crunch
crunch copied to clipboard
DaemonEngine
Fix CodeQL reports on crunch and crnlib
Fix CodeQL reports.
The following cpp/static-buffer-overflow critical error is dismissed as it is a false positive:
Potential buffer-overflow: 'm_buf' has size 2 but 'm_buf[3]' may be accessed here.
It is a false positive because the tool fails to understand that the value tested for the switch case is the array size itself.
This analyzer has a diff-only mode, right? (The one where it comments on pull requests.) So there is really no need to restructure everything to please the computer.
Yes, and one can dismiss some reports, but I would have preferred if the tool was happy without doing manual tricks in the tool UI as moving or copying the code or just restyling it would bring the false positive back. I was hoping a simple rewrite may help it to get it, it looks like not.
It is also very likely that GitHub would report the false positive on every fork even if we dismiss it there.
Well, there is no way to avoid that false positive report, I don't know how to report it to CodeQL but they definitely fail to take in account this is a template and they should not test array[N] with an index greater than N. In fact I actually expect the compiler to remove any alternative code, and then remove the code I may write to silence the CodeQL report.
The commit fixing stb_image.h was also reported to:
- https://github.com/nothings/stb/pull/1658
So there is nothing left reported by CodeQL, the false-positive template ones were dismissed, all the other ones were fixed.
The choice of doing static_cast<double>(x) or (double)x was decided by what was doing the code living immediately before or after the change, to keep the wording consistent. When the wording is not consistent within a file, it means the file was already not consistant among its various parts, and I made sure the wording was consistent within each parts.