FFmpeg
coverity.c
Go to the documentation of this file.
1 /* Coverity Scan model
2 *
3 * Copyright (C) 2014 Red Hat, Inc.
4 *
5 * Authors:
6 * Markus Armbruster <armbru@redhat.com>
7 * Paolo Bonzini <pbonzini@redhat.com>
8 *
9 * This work is licensed under the terms of the GNU GPL, version 2 or, at your
10 * option, any later version. See the COPYING file in the top-level directory.
11 */
12 /*
13 * This is the source code for our Coverity user model file. The
14 * purpose of user models is to increase scanning accuracy by explaining
15 * code Coverity can't see (out of tree libraries) or doesn't
16 * sufficiently understand. Better accuracy means both fewer false
17 * positives and more true defects. Memory leaks in particular.
18 *
19 * - A model file can't import any header files. Some built-in primitives are
20 * available but not wchar_t, NULL etc.
21 * - Modeling doesn't need full structs and typedefs. Rudimentary structs
22 * and similar types are sufficient.
23 * - An uninitialized local variable signifies that the variable could be
24 * any value.
25 *
26 * The model file must be uploaded by an admin in the analysis settings of
27 * https://scan.coverity.com/projects/54
28 *
29 * above text is based on https://github.com/qemu/qemu/blob/master/scripts/coverity-model.c
30 */
31 
32 #define NULL (void *)0
33 
34 typedef long long int64_t;
35 
36 enum AVRounding {
37  AV_ROUND_ZERO = 0,
38  AV_ROUND_INF = 1,
39  AV_ROUND_DOWN = 2,
40  AV_ROUND_UP = 3,
41  AV_ROUND_NEAR_INF = 5,
42  AV_ROUND_PASS_MINMAX = 8192,
43 };
44 
45 // Based on https://scan.coverity.com/models
46 void *av_malloc(size_t size) {
47  int has_memory;
48  __coverity_negative_sink__(size);
49  if (has_memory) {
50  void *ptr = __coverity_alloc__(size);
51  __coverity_mark_as_uninitialized_buffer__(ptr);
52  __coverity_mark_as_afm_allocated__(ptr, "av_free");
53  return ptr;
54  } else {
55  return 0;
56  }
57 }
58 
59 void *av_mallocz(size_t size) {
60  int has_memory;
61  __coverity_negative_sink__(size);
62  if (has_memory) {
63  void *ptr = __coverity_alloc__(size);
64  __coverity_writeall0__(ptr);
65  __coverity_mark_as_afm_allocated__(ptr, "av_free");
66  return ptr;
67  } else {
68  return 0;
69  }
70 }
71 
72 void *av_realloc(void *ptr, size_t size) {
73  int has_memory;
74  __coverity_negative_sink__(size);
75  if (has_memory) {
76  __coverity_escape__(ptr);
77  ptr = __coverity_alloc__(size);
78  __coverity_writeall__(ptr);
79  __coverity_mark_as_afm_allocated__(ptr, "av_free");
80  return ptr;
81  } else {
82  return 0;
83  }
84 }
85 
86 void *av_free(void *ptr) {
87  __coverity_free__(ptr);
88  __coverity_mark_as_afm_freed__(ptr, "av_free");
89 }
90 
91 
92 int64_t av_rescale_rnd(int64_t a, int64_t b, int64_t c, enum AVRounding rnd) {
93  __coverity_negative_sink__(b);
94  __coverity_negative_sink__(c);
95 
96  return (double)a * (double)b / (double)c;
97 }
AV_ROUND_UP
@ AV_ROUND_UP
Definition: coverity.c:40
int64_t
long long int64_t
Definition: coverity.c:34
b
#define b
Definition: input.c:41
AV_ROUND_ZERO
@ AV_ROUND_ZERO
Definition: coverity.c:37
AVRounding
AVRounding
Rounding methods.
Definition: mathematics.h:130
rnd
#define rnd()
Definition: checkasm.h:172
AV_ROUND_NEAR_INF
@ AV_ROUND_NEAR_INF
Definition: coverity.c:41
AV_ROUND_PASS_MINMAX
@ AV_ROUND_PASS_MINMAX
Definition: coverity.c:42
double
double
Definition: af_crystalizer.c:132
c
Undefined Behavior In the C some operations are like signed integer dereferencing freed accessing outside allocated Undefined Behavior must not occur in a C it is not safe even if the output of undefined operations is unused The unsafety may seem nit picking but Optimizing compilers have in fact optimized code on the assumption that no undefined Behavior occurs Optimizing code based on wrong assumptions can and has in some cases lead to effects beyond the output of computations The signed integer overflow problem in speed critical code Code which is highly optimized and works with signed integers sometimes has the problem that often the output of the computation does not c
Definition: undefined.txt:32
AV_ROUND_DOWN
@ AV_ROUND_DOWN
Definition: coverity.c:39
av_rescale_rnd
int64_t av_rescale_rnd(int64_t a, int64_t b, int64_t c, enum AVRounding rnd)
Rescale a 64-bit integer with specified rounding.
Definition: coverity.c:92
size
int size
Definition: twinvq_data.h:10344
a
The reader does not expect b to be semantically here and if the code is changed by maybe adding a a division or other the signedness will almost certainly be mistaken To avoid this confusion a new type was SUINT is the C unsigned type but it holds a signed int to use the same example SUINT a
Definition: undefined.txt:41
AV_ROUND_INF
@ AV_ROUND_INF
Definition: coverity.c:38
av_mallocz
void * av_mallocz(size_t size)
Allocate a memory block with alignment suitable for all memory accesses (including vectors if availab...
Definition: coverity.c:59
av_free
void * av_free(void *ptr)
Free a memory block which has been allocated with a function of av_malloc() or av_realloc() family.
Definition: coverity.c:86
av_malloc
void * av_malloc(size_t size)
Allocate a memory block with alignment suitable for all memory accesses (including vectors if availab...
Definition: coverity.c:46
av_realloc
void * av_realloc(void *ptr, size_t size)
Allocate, reallocate, or free a block of memory.
Definition: coverity.c:72
Generated on Fri Nov 15 2024 19:23:07 for FFmpeg by   doxygen 1.8.17