|
 |
6af12b |
The following issue has been found by Coverity static analysis tool.
|
|
|
6af12b |
|
|
|
6af12b |
Error: FORWARD_NULL (CWE-476): [#def5]
|
|
|
6af12b |
gd-2.0.35/gd_topal.c:1790: assign_zero: Assigning: "cquantize" = "NULL".
|
|
|
6af12b |
gd-2.0.35/gd_topal.c:1798: cond_false: Condition "cimP", taking false branch
|
|
|
6af12b |
gd-2.0.35/gd_topal.c:1804: else_branch: Reached else branch
|
|
|
6af12b |
gd-2.0.35/gd_topal.c:1807: cond_false: Condition "!oim->trueColor", taking false branch
|
|
|
6af12b |
gd-2.0.35/gd_topal.c:1815: if_end: End of if statement
|
|
|
6af12b |
gd-2.0.35/gd_topal.c:1819: cond_true: Condition "oim->transparent >= 0", taking true branch
|
|
|
6af12b |
gd-2.0.35/gd_topal.c:1823: cond_true: Condition "colorsWanted > maxColors", taking true branch
|
|
|
6af12b |
gd-2.0.35/gd_topal.c:1827: cond_true: Condition "!cimP", taking true branch
|
|
|
6af12b |
gd-2.0.35/gd_topal.c:1829: cond_false: Condition "!nim->pixels", taking false branch
|
|
|
6af12b |
gd-2.0.35/gd_topal.c:1833: if_end: End of if statement
|
|
|
6af12b |
gd-2.0.35/gd_topal.c:1834: cond_true: Condition "i < nim->sy", taking true branch
|
|
|
6af12b |
gd-2.0.35/gd_topal.c:1837: cond_true: Condition "!nim->pixels[i]", taking true branch
|
|
|
6af12b |
gd-2.0.35/gd_topal.c:1839: goto: Jumping to label "outOfMemory"
|
|
|
6af12b |
gd-2.0.35/gd_topal.c:2027: label: Reached label "outOfMemory"
|
|
|
6af12b |
gd-2.0.35/gd_topal.c:2028: cond_true: Condition "oim->trueColor", taking true branch
|
|
|
6af12b |
gd-2.0.35/gd_topal.c:2030: cond_true: Condition "!cimP", taking true branch
|
|
|
6af12b |
gd-2.0.35/gd_topal.c:2032: cond_true: Condition "i < nim->sy", taking true branch
|
|
|
6af12b |
gd-2.0.35/gd_topal.c:2034: cond_true: Condition "nim->pixels[i]", taking true branch
|
|
|
6af12b |
gd-2.0.35/gd_topal.c:2038: loop: Jumping back to the beginning of the loop
|
|
|
6af12b |
gd-2.0.35/gd_topal.c:2032: loop_begin: Jumped back to beginning of loop
|
|
|
6af12b |
gd-2.0.35/gd_topal.c:2032: cond_true: Condition "i < nim->sy", taking true branch
|
|
|
6af12b |
gd-2.0.35/gd_topal.c:2034: cond_true: Condition "nim->pixels[i]", taking true branch
|
|
|
6af12b |
gd-2.0.35/gd_topal.c:2038: loop: Jumping back to the beginning of the loop
|
|
|
6af12b |
gd-2.0.35/gd_topal.c:2032: loop_begin: Jumped back to beginning of loop
|
|
|
6af12b |
gd-2.0.35/gd_topal.c:2032: cond_false: Condition "i < nim->sy", taking false branch
|
|
|
6af12b |
gd-2.0.35/gd_topal.c:2038: loop_end: Reached end of loop
|
|
|
6af12b |
gd-2.0.35/gd_topal.c:2039: cond_true: Condition "nim->pixels", taking true branch
|
|
|
6af12b |
gd-2.0.35/gd_topal.c:2044: if_fallthrough: Falling through to end of if statement
|
|
|
6af12b |
gd-2.0.35/gd_topal.c:2047: if_end: End of if statement
|
|
|
6af12b |
gd-2.0.35/gd_topal.c:2050: cond_true: Condition "i < (32 /* 1 << 5 */)", taking true branch
|
|
|
6af12b |
gd-2.0.35/gd_topal.c:2052: var_deref_op: Dereferencing null pointer "cquantize".
|
|
|
6af12b |
|
|
|
6af12b |
Error: FORWARD_NULL (CWE-476): [#def6]
|
|
|
6af12b |
gd-2.0.35/gd_topal.c:1798: cond_true: Condition "cimP", taking true branch
|
|
|
6af12b |
gd-2.0.35/gd_topal.c:1801: cond_false: Condition "!nim", taking false branch
|
|
|
6af12b |
gd-2.0.35/gd_topal.c:1803: if_end: End of if statement
|
|
|
6af12b |
gd-2.0.35/gd_topal.c:1804: if_fallthrough: Falling through to end of if statement
|
|
|
6af12b |
gd-2.0.35/gd_topal.c:1806: if_end: End of if statement
|
|
|
6af12b |
gd-2.0.35/gd_topal.c:1807: cond_false: Condition "!oim->trueColor", taking false branch
|
|
|
6af12b |
gd-2.0.35/gd_topal.c:1815: if_end: End of if statement
|
|
|
6af12b |
gd-2.0.35/gd_topal.c:1819: cond_true: Condition "oim->transparent >= 0", taking true branch
|
|
|
6af12b |
gd-2.0.35/gd_topal.c:1823: cond_true: Condition "colorsWanted > maxColors", taking true branch
|
|
|
6af12b |
gd-2.0.35/gd_topal.c:1827: cond_false: Condition "!cimP", taking false branch
|
|
|
6af12b |
gd-2.0.35/gd_topal.c:1842: if_end: End of if statement
|
|
|
6af12b |
gd-2.0.35/gd_topal.c:1857: cond_true: Condition "!cquantize", taking true branch
|
|
|
6af12b |
gd-2.0.35/gd_topal.c:1857: var_compare_op: Comparing "cquantize" to null implies that "cquantize" might be null.
|
|
|
6af12b |
gd-2.0.35/gd_topal.c:1860: goto: Jumping to label "outOfMemory"
|
|
|
6af12b |
gd-2.0.35/gd_topal.c:2027: label: Reached label "outOfMemory"
|
|
|
6af12b |
gd-2.0.35/gd_topal.c:2028: cond_true: Condition "oim->trueColor", taking true branch
|
|
|
6af12b |
gd-2.0.35/gd_topal.c:2030: cond_false: Condition "!cimP", taking false branch
|
|
|
6af12b |
gd-2.0.35/gd_topal.c:2044: else_branch: Reached else branch
|
|
|
6af12b |
gd-2.0.35/gd_topal.c:2050: cond_true: Condition "i < (32 /* 1 << 5 */)", taking true branch
|
|
|
6af12b |
gd-2.0.35/gd_topal.c:2052: var_deref_op: Dereferencing null pointer "cquantize".
|
|
|
6af12b |
|
|
|
6af12b |
Error: FORWARD_NULL (CWE-476): [#def7]
|
|
|
6af12b |
gd-2.0.35/gd_topal.c:1798: cond_false: Condition "cimP", taking false branch
|
|
|
6af12b |
gd-2.0.35/gd_topal.c:1804: else_branch: Reached else branch
|
|
|
6af12b |
gd-2.0.35/gd_topal.c:1807: cond_false: Condition "!oim->trueColor", taking false branch
|
|
|
6af12b |
gd-2.0.35/gd_topal.c:1815: if_end: End of if statement
|
|
|
6af12b |
gd-2.0.35/gd_topal.c:1819: cond_true: Condition "oim->transparent >= 0", taking true branch
|
|
|
6af12b |
gd-2.0.35/gd_topal.c:1823: cond_true: Condition "colorsWanted > maxColors", taking true branch
|
|
|
6af12b |
gd-2.0.35/gd_topal.c:1827: cond_true: Condition "!cimP", taking true branch
|
|
|
6af12b |
gd-2.0.35/gd_topal.c:1829: cond_true: Condition "!nim->pixels", taking true branch
|
|
|
6af12b |
gd-2.0.35/gd_topal.c:1829: var_compare_op: Comparing "nim->pixels" to null implies that "nim->pixels" might be null.
|
|
|
6af12b |
gd-2.0.35/gd_topal.c:1832: goto: Jumping to label "outOfMemory"
|
|
|
6af12b |
gd-2.0.35/gd_topal.c:2027: label: Reached label "outOfMemory"
|
|
|
6af12b |
gd-2.0.35/gd_topal.c:2028: cond_true: Condition "oim->trueColor", taking true branch
|
|
|
6af12b |
gd-2.0.35/gd_topal.c:2030: cond_true: Condition "!cimP", taking true branch
|
|
|
6af12b |
gd-2.0.35/gd_topal.c:2032: cond_true: Condition "i < nim->sy", taking true branch
|
|
|
6af12b |
gd-2.0.35/gd_topal.c:2034: var_deref_op: Dereferencing null pointer "nim->pixels".
|
|
|
6af12b |
|
|
|
6af12b |
|
|
|
6af12b |
diff -up gd-2.0.35/gd_topal.c.sa4 gd-2.0.35/gd_topal.c
|
|
|
6af12b |
--- gd-2.0.35/gd_topal.c.sa4 2012-12-10 13:30:19.666363149 +0100
|
|
|
6af12b |
+++ gd-2.0.35/gd_topal.c 2012-12-10 13:37:50.550729535 +0100
|
|
|
6af12b |
@@ -2029,15 +2029,15 @@ outOfMemory:
|
|
|
6af12b |
{
|
|
|
6af12b |
if (!cimP) {
|
|
|
6af12b |
/* On failure only */
|
|
|
6af12b |
- for (i = 0; i < nim->sy; i++)
|
|
|
6af12b |
- {
|
|
|
6af12b |
- if (nim->pixels[i])
|
|
|
6af12b |
- {
|
|
|
6af12b |
- gdFree (nim->pixels[i]);
|
|
|
6af12b |
- }
|
|
|
6af12b |
- }
|
|
|
6af12b |
if (nim->pixels)
|
|
|
6af12b |
{
|
|
|
6af12b |
+ for (i = 0; i < nim->sy; i++)
|
|
|
6af12b |
+ {
|
|
|
6af12b |
+ if (nim->pixels[i])
|
|
|
6af12b |
+ {
|
|
|
6af12b |
+ gdFree (nim->pixels[i]);
|
|
|
6af12b |
+ }
|
|
|
6af12b |
+ }
|
|
|
6af12b |
gdFree (nim->pixels);
|
|
|
6af12b |
}
|
|
|
6af12b |
nim->pixels = 0;
|
|
|
6af12b |
@@ -2047,27 +2047,27 @@ outOfMemory:
|
|
|
6af12b |
}
|
|
|
6af12b |
}
|
|
|
6af12b |
success:
|
|
|
6af12b |
- for (i = 0; i < HIST_C0_ELEMS; i++)
|
|
|
6af12b |
- {
|
|
|
6af12b |
- if (cquantize->histogram[i])
|
|
|
6af12b |
- {
|
|
|
6af12b |
- gdFree (cquantize->histogram[i]);
|
|
|
6af12b |
- }
|
|
|
6af12b |
- }
|
|
|
6af12b |
- if (cquantize->histogram)
|
|
|
6af12b |
- {
|
|
|
6af12b |
- gdFree (cquantize->histogram);
|
|
|
6af12b |
- }
|
|
|
6af12b |
- if (cquantize->fserrors)
|
|
|
6af12b |
- {
|
|
|
6af12b |
- gdFree (cquantize->fserrors);
|
|
|
6af12b |
- }
|
|
|
6af12b |
- if (cquantize->error_limiter_storage)
|
|
|
6af12b |
- {
|
|
|
6af12b |
- gdFree (cquantize->error_limiter_storage);
|
|
|
6af12b |
- }
|
|
|
6af12b |
if (cquantize)
|
|
|
6af12b |
{
|
|
|
6af12b |
+ for (i = 0; i < HIST_C0_ELEMS; i++)
|
|
|
6af12b |
+ {
|
|
|
6af12b |
+ if (cquantize->histogram[i])
|
|
|
6af12b |
+ {
|
|
|
6af12b |
+ gdFree (cquantize->histogram[i]);
|
|
|
6af12b |
+ }
|
|
|
6af12b |
+ }
|
|
|
6af12b |
+ if (cquantize->histogram)
|
|
|
6af12b |
+ {
|
|
|
6af12b |
+ gdFree (cquantize->histogram);
|
|
|
6af12b |
+ }
|
|
|
6af12b |
+ if (cquantize->fserrors)
|
|
|
6af12b |
+ {
|
|
|
6af12b |
+ gdFree (cquantize->fserrors);
|
|
|
6af12b |
+ }
|
|
|
6af12b |
+ if (cquantize->error_limiter_storage)
|
|
|
6af12b |
+ {
|
|
|
6af12b |
+ gdFree (cquantize->error_limiter_storage);
|
|
|
6af12b |
+ }
|
|
|
6af12b |
gdFree (cquantize);
|
|
|
6af12b |
}
|
|
|
6af12b |
|