a couple of small errors in libopenjpeg detected by coverity #1

gcode-importer · 2009-06-08T08:18:59Z

Originally reported on Google Code with ID 1

Hi all,

I'm a developer for blender(www.blender.org) were using openjpeg and
were also getting scans from coverity.
It detected a mem leak in t2.c

at line 617 it should free pi before returning -999

I can provide the details of the report if needed just let me know.
(They are a bit hard to read
and I figured this one is pretty straight forward)
its:
CID: 570
Checker: RESOURCE_LEAK (help)
File: base/src/extern/libopenjpeg/t2.c
Function: t2_encode_packets
Description: Variable "pi" not freed or pointed-to in function
"pi_create_encode"




There is one other report about some dead code this one I'm providing
the extra details.  I
haven't really looked at this one but figured I'd forward it on.  If
you fix these please note in your svn comments that it was detected by
coverity.  Let me know if this doesn't make sense.

CID: 566
Checker: DEADCODE (help)
File: base/src/extern/libopenjpeg/t1.c
Function: t1_encode_cblk
Description: Assigning "0" to "type"

Event const: After this line, the value of "type" is equal to 0
Event assignment: Assigning "0" to "type"
Also see events: [dead_error_begin][dead_error_condition][assignment]

835                     type = ((bpno < (cblk->numbps - 4)) && (passtype <
2) &&
(cblksty & J2K_CCP_CBLKSTY_LAZY)) ? T1_TYPE_RAW : T1_TYPE_MQ;
836
837                     switch (passtype) {
838                             case 0:
839                                     t1_enc_sigpass(t1, bpno, orient,
&nmsedec, type, cblksty);
840                                     break;
841                             case 1:
842                                     t1_enc_refpass(t1, bpno, &nmsedec,
type, cblksty);
843                                     break;
844                             case 2:
845                                     t1_enc_clnpass(t1, bpno, orient,
&nmsedec, cblksty);
846                                     /* code switch SEGMARK (i.e. SEGSYM) */
847                                     if (cblksty & J2K_CCP_CBLKSTY_SEGSYM)
848                                             mqc_segmark_enc(mqc);
849                                     break;
850                     }
851
852                     /* fixed_quality */
853                     tempwmsedec = t1_getwmsedec(nmsedec, compno, level,
orient,
bpno, qmfbid, stepsize, numcomps);
854                     cumwmsedec += tempwmsedec;
855                     tile->distotile += tempwmsedec;
856
857                     /* Code switch "RESTART" (i.e. TERMALL) */
858                     if ((cblksty & J2K_CCP_CBLKSTY_TERMALL) &&
!((passtype == 2)
&& (bpno - 1 < 0))) {
859                             if (type == T1_TYPE_RAW) {
860                                     mqc_flush(mqc);
861                                     correction = 1;
862                                     /* correction =
mqc_bypass_flush_enc(); */
863                             } else {                        /*
correction = mqc_restart_enc(); */
864                                     mqc_flush(mqc);
865                                     correction = 1;
866                             }
867                             pass->term = 1;
868                     } else {
869                             if (((bpno < (cblk->numbps - 4) &&
(passtype > 0))
870                                     || ((bpno == (cblk->numbps - 4)) &&
(passtype == 2))) &&
(cblksty & J2K_CCP_CBLKSTY_LAZY)) {

Event dead_error_condition: On this path, the condition "type == 1"
could not be true
Also see events: [dead_error_begin][const][assignment]

871                                     if (type == T1_TYPE_RAW) {

Event dead_error_begin: Cannot reach dead code beginning here
Also see events: [dead_error_condition][const][assignment]

872                                             mqc_flush(mqc);




Anyway thanks for the good work and keep it up.

Kent Mein

Reported by malaterre on 2009-06-08 08:18:59

The text was updated successfully, but these errors were encountered:

gcode-importer · 2009-06-08T08:19:29Z

Original post:

http://groups.google.com/group/openjpeg/browse_thread/thread/312ef65137c1f9f3

Reported by malaterre on 2009-06-08 08:19:29

gcode-importer · 2012-01-11T19:10:04Z

This has been fixed in r563. Closing

Reported by malaterre on 2012-01-11 19:10:04

Status changed: Done

CID 1190207 (uclouvain#1 of 1): Out-of-bounds read (OVERRUN) Variable i must be checked before testing query_param.box_type. Signed-off-by: Stefan Weil <sw@weilnetz.de>

CID 1190206 (uclouvain#1 of 1): Out-of-bounds read (OVERRUN) Variable i must be checked before testing query_param.box_type. Signed-off-by: Stefan Weil <sw@weilnetz.de>

* query_parser: Fix potential out-of-bounds read (coverity) CID 1190207 (#1 of 1): Out-of-bounds read (OVERRUN) Variable i must be checked before testing query_param.box_type. Signed-off-by: Stefan Weil <sw@weilnetz.de> * jpip_parser: Fix potential out-of-bounds read (coverity) CID 1190206 (#1 of 1): Out-of-bounds read (OVERRUN) Variable i must be checked before testing query_param.box_type. Signed-off-by: Stefan Weil <sw@weilnetz.de>

CID 1190155 (uclouvain#1 of 1): Unbounded source buffer (STRING_SIZE) Using a pointer instead of buffer of fixed size avoids the limit for the length of the input file name. Signed-off-by: Stefan Weil <sw@weilnetz.de>

CID 1190154 (uclouvain#1 of 1): Unbounded source buffer (STRING_SIZE) Using a pointer instead of buffer of fixed size avoids the limit for the length of the output file name. This implies that the length can exceed 255, so the data type for variable len had to be fixed, too. Signed-off-by: Stefan Weil <sw@weilnetz.de>

This fixes an error reported by Coverity: CID 1190143 (uclouvain#1 of 1): Uninitialized scalar variable (UNINIT) Signed-off-by: Stefan Weil <sw@weilnetz.de>

* test_tile_decoder: Fix potential buffer overflow (coverity) CID 1190155 (#1 of 1): Unbounded source buffer (STRING_SIZE) Using a pointer instead of buffer of fixed size avoids the limit for the length of the input file name. Signed-off-by: Stefan Weil <sw@weilnetz.de> * test_tile_encoder: Fix potential buffer overflow (coverity) CID 1190154 (#1 of 1): Unbounded source buffer (STRING_SIZE) Using a pointer instead of buffer of fixed size avoids the limit for the length of the output file name. This implies that the length can exceed 255, so the data type for variable len had to be fixed, too. Signed-off-by: Stefan Weil <sw@weilnetz.de> * openjpip: Initialize data before returning it This fixes an error reported by Coverity: CID 1190143 (#1 of 1): Uninitialized scalar variable (UNINIT) Signed-off-by: Stefan Weil <sw@weilnetz.de>

Coverity report: CID 179466 (uclouvain#1 of 1): Resource leak (RESOURCE_LEAK) 93. leaked_storage: Variable name going out of scope leaks the storage it points to. Signed-off-by: Stefan Weil <sw@weilnetz.de>

Run astyle

gcode-importer added bug Priority-Medium labels Jun 11, 2015

gcode-importer self-assigned this Jun 11, 2015

gcode-importer closed this as completed Jun 11, 2015

szukw000 mentioned this issue Jul 20, 2015

Fix opj_write_bytes_BE (#518) #521

Merged

szukw000 mentioned this issue Sep 14, 2016

BIG_ENDIAN bug in jpwl.c #839

Closed

STARLABSEC mentioned this issue Sep 16, 2016

null ptr dereference in convert.c:1331 #843

Closed

stweil added a commit to stweil/openjpeg that referenced this issue Sep 21, 2016

openjpip: Initialize data before returning it

f84e4b1

This fixes an error reported by Coverity: CID 1190143 (uclouvain#1 of 1): Uninitialized scalar variable (UNINIT) Signed-off-by: Stefan Weil <sw@weilnetz.de>

This was referenced May 23, 2017

Division by zero crash #937

Closed

Generic Crash in 1.5.0 #941

Closed

youwei1988 mentioned this issue Oct 25, 2017

memory allocation failure (Big memory allocation attempt) on BMP file #1039

Open

stweil mentioned this issue Dec 15, 2017

Fix resource leak (CID 179466) #1047

Merged

ProbeFuzzer mentioned this issue Feb 4, 2018

Excessive Iteration in opj_t1_encode_cblks (src/lib/openjp2/t1.c) #1059

Closed

rouault referenced this issue in rouault/openjpeg Jun 16, 2018

Merge pull request #1 from rouault/associated_data_support

ae71bb8

Run astyle

yngweijs mentioned this issue Oct 9, 2018

OPENJPEG null ptr dereference in openjpeg-2.3.0/src/bin/jp2/convert.c:2243 #1152

Closed

92wyunchao mentioned this issue Nov 28, 2019

one null pointer defference bug in sycc422_to_rgb in color.c #1221

Open

harlanc mentioned this issue Aug 2, 2023

v2.5.0 cannot be built successfully on aarch64 CentOS machine #1475

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

a couple of small errors in libopenjpeg detected by coverity #1

a couple of small errors in libopenjpeg detected by coverity #1

gcode-importer commented Jun 8, 2009

gcode-importer commented Jun 8, 2009

gcode-importer commented Jan 11, 2012

a couple of small errors in libopenjpeg detected by coverity #1

a couple of small errors in libopenjpeg detected by coverity #1

Comments

gcode-importer commented Jun 8, 2009

gcode-importer commented Jun 8, 2009

gcode-importer commented Jan 11, 2012