63: error[memleakOnRealloc]: Common realloc mistake: 'data' nulled but not freed upon failure
#   61|         // resize the buffer to append one more chunk of data
#   62|         // TODO(lode): avoid unnecessary reallocations
#   63|->       data = (uint8_t*)realloc(data, remaining + chunk_size);
#   64|         // append bytes read from the file behind the remaining bytes
#   65|         size_t read_size = fread(data + remaining, 1, chunk_size, file);

Error: GCC_ANALYZER_WARNING (CWE-415): [#def31]
jpegxl-0.10.3-build/libjxl-0.10.3/tools/jxlinfo.c:63:24: warning[-Wanalyzer-double-free]: double-‘free’ of ‘data’
#   61|         // resize the buffer to append one more chunk of data
#   62|         // TODO(lode): avoid unnecessary reallocations
#   63|->       data = (uint8_t*)realloc(data, remaining + chunk_size);
#   64|         // append bytes read from the file behind the remaining bytes
#   65|         size_t read_size = fread(data + remaining, 1, chunk_size, file);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def32]
jpegxl-0.10.3-build/libjxl-0.10.3/tools/jxlinfo.c:72:10: warning[-Wanalyzer-malloc-leak]: leak of ‘data’
#   70|         data_size = remaining + read_size;
#   71|         JxlDecoderSetInput(dec, data, data_size);
#   72|->       if (feof(file)) JxlDecoderCloseInput(dec);
#   73|       } else if (status == JXL_DEC_SUCCESS) {
#   74|         // Finished all processing.

Error: GCC_ANALYZER_WARNING (CWE-457): [#def33]
jpegxl-0.10.3-build/libjxl-0.10.3/tools/jxlinfo.c:311:15: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘info.have_animation’
#  309|           printf("full image size");
#  310|         }
#  311|->       if (info.have_animation) {
#  312|           float ms = frame_header.duration * 1000.f *
#  313|                      info.animation.tps_denominator /

Scan Properties