-*- mode: compilation; default-directory: "/home/sarnold/ubuntu/security/audits/libheif/eoan/libheif-1.3.2"; -*-
note: for more detailed analysis of each of the following errors, please
 commit the analysis from <built-in function dir> to the coverity platform server
 via cov-commit-defects and then browse via the platform server web interface.
examples/encoder_png.cc:51
  Checker: DEADCODE

examples/encoder_png.cc:44:
  cond_notnull: Condition "png_ptr", taking true branch. Now the value of "png_ptr" is not "nullptr".
examples/encoder_png.cc:50:
  notnull: At condition "png_ptr", the value of "png_ptr" cannot be "nullptr".
examples/encoder_png.cc:50:
  dead_error_condition: The condition "!png_ptr" cannot be true.
examples/encoder_png.cc:51:
  dead_error_begin: Execution cannot reach this statement: "png_destroy_write_struct(&p...".

examples/heif_convert.cc:66
  Checker: UNCAUGHT_EXCEPT

examples/heif_convert.cc:66:
  root_function: In function "main(int, char **)" an exception of type "std::bad_weak_ptr" is thrown and never caught.
examples/heif_convert.cc:166:
  fun_call_w_exception: Called function throws an exception of type "std::bad_weak_ptr".
libheif/heif.cc:458:
  fun_call_w_exception: Called function throws an exception of type "std::bad_weak_ptr".
libheif/heif_context.cc:728:
  fun_call_w_exception: Called function throws an exception of type "std::bad_weak_ptr".
libheif/heif_context.cc:890:
  fun_call_w_exception: Called function throws an exception of type "std::bad_weak_ptr".
libheif/heif_image.cc:712:
  fun_call_w_exception: Called function throws an exception of type "std::bad_weak_ptr".
/usr/include/c++/8/bits/shared_ptr.h:655:
  fun_call_w_exception: Called function throws an exception of type "std::bad_weak_ptr".
/usr/include/c++/8/bits/shared_ptr.h:276:
  fun_call_w_exception: Called function throws an exception of type "std::bad_weak_ptr".
/usr/include/c++/8/bits/shared_ptr_base.h:1191:
  fun_call_w_exception: Called function throws an exception of type "std::bad_weak_ptr".
/usr/include/c++/8/bits/shared_ptr_base.h:896:
  fun_call_w_exception: Called function throws an exception of type "std::bad_weak_ptr".
/usr/include/c++/8/bits/shared_ptr_base.h:247:
  fun_call_w_exception: Called function throws an exception of type "std::bad_weak_ptr".
/usr/include/c++/8/bits/shared_ptr_base.h:84:
  exception_thrown: An exception of type "std::bad_weak_ptr" is thrown.

examples/heif_convert.cc:66
  Checker: UNCAUGHT_EXCEPT

examples/heif_convert.cc:66:
  root_function: In function "main(int, char **)" an exception of type "std::bad_weak_ptr" is thrown and never caught.
examples/heif_convert.cc:204:
  fun_call_w_exception: Called function throws an exception of type "std::bad_weak_ptr".
libheif/heif.cc:458:
  fun_call_w_exception: Called function throws an exception of type "std::bad_weak_ptr".
libheif/heif_context.cc:728:
  fun_call_w_exception: Called function throws an exception of type "std::bad_weak_ptr".
libheif/heif_context.cc:890:
  fun_call_w_exception: Called function throws an exception of type "std::bad_weak_ptr".
libheif/heif_image.cc:712:
  fun_call_w_exception: Called function throws an exception of type "std::bad_weak_ptr".
/usr/include/c++/8/bits/shared_ptr.h:655:
  fun_call_w_exception: Called function throws an exception of type "std::bad_weak_ptr".
/usr/include/c++/8/bits/shared_ptr.h:276:
  fun_call_w_exception: Called function throws an exception of type "std::bad_weak_ptr".
/usr/include/c++/8/bits/shared_ptr_base.h:1191:
  fun_call_w_exception: Called function throws an exception of type "std::bad_weak_ptr".
/usr/include/c++/8/bits/shared_ptr_base.h:896:
  fun_call_w_exception: Called function throws an exception of type "std::bad_weak_ptr".
/usr/include/c++/8/bits/shared_ptr_base.h:247:
  fun_call_w_exception: Called function throws an exception of type "std::bad_weak_ptr".
/usr/include/c++/8/bits/shared_ptr_base.h:84:
  exception_thrown: An exception of type "std::bad_weak_ptr" is thrown.

examples/heif_enc.cc:706
  Checker: TAINTED_SCALAR

examples/heif_enc.cc:597:
  1. path: Condition "true", taking true branch.
examples/heif_enc.cc:600:
  2. path: Condition "c == -1", taking true branch.
examples/heif_enc.cc:601:
  3. path: Breaking from loop.
examples/heif_enc.cc:631:
  4. path: Condition "optind > argc - 1", taking false branch.
examples/heif_enc.cc:637:
  5. path: Condition "quality < 0", taking false branch.
examples/heif_enc.cc:637:
  6. path: Condition "quality > 100", taking false branch.
examples/heif_enc.cc:642:
  7. path: Condition "logging_level > 0", taking false branch.
examples/heif_enc.cc:656:
  8. path: Condition "!context.operator bool()", taking false branch.
examples/heif_enc.cc:669:
  9. path: Condition "count > 0", taking true branch.
examples/heif_enc.cc:670:
  10. path: Condition "logging_level > 0", taking false branch.
examples/heif_enc.cc:679:
  11. path: Condition "error.code", taking false branch.
examples/heif_enc.cc:683:
  12. path: Falling through to end of if statement.
examples/heif_enc.cc:690:
  13. path: Condition "option_show_parameters", taking false branch.
examples/heif_enc.cc:699:
  14. path: Condition "optind < argc", taking true branch.
examples/heif_enc.cc:700:
  15. tainted_data_transitive: Call to function "basic_string" with tainted argument "argv[optind]" transitively taints "input_filename". [Note: The source code implementation of the function has been overridden by a builtin model.]
examples/heif_enc.cc:702:
  16. path: Condition "output_filename.empty()", taking true branch.
examples/heif_enc.cc:705:
  17. path: Condition "dot_position != 18446744073709551615UL /* std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::npos */", taking true branch.
examples/heif_enc.cc:706:
  18. tainted_data_transitive: Call to function "substr" with tainted argument "input_filename" returns tainted data. [Note: The source code implementation of the function has been overridden by a builtin model.]
examples/heif_enc.cc:706:
  19. var_assign: Assigning: "<temporary>" = "substr", which taints "<temporary>".
examples/heif_enc.cc:707:
  20. path: Falling through to end of if statement.
examples/heif_enc.cc:722:
  21. path: Condition "suffix_pos != 18446744073709551615UL /* std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::npos */", taking true branch.
examples/heif_enc.cc:728:
  22. path: Condition "suffix == "png"", taking true branch.
examples/heif_enc.cc:733:
  23. path: Condition "filetype == PNG", taking true branch.
examples/heif_enc.cc:735:
  24. path: Falling through to end of if statement.
examples/heif_enc.cc:757:
  25. path: Condition "error.code != 0", taking false branch.
examples/heif_enc.cc:763:
  26. path: Condition "thumbnail_bbox_size > 0", taking false branch.
examples/heif_enc.cc:789:
  27. path: Jumping back to the beginning of the loop.
examples/heif_enc.cc:699:
  28. path: Condition "optind < argc", taking true branch.
examples/heif_enc.cc:702:
  29. path: Condition "output_filename.empty()", taking true branch.
examples/heif_enc.cc:705:
  30. path: Condition "dot_position != 18446744073709551615UL /* std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::npos */", taking true branch.
examples/heif_enc.cc:706:
  31. tainted_data: Passing tainted variable "std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >(input_filename.substr(0UL, dot_position))" to a tainted sink.
/usr/include/c++/8/bits/basic_string.h:735:
  31.1. path: Condition "!this->_M_is_local()", taking true branch.
/usr/include/c++/8/bits/basic_string.h:735:
  31.2. path: Condition "true /* __gnu_cxx::__alloc_traits<std::allocator<char>, char>::_S_propagate_on_move_assign() */", taking true branch.
/usr/include/c++/8/bits/basic_string.h:735:
  31.3. path: Condition "false /* !__gnu_cxx::__alloc_traits<std::allocator<char>, char>::_S_always_equal() */", taking false branch.
/usr/include/c++/8/bits/basic_string.h:747:
  31.4. path: Condition "__str->_M_is_local()", taking true branch.
/usr/include/c++/8/bits/basic_string.h:750:
  31.5. path: Condition "__str->size()", taking true branch.
/usr/include/c++/8/bits/basic_string.h:752:
  31.6. tainted_data_transitive: Call to function "size" with tainted argument "__str" returns tainted data. [Note: The source code implementation of the function has been overridden by a builtin model.]
/usr/include/c++/8/bits/basic_string.h:752:
  31.7. tainted_data_sink_lv_call: Passing tainted variable "__str->size()" to tainted data sink "_M_set_length".
/usr/include/c++/8/bits/basic_string.h:206:
  31.7.1. data_index: Using tainted variable "__n" as an index to pointer "this->_M_data()".

examples/heif_enc.cc:723
  Checker: TAINTED_SCALAR

examples/heif_enc.cc:597:
  1. path: Condition "true", taking true branch.
examples/heif_enc.cc:600:
  2. path: Condition "c == -1", taking true branch.
examples/heif_enc.cc:601:
  3. path: Breaking from loop.
examples/heif_enc.cc:631:
  4. path: Condition "optind > argc - 1", taking false branch.
examples/heif_enc.cc:637:
  5. path: Condition "quality < 0", taking false branch.
examples/heif_enc.cc:637:
  6. path: Condition "quality > 100", taking false branch.
examples/heif_enc.cc:642:
  7. path: Condition "logging_level > 0", taking false branch.
examples/heif_enc.cc:656:
  8. path: Condition "!context.operator bool()", taking false branch.
examples/heif_enc.cc:669:
  9. path: Condition "count > 0", taking true branch.
examples/heif_enc.cc:670:
  10. path: Condition "logging_level > 0", taking false branch.
examples/heif_enc.cc:679:
  11. path: Condition "error.code", taking false branch.
examples/heif_enc.cc:683:
  12. path: Falling through to end of if statement.
examples/heif_enc.cc:690:
  13. path: Condition "option_show_parameters", taking false branch.
examples/heif_enc.cc:699:
  14. path: Condition "optind < argc", taking true branch.
examples/heif_enc.cc:700:
  15. tainted_data_transitive: Call to function "basic_string" with tainted argument "argv[optind]" transitively taints "input_filename". [Note: The source code implementation of the function has been overridden by a builtin model.]
examples/heif_enc.cc:702:
  16. path: Condition "output_filename.empty()", taking true branch.
examples/heif_enc.cc:705:
  17. path: Condition "dot_position != 18446744073709551615UL /* std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::npos */", taking true branch.
examples/heif_enc.cc:707:
  18. path: Falling through to end of if statement.
examples/heif_enc.cc:722:
  19. path: Condition "suffix_pos != 18446744073709551615UL /* std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::npos */", taking true branch.
examples/heif_enc.cc:723:
  20. tainted_data_transitive: Call to function "substr" with tainted argument "input_filename" returns tainted data. [Note: The source code implementation of the function has been overridden by a builtin model.]
examples/heif_enc.cc:723:
  21. var_assign: Assigning: "<temporary>" = "substr", which taints "<temporary>".
examples/heif_enc.cc:728:
  22. path: Condition "suffix == "png"", taking true branch.
examples/heif_enc.cc:733:
  23. path: Condition "filetype == PNG", taking true branch.
examples/heif_enc.cc:735:
  24. path: Falling through to end of if statement.
examples/heif_enc.cc:757:
  25. path: Condition "error.code != 0", taking false branch.
examples/heif_enc.cc:763:
  26. path: Condition "thumbnail_bbox_size > 0", taking false branch.
examples/heif_enc.cc:789:
  27. path: Jumping back to the beginning of the loop.
examples/heif_enc.cc:699:
  28. path: Condition "optind < argc", taking true branch.
examples/heif_enc.cc:702:
  29. path: Condition "output_filename.empty()", taking true branch.
examples/heif_enc.cc:705:
  30. path: Condition "dot_position != 18446744073709551615UL /* std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::npos */", taking true branch.
examples/heif_enc.cc:707:
  31. path: Falling through to end of if statement.
examples/heif_enc.cc:722:
  32. path: Condition "suffix_pos != 18446744073709551615UL /* std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >::npos */", taking true branch.
examples/heif_enc.cc:723:
  33. tainted_data: Passing tainted variable "std::__cxx11::basic_string<char, std::char_traits<char>, std::allocator<char> >(input_filename.substr(suffix_pos + 1UL, 18446744073709551615UL))" to a tainted sink.
/usr/include/c++/8/bits/basic_string.h:735:
  33.1. path: Condition "!this->_M_is_local()", taking true branch.
/usr/include/c++/8/bits/basic_string.h:735:
  33.2. path: Condition "true /* __gnu_cxx::__alloc_traits<std::allocator<char>, char>::_S_propagate_on_move_assign() */", taking true branch.
/usr/include/c++/8/bits/basic_string.h:735:
  33.3. path: Condition "false /* !__gnu_cxx::__alloc_traits<std::allocator<char>, char>::_S_always_equal() */", taking false branch.
/usr/include/c++/8/bits/basic_string.h:747:
  33.4. path: Condition "__str->_M_is_local()", taking true branch.
/usr/include/c++/8/bits/basic_string.h:750:
  33.5. path: Condition "__str->size()", taking true branch.
/usr/include/c++/8/bits/basic_string.h:752:
  33.6. tainted_data_transitive: Call to function "size" with tainted argument "__str" returns tainted data. [Note: The source code implementation of the function has been overridden by a builtin model.]
/usr/include/c++/8/bits/basic_string.h:752:
  33.7. tainted_data_sink_lv_call: Passing tainted variable "__str->size()" to tainted data sink "_M_set_length".
/usr/include/c++/8/bits/basic_string.h:206:
  33.7.1. data_index: Using tainted variable "__n" as an index to pointer "this->_M_data()".

examples/heif_info.cc:177
  Checker: USE_AFTER_FREE

examples/heif_info.cc:85:
  1. path: Condition "true", taking true branch.
examples/heif_info.cc:88:
  2. path: Condition "c == -1", taking true branch.
examples/heif_info.cc:89:
  3. path: Breaking from loop.
examples/heif_info.cc:108:
  4. path: Condition "optind != argc - 1", taking false branch.
examples/heif_info.cc:123:
  5. path: Condition "!ctx.operator bool()", taking false branch.
examples/heif_info.cc:131:
  6. path: Condition "dump_boxes", taking false branch.
examples/heif_info.cc:136:
  7. path: Condition "err.code != 0", taking false branch.
examples/heif_info.cc:149:
  8. path: Condition "i < numImages", taking true branch.
examples/heif_info.cc:152:
  9. path: Condition "err.code", taking false branch.
examples/heif_info.cc:162:
  10. path: Condition "primary", taking true branch.
examples/heif_info.cc:170:
  11. path: Condition "thumbnailIdx < nThumbnails", taking true branch.
examples/heif_info.cc:172:
  12. path: Condition "err.code", taking false branch.
examples/heif_info.cc:183:
  13. path: Jumping back to the beginning of the loop.
examples/heif_info.cc:170:
  14. path: Condition "thumbnailIdx < nThumbnails", taking true branch.
examples/heif_info.cc:172:
  15. path: Condition "err.code", taking false branch.
examples/heif_info.cc:182:
  16. freed_arg: "heif_image_handle_release" frees "thumbnail_handle".
libheif/heif.cc:496:
  16.1. freed_arg: "operator delete" frees parameter "handle".
examples/heif_info.cc:183:
  17. path: Jumping back to the beginning of the loop.
examples/heif_info.cc:170:
  18. path: Condition "thumbnailIdx < nThumbnails", taking true branch.
examples/heif_info.cc:172:
  19. path: Condition "err.code", taking false branch.
examples/heif_info.cc:177:
  20. pass_freed_arg: Passing freed pointer "thumbnail_handle" as an argument to "heif_image_handle_get_width".

examples/heif_test.cc:77
  Checker: UNCAUGHT_EXCEPT

examples/heif_test.cc:77:
  root_function: In function "main(int, char **)" an exception of type "std::bad_weak_ptr" is thrown and never caught.
examples/heif_test.cc:121:
  fun_call_w_exception: Called function throws an exception of type "std::bad_weak_ptr".
libheif/heif_cxx.h:582:
  fun_call_w_exception: Called function throws an exception of type "std::bad_weak_ptr".
libheif/heif.cc:458:
  fun_call_w_exception: Called function throws an exception of type "std::bad_weak_ptr".
libheif/heif_context.cc:728:
  fun_call_w_exception: Called function throws an exception of type "std::bad_weak_ptr".
libheif/heif_context.cc:890:
  fun_call_w_exception: Called function throws an exception of type "std::bad_weak_ptr".
libheif/heif_image.cc:712:
  fun_call_w_exception: Called function throws an exception of type "std::bad_weak_ptr".
/usr/include/c++/8/bits/shared_ptr.h:655:
  fun_call_w_exception: Called function throws an exception of type "std::bad_weak_ptr".
/usr/include/c++/8/bits/shared_ptr.h:276:
  fun_call_w_exception: Called function throws an exception of type "std::bad_weak_ptr".
/usr/include/c++/8/bits/shared_ptr_base.h:1191:
  fun_call_w_exception: Called function throws an exception of type "std::bad_weak_ptr".
/usr/include/c++/8/bits/shared_ptr_base.h:896:
  fun_call_w_exception: Called function throws an exception of type "std::bad_weak_ptr".
/usr/include/c++/8/bits/shared_ptr_base.h:247:
  fun_call_w_exception: Called function throws an exception of type "std::bad_weak_ptr".
/usr/include/c++/8/bits/shared_ptr_base.h:84:
  exception_thrown: An exception of type "std::bad_weak_ptr" is thrown.

examples/heif_thumbnailer.cc:52
  Checker: UNCAUGHT_EXCEPT

examples/heif_thumbnailer.cc:52:
  root_function: In function "main(int, char **)" an exception of type "std::bad_weak_ptr" is thrown and never caught.
examples/heif_thumbnailer.cc:126:
  fun_call_w_exception: Called function throws an exception of type "std::bad_weak_ptr".
libheif/heif.cc:458:
  fun_call_w_exception: Called function throws an exception of type "std::bad_weak_ptr".
libheif/heif_context.cc:728:
  fun_call_w_exception: Called function throws an exception of type "std::bad_weak_ptr".
libheif/heif_context.cc:890:
  fun_call_w_exception: Called function throws an exception of type "std::bad_weak_ptr".
libheif/heif_image.cc:712:
  fun_call_w_exception: Called function throws an exception of type "std::bad_weak_ptr".
/usr/include/c++/8/bits/shared_ptr.h:655:
  fun_call_w_exception: Called function throws an exception of type "std::bad_weak_ptr".
/usr/include/c++/8/bits/shared_ptr.h:276:
  fun_call_w_exception: Called function throws an exception of type "std::bad_weak_ptr".
/usr/include/c++/8/bits/shared_ptr_base.h:1191:
  fun_call_w_exception: Called function throws an exception of type "std::bad_weak_ptr".
/usr/include/c++/8/bits/shared_ptr_base.h:896:
  fun_call_w_exception: Called function throws an exception of type "std::bad_weak_ptr".
/usr/include/c++/8/bits/shared_ptr_base.h:247:
  fun_call_w_exception: Called function throws an exception of type "std::bad_weak_ptr".
/usr/include/c++/8/bits/shared_ptr_base.h:84:
  exception_thrown: An exception of type "std::bad_weak_ptr" is thrown.

examples/heif_thumbnailer.cc:152
  Checker: DIVIDE_BY_ZERO

examples/heif_thumbnailer.cc:57:
  1. path: Condition "(opt = getopt(argc, argv, "s:h")) != -1", taking true branch.
examples/heif_thumbnailer.cc:58:
  2. path: Switch case value "115".
examples/heif_thumbnailer.cc:61:
  3. path: Breaking from switch.
examples/heif_thumbnailer.cc:66:
  4. path: Jumping back to the beginning of the loop.
examples/heif_thumbnailer.cc:57:
  5. path: Condition "(opt = getopt(argc, argv, "s:h")) != -1", taking true branch.
examples/heif_thumbnailer.cc:58:
  6. path: Switch case value "115".
examples/heif_thumbnailer.cc:61:
  7. path: Breaking from switch.
examples/heif_thumbnailer.cc:66:
  8. path: Jumping back to the beginning of the loop.
examples/heif_thumbnailer.cc:57:
  9. path: Condition "(opt = getopt(argc, argv, "s:h")) != -1", taking false branch.
examples/heif_thumbnailer.cc:68:
  10. path: Condition "optind + 2 > argc", taking false branch.
examples/heif_thumbnailer.cc:84:
  11. path: Condition "err.code != 0", taking false branch.
examples/heif_thumbnailer.cc:95:
  12. path: Condition "err.code", taking false branch.
examples/heif_thumbnailer.cc:105:
  13. path: Condition "nThumbnails > 0", taking true branch.
examples/heif_thumbnailer.cc:108:
  14. path: Condition "err.code", taking false branch.
examples/heif_thumbnailer.cc:131:
  15. path: Condition "err.code", taking false branch.
examples/heif_thumbnailer.cc:136:
  16. path: Condition "image", taking true branch.
examples/heif_thumbnailer.cc:136:
  17. path: Condition "(bool)image", taking true branch.
examples/heif_thumbnailer.cc:141:
  18. zero_return: Function call "heif_image_handle_get_height(image_handle)" returns 0.
libheif/heif.cc:332:
  18.1. path: Condition "handle", taking true branch.
libheif/heif.cc:332:
  18.2. path: Condition "handle->image.operator bool()", taking false branch.
libheif/heif.cc:336:
  18.3. return_zero_constant: Explicitly returning zero value "0".
examples/heif_thumbnailer.cc:141:
  19. assignment: Assigning: "input_height" = "heif_image_handle_get_height(image_handle)". The value of "input_height" is now 0.
examples/heif_thumbnailer.cc:146:
  20. path: Condition "input_width > size", taking true branch.
examples/heif_thumbnailer.cc:147:
  21. path: Condition "input_width > input_height", taking false branch.
examples/heif_thumbnailer.cc:152:
  22. divide_by_zero: In expression "input_width * size / input_height", division by expression "input_height" which may be zero has undefined behavior.

libheif/bitstream.cc:289
  Checker: CHECKED_RETURN

libheif/bitstream.cc:271:
  1. path: Condition "nBytes < 0", taking false branch.
libheif/bitstream.cc:277:
  2. path: Condition "this->m_remaining < nBytes", taking false branch.
libheif/bitstream.cc:288:
  3. path: Condition "this->m_parent_range", taking true branch.
libheif/bitstream.cc:289:
  4. check_return: Calling "prepare_read" without checking return value (as is done elsewhere 7 out of 8 times).
libheif/bitstream.cc:212: Supporting evidence set 1:
  5. example_checked: Example 1: "this->prepare_read(4L)" has its value checked in "this->prepare_read(4L)".
libheif/bitstream.cc:244: Supporting evidence set 2:
  6. example_checked: Example 2: "this->prepare_read(1L)" has its value checked in "this->prepare_read(1L)".
libheif/box.cc:196: Supporting evidence set 3:
  7. example_checked: Example 3: "range->prepare_read(16L)" has its value checked in "range->prepare_read(16L)".
libheif/box.cc:312: Supporting evidence set 4:
  8. example_checked: Example 4: "range->prepare_read(content_size)" has its value checked in "range->prepare_read(content_size)".
libheif/box.cc:2205: Supporting evidence set 5:
  9. example_checked: Example 5: "range->prepare_read(size)" has its value checked in "range->prepare_read(size)".

libheif/box.h:68
  Checker: UNINIT_CTOR

libheif/box.h:80:
  1. member_decl: Class member declaration for "numerator".
libheif/box.h:68:
  2. uninit_member: Non-static class member "numerator" is not initialized in this constructor nor in any functions that it calls.
libheif/box.h:80:
  3. member_decl: Class member declaration for "denominator".
libheif/box.h:68:
  4. uninit_member: Non-static class member "denominator" is not initialized in this constructor nor in any functions that it calls.

libheif/box.h:191
  Checker: UNINIT_CTOR

libheif/box.h:211:
  1. member_decl: Class member declaration for "m_major_brand".
libheif/box.h:191:
  2. uninit_member: Non-static class member "m_major_brand" is not initialized in this constructor nor in any functions that it calls.
libheif/box.h:212:
  3. member_decl: Class member declaration for "m_minor_version".
libheif/box.h:191:
  4. uninit_member: Non-static class member "m_minor_version" is not initialized in this constructor nor in any functions that it calls.

libheif/box.h:192
  Checker: UNINIT_CTOR

libheif/box.h:211:
  1. member_decl: Class member declaration for "m_major_brand".
libheif/box.h:192:
  2. uninit_member: Non-static class member "m_major_brand" is not initialized in this constructor nor in any functions that it calls.
libheif/box.h:212:
  3. member_decl: Class member declaration for "m_minor_version".
libheif/box.h:192:
  4. uninit_member: Non-static class member "m_minor_version" is not initialized in this constructor nor in any functions that it calls.

libheif/box.h:255
  Checker: UNINIT_CTOR

libheif/box.h:272:
  1. member_decl: Class member declaration for "m_item_ID".
libheif/box.h:255:
  2. uninit_member: Non-static class member "m_item_ID" is not initialized in this constructor nor in any functions that it calls.

libheif/box.h:256
  Checker: UNINIT_CTOR

libheif/box.h:272:
  1. member_decl: Class member declaration for "m_item_ID".
libheif/box.h:256:
  2. uninit_member: Non-static class member "m_item_ID" is not initialized in this constructor nor in any functions that it calls.

libheif/box.h:349
  Checker: UNINIT_CTOR

libheif/box.h:380:
  1. member_decl: Class member declaration for "m_item_ID".
libheif/box.h:349:
  2. uninit_member: Non-static class member "m_item_ID" is not initialized in this constructor nor in any functions that it calls.
libheif/box.h:381:
  3. member_decl: Class member declaration for "m_item_protection_index".
libheif/box.h:349:
  4. uninit_member: Non-static class member "m_item_protection_index" is not initialized in this constructor nor in any functions that it calls.

libheif/box.h:350
  Checker: UNINIT_CTOR

libheif/box.h:380:
  1. member_decl: Class member declaration for "m_item_ID".
libheif/box.h:350:
  2. uninit_member: Non-static class member "m_item_ID" is not initialized in this constructor nor in any functions that it calls.
libheif/box.h:381:
  3. member_decl: Class member declaration for "m_item_protection_index".
libheif/box.h:350:
  4. uninit_member: Non-static class member "m_item_protection_index" is not initialized in this constructor nor in any functions that it calls.

libheif/box.h:451
  Checker: UNINIT_CTOR

libheif/box.h:470:
  1. member_decl: Class member declaration for "m_image_width".
libheif/box.h:451:
  2. uninit_member: Non-static class member "m_image_width" is not initialized in this constructor nor in any functions that it calls.
libheif/box.h:471:
  3. member_decl: Class member declaration for "m_image_height".
libheif/box.h:451:
  4. uninit_member: Non-static class member "m_image_height" is not initialized in this constructor nor in any functions that it calls.

libheif/box.h:452
  Checker: UNINIT_CTOR

libheif/box.h:470:
  1. member_decl: Class member declaration for "m_image_width".
libheif/box.h:452:
  2. uninit_member: Non-static class member "m_image_width" is not initialized in this constructor nor in any functions that it calls.
libheif/box.h:471:
  3. member_decl: Class member declaration for "m_image_height".
libheif/box.h:452:
  4. uninit_member: Non-static class member "m_image_height" is not initialized in this constructor nor in any functions that it calls.

libheif/box.h:532
  Checker: UNINIT_CTOR

libheif/box.h:542:
  1. member_decl: Class member declaration for "m_rotation".
libheif/box.h:532:
  2. uninit_member: Non-static class member "m_rotation" is not initialized in this constructor nor in any functions that it calls.

libheif/box.h:548
  Checker: UNINIT_CTOR

libheif/box.h:563:
  1. member_decl: Class member declaration for "m_axis".
libheif/box.h:548:
  2. uninit_member: Non-static class member "m_axis" is not initialized in this constructor nor in any functions that it calls.

libheif/encoder_fuzzer.cc:133
  Checker: RESOURCE_LEAK

libheif/encoder_fuzzer.cc:123:
  1. path: Condition "context.operator bool()", taking true branch.
libheif/encoder_fuzzer.cc:123:
  2. path: Condition "(bool)context.operator bool()", taking true branch.
libheif/encoder_fuzzer.cc:128:
  3. path: Condition "count > 0", taking true branch.
libheif/encoder_fuzzer.cc:128:
  4. path: Condition "count > 0", taking true branch.
libheif/encoder_fuzzer.cc:128:
  5. path: Condition "(bool)(count > 0)", taking true branch.
libheif/encoder_fuzzer.cc:131:
  6. alloc_arg: "heif_context_get_encoder" allocates memory that is stored into "encoder".
libheif/heif.cc:856:
  6.1. path: Condition "!descriptor", taking false branch.
libheif/heif.cc:856:
  6.2. path: Condition "!encoder", taking false branch.
libheif/heif.cc:861:
  6.3. path: Condition "context == NULL", taking true branch.
libheif/heif.cc:862:
  6.4. alloc_fn: Storage is returned from allocation function "operator new".
libheif/heif.cc:862:
  6.5. assign: Assigning: "*encoder" = "new heif_encoder(std::shared_ptr<heif::HeifContext>(std::nullptr_t()), descriptor->plugin)".
libheif/heif.cc:863:
  6.6. path: Falling through to end of if statement.
libheif/encoder_fuzzer.cc:132:
  7. path: Condition "err.code != heif_error_Ok", taking true branch.
libheif/encoder_fuzzer.cc:133:
  8. leaked_storage: Variable "encoder" going out of scope leaks the storage it points to.

libheif/encoder_fuzzer.cc:152
  Checker: RESOURCE_LEAK

libheif/encoder_fuzzer.cc:123:
  1. path: Condition "context.operator bool()", taking true branch.
libheif/encoder_fuzzer.cc:123:
  2. path: Condition "(bool)context.operator bool()", taking true branch.
libheif/encoder_fuzzer.cc:128:
  3. path: Condition "count > 0", taking true branch.
libheif/encoder_fuzzer.cc:128:
  4. path: Condition "count > 0", taking true branch.
libheif/encoder_fuzzer.cc:128:
  5. path: Condition "(bool)(count > 0)", taking true branch.
libheif/encoder_fuzzer.cc:132:
  6. path: Condition "err.code != heif_error_Ok", taking false branch.
libheif/encoder_fuzzer.cc:136:
  7. path: Condition "size < 2", taking false branch.
libheif/encoder_fuzzer.cc:148:
  8. alloc_arg: "create_image" allocates memory that is stored into "image".
libheif/encoder_fuzzer.cc:41:
  8.1. path: Condition "size < 2", taking false branch.
libheif/encoder_fuzzer.cc:53:
  8.2. alloc_arg: "heif_image_create" allocates memory that is stored into "*image".
libheif/heif.cc:478:
  8.2.1. alloc_fn: Storage is returned from allocation function "operator new".
libheif/heif.cc:478:
  8.2.2. assign: Assigning: "img" = "new heif_image".
libheif/heif.cc:483:
  8.2.3. assign: Assigning: "*image" = "img".
libheif/encoder_fuzzer.cc:54:
  8.3. path: Condition "err.code != heif_error_Ok", taking true branch.
libheif/encoder_fuzzer.cc:149:
  9. path: Condition "read <= size", taking true branch.
libheif/encoder_fuzzer.cc:149:
  10. path: Condition "read <= size", taking true branch.
libheif/encoder_fuzzer.cc:149:
  11. path: Condition "(bool)(read <= size)", taking true branch.
libheif/encoder_fuzzer.cc:150:
  12. path: Condition "!read", taking true branch.
libheif/encoder_fuzzer.cc:152:
  13. leaked_storage: Variable "image" going out of scope leaks the storage it points to.

libheif/file_fuzzer.cc:34
  Checker: USELESS_CALL

libheif/file_fuzzer.cc:34:
  side_effect_free: Calling "heif_image_handle_is_primary_image(handle)" is only useful for its return value, which is ignored.
libheif/heif.cc:267:
  side_effect_free_fn: Calling "handle->image->is_primary()" is only useful for its return value.
libheif/heif_context.h:88:
  side_effect_free_fn: This function only appears useful for its return value.
libheif/heif.cc:267:
  side_effect_free_fn: Calling "handle->image" is only useful for its return value.
/usr/include/c++/8/bits/shared_ptr_base.h:1013:
  side_effect_free_fn: Calling "this->_M_get()" is only useful for its return value.
/usr/include/c++/8/bits/shared_ptr_base.h:1019:
  side_effect_free_fn: Calling "static_cast<std::__shared_ptr<heif::HeifContext::Image, (__gnu_cxx::_Lock_policy)2> const *>(this)->get()" is only useful for its return value.
/usr/include/c++/8/bits/shared_ptr_base.h:1307:
  side_effect_free_fn: This function only appears useful for its return value.
/usr/include/c++/8/bits/shared_ptr_base.h:1018:
  side_effect_free_fn: This function only appears useful for its return value.
/usr/include/c++/8/bits/shared_ptr_base.h:1010:
  side_effect_free_fn: This function only appears useful for its return value.
libheif/heif.cc:265:
  side_effect_free_fn: This function only appears useful for its return value.

libheif/file_fuzzer.cc:41
  Checker: RESOURCE_LEAK

libheif/file_fuzzer.cc:37:
  1. path: Condition "width >= 0", taking true branch.
libheif/file_fuzzer.cc:37:
  2. path: Condition "width >= 0", taking true branch.
libheif/file_fuzzer.cc:37:
  3. path: Condition "(bool)(width >= 0)", taking true branch.
libheif/file_fuzzer.cc:38:
  4. path: Condition "height >= 0", taking true branch.
libheif/file_fuzzer.cc:38:
  5. path: Condition "height >= 0", taking true branch.
libheif/file_fuzzer.cc:38:
  6. path: Condition "(bool)(height >= 0)", taking true branch.
libheif/file_fuzzer.cc:39:
  7. alloc_arg: "heif_decode_image" allocates memory that is stored into "image".
libheif/heif.cc:462:
  7.1. path: Condition "err.error_code != heif_error_Ok", taking false branch.
libheif/heif.cc:466:
  7.2. alloc_fn: Storage is returned from allocation function "operator new".
libheif/heif.cc:466:
  7.3. assign: Assigning: "*out_img" = "new heif_image".
libheif/file_fuzzer.cc:40:
  8. path: Condition "err.code != heif_error_Ok", taking true branch.
libheif/file_fuzzer.cc:41:
  9. leaked_storage: Variable "image" going out of scope leaks the storage it points to.

libheif/file_fuzzer.cc:83
  Checker: UNINIT

libheif/file_fuzzer.cc:57:
  1. var_decl: Declaring variable "image_IDs".
libheif/file_fuzzer.cc:60:
  2. path: Condition "ctx", taking true branch.
libheif/file_fuzzer.cc:60:
  3. path: Condition "(bool)ctx", taking true branch.
libheif/file_fuzzer.cc:62:
  4. path: Condition "err.code != heif_error_Ok", taking false branch.
libheif/file_fuzzer.cc:68:
  5. path: Condition "err.code == heif_error_Ok", taking true branch.
libheif/file_fuzzer.cc:69:
  6. path: Condition "heif_image_handle_is_primary_image(handle)", taking true branch.
libheif/file_fuzzer.cc:69:
  7. path: Condition "(bool)heif_image_handle_is_primary_image(handle)", taking true branch.
libheif/file_fuzzer.cc:75:
  8. path: Condition "!images_count", taking false branch.
libheif/file_fuzzer.cc:80:
  9. alloc_fn: Calling allocator "malloc".
libheif/file_fuzzer.cc:80:
  10. assign: Assigning: "image_IDs" = "(heif_item_id *)malloc(images_count * 4UL)", which is allocated but not initialized.
libheif/file_fuzzer.cc:82:
  11. path: Condition "i < images_count", taking true branch.
libheif/file_fuzzer.cc:83:
  12. uninit_use_in_call: Using uninitialized value "image_IDs[i]" when calling "heif_context_get_image_handle".
libheif/heif.cc:236:
  12.1. path: Condition "!img", taking false branch.
libheif/heif.cc:245:
  12.2. path: Iterating over another element of "images".
libheif/heif.cc:246:
  12.3. read_parm: Reading a parameter value.

libheif/file_fuzzer.cc:89
  Checker: USE_AFTER_FREE

libheif/file_fuzzer.cc:60:
  1. path: Condition "ctx", taking true branch.
libheif/file_fuzzer.cc:60:
  2. path: Condition "(bool)ctx", taking true branch.
libheif/file_fuzzer.cc:62:
  3. path: Condition "err.code != heif_error_Ok", taking false branch.
libheif/file_fuzzer.cc:68:
  4. path: Condition "err.code == heif_error_Ok", taking true branch.
libheif/file_fuzzer.cc:69:
  5. path: Condition "heif_image_handle_is_primary_image(handle)", taking true branch.
libheif/file_fuzzer.cc:69:
  6. path: Condition "(bool)heif_image_handle_is_primary_image(handle)", taking true branch.
libheif/file_fuzzer.cc:75:
  7. path: Condition "!images_count", taking false branch.
libheif/file_fuzzer.cc:82:
  8. path: Condition "i < images_count", taking true branch.
libheif/file_fuzzer.cc:84:
  9. path: Condition "err.code != heif_error_Ok", taking true branch.
libheif/file_fuzzer.cc:86:
  10. path: Continuing loop.
libheif/file_fuzzer.cc:82:
  11. path: Condition "i < images_count", taking true branch.
libheif/file_fuzzer.cc:84:
  12. path: Condition "err.code != heif_error_Ok", taking true branch.
libheif/file_fuzzer.cc:86:
  13. path: Continuing loop.
libheif/file_fuzzer.cc:82:
  14. path: Condition "i < images_count", taking true branch.
libheif/file_fuzzer.cc:84:
  15. path: Condition "err.code != heif_error_Ok", taking false branch.
libheif/file_fuzzer.cc:92:
  16. path: Condition "t < num_thumbnails", taking true branch.
libheif/file_fuzzer.cc:95:
  17. path: Condition "thumbnail_handle", taking true branch.
libheif/file_fuzzer.cc:99:
  18. path: Jumping back to the beginning of the loop.
libheif/file_fuzzer.cc:92:
  19. path: Condition "t < num_thumbnails", taking true branch.
libheif/file_fuzzer.cc:95:
  20. path: Condition "thumbnail_handle", taking true branch.
libheif/file_fuzzer.cc:99:
  21. path: Jumping back to the beginning of the loop.
libheif/file_fuzzer.cc:92:
  22. path: Condition "t < num_thumbnails", taking false branch.
libheif/file_fuzzer.cc:101:
  23. freed_arg: "heif_image_handle_release" frees "handle".
libheif/heif.cc:496:
  23.1. freed_arg: "operator delete" frees parameter "handle".
libheif/file_fuzzer.cc:102:
  24. path: Jumping back to the beginning of the loop.
libheif/file_fuzzer.cc:82:
  25. path: Condition "i < images_count", taking true branch.
libheif/file_fuzzer.cc:84:
  26. path: Condition "err.code != heif_error_Ok", taking false branch.
libheif/file_fuzzer.cc:89:
  27. deref_arg: Calling "TestDecodeImage" dereferences freed pointer "handle".
libheif/file_fuzzer.cc:34:
  27.1. deref_parm_in_call: Function "heif_image_handle_is_primary_image" dereferences "handle".
libheif/heif.cc:267:
  27.1.1. deref_parm_field_in_call: Function "operator ->" dereferences an offset off "handle".
/usr/include/c++/8/bits/shared_ptr_base.h:1013:
  27.1.1.1. deref_parm_in_call: Function "_M_get" dereferences "this".
/usr/include/c++/8/bits/shared_ptr_base.h:1019:
  27.1.1.1.1. deref_parm_in_call: Function "get" dereferences "this".
/usr/include/c++/8/bits/shared_ptr_base.h:1308:
  27.1.1.1.1.1. deref_parm: Directly dereferencing parameter "this".

libheif/file_fuzzer.cc:107
  Checker: RESOURCE_LEAK

libheif/file_fuzzer.cc:60:
  1. path: Condition "ctx", taking true branch.
libheif/file_fuzzer.cc:60:
  2. path: Condition "(bool)ctx", taking true branch.
libheif/file_fuzzer.cc:62:
  3. path: Condition "err.code != heif_error_Ok", taking false branch.
libheif/file_fuzzer.cc:67:
  4. alloc_arg: "heif_context_get_primary_image_handle" allocates memory that is stored into "handle".
libheif/heif.cc:148:
  4.1. path: Condition "!img", taking false branch.
libheif/heif.cc:158:
  4.2. path: Condition "!primary_image.operator bool()", taking false branch.
libheif/heif.cc:164:
  4.3. alloc_fn: Storage is returned from allocation function "operator new".
libheif/heif.cc:164:
  4.4. assign: Assigning: "*img" = "new heif_image_handle".
libheif/file_fuzzer.cc:68:
  5. path: Condition "err.code == heif_error_Ok", taking false branch.
libheif/file_fuzzer.cc:75:
  6. path: Condition "!images_count", taking true branch.
libheif/file_fuzzer.cc:77:
  7. path: Jumping to label "quit".
libheif/file_fuzzer.cc:107:
  8. leaked_storage: Variable "handle" going out of scope leaks the storage it points to.

libheif/file_fuzzer.cc:107
  Checker: RESOURCE_LEAK

libheif/file_fuzzer.cc:60:
  1. path: Condition "ctx", taking true branch.
libheif/file_fuzzer.cc:60:
  2. path: Condition "(bool)ctx", taking true branch.
libheif/file_fuzzer.cc:62:
  3. path: Condition "err.code != heif_error_Ok", taking false branch.
libheif/file_fuzzer.cc:68:
  4. path: Condition "err.code == heif_error_Ok", taking true branch.
libheif/file_fuzzer.cc:69:
  5. path: Condition "heif_image_handle_is_primary_image(handle)", taking true branch.
libheif/file_fuzzer.cc:69:
  6. path: Condition "(bool)heif_image_handle_is_primary_image(handle)", taking true branch.
libheif/file_fuzzer.cc:75:
  7. path: Condition "!images_count", taking false branch.
libheif/file_fuzzer.cc:82:
  8. path: Condition "i < images_count", taking true branch.
libheif/file_fuzzer.cc:84:
  9. path: Condition "err.code != heif_error_Ok", taking true branch.
libheif/file_fuzzer.cc:86:
  10. path: Continuing loop.
libheif/file_fuzzer.cc:82:
  11. path: Condition "i < images_count", taking true branch.
libheif/file_fuzzer.cc:83:
  12. alloc_arg: "heif_context_get_image_handle" allocates memory that is stored into "handle".
libheif/heif.cc:236:
  12.1. path: Condition "!img", taking false branch.
libheif/heif.cc:245:
  12.2. path: Iterating over another element of "images".
libheif/heif.cc:246:
  12.3. path: Condition "img->get_id() == id", taking true branch.
libheif/heif.cc:248:
  12.4. path: Breaking from loop.
libheif/heif.cc:252:
  12.5. path: Condition "!image.operator bool()", taking false branch.
libheif/heif.cc:257:
  12.6. alloc_fn: Storage is returned from allocation function "operator new".
libheif/heif.cc:257:
  12.7. assign: Assigning: "*img" = "new heif_image_handle".
libheif/file_fuzzer.cc:84:
  13. path: Condition "err.code != heif_error_Ok", taking true branch.
libheif/file_fuzzer.cc:86:
  14. path: Continuing loop.
libheif/file_fuzzer.cc:82:
  15. path: Condition "i < images_count", taking false branch.
libheif/file_fuzzer.cc:107:
  16. leaked_storage: Variable "handle" going out of scope leaks the storage it points to.

libheif/heif.cc:245
  Checker: PW.PARAMETER_HIDDEN

libheif/heif.cc:245:
  1. parameter_hidden: declaration hides parameter "img" (declared at line 234)

libheif/heif.cc:711
  Checker: FORWARD_NULL

libheif/heif.cc:707:
  1. path: Condition "decoder_plugin", taking false branch.
libheif/heif.cc:707:
  2. var_compare_op: Comparing "decoder_plugin" to null implies that "decoder_plugin" might be null.
libheif/heif.cc:711:
  3. var_deref_model: Passing null pointer "decoder_plugin" to "register_decoder", which dereferences it.
libheif/heif_context.cc:387:
  3.1. deref_parm: Directly dereferencing parameter "decoder_plugin".

libheif/heif.cc:722
  Checker: FORWARD_NULL

libheif/heif.cc:718:
  1. path: Condition "decoder_plugin", taking false branch.
libheif/heif.cc:718:
  2. var_compare_op: Comparing "decoder_plugin" to null implies that "decoder_plugin" might be null.
libheif/heif.cc:722:
  3. var_deref_model: Passing null pointer "decoder_plugin" to "register_decoder", which dereferences it.
libheif/heif_plugin_registry.cc:79:
  3.1. deref_parm: Directly dereferencing parameter "decoder_plugin".

libheif/heif.cc:733
  Checker: FORWARD_NULL

libheif/heif.cc:729:
  1. path: Condition "encoder_plugin", taking false branch.
libheif/heif.cc:729:
  2. var_compare_op: Comparing "encoder_plugin" to null implies that "encoder_plugin" might be null.
libheif/heif.cc:733:
  3. var_deref_model: Passing null pointer "encoder_plugin" to "register_encoder", which dereferences it.
libheif/heif_plugin_registry.cc:105:
  3.1. deref_parm: Directly dereferencing parameter "encoder_plugin".

libheif/heif_context.cc:312
  Checker: NO_EFFECT

libheif/heif_context.cc:312:
  unsigned_compare: This greater-than-or-equal-to-zero comparison of an unsigned value is always true. "image_index >= 0UL".

libheif/heif_context.cc:717
  Checker: UNINIT_CTOR

libheif/heif_context.h:163:
  1. member_decl: Class member declaration for "m_thumbnail_ref_id".
libheif/heif_context.cc:717:
  2. uninit_member: Non-static class member "m_thumbnail_ref_id" is not initialized in this constructor nor in any functions that it calls.
libheif/heif_context.h:168:
  3. member_decl: Class member declaration for "m_alpha_channel_ref_id".
libheif/heif_context.cc:717:
  4. uninit_member: Non-static class member "m_alpha_channel_ref_id" is not initialized in this constructor nor in any functions that it calls.
libheif/heif_context.h:172:
  5. member_decl: Class member declaration for "m_depth_channel_ref_id".
libheif/heif_context.cc:717:
  6. uninit_member: Non-static class member "m_depth_channel_ref_id" is not initialized in this constructor nor in any functions that it calls.
libheif/heif.h:429:
  7. member_decl: Class member declaration for "version".
libheif/heif_context.cc:717:
  8. uninit_member: Non-static class member field "m_depth_representation_info.version" is not initialized in this constructor nor in any functions that it calls.
libheif/heif.h:433:
  9. member_decl: Class member declaration for "has_z_near".
libheif/heif_context.cc:717:
  10. uninit_member: Non-static class member field "m_depth_representation_info.has_z_near" is not initialized in this constructor nor in any functions that it calls.
libheif/heif.h:434:
  11. member_decl: Class member declaration for "has_z_far".
libheif/heif_context.cc:717:
  12. uninit_member: Non-static class member field "m_depth_representation_info.has_z_far" is not initialized in this constructor nor in any functions that it calls.
libheif/heif.h:435:
  13. member_decl: Class member declaration for "has_d_min".
libheif/heif_context.cc:717:
  14. uninit_member: Non-static class member field "m_depth_representation_info.has_d_min" is not initialized in this constructor nor in any functions that it calls.
libheif/heif.h:436:
  15. member_decl: Class member declaration for "has_d_max".
libheif/heif_context.cc:717:
  16. uninit_member: Non-static class member field "m_depth_representation_info.has_d_max" is not initialized in this constructor nor in any functions that it calls.
libheif/heif.h:438:
  17. member_decl: Class member declaration for "z_near".
libheif/heif_context.cc:717:
  18. uninit_member: Non-static class member field "m_depth_representation_info.z_near" is not initialized in this constructor nor in any functions that it calls.
libheif/heif.h:439:
  19. member_decl: Class member declaration for "z_far".
libheif/heif_context.cc:717:
  20. uninit_member: Non-static class member field "m_depth_representation_info.z_far" is not initialized in this constructor nor in any functions that it calls.
libheif/heif.h:440:
  21. member_decl: Class member declaration for "d_min".
libheif/heif_context.cc:717:
  22. uninit_member: Non-static class member field "m_depth_representation_info.d_min" is not initialized in this constructor nor in any functions that it calls.
libheif/heif.h:441:
  23. member_decl: Class member declaration for "d_max".
libheif/heif_context.cc:717:
  24. uninit_member: Non-static class member field "m_depth_representation_info.d_max" is not initialized in this constructor nor in any functions that it calls.
libheif/heif.h:443:
  25. member_decl: Class member declaration for "depth_representation_type".
libheif/heif_context.cc:717:
  26. uninit_member: Non-static class member field "m_depth_representation_info.depth_representation_type" is not initialized in this constructor nor in any functions that it calls.
libheif/heif.h:444:
  27. member_decl: Class member declaration for "disparity_reference_view".
libheif/heif_context.cc:717:
  28. uninit_member: Non-static class member field "m_depth_representation_info.disparity_reference_view" is not initialized in this constructor nor in any functions that it calls.
libheif/heif.h:446:
  29. member_decl: Class member declaration for "depth_nonlinear_representation_model_size".
libheif/heif_context.cc:717:
  30. uninit_member: Non-static class member field "m_depth_representation_info.depth_nonlinear_representation_model_size" is not initialized in this constructor nor in any functions that it calls.
libheif/heif.h:447:
  31. member_decl: Class member declaration for "depth_nonlinear_representation_model".
libheif/heif_context.cc:717:
  32. uninit_member: Non-static class member field "m_depth_representation_info.depth_nonlinear_representation_model" is not initialized in this constructor nor in any functions that it calls.

libheif/heif_context.cc:1018
  Checker: SIGN_EXTENSION

libheif/heif_context.cc:1018:
  sign_extension: Suspicious implicit sign extension: "grid.get_columns()" with type "uint16_t" (16 bits, unsigned) is promoted in "grid.get_rows() * grid.get_columns()" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned).  If "grid.get_rows() * grid.get_columns()" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.

libheif/heif_context.cc:1018
  Checker: SIGN_EXTENSION

libheif/heif_context.cc:1018:
  sign_extension: Suspicious implicit sign extension: "grid.get_rows()" with type "uint16_t" (16 bits, unsigned) is promoted in "grid.get_rows() * grid.get_columns()" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned).  If "grid.get_rows() * grid.get_columns()" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.

libheif/heif_context.cc:1036
  Checker: SIGN_EXTENSION

libheif/heif_context.cc:1036:
  sign_extension: Suspicious implicit sign extension: "grid.get_columns()" with type "uint16_t" (16 bits, unsigned) is promoted in "x + y * grid.get_columns()" to type "int" (32 bits, signed), then sign-extended to type "unsigned long" (64 bits, unsigned).  If "x + y * grid.get_columns()" is greater than 0x7FFFFFFF, the upper bits of the result will all be 1.

libheif/heif_decoder_libde265.cc:98
  Checker: RESOURCE_LEAK

libheif/heif_decoder_libde265.cc:91:
  1. alloc_arg: "heif_image_create" allocates memory that is stored into "out_img".
libheif/heif.cc:478:
  1.1. alloc_fn: Storage is returned from allocation function "operator new".
libheif/heif.cc:478:
  1.2. assign: Assigning: "img" = "new heif_image".
libheif/heif.cc:483:
  1.3. assign: Assigning: "*image" = "img".
libheif/heif_decoder_libde265.cc:97:
  2. path: Condition "err.code != heif_error_Ok", taking true branch.
libheif/heif_decoder_libde265.cc:98:
  3. leaked_storage: Variable "out_img" going out of scope leaks the storage it points to.

libheif/heif_decoder_libde265.cc:121
  Checker: RESOURCE_LEAK

libheif/heif_decoder_libde265.cc:91:
  1. alloc_arg: "heif_image_create" allocates memory that is stored into "out_img".
libheif/heif.cc:478:
  1.1. alloc_fn: Storage is returned from allocation function "operator new".
libheif/heif.cc:478:
  1.2. assign: Assigning: "img" = "new heif_image".
libheif/heif.cc:483:
  1.3. assign: Assigning: "*image" = "img".
libheif/heif_decoder_libde265.cc:97:
  2. path: Condition "err.code != heif_error_Ok", taking false branch.
libheif/heif_decoder_libde265.cc:110:
  3. path: Condition "c < 3", taking true branch.
libheif/heif_decoder_libde265.cc:119:
  4. noescape: Resource "out_img" is not freed or pointed-to in "heif_image_add_plane".
libheif/heif.cc:534:
  4.1. noescape: "heif_image_add_plane(heif_image *, heif_channel, int, int, int)" does not free or save its parameter "image".
libheif/heif_decoder_libde265.cc:120:
  5. path: Condition "err.code != heif_error_Ok", taking true branch.
libheif/heif_decoder_libde265.cc:121:
  6. leaked_storage: Variable "out_img" going out of scope leaks the storage it points to.