Skip to content

Static analysis errors #241

Open
Open
Static analysis errors#241
@kmilos

Description

@kmilos
kmilos
opened on Jan 9, 2026

Interesting OpenScanHub output from Fedora's repository scan (it's for 0.25.3 currently, but these still apply to 0.26.0):

Error: CPPCHECK_WARNING ([CWE-398](https://cwe.mitre.org/data/definitions/398.html)): [[#def3]](https://svashisht.fedorapeople.org/openscanhub/mass-scans/f44-08-Jan-2026/openjph-0.25.3-2.fc44/scan-results.html#def3)
OpenJPH-0.25.3/src/apps/ojph_compress/ojph_compress.cpp:619: error[throwInEntryPoint]: Unhandled exception thrown in function that is an entry point.
#  617|       return -1;
#  618|     }
#  619|->   if (!get_arguments(argc, argv, input_filename, output_filename,
#  620|                        prog_order, profile_string, num_decompositions,
#  621|                        quantization_step, reversible, employ_color_transform,

Error: CPPCHECK_WARNING ([CWE-190](https://cwe.mitre.org/data/definitions/190.html)): [[#def4]](https://svashisht.fedorapeople.org/openscanhub/mass-scans/f44-08-Jan-2026/openjph-0.25.3-2.fc44/scan-results.html#def4)
OpenJPH-0.25.3/src/core/transform/ojph_colour.cpp:325: error[integerOverflow]: Signed integer overflow for expression '-2147483647-1'.
#  323|         float fl_low_lim = (float)neg_limit; // val >= lower
#  324|         si32 s32_up_lim = INT_MAX >> (32 - bit_depth);
#  325|->       si32 s32_low_lim = INT_MIN >> (32 - bit_depth);
#  326|   
#  327|         if (is_signed)

Error: CPPCHECK_WARNING ([CWE-190](https://cwe.mitre.org/data/definitions/190.html)): [[#def5]](https://svashisht.fedorapeople.org/openscanhub/mass-scans/f44-08-Jan-2026/openjph-0.25.3-2.fc44/scan-results.html#def5)
OpenJPH-0.25.3/src/core/transform/ojph_colour_avx2.cpp:293: error[integerOverflow]: Signed integer overflow for expression '-2147483647-1'.
#  291|         __m256 fl_low_lim = _mm256_set1_ps((float)neg_limit);  // val >= lower
#  292|         __m256i s32_up_lim = _mm256_set1_epi32(INT_MAX >> (32 - bit_depth));
#  293|->       __m256i s32_low_lim = _mm256_set1_epi32(INT_MIN >> (32 - bit_depth));
#  294|   
#  295|         if (is_signed)

Error: CPPCHECK_WARNING ([CWE-190](https://cwe.mitre.org/data/definitions/190.html)): [[#def6]](https://svashisht.fedorapeople.org/openscanhub/mass-scans/f44-08-Jan-2026/openjph-0.25.3-2.fc44/scan-results.html#def6)
OpenJPH-0.25.3/src/core/transform/ojph_colour_sse2.cpp:138: error[integerOverflow]: Signed integer overflow for expression '-2147483647-1'.
#  136|         __m128 fl_low_lim = _mm_set1_ps((float)neg_limit); // val >= lower
#  137|         __m128i s32_up_lim = _mm_set1_epi32(INT_MAX >> (32 - bit_depth));
#  138|->       __m128i s32_low_lim = _mm_set1_epi32(INT_MIN >> (32 - bit_depth));
#  139|   
#  140|         if (is_signed)

The first one is real, the others maybe not be worth all the casting hassle...?

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions