LibRaw, Coverity SCAN, PVS-Studio
0 likes261 views
The document discusses the analysis of the libraw project using Coverity Scan and PVS-Studio, indicating that both analyzers found minimal defects. Coverity Scan raised 107 warnings, while PVS-Studio reported 46 warnings of lower severity; many issues were identified as false positives or non-critical. The overall conclusion is that both tools yielded limited findings, affirming that the project's code isn't perfect but doesn't contain significant bugs.
![Some warnings like about unsigned short when extending to 32-64 bits may be painful. I won't argue
with that - the analyzer is right de jure, but de facto these unsigned short's store picture sizes which are
not going to grow up to 32767 in the near future.
That is, again, no fixing is needed - in this particular case.
All the rest 'High Impact' issues are simply false positives. Well, the code is not perfect, that's right (I wish
you could see it from dcraw !), but all the issues found are not bugs.
A check by PVS-Studio
Now let's see if the PVS-Studio analyzer managed to find anything worthy after Coverity. I didn't have
any expectations of catching super-bugs, of course, but it still was interesting to try.
PVS-Studio generated 46 general warnings (of the first and second severity levels).
Welcome to have a look at the code fragments I found interesting.
Typos
void DHT::hide_hots() {
....
for (int k = -2; k < 3; k += 2)
for (int m = -2; m < 3; m += 2)
if (m == 0 && m == 0)
continue;
else
avg += nraw[nr_offset(y + k, x + m)][kc];
....
}
PVS-Studio's warning: V501 There are identical sub-expressions to the left and to the right of the '&&'
operator: m == 0 && m == 0 dht_demosaic.cpp 260
I guess we are dealing with a typo here. The check should probably look like this:
if (k == 0 && m == 0)
A similar fragment can be found in the file aahd_demosaic.cpp (line 199).
Operation priorities
int main(int argc, char *argv[])
{](https://image.slidesharecdn.com/0233libraw-141124034116-conversion-gate02/85/LibRaw-Coverity-SCAN-PVS-Studio-2-320.jpg)
![int ret;
....
if( (ret = RawProcessor.open_buffer(iobuffer,st.st_size)
!= LIBRAW_SUCCESS))
{
fprintf(stderr,"Cannot open_buffer %s: %sn",
argv[arg],libraw_strerror(ret));
free(iobuffer);
continue;
}
....
}
PVS-Studio's warning: V593 Consider reviewing the expression of the 'A = B != C' kind. The expression is
calculated as following: 'A = (B != C)'. dcraw_emu.cpp 468
This is a bug related to operation priorities. The "RawProcessor.open_buffer(iobuffer,st.st_size) !=
LIBRAW_SUCCESS" comparison is executed first, then its result is written into the 'ret' variable. If an
error occurs, it will cause printing of an incorrect error code into the file. This is not a crucial defect, but
it is still worth mentioning.
Negative number shifts
unsigned CLASS pana_bits (int nbits)
{
....
return (buf[byte] | buf[byte+1] << 8) >>
(vbits & 7) & ~(-1 << nbits);
....
}
PVS-Studio's warning: V610 Undefined behavior. Check the shift operator '<<. The left operand '-1' is
negative. dcraw_common.cpp 1827
Shifting negative numbers causes undefined behavior. Programmers often use such tricks and get the
program pretend to work well. But actually you cannot rely on such a code. To learn more about
negative number shifts, see the article "Wade not in unknown waters. Part three".
Similar issues can be found in the following fragments:](https://image.slidesharecdn.com/0233libraw-141124034116-conversion-gate02/85/LibRaw-Coverity-SCAN-PVS-Studio-3-320.jpg)
![• dcraw_common.cpp 1851
• dcraw_common.cpp 2085
• dcraw_common.cpp 2814
• dcraw_common.cpp 6644
Strange fragments
void DHT::illustrate_dline(int i) {
....
int l = ndir[nr_offset(y, x)] & 8;
l >>= 3;
l = 1;
....
}
PVS-Studio's warning: V519 The 'l' variable is assigned values twice successively. Perhaps this is a
mistake. Check lines: 671, 672. dht_demosaic.cpp 672
Perhaps this is not a bug and the "l = 1" statement is written deliberately. But the code does look
suspicious.
Here's one more suspicious piece of code:
void CLASS identify()
{
....
if (!load_raw && (maximum = 0xfff))
....
}
PVS-Studio's warning: V560 A part of conditional expression is always true: ((imgdata.color.maximum) =
0xfff). dcraw_common.cpp 8496
Conclusion
Both analyzers have found very few defects. It's natural for small projects. However, it was an
interesting experiment checking LibRaw. By the way, our new lightweight analyzer CppCat ($250) would
produce absolutely the same results as I left only first- and second-level warnings turned on in PVS-Studio
for this check.](https://image.slidesharecdn.com/0233libraw-141124034116-conversion-gate02/85/LibRaw-Coverity-SCAN-PVS-Studio-4-320.jpg)
LibRaw, Coverity SCAN, PVS-Studio
- 1. LibRaw, Coverity SCAN, PVS-Studio Author: Andrey Karpov Date: 07.02.2014 I read a post recently about a check of the LibRaw project performed by Coverity SCAN. It stated that nothing interesting had been found. So I decided to try our analyzer PVS-Studio on it. LibRaw LibRaw is a library for reading RAW-files obtained from digital photo cameras (CRW/CR2, NEF, RAF, DNG, and others). Website: http://www.libraw.org/ A check by Coverity SCAN The article that induced me to check the project with PVS-Studio can be found here: "On Static Analysis of C++" (RU). Let me quote a short extract from the preface part of the article: Coverity SCAN: 107 warnings, about a third of which are of High Impact level. Out of the High Impact level warnings: About 10 referring to Microsoft STL Others are of the following kind: int variable; if(layout==Layout1) variable=value1; if(layout==Layout2) variable=value2; On this code, I got a warning saying about carelessness in the code - an uninitialized variable. I agree with it as such, because it's no good doing things like that. But in real life, there are two types of layout - and this is explicitly specified in the calling code. That is, the analyzer has enough data to figure out that this is not a 'High impact' error but just a carelessly written code.
- 2. Some warnings like about unsigned short when extending to 32-64 bits may be painful. I won't argue with that - the analyzer is right de jure, but de facto these unsigned short's store picture sizes which are not going to grow up to 32767 in the near future. That is, again, no fixing is needed - in this particular case. All the rest 'High Impact' issues are simply false positives. Well, the code is not perfect, that's right (I wish you could see it from dcraw !), but all the issues found are not bugs. A check by PVS-Studio Now let's see if the PVS-Studio analyzer managed to find anything worthy after Coverity. I didn't have any expectations of catching super-bugs, of course, but it still was interesting to try. PVS-Studio generated 46 general warnings (of the first and second severity levels). Welcome to have a look at the code fragments I found interesting. Typos void DHT::hide_hots() { .... for (int k = -2; k < 3; k += 2) for (int m = -2; m < 3; m += 2) if (m == 0 && m == 0) continue; else avg += nraw[nr_offset(y + k, x + m)][kc]; .... } PVS-Studio's warning: V501 There are identical sub-expressions to the left and to the right of the '&&' operator: m == 0 && m == 0 dht_demosaic.cpp 260 I guess we are dealing with a typo here. The check should probably look like this: if (k == 0 && m == 0) A similar fragment can be found in the file aahd_demosaic.cpp (line 199). Operation priorities int main(int argc, char *argv[]) {
- 3. int ret; .... if( (ret = RawProcessor.open_buffer(iobuffer,st.st_size) != LIBRAW_SUCCESS)) { fprintf(stderr,"Cannot open_buffer %s: %sn", argv[arg],libraw_strerror(ret)); free(iobuffer); continue; } .... } PVS-Studio's warning: V593 Consider reviewing the expression of the 'A = B != C' kind. The expression is calculated as following: 'A = (B != C)'. dcraw_emu.cpp 468 This is a bug related to operation priorities. The "RawProcessor.open_buffer(iobuffer,st.st_size) != LIBRAW_SUCCESS" comparison is executed first, then its result is written into the 'ret' variable. If an error occurs, it will cause printing of an incorrect error code into the file. This is not a crucial defect, but it is still worth mentioning. Negative number shifts unsigned CLASS pana_bits (int nbits) { .... return (buf[byte] | buf[byte+1] << 8) >> (vbits & 7) & ~(-1 << nbits); .... } PVS-Studio's warning: V610 Undefined behavior. Check the shift operator '<<. The left operand '-1' is negative. dcraw_common.cpp 1827 Shifting negative numbers causes undefined behavior. Programmers often use such tricks and get the program pretend to work well. But actually you cannot rely on such a code. To learn more about negative number shifts, see the article "Wade not in unknown waters. Part three". Similar issues can be found in the following fragments:
- 4. • dcraw_common.cpp 1851 • dcraw_common.cpp 2085 • dcraw_common.cpp 2814 • dcraw_common.cpp 6644 Strange fragments void DHT::illustrate_dline(int i) { .... int l = ndir[nr_offset(y, x)] & 8; l >>= 3; l = 1; .... } PVS-Studio's warning: V519 The 'l' variable is assigned values twice successively. Perhaps this is a mistake. Check lines: 671, 672. dht_demosaic.cpp 672 Perhaps this is not a bug and the "l = 1" statement is written deliberately. But the code does look suspicious. Here's one more suspicious piece of code: void CLASS identify() { .... if (!load_raw && (maximum = 0xfff)) .... } PVS-Studio's warning: V560 A part of conditional expression is always true: ((imgdata.color.maximum) = 0xfff). dcraw_common.cpp 8496 Conclusion Both analyzers have found very few defects. It's natural for small projects. However, it was an interesting experiment checking LibRaw. By the way, our new lightweight analyzer CppCat ($250) would produce absolutely the same results as I left only first- and second-level warnings turned on in PVS-Studio for this check.