NULL_DEREFERENCE-tools/tiff2pdf.c:1995-HIGH
Varangian Defect Detector Bot:
Varangian is a bot which uses Augmented Static Analysis to automatically create issues for bugs in the latest commit. More information: https://github.com/AICoE/Varangian
Description:
Infer bug type: NULL_DEREFERENCE
Location: tools/tiff2pdf.c:1995
Description: tools/tiff2pdf.c:1995:4:
Likelihood: HIGH
Possible bug location:
tools/tiff2pdf.c:1995
tools/tiff2pdf.c:1995:4:
1993. {
1994. TIFFGetField(input, TIFFTAG_STRIPBYTECOUNTS, &sbc);
1995. t2p_set_tiff_datasize(t2p, sbc[0]);
^
1996. return;
1997. }
All traces:
Show trace for bug with rank 2
Bug Rank: 2#2524
tools/tiff2pdf.c:1995: error: Null Dereference
pointer `sbc` last assigned on line 1976 could be null and is dereferenced at line 1995, column 31.
tools/tiff2pdf.c:1974:1: start of procedure t2p_read_tiff_size()
1972. uncompressed image data from the input TIFF for a page.
1973. */
1974. void t2p_read_tiff_size(T2P* t2p, TIFF* input){
^
1975.
1976. uint64_t* sbc=NULL;
tools/tiff2pdf.c:1976:2:
1974. void t2p_read_tiff_size(T2P* t2p, TIFF* input){
1975.
1976. uint64_t* sbc=NULL;
^
1977. #if defined(JPEG_SUPPORT) || defined(OJPEG_SUPPORT)
1978. unsigned char* jpt=NULL;
tools/tiff2pdf.c:1978:2:
1976. uint64_t* sbc=NULL;
1977. #if defined(JPEG_SUPPORT) || defined(OJPEG_SUPPORT)
1978. unsigned char* jpt=NULL;
^
1979. tstrip_t i=0;
1980. tstrip_t stripcount=0;
tools/tiff2pdf.c:1979:2:
1977. #if defined(JPEG_SUPPORT) || defined(OJPEG_SUPPORT)
1978. unsigned char* jpt=NULL;
1979. tstrip_t i=0;
^
1980. tstrip_t stripcount=0;
1981. #endif
tools/tiff2pdf.c:1980:2:
1978. unsigned char* jpt=NULL;
1979. tstrip_t i=0;
1980. tstrip_t stripcount=0;
^
1981. #endif
1982. uint64_t k = 0;
tools/tiff2pdf.c:1982:2:
1980. tstrip_t stripcount=0;
1981. #endif
1982. uint64_t k = 0;
^
1983.
1984. if(t2p->pdf_transcode == T2P_TRANSCODE_RAW){
tools/tiff2pdf.c:1984:5: Taking true branch
1982. uint64_t k = 0;
1983.
1984. if(t2p->pdf_transcode == T2P_TRANSCODE_RAW){
^
1985. #if defined(CCITT_SUPPORT) || defined(ZIP_SUPPORT)
1986. #if defined(CCITT_SUPPORT) && defined(ZIP_SUPPORT)
tools/tiff2pdf.c:1987:6: Taking false branch
1985. #if defined(CCITT_SUPPORT) || defined(ZIP_SUPPORT)
1986. #if defined(CCITT_SUPPORT) && defined(ZIP_SUPPORT)
1987. if(t2p->pdf_compression == T2P_COMPRESS_G4 || t2p->pdf_compression == T2P_COMPRESS_ZIP)
^
1988. #elif defined(CCITT_SUPPORT)
1989. if(t2p->pdf_compression == T2P_COMPRESS_G4)
tools/tiff2pdf.c:1987:49: Taking true branch
1985. #if defined(CCITT_SUPPORT) || defined(ZIP_SUPPORT)
1986. #if defined(CCITT_SUPPORT) && defined(ZIP_SUPPORT)
1987. if(t2p->pdf_compression == T2P_COMPRESS_G4 || t2p->pdf_compression == T2P_COMPRESS_ZIP)
^
1988. #elif defined(CCITT_SUPPORT)
1989. if(t2p->pdf_compression == T2P_COMPRESS_G4)
tools/tiff2pdf.c:1994:4:
1992. #endif
1993. {
1994. TIFFGetField(input, TIFFTAG_STRIPBYTECOUNTS, &sbc);
^
1995. t2p_set_tiff_datasize(t2p, sbc[0]);
1996. return;
libtiff/tif_dir.c:1269:1: start of procedure TIFFGetField()
1267. * internal directory structure.
1268. */
1269. int
^
1270. TIFFGetField(TIFF* tif, uint32_t tag, ...)
1271. {
libtiff/tif_dir.c:1275:2:
1273. va_list ap;
1274.
1275. va_start(ap, tag);
^
1276. status = TIFFVGetField(tif, tag, ap);
1277. va_end(ap);
libtiff/tif_dir.c:1276:2:
1274.
1275. va_start(ap, tag);
1276. status = TIFFVGetField(tif, tag, ap);
^
1277. va_end(ap);
1278. return (status);
libtiff/tif_dir.c:1287:1: start of procedure TIFFVGetField()
1285. * top of the library.
1286. */
1287. int
^
1288. TIFFVGetField(TIFF* tif, uint32_t tag, va_list ap)
1289. {
libtiff/tif_dir.c:1290:2:
1288. TIFFVGetField(TIFF* tif, uint32_t tag, va_list ap)
1289. {
1290. const TIFFField* fip = TIFFFindField(tif, tag, TIFF_ANY);
^
1291. return (fip && (isPseudoTag(tag) || TIFFFieldSet(tif, fip->field_bit)) ?
1292. (*tif->tif_tagmethods.vgetfield)(tif, tag, ap) : 0);
libtiff/tif_dirinfo.c:680:1: start of procedure TIFFFindField()
678.
679.
680. const TIFFField*
^
681. TIFFFindField(TIFF* tif, uint32_t tag, TIFFDataType dt)
682. {
libtiff/tif_dirinfo.c:683:2:
681. TIFFFindField(TIFF* tif, uint32_t tag, TIFFDataType dt)
682. {
683. TIFFField key = {0, 0, 0, TIFF_NOTYPE, 0, 0, 0, 0, 0, 0, NULL, NULL};
^
684. TIFFField* pkey = &key;
685. const TIFFField **ret;
libtiff/tif_dirinfo.c:684:2:
682. {
683. TIFFField key = {0, 0, 0, TIFF_NOTYPE, 0, 0, 0, 0, 0, 0, NULL, NULL};
684. TIFFField* pkey = &key;
^
685. const TIFFField **ret;
686. if (tif->tif_foundfield && tif->tif_foundfield->field_tag == tag &&
libtiff/tif_dirinfo.c:686:6: Taking true branch
684. TIFFField* pkey = &key;
685. const TIFFField **ret;
686. if (tif->tif_foundfield && tif->tif_foundfield->field_tag == tag &&
^
687. (dt == TIFF_ANY || dt == tif->tif_foundfield->field_type))
688. return tif->tif_foundfield;
libtiff/tif_dirinfo.c:686:29: Taking true branch
684. TIFFField* pkey = &key;
685. const TIFFField **ret;
686. if (tif->tif_foundfield && tif->tif_foundfield->field_tag == tag &&
^
687. (dt == TIFF_ANY || dt == tif->tif_foundfield->field_type))
688. return tif->tif_foundfield;
libtiff/tif_dirinfo.c:687:7: Taking true branch
685. const TIFFField **ret;
686. if (tif->tif_foundfield && tif->tif_foundfield->field_tag == tag &&
687. (dt == TIFF_ANY || dt == tif->tif_foundfield->field_type))
^
688. return tif->tif_foundfield;
689.
libtiff/tif_dirinfo.c:688:3:
686. if (tif->tif_foundfield && tif->tif_foundfield->field_tag == tag &&
687. (dt == TIFF_ANY || dt == tif->tif_foundfield->field_type))
688. return tif->tif_foundfield;
^
689.
690. /* If we are invoked with no field information, then just return. */
libtiff/tif_dirinfo.c:703:1: return from a call to TIFFFindField
701. sizeof(TIFFField *), tagCompare);
702. return tif->tif_foundfield = (ret ? *ret : NULL);
703. }
^
704.
705. static const TIFFField*
libtiff/tif_dir.c:1291:10: Condition is true
1289. {
1290. const TIFFField* fip = TIFFFindField(tif, tag, TIFF_ANY);
1291. return (fip && (isPseudoTag(tag) || TIFFFieldSet(tif, fip->field_bit)) ?
^
1292. (*tif->tif_tagmethods.vgetfield)(tif, tag, ap) : 0);
1293. }
libtiff/tif_dir.c:1291:18: Condition is false
1289. {
1290. const TIFFField* fip = TIFFFindField(tif, tag, TIFF_ANY);
1291. return (fip && (isPseudoTag(tag) || TIFFFieldSet(tif, fip->field_bit)) ?
^
1292. (*tif->tif_tagmethods.vgetfield)(tif, tag, ap) : 0);
1293. }
libtiff/tif_dir.c:1291:38: Condition is false
1289. {
1290. const TIFFField* fip = TIFFFindField(tif, tag, TIFF_ANY);
1291. return (fip && (isPseudoTag(tag) || TIFFFieldSet(tif, fip->field_bit)) ?
^
1292. (*tif->tif_tagmethods.vgetfield)(tif, tag, ap) : 0);
1293. }
libtiff/tif_dir.c:1291:10:
1289. {
1290. const TIFFField* fip = TIFFFindField(tif, tag, TIFF_ANY);
1291. return (fip && (isPseudoTag(tag) || TIFFFieldSet(tif, fip->field_bit)) ?
^
1292. (*tif->tif_tagmethods.vgetfield)(tif, tag, ap) : 0);
1293. }
libtiff/tif_dir.c:1291:2:
1289. {
1290. const TIFFField* fip = TIFFFindField(tif, tag, TIFF_ANY);
1291. return (fip && (isPseudoTag(tag) || TIFFFieldSet(tif, fip->field_bit)) ?
^
1292. (*tif->tif_tagmethods.vgetfield)(tif, tag, ap) : 0);
1293. }
libtiff/tif_dir.c:1293:1: return from a call to TIFFVGetField
1291. return (fip && (isPseudoTag(tag) || TIFFFieldSet(tif, fip->field_bit)) ?
1292. (*tif->tif_tagmethods.vgetfield)(tif, tag, ap) : 0);
1293. }
^
1294.
1295. #define CleanupField(member) { \
libtiff/tif_dir.c:1277:2:
1275. va_start(ap, tag);
1276. status = TIFFVGetField(tif, tag, ap);
1277. va_end(ap);
^
1278. return (status);
1279. }
libtiff/tif_dir.c:1278:2:
1276. status = TIFFVGetField(tif, tag, ap);
1277. va_end(ap);
1278. return (status);
^
1279. }
1280.
libtiff/tif_dir.c:1279:1: return from a call to TIFFGetField
1277. va_end(ap);
1278. return (status);
1279. }
^
1280.
1281. /*
tools/tiff2pdf.c:1995:4:
1993. {
1994. TIFFGetField(input, TIFFTAG_STRIPBYTECOUNTS, &sbc);
1995. t2p_set_tiff_datasize(t2p, sbc[0]);
^
1996. return;
1997. }
Feedback
Please open issues here if you have any feedback you would like to give us.