Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix coverity issue in block::initEmptyBlock #1491

Merged
merged 1 commit into from
Sep 3, 2024
Merged

Fix coverity issue in block::initEmptyBlock #1491

merged 1 commit into from
Sep 3, 2024

Conversation

lplewa
Copy link
Contributor

@lplewa lplewa commented Aug 23, 2024
edited
Loading

Description

getObjectSize should not return values bigger then 2^16-1. We are assigning it's return value, which is 32 bit to 16 bit one, so it is good to assert it anyway.

Fixes # - issue number(s) if exists

Type of change

Choose one or multiple, leave empty if none of the other choices apply

Add a respective label(s) to PR if you have permissions

  • bug fix - change that fixes an issue
  • new feature - change that adds functionality
  • tests - change in tests
  • infrastructure - change in infrastructure and CI
  • documentation - documentation update

Tests

  • added - required for new features and some bug fixes
  • not needed

Documentation

  • updated in # - add PR number
  • needs to be updated
  • not needed

Breaks backward compatibility

  • Yes
  • No
  • Unknown

Notify the following users

List users with @ to send notifications

Other information

@lplewa lplewa requested review from ldorau and KFilipek as code owners August 23, 2024 15:46
@Alexandr-Konovalov Alexandr-Konovalov self-requested a review August 23, 2024 18:16
@Alexandr-Konovalov
Copy link
Contributor

If result of getObjectSize() must fit to uint16_t, why not change it return type to uint16_t? And move the related assert inside.

@lplewa
Copy link
Contributor Author

lplewa commented Aug 26, 2024

If result of getObjectSize() must fit to uint16_t, why not change it return type to uint16_t? And move the related assert inside.

Because it is scary change to do few days before deadline. To do it correctly we should change it from unsigned int to unsigned short in few places. TBH i would rewrite this function anyway at it has other issues, but few days before deadline, i just want fix coverity and do not create new issues.

I checked that this code is correct, and added assert just to make coverity also aware that it code is fine.

@Alexandr-Konovalov
Copy link
Contributor

Alexandr-Konovalov commented Aug 26, 2024
edited
Loading

Because it is scary change to do few days before deadline.

To late in the release circle is a good point. Could the TODO be added, to keep the intention explicit?

I'm just curious, is moving the assert to getObjectSize() body can make coverity happy? Because for a human reader it may be unclear, why on another call path a result of getObjectSize() is not covered by assert.

@lplewa
Fix coverity issue in block::initEmptyBlock
53dcf13 
getObjectSize should not return values bigger then 2^16-1.
We are assigning it's return value, which is 32 bit to 16 bit one,
so it is good to assert it anyway.
@lplewa
Copy link
Contributor Author

lplewa commented Aug 26, 2024

Because it is scary change to do few days before deadline.

To late in the release circle is a good point. Could the TODO be added, to keep the intention explicit?

I'm just curious, is moving the assert to getObjectSize() body can make coverity happy? Because for a human reader it may be unclear, why on another call path a result of getObjectSize() is not covered by assert.

I added TODO.

IMHO readability depends how you read this code. If thru GH maybe. If you use IDE then you can check that block::objectSize is uint_16_t so it make sense to assert before assessment were you do "type cast".

@Alexandr-Konovalov
Copy link
Contributor

Because it is scary change to do few days before deadline.

To late in the release circle is a good point. Could the TODO be added, to keep the intention explicit?
I'm just curious, is moving the assert to getObjectSize() body can make coverity happy? Because for a human reader it may be unclear, why on another call path a result of getObjectSize() is not covered by assert.

I added TODO.

IMHO readability depends how you read this code. If thru GH maybe. If you use IDE then you can check that block::objectSize is uint_16_t so it make sense to assert before assessment were you do "type cast".

Sorry, I'm not totally understand you position wrt moving the assert inside getObjectSize() body. Is it too late to run Coverity once again, so we don't want to risk not to resolve the Coverity diagnostics?

@lplewa
Copy link
Contributor Author

lplewa commented Aug 27, 2024

Because it is scary change to do few days before deadline.

To late in the release circle is a good point. Could the TODO be added, to keep the intention explicit?
I'm just curious, is moving the assert to getObjectSize() body can make coverity happy? Because for a human reader it may be unclear, why on another call path a result of getObjectSize() is not covered by assert.

I added TODO.
IMHO readability depends how you read this code. If thru GH maybe. If you use IDE then you can check that block::objectSize is uint_16_t so it make sense to assert before assessment were you do "type cast".

Sorry, I'm not totally understand you position wrt moving the assert inside getObjectSize() body. Is it too late to run Coverity once again, so we don't want to risk not to resolve the Coverity diagnostics?

This is one argument.
But main argument is that, in my option, we should assert it just before type conversion. So as we are assigning int to short, we are doing assertion that it is safe.

Also sure if you seen getObjectSize() function but it is literally return getIndexOrObjectSize<false>(size); so assert will have no sense here. we could put it to getIndexOrObjectSize() then this function is a mess, with multiple returns, so there in no good place to put this assert.

Alexandr-Konovalov
Alexandr-Konovalov approved these changes Aug 28, 2024
View reviewed changes
Copy link
Contributor

@Alexandr-Konovalov Alexandr-Konovalov left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

KFilipek
KFilipek approved these changes Aug 29, 2024
View reviewed changes
Copy link
Contributor

@KFilipek KFilipek left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Generally, it breaks nothing, but getIndexOrObjectSize() should get more error handling to resolve the issue:
image

@omalyshe omalyshe merged commit 2d5b10f into uxlfoundation:master Sep 3, 2024
25 checks passed
kboyarinov pushed a commit that referenced this pull request Oct 1, 2024
@lplewa @kboyarinov
Fix coverity issue in block::initEmptyBlock (#1491)
739ae64 
getObjectSize should not return values bigger then 2^16-1.
We are assigning it's return value, which is 32 bit to 16 bit one,
so it is good to assert it anyway.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@KFilipek KFilipek KFilipek approved these changes

@ldorau ldorau ldorau approved these changes

@Alexandr-Konovalov Alexandr-Konovalov Alexandr-Konovalov approved these changes

Assignees
No one assigned
Labels
allocator
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@lplewa @Alexandr-Konovalov @KFilipek @ldorau @omalyshe