[glibutil] Check for integer overflow. SX#GULBI-122 #16
Conversation
This makes the Coverity tool quiet about this rather false positive issue.
| @@ -252,6 +252,7 @@ gutil_strv_remove( | |||
| len--; | |||
| l = len - pos; | |||
| while ((i = gutil_strv_find_last_impl(sv + pos, s, l)) >= 0) { | |||
| g_assert(pos + i >= 0); | |||
There was a problem hiding this comment.
Hmm, what's this g_assert supposed to do? If the assertion becomes false, then hitting the assert would crash the program (even the production build). If the assertion is always true then this statement never does anything. In any case this doesn't fix the actual problem (if there is a problem).
I don't like the idea of having g_asserts in the production code.
There was a problem hiding this comment.
With this assert in place Coverity sees that the code cannot reach the next line, should an integer overflow happen for (pos + i). It is unlikely to happen that so big a vector would be used, but at the same time it would clearly be wrong to state that this is a false positive. Hence the preference of assert over the coverity[overflow_const:FALSE] annotation.
As to the possibility of crashing the program in production build. Would you prefer to let it continue with corrupted memory instead?
This makes the Coverity tool quiet about this rather false positive issue.