[FFmpeg-trac] #3466(undetermined:new): PVS-Studio static code analysis (was: PVS-Studio)

FFmpeg trac at avcodec.org
Sun Mar 16 10:25:48 CET 2014


#3466: PVS-Studio static code analysis
-------------------------------------+-------------------------------------
             Reporter:               |                    Owner:
  Andrey_Karpov                      |                   Status:  new
                 Type:  defect       |                Component:
             Priority:  normal       |  undetermined
              Version:  unspecified  |               Resolution:
             Keywords:               |               Blocked By:
             Blocking:               |  Reproduced by developer:  0
Analyzed by developer:  0            |
-------------------------------------+-------------------------------------
Changes (by cehoyos):

 * component:  ffmpeg => undetermined


Old description:

> Analyzer PVS-Studio (http://www.viva64.com/) slowly learns to check Linux
> projects. Currently can not very well. However, tool was able to find
> some suspicious code. I checked the project FFmpeg. Maybe something here
> is errors:
>
> V501 There are identical sub-expressions '!srcSlice' to the left and to
> the right of the '||' operator. swscale.c 924
>
> int attribute_align_arg sws_scale(struct SwsContext *c,
>                                   const uint8_t * const srcSlice[],
>                                   const int srcStride[], int srcSliceY,
>                                   int srcSliceH, uint8_t *const dst[],
>                                   const int dstStride[])
> {
>     int i, ret;
>     const uint8_t *src2[4];
>     uint8_t *dst2[4];
>     uint8_t *rgb0_tmp = NULL;
>
>     if (!srcSlice || !dstStride || !dst || !srcSlice) {
>         av_log(c, AV_LOG_ERROR, "One of the input parameters to
> sws_scale() is NULL, please check the calling code\n");
>         return 0;
>     }
>   ....
> }
> -------------------------------------------------------------------------------
> V512 A call of the 'memcpy' function will lead to underflow of the buffer
> 'frame->data'. vf_shuffleplanes.c 98
>
> typedef struct AVFrame {
>   uint8_t *data[8];
>   ....
> };
>
> static int shuffleplanes_filter_frame(AVFilterLink *inlink, AVFrame
> *frame)
> {
>   ....
>   uint8_t *shuffled_data[4] = { NULL };
>   ....
>   memcpy(frame->data, shuffled_data, sizeof(shuffled_data));
>   ....
> }
> -------------------------------------------------------------------------------
> V557 Array overrun is possible. The '8' index is pointing beyond array
> bound. mjpegenc.c 497
> V557 Array overrun is possible. The '9' index is pointing beyond array
> bound. mjpegenc.c 499
>
> void ff_mjpeg_encode_mb(MpegEncContext *s, int16_t block[6][64])
> {
>     int i;
>     if (s->chroma_format == CHROMA_444) {
>         encode_block(s, block[0], 0);
>         encode_block(s, block[2], 2);
>         encode_block(s, block[4], 4);
>         encode_block(s, block[8], 8);
>         encode_block(s, block[5], 5);
>         encode_block(s, block[9], 9);
>   ....
> }
>
> #add
> V557 Array overrun is possible. The '6' index is pointing beyond array
> bound. mjpegenc.c 504
> V557 Array overrun is possible. The '10' index is pointing beyond array
> bound. mjpegenc.c 505
> V557 Array overrun is possible. The '7' index is pointing beyond array
> bound. mjpegenc.c 506
> V557 Array overrun is possible. The '11' index is pointing beyond array
> bound. mjpegenc.c 507
> V557 Array overrun is possible. The '6' index is pointing beyond array
> bound. mjpegenc.c 516
> V557 Array overrun is possible. The '7' index is pointing beyond array
> bound. mjpegenc.c 518
> -------------------------------------------------------------------------------
> V564 The '&' operator is applied to bool type value. You've probably
> forgotten to include parentheses or intended to use the '&&' operator.
> dcadec.c 1373
>
> static int dca_subsubframe(DCAContext *s, int base_channel, int
> block_index)
> {
>   ....
>   if (!s->debug_flag & 0x01) {
>     av_log(s->avctx, AV_LOG_DEBUG,
>       "Stream with high frequencies VQ coding\n");
>     s->debug_flag |= 0x01;
>   }
>   ....
> }
> -------------------------------------------------------------------------------
> V564 The '&' operator is applied to bool type value. You've probably
> forgotten to include parentheses or intended to use the '&&' operator.
> vc1dec.c 3675
>
> static int vc1_decode_p_mb(VC1Context *v)
> {
>   ....
>   int is_intra[6], is_coded[6];
>   ....
>   if (!coded_inter)
>     coded_inter = !is_intra[i] & is_coded[i];
>   ....
> }
> -------------------------------------------------------------------------------
> V593 Consider reviewing the expression of the 'A = B < C' kind. The
> expression is calculated as following: 'A = (B < C)'. fic.c 245
>
> static int fic_decode_frame(....)
> {
>   ....
>   if (ret = avctx->execute(avctx, fic_decode_slice, ctx->slice_data,
>                            NULL, nslices, sizeof(ctx->slice_data[0])) <
> 0)
>     return ret;
>   ....
> }
> -------------------------------------------------------------------------------
> V595 The 'ts->pids[pid]' pointer was utilized before it was verified
> against nullptr. Check lines: 1377, 1379. mpegts.c 1377
>
> static void m4sl_cb(....)
> {
>   ....
>   if (ts->pids[pid]->es_id != mp4_descr[i].es_id)
>     continue;
>   if (!(ts->pids[pid] && ts->pids[pid]->type == MPEGTS_PES)) {
>   ....
> }
> -------------------------------------------------------------------------------
> V610 Undefined behavior. Check the shift operator '<<. The left operand
> '-1' is negative. diracdec.c 1358
>
> static int mc_subpel(....)
> {
>   ....
>   mx = motion_x & ~(-1 << s->mv_precision);
>   ....
> }
>
> #add
> V610 Undefined behavior. Check the shift operator '<<. The left operand
> '-1' is negative. apedec.c 1297
> V610 Undefined behavior. Check the shift operator '<<. The left operand
> '-1' is negative. diracdec.c 1359
> V610 Undefined behavior. Check the shift operator '<<. The left operand
> '-1' is negative. g723_1.c 2145
> V610 Undefined behavior. Check the shift operator '<<. The left operand
> '(- 1)' is negative. hevcpred_template.c 162
> V610 Undefined behavior. Check the shift operator '<<. The left operand
> '(- 1)' is negative. hevcpred_template.c 166
> V610 Undefined behavior. Check the shift operator '<<. The left operand
> '(- 1)' is negative. hevcpred_template.c 171
> V610 Undefined behavior. Check the shift operator '<<. The left operand
> '(- 1)' is negative. hevcpred_template.c 174
> V610 Undefined behavior. Check the shift operator '<<. The left operand
> '(- 1)' is negative. hevcpred_template.c 180
> V610 Undefined behavior. Check the shift operator '<<. The left operand
> '(- 1)' is negative. hevcpred_template.c 184
> V610 Undefined behavior. Check the shift operator '<<. The left operand
> '(- 1)' is negative. hevcpred_template.c 188
> V610 Undefined behavior. Check the shift operator '<<. The left operand
> '(- 1)' is negative. hevcpred_template.c 208
> V610 Undefined behavior. Check the shift operator '<<. The left operand
> '(- 1)' is negative. hevcpred_template.c 210
> V610 Undefined behavior. Check the shift operator '<<. The left operand
> '(- 1)' is negative. hevcpred_template.c 212
> V610 Undefined behavior. Check the shift operator '<<. The left operand
> '(- 1)' is negative. hevcpred_template.c 214
> V610 Undefined behavior. Check the shift operator '<<. The left operand
> '(- 1)' is negative. hevcpred_template.c 220
> V610 Undefined behavior. Check the shift operator '<<. The left operand
> '(- 1)' is negative. hevcpred_template.c 224
> V610 Undefined behavior. Check the shift operator '<<. The left operand
> '(- 1)' is negative. hevcpred_template.c 226
> V610 Undefined behavior. Check the shift operator '<<. The left operand
> '(- 1)' is negative. hevcpred_template.c 233
> V610 Undefined behavior. Check the shift operator '<<. The left operand
> '(- 1)' is negative. hevcpred_template.c 242
> V610 Undefined behavior. Check the shift operator '<<. The left operand
> '(- 1)' is negative. hevcpred_template.c 246
> V610 Undefined behavior. Check the shift operator '<<. The left operand
> '(- 1)' is negative. hevcpred_template.c 250
> V610 Undefined behavior. Check the shift operator '<<. The left operand
> '(- (2))' is negative. indeo3data.h 257
> V610 Undefined behavior. Check the shift operator '<<. The left operand
> '(- 1)' is negative. mlpdec.c 600
> V610 Undefined behavior. Check the shift operator '<<. The left operand
> '(- 1)' is negative. motion_est_template.c 704
> V610 Unspecified behavior. Check the shift operator '>>. The left operand
> '(- 1)' is negative. motion_est.c 431
> V610 Unspecified behavior. Check the shift operator '>>. The left operand
> '(- 1)' is negative. motion_est.c 437
> V610 Unspecified behavior. Check the shift operator '>>. The left operand
> '(- 1)' is negative. motion_est.c 439
> V610 Unspecified behavior. Check the shift operator '>>. The left operand
> '(- 1)' is negative. motion_est.c 443
> V610 Unspecified behavior. Check the shift operator '>>. The left operand
> '(- 1)' is negative. motion_est.c 454
> V610 Unspecified behavior. Check the shift operator '>>. The left operand
> '(- 1)' is negative. motion_est.c 460
> V610 Unspecified behavior. Check the shift operator '>>. The left operand
> '(- 1)' is negative. motion_est.c 461
> V610 Unspecified behavior. Check the shift operator '>>. The left operand
> '(- 1)' is negative. motion_est.c 468
> V610 Unspecified behavior. Check the shift operator '>>. The left operand
> '(- 32)' is negative. motion_est.c 1423
> V610 Undefined behavior. Check the shift operator '<<. The left operand
> '-1' is negative. mpegaudiodec_template.c 219
> V610 Undefined behavior. Check the shift operator '<<. The left operand
> '-1LL' is negative. wavpack.c 671
> V610 Undefined behavior. Check the shift operator '<<. The left operand
> '-1' is negative. wmadec.c 702
> V610 Undefined behavior. Check the shift operator '<<. The left operand
> '-128' is negative. output.c 690
> V610 Undefined behavior. Check the shift operator '<<. The left operand
> '-128' is negative. output.c 691
> V610 Undefined behavior. Check the shift operator '<<. The left operand
> '-128' is negative. output.c 770
> V610 Undefined behavior. Check the shift operator '<<. The left operand
> '-128' is negative. output.c 771
> V610 Undefined behavior. Check the shift operator '<<. The left operand
> '-128' is negative. output.c 819
> V610 Undefined behavior. Check the shift operator '<<. The left operand
> '-128' is negative. output.c 820
> V610 Undefined behavior. Check the shift operator '<<. The left operand
> '-128' is negative. output.c 858
> V610 Undefined behavior. Check the shift operator '<<. The left operand
> '-128' is negative. output.c 859
> V610 Undefined behavior. Check the shift operator '<<. The left operand
> '-128' is negative. output.c 908
> V610 Undefined behavior. Check the shift operator '<<. The left operand
> '-128' is negative. output.c 909
> V610 Undefined behavior. Check the shift operator '<<. The left operand
> '-128' is negative. output.c 970
> V610 Undefined behavior. Check the shift operator '<<. The left operand
> '-128' is negative. output.c 971
> V610 Undefined behavior. Check the shift operator '<<. The left operand
> '-128' is negative. output.c 1008
> V610 Undefined behavior. Check the shift operator '<<. The left operand
> '-128' is negative. output.c 1009
> V610 Undefined behavior. Check the shift operator '<<. The left operand
> '-128' is negative. output.c 1036
> V610 Undefined behavior. Check the shift operator '<<. The left operand
> '-128' is negative. output.c 1037
> -------------------------------------------------------------------------------
> V614 Potentially uninitialized variable 'info_bits' used. g723_1.c 2335
>
> static int pack_bitstream(G723_1_Context *p, unsigned char *frame, int
> size)
> {
>   ....
>   int info_bits;
>   ....
>   if (p->cur_rate == RATE_6300) {
>     info_bits = 0;
>     put_bits(&pb, 2, info_bits);
>   }
>   ....
>   return frame_size[info_bits];
> }
> -------------------------------------------------------------------------------
> V636 The 'i / 4' expression was implicitly casted from 'int' type to
> 'double' type. Consider utilizing an explicit type cast to avoid the loss
> of a fractional part. An example: double A = (double)(X) / Y;.
> mpegaudio_tablegen.h 48
>
> static void mpegaudio_tableinit(void)
> {
>   int i, value, exponent;
>   for (i = 1; i < TABLE_4_3_SIZE; i++) {
>     double value = i / 4;
>   ....
> }
>
> #add
> V636 The 'sad / nb_sad' expression was implicitly casted from 'long' type
> to 'double' type. Consider utilizing an explicit type cast to avoid the
> loss of a fractional part. An example: double A = (double)(X) / Y;.
> f_select.c 282
> V636 The 'width / 2' expression was implicitly casted from 'int' type to
> 'double' type. Consider utilizing an explicit type cast to avoid the loss
> of a fractional part. An example: double A = (double)(X) / Y;.
> vf_deshake.c 309
> V636 The 'height / 2' expression was implicitly casted from 'int' type to
> 'double' type. Consider utilizing an explicit type cast to avoid the loss
> of a fractional part. An example: double A = (double)(X) / Y;.
> vf_deshake.c 310
> V636 The 'mb->h / 2' expression was implicitly casted from 'int' type to
> 'double' type. Consider utilizing an explicit type cast to avoid the loss
> of a fractional part. An example: double A = (double)(X) / Y;.
> vsrc_mandelbrot.c 258
> V636 The 'mb->w / 2' expression was implicitly casted from 'int' type to
> 'double' type. Consider utilizing an explicit type cast to avoid the loss
> of a fractional part. An example: double A = (double)(X) / Y;.
> vsrc_mandelbrot.c 267
> V636 The 's->avctx->rc_buffer_size * 3 / 4' expression was implicitly
> casted from 'int' type to 'double' type. Consider utilizing an explicit
> type cast to avoid the loss of a fractional part. An example: double A =
> (double)(X) / Y;. ratecontrol.c 163
> V636 The 's->avctx->rc_buffer_size / 2' expression was implicitly casted
> from 'int' type to 'double' type. Consider utilizing an explicit type
> cast to avoid the loss of a fractional part. An example: double A =
> (double)(X) / Y;. ratecontrol.c 961
> V636 The '1 * s->out.ch_count / s->in.ch_count' expression was implicitly
> casted from 'int' type to 'double' type. Consider utilizing an explicit
> type cast to avoid the loss of a fractional part. An example: double A =
> (double)(X) / Y;. swresample.c 386
> -------------------------------------------------------------------------------
> V640 The code's operational logic does not correspond with its
> formatting. The statement is indented to the right, but it is always
> executed. It is possible that curly brackets are missing. vc1dec.c 1917
>
> static void vc1_interp_mc(VC1Context *v)
> {
>   ....
>   if (v->field_mode) {
>       if (v->cur_field_type != v->ref_field_type[1])
>           my   = my   - 2 + 4 * v->cur_field_type;
>           uvmy = uvmy - 2 + 4 * v->cur_field_type;
>   }
>   ....
> }
> -------------------------------------------------------------------------------
>
> P.S. Errors description: http://www.viva64.com/en/d/

New description:

 Analyzer PVS-Studio (http://www.viva64.com/) slowly learns to check Linux
 projects. Currently can not very well. However, tool was able to find some
 suspicious code. I checked the project FFmpeg. Maybe something here is
 errors:
 {{{
 V501 There are identical sub-expressions '!srcSlice' to the left and to
 the right of the '||' operator. swscale.c 924

 int attribute_align_arg sws_scale(struct SwsContext *c,
                                   const uint8_t * const srcSlice[],
                                   const int srcStride[], int srcSliceY,
                                   int srcSliceH, uint8_t *const dst[],
                                   const int dstStride[])
 {
     int i, ret;
     const uint8_t *src2[4];
     uint8_t *dst2[4];
     uint8_t *rgb0_tmp = NULL;

     if (!srcSlice || !dstStride || !dst || !srcSlice) {
         av_log(c, AV_LOG_ERROR, "One of the input parameters to
 sws_scale() is NULL, please check the calling code\n");
         return 0;
     }
   ....
 }
 }}}
 {{{
 V512 A call of the 'memcpy' function will lead to underflow of the buffer
 'frame->data'. vf_shuffleplanes.c 98

 typedef struct AVFrame {
   uint8_t *data[8];
   ....
 };

 static int shuffleplanes_filter_frame(AVFilterLink *inlink, AVFrame
 *frame)
 {
   ....
   uint8_t *shuffled_data[4] = { NULL };
   ....
   memcpy(frame->data, shuffled_data, sizeof(shuffled_data));
   ....
 }
 }}}
 {{{
 V557 Array overrun is possible. The '8' index is pointing beyond array
 bound. mjpegenc.c 497
 V557 Array overrun is possible. The '9' index is pointing beyond array
 bound. mjpegenc.c 499

 void ff_mjpeg_encode_mb(MpegEncContext *s, int16_t block[6][64])
 {
     int i;
     if (s->chroma_format == CHROMA_444) {
         encode_block(s, block[0], 0);
         encode_block(s, block[2], 2);
         encode_block(s, block[4], 4);
         encode_block(s, block[8], 8);
         encode_block(s, block[5], 5);
         encode_block(s, block[9], 9);
   ....
 }
 #add
 V557 Array overrun is possible. The '6' index is pointing beyond array
 bound. mjpegenc.c 504
 V557 Array overrun is possible. The '10' index is pointing beyond array
 bound. mjpegenc.c 505
 V557 Array overrun is possible. The '7' index is pointing beyond array
 bound. mjpegenc.c 506
 V557 Array overrun is possible. The '11' index is pointing beyond array
 bound. mjpegenc.c 507
 V557 Array overrun is possible. The '6' index is pointing beyond array
 bound. mjpegenc.c 516
 V557 Array overrun is possible. The '7' index is pointing beyond array
 bound. mjpegenc.c 518
 }}}
 {{{
 V564 The '&' operator is applied to bool type value. You've probably
 forgotten to include parentheses or intended to use the '&&' operator.
 dcadec.c 1373

 static int dca_subsubframe(DCAContext *s, int base_channel, int
 block_index)
 {
   ....
   if (!s->debug_flag & 0x01) {
     av_log(s->avctx, AV_LOG_DEBUG,
       "Stream with high frequencies VQ coding\n");
     s->debug_flag |= 0x01;
   }
   ....
 }
 }}}
 {{{
 V564 The '&' operator is applied to bool type value. You've probably
 forgotten to include parentheses or intended to use the '&&' operator.
 vc1dec.c 3675

 static int vc1_decode_p_mb(VC1Context *v)
 {
   ....
   int is_intra[6], is_coded[6];
   ....
   if (!coded_inter)
     coded_inter = !is_intra[i] & is_coded[i];
   ....
 }
 }}}
 {{{
 V593 Consider reviewing the expression of the 'A = B < C' kind. The
 expression is calculated as following: 'A = (B < C)'. fic.c 245

 static int fic_decode_frame(....)
 {
   ....
   if (ret = avctx->execute(avctx, fic_decode_slice, ctx->slice_data,
                            NULL, nslices, sizeof(ctx->slice_data[0])) < 0)
     return ret;
   ....
 }
 }}}
 {{{
 V595 The 'ts->pids[pid]' pointer was utilized before it was verified
 against nullptr. Check lines: 1377, 1379. mpegts.c 1377

 static void m4sl_cb(....)
 {
   ....
   if (ts->pids[pid]->es_id != mp4_descr[i].es_id)
     continue;
   if (!(ts->pids[pid] && ts->pids[pid]->type == MPEGTS_PES)) {
   ....
 }
 }}}
 {{{
 V610 Undefined behavior. Check the shift operator '<<. The left operand
 '-1' is negative. diracdec.c 1358

 static int mc_subpel(....)
 {
   ....
   mx = motion_x & ~(-1 << s->mv_precision);
   ....
 }

 #add
 V610 Undefined behavior. Check the shift operator '<<. The left operand
 '-1' is negative. apedec.c 1297
 V610 Undefined behavior. Check the shift operator '<<. The left operand
 '-1' is negative. diracdec.c 1359
 V610 Undefined behavior. Check the shift operator '<<. The left operand
 '-1' is negative. g723_1.c 2145
 V610 Undefined behavior. Check the shift operator '<<. The left operand
 '(- 1)' is negative. hevcpred_template.c 162
 V610 Undefined behavior. Check the shift operator '<<. The left operand
 '(- 1)' is negative. hevcpred_template.c 166
 V610 Undefined behavior. Check the shift operator '<<. The left operand
 '(- 1)' is negative. hevcpred_template.c 171
 V610 Undefined behavior. Check the shift operator '<<. The left operand
 '(- 1)' is negative. hevcpred_template.c 174
 V610 Undefined behavior. Check the shift operator '<<. The left operand
 '(- 1)' is negative. hevcpred_template.c 180
 V610 Undefined behavior. Check the shift operator '<<. The left operand
 '(- 1)' is negative. hevcpred_template.c 184
 V610 Undefined behavior. Check the shift operator '<<. The left operand
 '(- 1)' is negative. hevcpred_template.c 188
 V610 Undefined behavior. Check the shift operator '<<. The left operand
 '(- 1)' is negative. hevcpred_template.c 208
 V610 Undefined behavior. Check the shift operator '<<. The left operand
 '(- 1)' is negative. hevcpred_template.c 210
 V610 Undefined behavior. Check the shift operator '<<. The left operand
 '(- 1)' is negative. hevcpred_template.c 212
 V610 Undefined behavior. Check the shift operator '<<. The left operand
 '(- 1)' is negative. hevcpred_template.c 214
 V610 Undefined behavior. Check the shift operator '<<. The left operand
 '(- 1)' is negative. hevcpred_template.c 220
 V610 Undefined behavior. Check the shift operator '<<. The left operand
 '(- 1)' is negative. hevcpred_template.c 224
 V610 Undefined behavior. Check the shift operator '<<. The left operand
 '(- 1)' is negative. hevcpred_template.c 226
 V610 Undefined behavior. Check the shift operator '<<. The left operand
 '(- 1)' is negative. hevcpred_template.c 233
 V610 Undefined behavior. Check the shift operator '<<. The left operand
 '(- 1)' is negative. hevcpred_template.c 242
 V610 Undefined behavior. Check the shift operator '<<. The left operand
 '(- 1)' is negative. hevcpred_template.c 246
 V610 Undefined behavior. Check the shift operator '<<. The left operand
 '(- 1)' is negative. hevcpred_template.c 250
 V610 Undefined behavior. Check the shift operator '<<. The left operand
 '(- (2))' is negative. indeo3data.h 257
 V610 Undefined behavior. Check the shift operator '<<. The left operand
 '(- 1)' is negative. mlpdec.c 600
 V610 Undefined behavior. Check the shift operator '<<. The left operand
 '(- 1)' is negative. motion_est_template.c 704
 V610 Unspecified behavior. Check the shift operator '>>. The left operand
 '(- 1)' is negative. motion_est.c 431
 V610 Unspecified behavior. Check the shift operator '>>. The left operand
 '(- 1)' is negative. motion_est.c 437
 V610 Unspecified behavior. Check the shift operator '>>. The left operand
 '(- 1)' is negative. motion_est.c 439
 V610 Unspecified behavior. Check the shift operator '>>. The left operand
 '(- 1)' is negative. motion_est.c 443
 V610 Unspecified behavior. Check the shift operator '>>. The left operand
 '(- 1)' is negative. motion_est.c 454
 V610 Unspecified behavior. Check the shift operator '>>. The left operand
 '(- 1)' is negative. motion_est.c 460
 V610 Unspecified behavior. Check the shift operator '>>. The left operand
 '(- 1)' is negative. motion_est.c 461
 V610 Unspecified behavior. Check the shift operator '>>. The left operand
 '(- 1)' is negative. motion_est.c 468
 V610 Unspecified behavior. Check the shift operator '>>. The left operand
 '(- 32)' is negative. motion_est.c 1423
 V610 Undefined behavior. Check the shift operator '<<. The left operand
 '-1' is negative. mpegaudiodec_template.c 219
 V610 Undefined behavior. Check the shift operator '<<. The left operand
 '-1LL' is negative. wavpack.c 671
 V610 Undefined behavior. Check the shift operator '<<. The left operand
 '-1' is negative. wmadec.c 702
 V610 Undefined behavior. Check the shift operator '<<. The left operand
 '-128' is negative. output.c 690
 V610 Undefined behavior. Check the shift operator '<<. The left operand
 '-128' is negative. output.c 691
 V610 Undefined behavior. Check the shift operator '<<. The left operand
 '-128' is negative. output.c 770
 V610 Undefined behavior. Check the shift operator '<<. The left operand
 '-128' is negative. output.c 771
 V610 Undefined behavior. Check the shift operator '<<. The left operand
 '-128' is negative. output.c 819
 V610 Undefined behavior. Check the shift operator '<<. The left operand
 '-128' is negative. output.c 820
 V610 Undefined behavior. Check the shift operator '<<. The left operand
 '-128' is negative. output.c 858
 V610 Undefined behavior. Check the shift operator '<<. The left operand
 '-128' is negative. output.c 859
 V610 Undefined behavior. Check the shift operator '<<. The left operand
 '-128' is negative. output.c 908
 V610 Undefined behavior. Check the shift operator '<<. The left operand
 '-128' is negative. output.c 909
 V610 Undefined behavior. Check the shift operator '<<. The left operand
 '-128' is negative. output.c 970
 V610 Undefined behavior. Check the shift operator '<<. The left operand
 '-128' is negative. output.c 971
 V610 Undefined behavior. Check the shift operator '<<. The left operand
 '-128' is negative. output.c 1008
 V610 Undefined behavior. Check the shift operator '<<. The left operand
 '-128' is negative. output.c 1009
 V610 Undefined behavior. Check the shift operator '<<. The left operand
 '-128' is negative. output.c 1036
 V610 Undefined behavior. Check the shift operator '<<. The left operand
 '-128' is negative. output.c 1037
 }}}
 {{{
 V614 Potentially uninitialized variable 'info_bits' used. g723_1.c 2335

 static int pack_bitstream(G723_1_Context *p, unsigned char *frame, int
 size)
 {
   ....
   int info_bits;
   ....
   if (p->cur_rate == RATE_6300) {
     info_bits = 0;
     put_bits(&pb, 2, info_bits);
   }
   ....
   return frame_size[info_bits];
 }
 }}}
 {{{
 V636 The 'i / 4' expression was implicitly casted from 'int' type to
 'double' type. Consider utilizing an explicit type cast to avoid the loss
 of a fractional part. An example: double A = (double)(X) / Y;.
 mpegaudio_tablegen.h 48

 static void mpegaudio_tableinit(void)
 {
   int i, value, exponent;
   for (i = 1; i < TABLE_4_3_SIZE; i++) {
     double value = i / 4;
   ....
 }

 #add
 V636 The 'sad / nb_sad' expression was implicitly casted from 'long' type
 to 'double' type. Consider utilizing an explicit type cast to avoid the
 loss of a fractional part. An example: double A = (double)(X) / Y;.
 f_select.c 282
 V636 The 'width / 2' expression was implicitly casted from 'int' type to
 'double' type. Consider utilizing an explicit type cast to avoid the loss
 of a fractional part. An example: double A = (double)(X) / Y;.
 vf_deshake.c 309
 V636 The 'height / 2' expression was implicitly casted from 'int' type to
 'double' type. Consider utilizing an explicit type cast to avoid the loss
 of a fractional part. An example: double A = (double)(X) / Y;.
 vf_deshake.c 310
 V636 The 'mb->h / 2' expression was implicitly casted from 'int' type to
 'double' type. Consider utilizing an explicit type cast to avoid the loss
 of a fractional part. An example: double A = (double)(X) / Y;.
 vsrc_mandelbrot.c 258
 V636 The 'mb->w / 2' expression was implicitly casted from 'int' type to
 'double' type. Consider utilizing an explicit type cast to avoid the loss
 of a fractional part. An example: double A = (double)(X) / Y;.
 vsrc_mandelbrot.c 267
 V636 The 's->avctx->rc_buffer_size * 3 / 4' expression was implicitly
 casted from 'int' type to 'double' type. Consider utilizing an explicit
 type cast to avoid the loss of a fractional part. An example: double A =
 (double)(X) / Y;. ratecontrol.c 163
 V636 The 's->avctx->rc_buffer_size / 2' expression was implicitly casted
 from 'int' type to 'double' type. Consider utilizing an explicit type cast
 to avoid the loss of a fractional part. An example: double A = (double)(X)
 / Y;. ratecontrol.c 961
 V636 The '1 * s->out.ch_count / s->in.ch_count' expression was implicitly
 casted from 'int' type to 'double' type. Consider utilizing an explicit
 type cast to avoid the loss of a fractional part. An example: double A =
 (double)(X) / Y;. swresample.c 386
 }}}
 {{{
 V640 The code's operational logic does not correspond with its formatting.
 The statement is indented to the right, but it is always executed. It is
 possible that curly brackets are missing. vc1dec.c 1917

 static void vc1_interp_mc(VC1Context *v)
 {
   ....
   if (v->field_mode) {
       if (v->cur_field_type != v->ref_field_type[1])
           my   = my   - 2 + 4 * v->cur_field_type;
           uvmy = uvmy - 2 + 4 * v->cur_field_type;
   }
   ....
 }
 }}}
 P.S. Errors description: http://www.viva64.com/en/d/

--

--
Ticket URL: <https://trac.ffmpeg.org/ticket/3466#comment:1>
FFmpeg <https://ffmpeg.org>
FFmpeg issue tracker


More information about the FFmpeg-trac mailing list