Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

src/buffer.cpp: Avoid CodeQL warning about multiplication overflow #2292

Merged
merged 2 commits into from
Jan 27, 2022
Merged

src/buffer.cpp: Avoid CodeQL warning about multiplication overflow #2292

merged 2 commits into from
Jan 27, 2022

Conversation

softins
Copy link
Member

@softins softins commented Jan 26, 2022
edited
Loading

Short description of changes

Satisfy CodeQL multiplication overflow warnings by changing a loop variable from int to long

Context: Fixes an issue?

Fixes some high-severity code alerts raised by Github, even though they wouldn't be encountered in practice.

Does this change need documentation? What needs to be documented and how?

No documentation needed

Status of this Pull Request

Trivial change, ready to merge

What is missing until this pull request can be merged?

Validate that the warnings on src/buffer.cpp are no longer raised by Github

Checklist

  • I've verified that this Pull Request follows the general code principles
  • I tested my code and it does what I want
  • My code follows the style guide
  • I waited some time after this Pull Request was opened and all GitHub checks completed without errors.
  • I've filled all the content above

@ann0see
Copy link
Member

ann0see commented Jan 27, 2022

At least the warning in the files tab disappeared. Hopefully changing the type doesn’t introduce any bugs. But I doubt that. CodeQL still seems to find issues, but I can’t find them. Probably we’ll see after a merge

hoffie
hoffie approved these changes Jan 27, 2022
View reviewed changes
Copy link
Member

@hoffie hoffie left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The fix looks correct to me (after having read some background).
As I understand, this PR changes the type of two loop variables in a way so that a later multiplication involving this loop variable is forced to occur in the larger type (long) instead of the type of all the operands (int).

I guess one other, potentially more readable solution would be casting one of the operands to long in place, but I assume that this is -- at least theoretically -- less efficient instead of doing it once per loop as you do.

I guess it could use a comment to avoid later "improvements" where someone wonders why it is a long and reverts back to int. See suggestions.

CHANGELOG: Internal: A hypothetical CodeQL-detected multiplication overflow in sound buffer handling has been fixed.

src/buffer.cpp Show resolved Hide resolved
src/buffer.cpp Show resolved Hide resolved
@ann0see ann0see mentioned this pull request Jan 27, 2022
Closed
@hoffie hoffie changed the title Avoid CodeQL warning about multiplication overflow src/buffer.cpp: Avoid CodeQL warning about multiplication overflow Jan 27, 2022
@softins @hoffie
Added explanatory comments
85e3c4c 
Co-authored-by: Christian Hoffmann <christian@hoffie.info>
@softins
Copy link
Member Author

softins commented Jan 27, 2022

In the longer term, I would prefer to eliminate multiplications within array indices. I prefer to traverse with suitably-incremented simple indices or pointers. But the immediate need was to eliminate the red warnings in Github.

@softins softins added this to the Release 3.8.2 milestone Jan 27, 2022
ann0see
ann0see approved these changes Jan 27, 2022
View reviewed changes
Copy link
Member

@ann0see ann0see left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok. Let‘s try it.

@ann0see ann0see merged commit eef6284 into jamulussoftware:master Jan 27, 2022
@softins softins mentioned this pull request Jan 27, 2022
Merged
5 tasks
softins added a commit to softins/jamulus that referenced this pull request Jan 27, 2022
@softins
Hoist block offset multiplication to top of loops
8d656ed 
This is more efficient, and should avoid the CodeQL warnings
about multiplication overflow within array indices or vector offsets
in buffer.cpp and server.cpp

Replaces the changes that were done in jamulussoftware#2292
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ann0see ann0see ann0see approved these changes

@hoffie hoffie hoffie approved these changes

Assignees
No one assigned
Labels
None yet
Projects
Tracking
Status: Triage
Milestone
Release 3.8.2
Development

Successfully merging this pull request may close these issues.
3 participants
@softins @ann0see @hoffie