python-pillow-12.1.0-2.fc44

List of Findings

Error: GCC_ANALYZER_WARNING (CWE-457): [#def1]
Pillow-12.1.0/src/_imaging.c:1111:9: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘kernelsize’
Pillow-12.1.0/src/_imaging.c:1092:1: enter_function: entry to ‘_filter’
Pillow-12.1.0/src/_imaging.c:1100:8: branch_false: following ‘false’ branch...
Pillow-12.1.0/src/_imaging.c:1107:18: branch_false: ...to here
Pillow-12.1.0/src/_imaging.c:1107:18: call_function: calling ‘getlist’ from ‘_filter’
Pillow-12.1.0/src/_imaging.c:1107:18: return_function: returning to ‘_filter’ from ‘getlist’
Pillow-12.1.0/src/_imaging.c:1108:8: branch_false: following ‘false’ branch...
Pillow-12.1.0/src/_imaging.c:1111:23: branch_false: ...to here
Pillow-12.1.0/src/_imaging.c:1111:9: danger: use of uninitialized value ‘kernelsize’ here
# 1109|           return NULL;
# 1110|       }
# 1111|->     if (kernelsize != (Py_ssize_t)xsize * (Py_ssize_t)ysize) {
# 1112|           free(kerneldata);
# 1113|           return ImagingError_ValueError("bad kernel size");

Error: GCC_ANALYZER_WARNING (CWE-457): [#def2]
Pillow-12.1.0/src/_imaging.c:2788:9: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘buffer’
Pillow-12.1.0/src/_imaging.c:2767:1: enter_function: entry to ‘_font_text_asBytes’
Pillow-12.1.0/src/_imaging.c:2776:8: branch_false: following ‘false’ branch...
Pillow-12.1.0/src/_imaging.c:2782:16: call_function: inlined call to ‘PyType_HasFeature’ from ‘_font_text_asBytes’
Pillow-12.1.0/src/_imaging.c:2782:15: branch_false: following ‘false’ branch...
Pillow-12.1.0/src/_imaging.c:2786:20: branch_false: ...to here
Pillow-12.1.0/src/_imaging.c:2787:8: branch_true: following ‘true’ branch...
Pillow-12.1.0/src/_imaging.c:2788:9: branch_true: ...to here
Pillow-12.1.0/src/_imaging.c:2788:9: danger: use of uninitialized value ‘buffer’ here
# 2786|       *text = calloc(len + 1, 1);
# 2787|       if (*text) {
# 2788|->         memcpy(*text, buffer, len);
# 2789|       } else {
# 2790|           ImagingError_MemoryError();

Error: GCC_ANALYZER_WARNING (CWE-401): [#def3]
Pillow-12.1.0/src/encode.c:1073:9: warning[-Wanalyzer-malloc-leak]: leak of ‘get_qtables_arrays(qtables, & qtablesLen)’
Pillow-12.1.0/src/encode.c:1119:1: enter_function: entry to ‘PyImaging_JpegEncoderNew’
Pillow-12.1.0/src/encode.c:1144:8: branch_false: following ‘false’ branch...
Pillow-12.1.0/src/encode.c:1171:15: branch_false: ...to here
Pillow-12.1.0/src/encode.c:1171:15: call_function: calling ‘PyImaging_EncoderNew’ from ‘PyImaging_JpegEncoderNew’
Pillow-12.1.0/src/encode.c:1171:15: return_function: returning to ‘PyImaging_JpegEncoderNew’ from ‘PyImaging_EncoderNew’
Pillow-12.1.0/src/encode.c:1172:8: branch_false: following ‘false’ branch...
Pillow-12.1.0/src/encode.c:1176:25: branch_false: ...to here
Pillow-12.1.0/src/encode.c:1186:9: call_function: calling ‘get_packer’ from ‘PyImaging_JpegEncoderNew’
Pillow-12.1.0/src/encode.c:1186:9: return_function: returning to ‘PyImaging_JpegEncoderNew’ from ‘get_packer’
Pillow-12.1.0/src/encode.c:1186:8: branch_false: following ‘false’ branch...
Pillow-12.1.0/src/encode.c:1191:15: branch_false: ...to here
Pillow-12.1.0/src/encode.c:1191:15: call_function: calling ‘get_qtables_arrays’ from ‘PyImaging_JpegEncoderNew’
Pillow-12.1.0/src/encode.c:1191:15: return_function: returning to ‘PyImaging_JpegEncoderNew’ from ‘get_qtables_arrays’
Pillow-12.1.0/src/encode.c:1193:8: branch_true: following ‘true’ branch...
Pillow-12.1.0/src/encode.c:1073:9: danger: ‘get_qtables_arrays(qtables, & qtablesLen)’ leaks here; was allocated at [(32)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/31)
# 1071|       tables = PySequence_Fast(qtables, "expected a sequence");
# 1072|       num_tables = PySequence_Size(qtables);
# 1073|->     if (num_tables < 1 || num_tables > NUM_QUANT_TBLS) {
# 1074|           PyErr_SetString(
# 1075|               PyExc_ValueError,

Error: COMPILER_WARNING: [#def4]
Pillow-12.1.0/src/libImaging/Arrow.c: scope_hint: In function ‘export_named_type’
Pillow-12.1.0/src/libImaging/Arrow.c:170:5: warning[-Wstringop-truncation]: ‘__strncpy_chk’ specified bound depends on the length of the source argument
#  170 |     strncpy(formatp, format, format_len);
#      |     ^
Pillow-12.1.0/src/libImaging/Arrow.c:155:25: note: length computed here
#  155 |     size_t format_len = strlen(format) + 1;
#      |                         ^~~~~~~~~~~~~~
#  168|       }
#  169|   
#  170|->     strncpy(formatp, format, format_len);
#  171|       strncpy(namep, name, name_len);
#  172|   

Error: COMPILER_WARNING: [#def5]
Pillow-12.1.0/src/libImaging/Arrow.c:171:5: warning[-Wstringop-truncation]: ‘__strncpy_chk’ specified bound depends on the length of the source argument
#  171 |     strncpy(namep, name, name_len);
#      |     ^
Pillow-12.1.0/src/libImaging/Arrow.c:156:23: note: length computed here
#  156 |     size_t name_len = strlen(name) + 1;
#      |                       ^~~~~~~~~~~~
#  169|   
#  170|       strncpy(formatp, format, format_len);
#  171|->     strncpy(namep, name, name_len);
#  172|   
#  173|       *schema = (struct ArrowSchema){// Type description

Error: GCC_ANALYZER_WARNING (CWE-476): [#def6]
Pillow-12.1.0/src/libImaging/Arrow.c:222:5: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘*schema.children’
Pillow-12.1.0/src/libImaging/Arrow.c:188:1: enter_function: entry to ‘export_imaging_schema’
Pillow-12.1.0/src/libImaging/Arrow.c:192:8: branch_false: following ‘false’ branch...
Pillow-12.1.0/src/libImaging/Arrow.c:197:9: branch_false: ...to here
Pillow-12.1.0/src/libImaging/Arrow.c:197:8: branch_false: following ‘false’ branch...
Pillow-12.1.0/src/libImaging/Arrow.c:201:9: branch_false: ...to here
Pillow-12.1.0/src/libImaging/Arrow.c:201:8: branch_false: following ‘false’ branch...
Pillow-12.1.0/src/libImaging/Arrow.c:215:14: branch_false: ...to here
Pillow-12.1.0/src/libImaging/Arrow.c:215:14: call_function: calling ‘export_named_type’ from ‘export_imaging_schema’
Pillow-12.1.0/src/libImaging/Arrow.c:215:14: return_function: returning to ‘export_imaging_schema’ from ‘export_named_type’
Pillow-12.1.0/src/libImaging/Arrow.c:216:8: branch_false: following ‘false’ branch...
Pillow-12.1.0/src/libImaging/Arrow.c:220:5: branch_false: ...to here
Pillow-12.1.0/src/libImaging/Arrow.c:221:24: acquire_memory: this call could return NULL
Pillow-12.1.0/src/libImaging/Arrow.c:222:5: danger: ‘calloc(1, 8)’ could be NULL: unchecked value from [(19)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/18)
#  220|       schema->n_children = 1;
#  221|       schema->children = calloc(1, sizeof(struct ArrowSchema *));
#  222|->     schema->children[0] = (struct ArrowSchema *)calloc(1, sizeof(struct ArrowSchema));
#  223|       retval = export_named_type(
#  224|           schema->children[0], im->arrow_band_format, getModeData(im->mode)->name

Error: GCC_ANALYZER_WARNING (CWE-476): [#def7]
Pillow-12.1.0/src/libImaging/Arrow.c:306:5: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘*array.buffers’
Pillow-12.1.0/src/libImaging/Arrow.c:278:8: branch_false: following ‘false’ branch...
Pillow-12.1.0/src/libImaging/Arrow.c:282:9: branch_false: ...to here
Pillow-12.1.0/src/libImaging/Arrow.c:304:37: acquire_memory: this call could return NULL
Pillow-12.1.0/src/libImaging/Arrow.c:306:5: danger: ‘malloc(16)’ could be NULL: unchecked value from [(3)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/2)
#  304|       array->buffers = (const void **)malloc(sizeof(void *) * array->n_buffers);
#  305|       // assert(array->buffers != NULL);
#  306|->     array->buffers[0] = NULL;  // no nulls, null bitmap can be omitted
#  307|   
#  308|       if (im->block) {

Error: GCC_ANALYZER_WARNING (CWE-476): [#def8]
Pillow-12.1.0/src/libImaging/Arrow.c:387:9: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘calloc(2, 8)’
Pillow-12.1.0/src/libImaging/Arrow.c:321:8: branch_false: following ‘false’ branch...
Pillow-12.1.0/src/libImaging/Arrow.c:325:9: branch_false: ...to here
Pillow-12.1.0/src/libImaging/Arrow.c:350:8: branch_false: following ‘false’ branch...
Pillow-12.1.0/src/libImaging/Arrow.c:354:5: branch_false: ...to here
Pillow-12.1.0/src/libImaging/Arrow.c:359:8: branch_false: following ‘false’ branch...
Pillow-12.1.0/src/libImaging/Arrow.c:362:47: branch_false: ...to here
Pillow-12.1.0/src/libImaging/Arrow.c:363:8: branch_false: following ‘false’ branch...
Pillow-12.1.0/src/libImaging/Arrow.c:368:5: branch_false: ...to here
Pillow-12.1.0/src/libImaging/Arrow.c:384:24: acquire_memory: this call could return NULL
Pillow-12.1.0/src/libImaging/Arrow.c:386:8: branch_true: following ‘true’ branch...
Pillow-12.1.0/src/libImaging/Arrow.c:387:9: branch_true: ...to here
Pillow-12.1.0/src/libImaging/Arrow.c:387:9: danger: ‘calloc(2, 8)’ could be NULL: unchecked value from [(9)](sarif:/runs/0/results/5/codeFlows/0/threadFlows/0/locations/8)
#  385|   
#  386|       if (im->block) {
#  387|->         array->children[0]->buffers[1] = im->block;
#  388|       } else {
#  389|           array->children[0]->buffers[1] = im->blocks[0].ptr;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def9]
Pillow-12.1.0/src/libImaging/Arrow.c:389:9: warning[-Wanalyzer-possible-null-dereference]: dereference of possibly-NULL ‘calloc(2, 8)’
Pillow-12.1.0/src/libImaging/Arrow.c:321:8: branch_false: following ‘false’ branch...
Pillow-12.1.0/src/libImaging/Arrow.c:325:9: branch_false: ...to here
Pillow-12.1.0/src/libImaging/Arrow.c:350:8: branch_false: following ‘false’ branch...
Pillow-12.1.0/src/libImaging/Arrow.c:354:5: branch_false: ...to here
Pillow-12.1.0/src/libImaging/Arrow.c:359:8: branch_false: following ‘false’ branch...
Pillow-12.1.0/src/libImaging/Arrow.c:362:47: branch_false: ...to here
Pillow-12.1.0/src/libImaging/Arrow.c:363:8: branch_false: following ‘false’ branch...
Pillow-12.1.0/src/libImaging/Arrow.c:368:5: branch_false: ...to here
Pillow-12.1.0/src/libImaging/Arrow.c:384:24: acquire_memory: this call could return NULL
Pillow-12.1.0/src/libImaging/Arrow.c:386:8: branch_false: following ‘false’ branch...
Pillow-12.1.0/src/libImaging/Arrow.c:389:42: branch_false: ...to here
Pillow-12.1.0/src/libImaging/Arrow.c:389:9: danger: ‘calloc(2, 8)’ could be NULL: unchecked value from [(9)](sarif:/runs/0/results/6/codeFlows/0/threadFlows/0/locations/8)
#  387|           array->children[0]->buffers[1] = im->block;
#  388|       } else {
#  389|->         array->children[0]->buffers[1] = im->blocks[0].ptr;
#  390|       }
#  391|       return 0;

Error: GCC_ANALYZER_WARNING (CWE-476): [#def10]
Pillow-12.1.0/src/libImaging/Arrow.c:394:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘*array.children’
Pillow-12.1.0/src/libImaging/Arrow.c:321:8: branch_false: following ‘false’ branch...
Pillow-12.1.0/src/libImaging/Arrow.c:325:9: branch_false: ...to here
Pillow-12.1.0/src/libImaging/Arrow.c:350:8: branch_false: following ‘false’ branch...
Pillow-12.1.0/src/libImaging/Arrow.c:354:5: branch_false: ...to here
Pillow-12.1.0/src/libImaging/Arrow.c:358:23: acquire_memory: allocated here
Pillow-12.1.0/src/libImaging/Arrow.c:359:8: release_memory: assuming ‘*array.children’ is NULL
Pillow-12.1.0/src/libImaging/Arrow.c:359:8: branch_true: following ‘true’ branch...
Pillow-12.1.0/src/libImaging/Arrow.c:360:9: branch_true: ...to here
Pillow-12.1.0/src/libImaging/Arrow.c:394:9: danger: dereference of NULL ‘*array.children’
#  392|   
#  393|   err:
#  394|->     if (array->children[0]) {
#  395|           free(array->children[0]);
#  396|       }

Error: GCC_ANALYZER_WARNING (CWE-476): [#def11]
Pillow-12.1.0/src/libImaging/Arrow.c:394:9: warning[-Wanalyzer-null-dereference]: dereference of NULL ‘0’
Pillow-12.1.0/src/libImaging/Arrow.c:321:8: branch_false: following ‘false’ branch...
Pillow-12.1.0/src/libImaging/Arrow.c:325:9: branch_false: ...to here
Pillow-12.1.0/src/libImaging/Arrow.c:350:8: branch_true: following ‘true’ branch...
Pillow-12.1.0/src/libImaging/Arrow.c:351:9: branch_true: ...to here
Pillow-12.1.0/src/libImaging/Arrow.c:394:9: release_memory: using NULL here
Pillow-12.1.0/src/libImaging/Arrow.c:394:9: danger: dereference of NULL ‘*array.children’
#  392|   
#  393|   err:
#  394|->     if (array->children[0]) {
#  395|           free(array->children[0]);
#  396|       }

Error: GCC_ANALYZER_WARNING (CWE-416): [#def12]
Pillow-12.1.0/src/libImaging/Draw.c:1984:9: warning[-Wanalyzer-use-after-free]: use after ‘free’ of ‘eIn’
Pillow-12.1.0/src/libImaging/Draw.c:1960:1: enter_function: entry to ‘ImagingOutlineTransform’
Pillow-12.1.0/src/libImaging/Draw.c:1977:12: call_function: calling ‘allocate’ from ‘ImagingOutlineTransform’
Pillow-12.1.0/src/libImaging/Draw.c:1977:12: return_function: returning to ‘ImagingOutlineTransform’ from ‘allocate’
Pillow-12.1.0/src/libImaging/Draw.c:1978:8: branch_false: following ‘false’ branch...
Pillow-12.1.0/src/libImaging/Draw.c:1978:8: branch_false: ...to here
Pillow-12.1.0/src/libImaging/Draw.c:1983:17: branch_true: following ‘true’ branch (when ‘i < n’)...
Pillow-12.1.0/src/libImaging/Draw.c:1984:9: branch_true: ...to here
Pillow-12.1.0/src/libImaging/Draw.c:1984:9: danger: use after ‘free’ of ‘eIn’; freed at [(10)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/9)
# 1982|   
# 1983|       for (i = 0; i < n; i++) {
# 1984|->         x0 = eIn->x0;
# 1985|           y0 = eIn->y0;
# 1986|   

Error: GCC_ANALYZER_WARNING (CWE-457): [#def13]
Pillow-12.1.0/src/libImaging/RankFilter.c:60:1: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘*<unknown>’
Pillow-12.1.0/src/libImaging/RankFilter.c:62:13: enter_function: entry to ‘ImagingRankFilter’
Pillow-12.1.0/src/libImaging/RankFilter.c:67:8: branch_false: following ‘false’ branch...
Pillow-12.1.0/src/libImaging/RankFilter.c:71:8: branch_false: following ‘false’ branch...
Pillow-12.1.0/src/libImaging/RankFilter.c:76:16: branch_false: ...to here
Pillow-12.1.0/src/libImaging/RankFilter.c:76:8: branch_false: following ‘false’ branch...
Pillow-12.1.0/src/libImaging/RankFilter.c:83:8: branch_false: following ‘false’ branch...
Pillow-12.1.0/src/libImaging/RankFilter.c:87:58: branch_false: ...to here
Pillow-12.1.0/src/libImaging/RankFilter.c:88:8: branch_false: following ‘false’ branch...
Pillow-12.1.0/src/libImaging/RankFilter.c:114:9: branch_false: ...to here
Pillow-12.1.0/src/libImaging/RankFilter.c:114:8: branch_true: following ‘true’ branch...
Pillow-12.1.0/src/libImaging/RankFilter.c:115:9: branch_true: ...to here
Pillow-12.1.0/src/libImaging/RankFilter.c:115:9: branch_false: following ‘false’ branch (when ‘buf’ is non-NULL)...
Pillow-12.1.0/src/libImaging/RankFilter.c:115:9: branch_false: ...to here
Pillow-12.1.0/src/libImaging/RankFilter.c:115:9: branch_true: following ‘true’ branch...
Pillow-12.1.0/src/libImaging/RankFilter.c:115:9: branch_true: ...to here
Pillow-12.1.0/src/libImaging/RankFilter.c:115:9: branch_false: following ‘false’ branch (when ‘i >= size’)...
Pillow-12.1.0/src/libImaging/RankFilter.c:115:9: branch_false: ...to here
Pillow-12.1.0/src/libImaging/RankFilter.c:115:9: call_function: calling ‘RankUINT8’ from ‘ImagingRankFilter’
#   58|       }
#   59|   
#   60|-> MakeRankFunction(UINT8) MakeRankFunction(INT32) MakeRankFunction(FLOAT32)
#   61|   
#   62|       Imaging ImagingRankFilter(Imaging im, int size, int rank) {

Error: GCC_ANALYZER_WARNING (CWE-457): [#def14]
Pillow-12.1.0/src/libImaging/RankFilter.c:60:25: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘*<unknown>’
Pillow-12.1.0/src/libImaging/RankFilter.c:62:13: enter_function: entry to ‘ImagingRankFilter’
Pillow-12.1.0/src/libImaging/RankFilter.c:67:8: branch_false: following ‘false’ branch...
Pillow-12.1.0/src/libImaging/RankFilter.c:71:8: branch_false: following ‘false’ branch...
Pillow-12.1.0/src/libImaging/RankFilter.c:76:16: branch_false: ...to here
Pillow-12.1.0/src/libImaging/RankFilter.c:76:8: branch_false: following ‘false’ branch...
Pillow-12.1.0/src/libImaging/RankFilter.c:83:8: branch_false: following ‘false’ branch...
Pillow-12.1.0/src/libImaging/RankFilter.c:87:58: branch_false: ...to here
Pillow-12.1.0/src/libImaging/RankFilter.c:88:8: branch_false: following ‘false’ branch...
Pillow-12.1.0/src/libImaging/RankFilter.c:114:9: branch_false: ...to here
Pillow-12.1.0/src/libImaging/RankFilter.c:114:8: branch_false: following ‘false’ branch...
Pillow-12.1.0/src/libImaging/RankFilter.c:116:16: branch_false: ...to here
Pillow-12.1.0/src/libImaging/RankFilter.c:116:15: branch_true: following ‘true’ branch...
Pillow-12.1.0/src/libImaging/RankFilter.c:117:9: branch_true: ...to here
Pillow-12.1.0/src/libImaging/RankFilter.c:117:9: branch_false: following ‘false’ branch (when ‘buf’ is non-NULL)...
Pillow-12.1.0/src/libImaging/RankFilter.c:117:9: branch_false: ...to here
Pillow-12.1.0/src/libImaging/RankFilter.c:117:9: branch_true: following ‘true’ branch...
Pillow-12.1.0/src/libImaging/RankFilter.c:117:9: branch_true: ...to here
Pillow-12.1.0/src/libImaging/RankFilter.c:117:9: branch_false: following ‘false’ branch (when ‘i >= size’)...
Pillow-12.1.0/src/libImaging/RankFilter.c:117:9: branch_false: ...to here
Pillow-12.1.0/src/libImaging/RankFilter.c:117:9: call_function: calling ‘RankINT32’ from ‘ImagingRankFilter’
#   58|       }
#   59|   
#   60|-> MakeRankFunction(UINT8) MakeRankFunction(INT32) MakeRankFunction(FLOAT32)
#   61|   
#   62|       Imaging ImagingRankFilter(Imaging im, int size, int rank) {

Error: GCC_ANALYZER_WARNING (CWE-457): [#def15]
Pillow-12.1.0/src/libImaging/RankFilter.c:60:49: warning[-Wanalyzer-use-of-uninitialized-value]: use of uninitialized value ‘*<unknown>’
Pillow-12.1.0/src/libImaging/RankFilter.c:62:13: enter_function: entry to ‘ImagingRankFilter’
Pillow-12.1.0/src/libImaging/RankFilter.c:67:8: branch_false: following ‘false’ branch...
Pillow-12.1.0/src/libImaging/RankFilter.c:71:8: branch_false: following ‘false’ branch...
Pillow-12.1.0/src/libImaging/RankFilter.c:76:16: branch_false: ...to here
Pillow-12.1.0/src/libImaging/RankFilter.c:76:8: branch_false: following ‘false’ branch...
Pillow-12.1.0/src/libImaging/RankFilter.c:83:8: branch_false: following ‘false’ branch...
Pillow-12.1.0/src/libImaging/RankFilter.c:87:58: branch_false: ...to here
Pillow-12.1.0/src/libImaging/RankFilter.c:88:8: branch_false: following ‘false’ branch...
Pillow-12.1.0/src/libImaging/RankFilter.c:114:9: branch_false: ...to here
Pillow-12.1.0/src/libImaging/RankFilter.c:114:8: branch_false: following ‘false’ branch...
Pillow-12.1.0/src/libImaging/RankFilter.c:116:16: branch_false: ...to here
Pillow-12.1.0/src/libImaging/RankFilter.c:116:15: branch_false: following ‘false’ branch...
Pillow-12.1.0/src/libImaging/RankFilter.c:118:15: branch_false: ...to here
Pillow-12.1.0/src/libImaging/RankFilter.c:118:15: branch_true: following ‘true’ branch...
Pillow-12.1.0/src/libImaging/RankFilter.c:119:9: branch_true: ...to here
Pillow-12.1.0/src/libImaging/RankFilter.c:119:9: branch_false: following ‘false’ branch (when ‘buf’ is non-NULL)...
Pillow-12.1.0/src/libImaging/RankFilter.c:119:9: branch_false: ...to here
Pillow-12.1.0/src/libImaging/RankFilter.c:119:9: branch_true: following ‘true’ branch...
Pillow-12.1.0/src/libImaging/RankFilter.c:119:9: branch_true: ...to here
Pillow-12.1.0/src/libImaging/RankFilter.c:119:9: branch_false: following ‘false’ branch (when ‘i >= size’)...
Pillow-12.1.0/src/libImaging/RankFilter.c:119:9: branch_false: ...to here
Pillow-12.1.0/src/libImaging/RankFilter.c:119:9: call_function: calling ‘RankFLOAT32’ from ‘ImagingRankFilter’
#   58|       }
#   59|   
#   60|-> MakeRankFunction(UINT8) MakeRankFunction(INT32) MakeRankFunction(FLOAT32)
#   61|   
#   62|       Imaging ImagingRankFilter(Imaging im, int size, int rank) {

Error: GCC_ANALYZER_WARNING: [#def16]
Pillow-12.1.0/src/libImaging/Resample.c:217:10: warning[-Wanalyzer-imprecise-fp-arithmetic]: use of floating-point arithmetic here might yield unexpected results
Pillow-12.1.0/src/libImaging/Resample.c:708:1: enter_function: entry to ‘ImagingResampleInner’
Pillow-12.1.0/src/libImaging/Resample.c:729:19: call_function: calling ‘precompute_coeffs’ from ‘ImagingResampleInner’
#  215|       /* coefficient buffer */
#  216|       /* malloc check ok, overflow checked above */
#  217|->     kk = malloc(outSize * ksize * sizeof(double));
#  218|       if (!kk) {
#  219|           ImagingError_MemoryError();

Error: GCC_ANALYZER_WARNING (CWE-401): [#def17]
Pillow-12.1.0/src/libImaging/SgiRleDecode.c:220:8: warning[-Wanalyzer-malloc-leak]: leak of ‘calloc((long unsigned int)*c.tablen, 4)’
Pillow-12.1.0/src/libImaging/SgiRleDecode.c:171:8: branch_false: following ‘false’ branch...
Pillow-12.1.0/src/libImaging/SgiRleDecode.c:187:8: branch_false: following ‘false’ branch...
Pillow-12.1.0/src/libImaging/SgiRleDecode.c:192:11: branch_false: ...to here
Pillow-12.1.0/src/libImaging/SgiRleDecode.c:193:8: branch_false: following ‘false’ branch (when ‘ptr’ is non-NULL)...
Pillow-12.1.0/src/libImaging/SgiRleDecode.c:197:5: branch_false: ...to here
Pillow-12.1.0/src/libImaging/SgiRleDecode.c:198:8: branch_false: following ‘false’ branch...
Pillow-12.1.0/src/libImaging/SgiRleDecode.c:205:5: branch_false: ...to here
Pillow-12.1.0/src/libImaging/SgiRleDecode.c:218:19: acquire_memory: allocated here
Pillow-12.1.0/src/libImaging/SgiRleDecode.c:220:8: danger: ‘calloc((long unsigned int)*c.tablen, 4)’ leaks here; was allocated at [(9)](sarif:/runs/0/results/0/codeFlows/0/threadFlows/0/locations/8)
#  218|       c->starttab = calloc(c->tablen, sizeof(UINT32));
#  219|       c->lengthtab = calloc(c->tablen, sizeof(UINT32));
#  220|->     if (!state->buffer || !c->starttab || !c->lengthtab) {
#  221|           err = IMAGING_CODEC_MEMORY;
#  222|           goto sgi_finish_decode;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def18]
Pillow-12.1.0/src/libImaging/SgiRleDecode.c:220:9: warning[-Wanalyzer-malloc-leak]: leak of ‘calloc((long unsigned int)*c.tablen, 4)’
Pillow-12.1.0/src/libImaging/SgiRleDecode.c:171:8: branch_false: following ‘false’ branch...
Pillow-12.1.0/src/libImaging/SgiRleDecode.c:187:8: branch_false: following ‘false’ branch...
Pillow-12.1.0/src/libImaging/SgiRleDecode.c:192:11: branch_false: ...to here
Pillow-12.1.0/src/libImaging/SgiRleDecode.c:193:8: branch_false: following ‘false’ branch (when ‘ptr’ is non-NULL)...
Pillow-12.1.0/src/libImaging/SgiRleDecode.c:197:5: branch_false: ...to here
Pillow-12.1.0/src/libImaging/SgiRleDecode.c:198:8: branch_false: following ‘false’ branch...
Pillow-12.1.0/src/libImaging/SgiRleDecode.c:205:5: branch_false: ...to here
Pillow-12.1.0/src/libImaging/SgiRleDecode.c:219:20: acquire_memory: allocated here
Pillow-12.1.0/src/libImaging/SgiRleDecode.c:220:8: branch_false: following ‘false’ branch...
Pillow-12.1.0/src/libImaging/SgiRleDecode.c:220:9: branch_false: ...to here
Pillow-12.1.0/src/libImaging/SgiRleDecode.c:220:9: danger: ‘calloc((long unsigned int)*c.tablen, 4)’ leaks here; was allocated at [(9)](sarif:/runs/0/results/1/codeFlows/0/threadFlows/0/locations/8)
#  218|       c->starttab = calloc(c->tablen, sizeof(UINT32));
#  219|       c->lengthtab = calloc(c->tablen, sizeof(UINT32));
#  220|->     if (!state->buffer || !c->starttab || !c->lengthtab) {
#  221|           err = IMAGING_CODEC_MEMORY;
#  222|           goto sgi_finish_decode;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def19]
Pillow-12.1.0/src/libImaging/SgiRleDecode.c:220:9: warning[-Wanalyzer-malloc-leak]: leak of ‘calloc((long unsigned int)*c.tablen, 4)’
Pillow-12.1.0/src/libImaging/SgiRleDecode.c:171:8: branch_false: following ‘false’ branch...
Pillow-12.1.0/src/libImaging/SgiRleDecode.c:187:8: branch_false: following ‘false’ branch...
Pillow-12.1.0/src/libImaging/SgiRleDecode.c:192:11: branch_false: ...to here
Pillow-12.1.0/src/libImaging/SgiRleDecode.c:193:8: branch_false: following ‘false’ branch (when ‘ptr’ is non-NULL)...
Pillow-12.1.0/src/libImaging/SgiRleDecode.c:197:5: branch_false: ...to here
Pillow-12.1.0/src/libImaging/SgiRleDecode.c:198:8: branch_false: following ‘false’ branch...
Pillow-12.1.0/src/libImaging/SgiRleDecode.c:205:5: branch_false: ...to here
Pillow-12.1.0/src/libImaging/SgiRleDecode.c:218:19: acquire_memory: allocated here
Pillow-12.1.0/src/libImaging/SgiRleDecode.c:220:8: branch_false: following ‘false’ branch...
Pillow-12.1.0/src/libImaging/SgiRleDecode.c:220:9: branch_false: ...to here
Pillow-12.1.0/src/libImaging/SgiRleDecode.c:220:9: branch_false: following ‘false’ branch...
Pillow-12.1.0/src/libImaging/SgiRleDecode.c:220:9: branch_false: ...to here
Pillow-12.1.0/src/libImaging/SgiRleDecode.c:220:9: danger: ‘calloc((long unsigned int)*c.tablen, 4)’ leaks here; was allocated at [(9)](sarif:/runs/0/results/2/codeFlows/0/threadFlows/0/locations/8)
#  218|       c->starttab = calloc(c->tablen, sizeof(UINT32));
#  219|       c->lengthtab = calloc(c->tablen, sizeof(UINT32));
#  220|->     if (!state->buffer || !c->starttab || !c->lengthtab) {
#  221|           err = IMAGING_CODEC_MEMORY;
#  222|           goto sgi_finish_decode;

Error: GCC_ANALYZER_WARNING (CWE-401): [#def20]
Pillow-12.1.0/src/libImaging/SgiRleDecode.c:225:44: warning[-Wanalyzer-malloc-leak]: leak of ‘calloc((long unsigned int)*c.tablen, 4)’
Pillow-12.1.0/src/libImaging/SgiRleDecode.c:171:8: branch_false: following ‘false’ branch...
Pillow-12.1.0/src/libImaging/SgiRleDecode.c:187:8: branch_false: following ‘false’ branch...
Pillow-12.1.0/src/libImaging/SgiRleDecode.c:192:11: branch_false: ...to here
Pillow-12.1.0/src/libImaging/SgiRleDecode.c:193:8: branch_false: following ‘false’ branch (when ‘ptr’ is non-NULL)...
Pillow-12.1.0/src/libImaging/SgiRleDecode.c:197:5: branch_false: ...to here
Pillow-12.1.0/src/libImaging/SgiRleDecode.c:198:8: branch_false: following ‘false’ branch...
Pillow-12.1.0/src/libImaging/SgiRleDecode.c:205:5: branch_false: ...to here
Pillow-12.1.0/src/libImaging/SgiRleDecode.c:218:19: acquire_memory: allocated here
Pillow-12.1.0/src/libImaging/SgiRleDecode.c:220:8: branch_false: following ‘false’ branch...
Pillow-12.1.0/src/libImaging/SgiRleDecode.c:220:9: branch_false: ...to here
Pillow-12.1.0/src/libImaging/SgiRleDecode.c:220:9: branch_false: following ‘false’ branch...
Pillow-12.1.0/src/libImaging/SgiRleDecode.c:225:44: danger: ‘calloc((long unsigned int)*c.tablen, 4)’ leaks here; was allocated at [(9)](sarif:/runs/0/results/3/codeFlows/0/threadFlows/0/locations/8)
#  223|       }
#  224|       /* populate offsets table */
#  225|->     for (c->tabindex = 0, c->bufindex = 0; c->tabindex < c->tablen;
#  226|            c->tabindex++, c->bufindex += 4) {
#  227|           read4B(&c->starttab[c->tabindex], &ptr[c->bufindex]);

Error: GCC_ANALYZER_WARNING (CWE-401): [#def21]
Pillow-12.1.0/src/libImaging/Storage.c:260:12: warning[-Wanalyzer-malloc-leak]: leak of ‘block.ptr’
Pillow-12.1.0/src/libImaging/Storage.c:640:1: enter_function: entry to ‘ImagingNewDirty’
Pillow-12.1.0/src/libImaging/Storage.c:644:12: call_function: calling ‘ImagingNewInternal’ from ‘ImagingNewDirty’
#  258|   Imaging
#  259|   ImagingNewPrologue(const ModeID mode, int xsize, int ysize) {
#  260|->     return ImagingNewPrologueSubtype(
#  261|           mode, xsize, ysize, sizeof(struct ImagingMemoryInstance)
#  262|       );

Error: GCC_ANALYZER_WARNING (CWE-401): [#def22]
Pillow-12.1.0/src/libImaging/Storage.c:411:1: warning[-Wanalyzer-malloc-leak]: leak of ‘block.ptr’
Pillow-12.1.0/src/libImaging/Storage.c:596:1: enter_function: entry to ‘ImagingNewInternal’
Pillow-12.1.0/src/libImaging/Storage.c:604:8: branch_false: following ‘false’ branch...
Pillow-12.1.0/src/libImaging/Storage.c:609:19: branch_false: ...to here
Pillow-12.1.0/src/libImaging/Storage.c:609:19: call_function: calling ‘ImagingAllocateArray’ from ‘ImagingNewInternal’
#  409|           arena->stats_freed_blocks += 1;
#  410|       }
#  411|-> }
#  412|   
#  413|   static void
Scan Properties

analyzer-version-clippy	1.95.0
analyzer-version-cppcheck	2.20.0
analyzer-version-gcc	16.1.1
analyzer-version-gcc-analyzer	16.1.1
analyzer-version-shellcheck	0.11.0
analyzer-version-unicontrol	0.0.2
enabled-plugins	clippy, cppcheck, gcc, shellcheck, unicontrol
exit-code	0
host	ip-172-16-1-147.us-west-2.compute.internal
known-false-positives	/usr/share/csmock/known-false-positives.js
known-false-positives-rpm	known-false-positives-0.0.0.20260524.213755.g3c6d0be.main-1.el9.noarch
mock-config	fedora-rawhide-x86_64
project-name	python-pillow-12.1.0-2.fc44
store-results-to	/tmp/tmp67n618de/python-pillow-12.1.0-2.fc44.tar.xz
time-created	2026-06-01 16:07:28
time-finished	2026-06-01 16:11:27
tool	csmock
tool-args	'/usr/bin/csmock' '-r' 'fedora-rawhide-x86_64' '-t' 'shellcheck,cppcheck,clippy,unicontrol,gcc' '-o' '/tmp/tmp67n618de/python-pillow-12.1.0-2.fc44.tar.xz' '--gcc-analyze' '--unicontrol-notests' '--unicontrol-bidi-only' '--install' 'pam' '--gcc-analyzer-bin=/usr/bin/gcc' '/tmp/tmp67n618de/python-pillow-12.1.0-2.fc44.src.rpm'
tool-version	csmock-3.8.5.20260529.133039.g6f3b5c6-1.el9