Coverity Scan - Static Analysis

Sample of Defect

Project Name	CID	Checker	Category	Developer Description
digiKam	1034287	TAINTED_SCALAR	Insecure data handling	increase a lots the security of code

File: /mnt/devel/GIT/4.x/extra/libkface/libkface/alignment-congealing/funnelreal.cpp

    }

    // convert to float
    grey.convertTo(image, CV_32F);

    const int height = image.rows - 2*d->windowSize;
    const int width  = image.cols - 2*d->windowSize;

    std::vector<std::vector<std::vector<float> > > originalFeatures;

    d->computeOriginalFeatures(originalFeatures, image, width, height);

    std::vector<float> v = d->computeTransform(originalFeatures, width, height);

    return d->applyTransform(inputImage, v, d->outerDimH, d->outerDimW);
}

void FunnelReal::Private::loadTrainingData(const QString& path)
{
    try
    {
        std::ifstream trainingInfo(path.toLocal8Bit());
        trainingInfo.exceptions(std::ifstream::badbit);

 << 1. Calling function "operator >>" taints argument "this->edgeDescDim".

        trainingInfo >> numFeatureClusters >> edgeDescDim;

        std::vector<float> cRow(edgeDescDim, 0);
        centroids = std::vector<std::vector<float> >(numFeatureClusters, cRow);
        sigmaSq   = std::vector<float>(numFeatureClusters);

 < 2. Condition "i < this->numFeatureClusters", taking true branch

231
232

        for(int i=0; i<numFeatureClusters; i++)
        {

 <<< CID 1034287: Insecure data handling TAINTED_SCALAR
 <<< 3. Using tainted variable "this->edgeDescDim" as a loop boundary.

            for(int j=0; j<edgeDescDim; j++)
            {
                trainingInfo >> centroids[i][j];
            }
            trainingInfo >> sigmaSq[i];
        }

        trainingInfo >> numRandPxls;
        randPxls = std::vector<std::pair<int, int> >(numRandPxls);

        for(int j=0; j<numRandPxls; j++)
            trainingInfo >> randPxls[j].first >> randPxls[j].second;

        std::vector<float>                dfCol(numFeatureClusters, 0);
        std::vector<std::vector<float> >  logDistField(numRandPxls, dfCol);

        int iteration;

        while(true)
        {
            trainingInfo >> iteration;

            if(trainingInfo.eof())
                break;

            for(int j=0; j<numRandPxls; j++)
            {

Events:

	1. tainted_data_argument	funnelreal.cpp:225
	3. tainted_data	funnelreal.cpp:233

Sample of Defect

About Synopsys

Communities and resources