Fix CodeQL reports on crunch and crnlib #60
Conversation
|
That doesn't work… :-/ |
illwieckz
changed the title
|
This analyzer has a diff-only mode, right? (The one where it comments on pull requests.) So there is really no need to restructure everything to please the computer. |
|
Yes, and one can dismiss some reports, but I would have preferred if the tool was happy without doing manual tricks in the tool UI as moving or copying the code or just restyling it would bring the false positive back. I was hoping a simple rewrite may help it to get it, it looks like not. |
|
It is also very likely that GitHub would report the false positive on every fork even if we dismiss it there. |
illwieckz
force-pushed
the
illwieckz/codeql-fixes
branch
from
f7bbf3e
to
fdf1b61
Compare
|
Well, there is no way to avoid that false positive report, I don't know how to report it to CodeQL but they definitely fail to take in account this is a template and they should not test |
illwieckz
changed the title
illwieckz
force-pushed
the
illwieckz/codeql-fixes
branch
2 times, most recently
from
951d912
to
ed5344a
Compare
illwieckz
force-pushed
the
illwieckz/codeql-fixes
branch
from
e3ce3ff
to
c95c447
Compare
|
The commit fixing |
|
Interesting, something broke the tool! |
illwieckz
force-pushed
the
illwieckz/codeql-fixes
branch
2 times, most recently
from
52ac792
to
5abcc45
Compare
Fixed. |
|
So there is nothing left reported by CodeQL, the false-positive template ones were dismissed, all the other ones were fixed. |
|
The choice of doing |
illwieckz
force-pushed
the
illwieckz/codeql-fixes
branch
2 times, most recently
from
c4357a9
to
85c1749
Compare
| @@ -958,7 +958,7 @@ class crunch { | |||
| else { | |||
| console::info("CRN texture info:"); | |||
|
|
|||
| console::info("Width: %u, Height: %u, Levels: %u, Faces: %u\nBytes per block: %u, User0: 0x%08X, User1: 0x%08X, CRN Format: %u", | |||
| console::info("Width: %u, Height: %u, Levels: %u, Faces: %u\nBytes per block: %u, User0: 0x%08X, User1: 0x%08X, CRN Format: %l", | |||
There was a problem hiding this comment.
This one doesn't quite fix the issue... apparently the crn_format enum, having both a -1 value and a 2^32 - 1 value, is a different size depending on the compiler. In MSVC it is 32 bits but in some others it must be 64. We could force it to be a specific type with the C++11 feature enum crn_format: uint32_t or whatever, instead of the old approach of trying to influence the type by adding fake values.
| @@ -570,9 +570,9 @@ bool resample_multithreaded(const image_u8& src, image_u8& dst, const resample_p | |||
| return false; | |||
|
|
|||
| p.m_pSrc_pixels = src_samples.get_ptr(); | |||
| p.m_src_pitch = src_width * resampler_comps * sizeof(float); | |||
| p.m_src_pitch = (size_t)src_width * (size_t)resampler_comps * sizeof(float); | |||
There was a problem hiding this comment.
Crunch has a maximum image dimension of 4096 so we don't ever need to worry about super-sized memory allocations.
| @@ -53,7 +53,7 @@ class clusterizer { | |||
| root.m_total_weight += weight; | |||
| root.m_vectors.push_back(i); | |||
|
|
|||
| ttsum += v.dot(v) * weight; | |||
| ttsum += (double)v.dot(v) * (double)weight; | |||
There was a problem hiding this comment.
Can we just disable float/double precision warnings please? It simply doesn't matter. This is a lossy image compression program.
There was a problem hiding this comment.
This is CodeQL static analysis report, not a compiler warning.
There was a problem hiding this comment.
I know that. It should be configurable.
illwieckz
force-pushed
the
illwieckz/codeql-fixes
branch
from
85c1749
to
b5f707f
Compare
Fix CodeQL reports.
The following
cpp/static-buffer-overflowcritical error is dismissed as it is a false positive:It is a false positive because the tool fails to understand that the value tested for the switch case is the array size itself.