Fixed findings

List of Findings

Error: COMPILER_WARNING (CWE-457): [#def1]
libjxl-0.11.1/lib/extras/packed_image.h:257:8: warning[-Wmaybe-uninitialized]: ‘pec.index’ may be used uninitialized
#  257 | struct PackedExtraChannel {
#      |        ^~~~~~~~~~~~~~~~~~
libjxl-0.11.1/lib/extras/codec_test.cc: scope_hint: In function ‘jxl::extras::(anonymous namespace)::TestRoundTrip(jxl::extras::(anonymous namespace)::TestImageParams const&, jxl::ThreadPool*)’
libjxl-0.11.1/lib/extras/codec_test.cc:253:26: note: ‘pec’ declared here
#  253 |       PackedExtraChannel pec;
#      |                          ^~~
#  255|   
#  256|   // The extra channel metadata information.
#  257|-> struct PackedExtraChannel {
#  258|     JxlExtraChannelInfo ec_info;
#  259|     size_t index;

Error: COMPILER_WARNING (CWE-457): [#def2]
libjxl-0.11.1/lib/jxl/enc_fast_lossless.cc: scope_hint: In function ‘(anonymous namespace)::PrefixCode::ComputeCodeLengths(unsigned long const*, unsigned long, unsigned char const*, unsigned char const*, unsigned char*)’
libjxl-0.11.1/lib/jxl/enc_fast_lossless.cc:550:30: warning[-Wmaybe-uninitialized]: ‘compact_freqs’ may be used uninitialized
#  550 |     ComputeCodeLengthsNonZero(compact_freqs, ni, min_limit, max_limit,
#      |     ~~~~~~~~~~~~~~~~~~~~~~~~~^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#  551 |                               num_bits);
#      |                               ~~~~~~~~~
libjxl-0.11.1/lib/jxl/enc_fast_lossless.cc:503:15: note: by argument 1 of type ‘const uint64_t *’ to ‘(anonymous namespace)::PrefixCode::ComputeCodeLengthsNonZero(unsigned long const*, unsigned long, unsigned char*, unsigned char*, unsigned char*)’ declared here
#  503 |   static void ComputeCodeLengthsNonZero(const uint64_t* freqs, size_t n,
#      |               ^~~~~~~~~~~~~~~~~~~~~~~~~
libjxl-0.11.1/lib/jxl/enc_fast_lossless.cc:537:14: note: ‘compact_freqs’ declared here
#  537 |     uint64_t compact_freqs[kMaxNumSymbols];
#      |              ^~~~~~~~~~~~~
#  548|       }
#  549|       uint8_t num_bits[kMaxNumSymbols] = {};
#  550|->     ComputeCodeLengthsNonZero(compact_freqs, ni, min_limit, max_limit,
#  551|                                 num_bits);
#  552|       ni = 0;

Error: COMPILER_WARNING: [#def3]
libjxl-0.11.1/lib/jxl/encode.cc:187:13: warning[-Wdangling-pointer=]: storing the address of local variable ‘next_out’ in ‘this_12(D)->next_out_’
#  187 |   next_out_ = next_out;
#      |   ~~~~~~~~~~^~~~~~~~~~
libjxl-0.11.1/lib/jxl/encode.cc: scope_hint: In member function ‘JxlEncoderOutputProcessorWrapper::CopyOutput(std::vector<unsigned char, std::allocator<unsigned char> >&, unsigned char*, unsigned long&)’
libjxl-0.11.1/lib/jxl/encode.cc:193:44: note: ‘next_out’ declared here
#  193 |     std::vector<uint8_t>& output, uint8_t* next_out, size_t& avail_out) {
#      |                                   ~~~~~~~~~^~~~~~~~
libjxl-0.11.1/lib/jxl/encode.cc:193:71: note: ‘this’ declared here
#  193 |     std::vector<uint8_t>& output, uint8_t* next_out, size_t& avail_out) {
#      |                                                                       ^
#  185|     JXL_ENSURE(!external_output_processor_);
#  186|     avail_out_ = avail_out;
#  187|->   next_out_ = next_out;
#  188|     JXL_RETURN_IF_ERROR(FlushOutput());
#  189|     return true;

Error: COMPILER_WARNING (CWE-457): [#def4]
libjxl-0.11.1/third_party/skcms/src/Transform_inl.h:119:14: warning[-Wmaybe-uninitialized]: ‘d’ may be used uninitialized
#  119 |         d[i] = v[i];
#      |         ~~~~~^~~~
libjxl-0.11.1/third_party/skcms/src/Transform_inl.h: scope_hint: In function ‘baseline::exec_ops(skcms_private::Op const*, void const**, char const*, char*, int)’
libjxl-0.11.1/third_party/skcms/src/Transform_inl.h:117:7: note: ‘d’ was declared here
#  117 |     D d;
#      |       ^
#  117|       D d;
#  118|       for (int i = 0; i < N; i++) {
#  119|->         d[i] = v[i];
#  120|       }
#  121|       return d;

Error: COMPILER_WARNING: [#def5]
libjxl-0.11.1/tools/djxl_main.cc: scope_hint: In function ‘main’
libjxl-0.11.1/tools/djxl_main.cc:294:42: warning[-Wformat-truncation=]: ‘%0*d’ directive output between 1 and 2147483647 bytes may cause result to exceed ‘INT_MAX’
#  294 |     snprintf(buf.data(), buf.size(), "-ec%0*d", digits(num_layers),
#      |                                          ^~~~
libjxl-0.11.1/tools/djxl_main.cc:294:38: note: directive argument in the range [0, 2147483647]
#  294 |     snprintf(buf.data(), buf.size(), "-ec%0*d", digits(num_layers),
#      |                                      ^~~~~~~~~
#  292|     if (num_layers > 1 && layer_index > 0) {
#  293|       std::vector<char> buf(4 + digits(num_layers));
#  294|->     snprintf(buf.data(), buf.size(), "-ec%0*d", digits(num_layers),
#  295|                layer_index);
#  296|       out.append(buf.data());

Scan Properties

analyzer-version-clippy	1.92.0
analyzer-version-cppcheck	2.19.1
analyzer-version-gcc	16.0.0
analyzer-version-gcc-analyzer	16.0.0
analyzer-version-shellcheck	0.11.0
analyzer-version-unicontrol	0.0.2
diffbase-analyzer-version-clippy	1.92.0
diffbase-analyzer-version-cppcheck	2.19.1
diffbase-analyzer-version-gcc	16.0.0
diffbase-analyzer-version-gcc-analyzer	16.0.0
diffbase-analyzer-version-shellcheck	0.11.0
diffbase-analyzer-version-unicontrol	0.0.2
diffbase-enabled-plugins	clippy, cppcheck, gcc, shellcheck, unicontrol
diffbase-exit-code	0
diffbase-host	ip-172-16-1-21.us-west-2.compute.internal
diffbase-known-false-positives	/usr/share/csmock/known-false-positives.js
diffbase-known-false-positives-rpm	known-false-positives-0.0.0.20250521.132812.g8eff701.main-1.el9.noarch
diffbase-mock-config	fedora-rawhide-x86_64
diffbase-project-name	jpegxl-0.11.1-7.fc44
diffbase-store-results-to	/tmp/tmpy0guly87/jpegxl-0.11.1-7.fc44.tar.xz
diffbase-time-created	2026-01-08 17:29:36
diffbase-time-finished	2026-01-08 17:40:45
diffbase-tool	csmock
diffbase-tool-args	'/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'gcc,cppcheck,clippy,shellcheck,unicontrol' '-o' '/tmp/tmpy0guly87/jpegxl-0.11.1-7.fc44.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmpy0guly87/jpegxl-0.11.1-7.fc44.src.rpm'
diffbase-tool-version	csmock-3.8.3.20251215.161544.g62de9a5-1.el9
enabled-plugins	clippy, cppcheck, gcc, shellcheck, unicontrol
exit-code	0
host	ip-172-16-1-21.us-west-2.compute.internal
known-false-positives	/usr/share/csmock/known-false-positives.js
known-false-positives-rpm	known-false-positives-0.0.0.20250521.132812.g8eff701.main-1.el9.noarch
mock-config	fedora-rawhide-x86_64
project-name	jpegxl-0.11.1-6.fc43
store-results-to	/tmp/tmpu9qzrzw_/jpegxl-0.11.1-6.fc43.tar.xz
time-created	2026-01-08 17:10:45
time-finished	2026-01-08 17:29:17
title	Fixed findings
tool	csmock
tool-args	'/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'gcc,cppcheck,clippy,shellcheck,unicontrol' '-o' '/tmp/tmpu9qzrzw_/jpegxl-0.11.1-6.fc43.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmpu9qzrzw_/jpegxl-0.11.1-6.fc43.src.rpm'
tool-version	csmock-3.8.3.20251215.161544.g62de9a5-1.el9