[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [BUG] 216 Alerts reported by LGTM for QEMU (some might
|
From: |
Stefan Weil |
|
Subject: |
Re: [Qemu-devel] [BUG] 216 Alerts reported by LGTM for QEMU (some might be release critical) |
|
Date: |
Sun, 14 Jul 2019 15:28:21 +0200 |
|
User-agent: |
Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0 |
Am 13.07.2019 um 21:42 schrieb Paolo Bonzini:
> On 13/07/19 19:46, Stefan Weil wrote:
>> LGTM reports 16 errors, 81 warnings and 119 recommendations:
>> https://lgtm.com/projects/g/qemu/qemu/alerts/?mode=list.
>>
>> Some of them are already known (wrong format strings), others look like
>> real errors:
>>
>> - several multiplication results which don't work as they should in
>> contrib/vhost-user-gpu, block/* (m->nb_clusters * s->cluster_size only
>> 32 bit!), target/i386/translate.c and other files
> m->nb_clusters here is limited by s->l2_slice_size (see for example
> handle_alloc) so I wouldn't be surprised if this is a false positive. I
> couldn't find this particular multiplication in Coverity, but it has
> about 250 issues marked as intentional or false positive so there's
> probably a lot of overlap with what LGTM found.
>
> Paolo
>From other projects I know that there is a certain overlap between the
results from Coverity Scan an LGTM, but it is good to have both
analyzers, and the results from LGTM are typically quite reliable.
Even if we know that there is no multiplication overflow, the code could
be modified. Either the assigned value should use the same data type as
the factors (possible when there is never an overflow, avoids a size
extension), or the multiplication could use the larger data type by
adding a type cast to one of the factors (then an overflow cannot
happen, static code analysers and human reviewers have an easier job,
but the multiplication costs more time).
Stefan