jpegxl-0.11.1-7.fc44

List of Findings

Error: CPPCHECK_WARNING (CWE-909): [#def1]
libjxl-0.11.1/lib/jxl/dec_patch_dictionary.cc:230: error[uninitStructMember]: Uninitialized struct member: root.left_child
#  228|     root.start = 0;
#  229|     root.num = intervals.size();
#  230|->   patch_tree_.push_back(root);
#  231|     size_t next = 0;
#  232|     while (next < patch_tree_.size()) {

Error: CPPCHECK_WARNING (CWE-909): [#def2]
libjxl-0.11.1/lib/jxl/dec_patch_dictionary.cc:230: error[uninitStructMember]: Uninitialized struct member: root.right_child
#  228|     root.start = 0;
#  229|     root.num = intervals.size();
#  230|->   patch_tree_.push_back(root);
#  231|     size_t next = 0;
#  232|     while (next < patch_tree_.size()) {

Error: CPPCHECK_WARNING (CWE-909): [#def3]
libjxl-0.11.1/lib/jxl/dec_patch_dictionary.cc:230: error[uninitStructMember]: Uninitialized struct member: root.y_center
#  228|     root.start = 0;
#  229|     root.num = intervals.size();
#  230|->   patch_tree_.push_back(root);
#  231|     size_t next = 0;
#  232|     while (next < patch_tree_.size()) {

Error: CPPCHECK_WARNING (CWE-457): [#def4]
libjxl-0.11.1/lib/jxl/dec_patch_dictionary.cc:230: error[uninitvar]: Uninitialized variables: root.left_child, root.right_child, root.y_center
#  228|     root.start = 0;
#  229|     root.num = intervals.size();
#  230|->   patch_tree_.push_back(root);
#  231|     size_t next = 0;
#  232|     while (next < patch_tree_.size()) {

Error: CPPCHECK_WARNING (CWE-909): [#def5]
libjxl-0.11.1/lib/jxl/dec_patch_dictionary.cc:271: error[uninitStructMember]: Uninitialized struct member: left.left_child
#  269|         left.num = left_end - left.start;
#  270|         patch_tree_[next].left_child = patch_tree_.size();
#  271|->       patch_tree_.push_back(left);
#  272|       }
#  273|       if (right_start < end) {

Error: CPPCHECK_WARNING (CWE-909): [#def6]
libjxl-0.11.1/lib/jxl/dec_patch_dictionary.cc:271: error[uninitStructMember]: Uninitialized struct member: left.right_child
#  269|         left.num = left_end - left.start;
#  270|         patch_tree_[next].left_child = patch_tree_.size();
#  271|->       patch_tree_.push_back(left);
#  272|       }
#  273|       if (right_start < end) {

Error: CPPCHECK_WARNING (CWE-909): [#def7]
libjxl-0.11.1/lib/jxl/dec_patch_dictionary.cc:271: error[uninitStructMember]: Uninitialized struct member: left.y_center
#  269|         left.num = left_end - left.start;
#  270|         patch_tree_[next].left_child = patch_tree_.size();
#  271|->       patch_tree_.push_back(left);
#  272|       }
#  273|       if (right_start < end) {

Error: CPPCHECK_WARNING (CWE-457): [#def8]
libjxl-0.11.1/lib/jxl/dec_patch_dictionary.cc:271: error[uninitvar]: Uninitialized variables: left.left_child, left.right_child, left.y_center
#  269|         left.num = left_end - left.start;
#  270|         patch_tree_[next].left_child = patch_tree_.size();
#  271|->       patch_tree_.push_back(left);
#  272|       }
#  273|       if (right_start < end) {

Error: CPPCHECK_WARNING (CWE-909): [#def9]
libjxl-0.11.1/lib/jxl/dec_patch_dictionary.cc:278: error[uninitStructMember]: Uninitialized struct member: right.left_child
#  276|         right.num = end - right.start;
#  277|         patch_tree_[next].right_child = patch_tree_.size();
#  278|->       patch_tree_.push_back(right);
#  279|       }
#  280|       ++next;

Error: CPPCHECK_WARNING (CWE-909): [#def10]
libjxl-0.11.1/lib/jxl/dec_patch_dictionary.cc:278: error[uninitStructMember]: Uninitialized struct member: right.right_child
#  276|         right.num = end - right.start;
#  277|         patch_tree_[next].right_child = patch_tree_.size();
#  278|->       patch_tree_.push_back(right);
#  279|       }
#  280|       ++next;

Error: CPPCHECK_WARNING (CWE-909): [#def11]
libjxl-0.11.1/lib/jxl/dec_patch_dictionary.cc:278: error[uninitStructMember]: Uninitialized struct member: right.y_center
#  276|         right.num = end - right.start;
#  277|         patch_tree_[next].right_child = patch_tree_.size();
#  278|->       patch_tree_.push_back(right);
#  279|       }
#  280|       ++next;

Error: CPPCHECK_WARNING (CWE-457): [#def12]
libjxl-0.11.1/lib/jxl/dec_patch_dictionary.cc:278: error[uninitvar]: Uninitialized variables: right.left_child, right.right_child, right.y_center
#  276|         right.num = end - right.start;
#  277|         patch_tree_[next].right_child = patch_tree_.size();
#  278|->       patch_tree_.push_back(right);
#  279|       }
#  280|       ++next;

Error: CPPCHECK_WARNING (CWE-457): [#def13]
libjxl-0.11.1/lib/jxl/enc_fast_lossless.cc:550: warning[uninitvar]: Uninitialized variable: compact_freqs
#  548|       }
#  549|       uint8_t num_bits[kMaxNumSymbols] = {};
#  550|->     ComputeCodeLengthsNonZero(compact_freqs, ni, min_limit, max_limit,
#  551|                                 num_bits);
#  552|       ni = 0;

Error: CPPCHECK_WARNING (CWE-398): [#def14]
libjxl-0.11.1/lib/jxl/enc_icc_codec.cc:172: error[containerOutOfBounds]: Out of bounds access in 'kTagStrings[j]', if 'kTagStrings' size is 4 and 'j' is 16
#  170|         uint8_t tagcode = kCommandTagUnknown;
#  171|         for (size_t j = 0; j < kNumTagStrings; j++) {
#  172|->         if (tag == *kTagStrings[j]) {
#  173|             tagcode = j + kCommandTagStringFirst;
#  174|             break;

Error: CPPCHECK_WARNING (CWE-398): [#def15]
libjxl-0.11.1/lib/jxl/enc_icc_codec.cc:409: error[containerOutOfBounds]: Out of bounds access in 'kTypeStrings[i]', if 'kTypeStrings' size is 4 and 'i' is 7
#  407|           Tag subTag = DecodeKeyword(icc, size, pos);
#  408|           for (size_t i = 0; i < kNumTypeStrings; i++) {
#  409|->           if (subTag == *kTypeStrings[i]) {
#  410|               JXL_RETURN_IF_ERROR(
#  411|                   commands_add.push_back(kCommandTypeStartFirst + i));

Error: CPPCHECK_WARNING (CWE-562): [#def16]
libjxl-0.11.1/lib/jxl/encode.cc:187: error[danglingLifetime]: Non-local variable 'next_out_' will use pointer to local variable 'next_out'.
#  185|     JXL_ENSURE(!external_output_processor_);
#  186|     avail_out_ = avail_out;
#  187|->   next_out_ = next_out;
#  188|     JXL_RETURN_IF_ERROR(FlushOutput());
#  189|     return true;

Error: CPPCHECK_WARNING (CWE-476): [#def17]
libjxl-0.11.1/lib/jxl/modular/encoding/enc_debug_tree.cc:99: warning[nullPointerOutOfResources]: If resource allocation fails, then there is a possible null pointer dereference: f
#   97|   void PrintTree(const Tree &tree, const std::string &path) {
#   98|     FILE *f = fopen((path + ".dot").c_str(), "w");
#   99|->   fprintf(f, "graph{\n");
#  100|     for (size_t cur = 0; cur < tree.size(); cur++) {
#  101|       if (tree[cur].property < 0) {

Error: CPPCHECK_WARNING (CWE-476): [#def18]
libjxl-0.11.1/lib/jxl/modular/encoding/enc_debug_tree.cc:112: warning[nullPointerOutOfResources]: If resource allocation fails, then there is a possible null pointer dereference: f
#  110|       }
#  111|     }
#  112|->   fprintf(f, "}\n");
#  113|     fclose(f);
#  114|   #if JXL_ENABLE_DOT

Error: CPPCHECK_WARNING (CWE-476): [#def19]
libjxl-0.11.1/lib/jxl/modular/encoding/enc_debug_tree.cc:113: warning[nullPointerOutOfResources]: If resource allocation fails, then there is a possible null pointer dereference: f
#  111|     }
#  112|     fprintf(f, "}\n");
#  113|->   fclose(f);
#  114|   #if JXL_ENABLE_DOT
#  115|     system(("dot " + path + ".dot -T svg -o " + path + ".svg").c_str());

Error: CPPCHECK_WARNING (CWE-758): [#def20]
libjxl-0.11.1/lib/jxl/render_pipeline/stage_upsampling.cc:105: error[missingReturn]: Found an exit path from function with non-void return type that has missing return statement
#  103|                       [x % 8 < 4 ? x % 4 : 3 - x % 4][y % 8 < 4 ? iy : 4 - iy]
#  104|                       [x % 8 < 4 ? ix : 4 - ix];
#  105|->     }
#  106|     }
#  107|   

Error: CPPCHECK_WARNING (CWE-562): [#def21]
libjxl-0.11.1/lib/jxl/test_utils.cc:95: error[returnDanglingLifetime]: Returning object that points to local variable 'str' that will be invalid when returning.
#   93|     printf("Test data %s is %d bytes long.\n", filename.c_str(),
#   94|            static_cast<int>(data.size()));
#   95|->   return data;
#   96|   }
#   97|   

Error: CPPCHECK_WARNING (CWE-457): [#def22]
libjxl-0.11.1/third_party/sjpeg/src/enc.cc:1350: warning[uninitvar]: Uninitialized variable: sorted_freq
# 1348|     // initial sort
# 1349|     // TODO(skal): replace by counting-sort?? (merged with previous loop?)
# 1350|->   qsort(sorted_freq, nb_syms, sizeof(sorted_freq[0]), cmp);
# 1351|   
# 1352|     // fake last symbol, with lowest frequency: will be assigned to the forbidden

Error: CPPCHECK_WARNING (CWE-786): [#def23]
libjxl-0.11.1/third_party/sjpeg/src/enc.cc:1441: error[negativeIndex]: Array 'start[32]' accessed at index -1, which is out of bounds.
# 1439|       }
# 1440|     }
# 1441|->   assert(start[max_bit_size - 1] == nb_syms - 1);
# 1442|   
# 1443|     // Fix codes with length greater than 16 bits. We move too long

Error: CPPCHECK_WARNING (CWE-823): [#def24]
libjxl-0.11.1/third_party/sjpeg/src/jpeg_tools.cc:245: error[arrayIndexOutOfBounds]: Array 'yuv[24]' accessed at index 127, which is out of bounds.
#  243|     uint16_t idx[64];
#  244|     for (int k = 0; k < 64; ++k) {
#  245|->     idx[k] = YUVToRiskIdx(yuv[k + 0 * 64], yuv[k + 1 * 64],  yuv[k + 2 * 64]);
#  246|     }
#  247|     const int kRGB3 = sjpeg::kRGBSize * sjpeg::kRGBSize * sjpeg::kRGBSize;

Error: CPPCHECK_WARNING (CWE-823): [#def25]
libjxl-0.11.1/third_party/sjpeg/src/jpeg_tools.cc:245: error[arrayIndexOutOfBounds]: Array 'yuv[24]' accessed at index 191, which is out of bounds.
#  243|     uint16_t idx[64];
#  244|     for (int k = 0; k < 64; ++k) {
#  245|->     idx[k] = YUVToRiskIdx(yuv[k + 0 * 64], yuv[k + 1 * 64],  yuv[k + 2 * 64]);
#  246|     }
#  247|     const int kRGB3 = sjpeg::kRGBSize * sjpeg::kRGBSize * sjpeg::kRGBSize;

Error: CPPCHECK_WARNING (CWE-823): [#def26]
libjxl-0.11.1/third_party/sjpeg/src/jpeg_tools.cc:245: error[arrayIndexOutOfBounds]: Array 'yuv[24]' accessed at index 63, which is out of bounds.
#  243|     uint16_t idx[64];
#  244|     for (int k = 0; k < 64; ++k) {
#  245|->     idx[k] = YUVToRiskIdx(yuv[k + 0 * 64], yuv[k + 1 * 64],  yuv[k + 2 * 64]);
#  246|     }
#  247|     const int kRGB3 = sjpeg::kRGBSize * sjpeg::kRGBSize * sjpeg::kRGBSize;

Error: CPPCHECK_WARNING (CWE-786): [#def27]
libjxl-0.11.1/third_party/sjpeg/src/jpeg_tools.cc:254: error[negativeIndex]: Array 'idx[64]' accessed at index -1, which is out of bounds.
#  252|         const int k = I + J * 8;
#  253|         const int idx0 = idx[k + 0];
#  254|->       const int idx1 = idx[k + (I < 7 ? 1 : -1)];
#  255|         const int idx2 = idx[k + (J < 7 ? 8 : -8)];
#  256|         int score = sjpeg::kSharpnessScore[idx0 + kRGB3 * idx1]

Error: CPPCHECK_WARNING (CWE-786): [#def28]
libjxl-0.11.1/third_party/sjpeg/src/jpeg_tools.cc:255: error[negativeIndex]: Array 'idx[64]' accessed at index -8, which is out of bounds.
#  253|         const int idx0 = idx[k + 0];
#  254|         const int idx1 = idx[k + (I < 7 ? 1 : -1)];
#  255|->       const int idx2 = idx[k + (J < 7 ? 8 : -8)];
#  256|         int score = sjpeg::kSharpnessScore[idx0 + kRGB3 * idx1]
#  257|                   + sjpeg::kSharpnessScore[idx0 + kRGB3 * idx2]

Error: CPPCHECK_WARNING (CWE-401): [#def29]
libjxl-0.11.1/tools/jxlinfo.c:111: error[memleakOnRealloc]: Common realloc mistake: 'data' nulled but not freed upon failure
#  109|         // resize the buffer to append one more chunk of data
#  110|         // TODO(lode): avoid unnecessary reallocations
#  111|->       data = (uint8_t*)realloc(data, remaining + chunk_size);
#  112|         // append bytes read from the file behind the remaining bytes
#  113|         size_t read_size = fread(data + remaining, 1, chunk_size, file);

Scan Properties