Silence CodeQL false positive warnings#4942
Merged
StephanTLavavej merged 1 commit intomicrosoft:mainfrom Sep 9, 2024
Merged
Conversation
* "Unclear validation of array index" silenced by `// lgtm [cpp/unclear-array-index-validation]` + `__msvc_string_view.hpp` 668: We have `bool _Matches[256]` and the index is cast to `unsigned char`. + `__msvc_string_view.hpp` 1334: `basic_string_view::operator[]` has optional validation controlled by `_CONTAINER_DEBUG_LEVEL` and intentionally doesn't validate by default. + `charconv`: `_Digit_from_byte` has 256 elements (enforced by `_STL_INTERNAL_STATIC_ASSERT`) and the index is cast to `unsigned char`. * "Cast from `char*` to `wchar_t*`" silenced by `// lgtm [cpp/incorrect-string-type-conversion]` + `xutility`: `_Copy_memmove()` is correctly bypassing pointer arithmetic for performance. + `StlLCMapStringA.cpp`: This function has [`LCMapStringA`][]'s narrow interface, but implements `LCMAP_SORTKEY` with wide [`LCMapStringEx`][]. "The sort key is stored in the buffer and treated as an opaque array of bytes" so there is no correctness issue. [`LCMapStringA`]: https://learn.microsoft.com/en-us/windows/win32/api/winnls/nf-winnls-lcmapstringa [`LCMapStringEx`]: https://learn.microsoft.com/en-us/windows/win32/api/winnls/nf-winnls-lcmapstringex
Contributor
This looks like clear false positive that might be reported |
Member
Author
|
We're trying to get in touch with the maintainers to report severe usability issues - if we get traction on those, then we can report specific false positives like these. |
CaseyCarter
approved these changes
Sep 8, 2024
Member
Author
|
I'm mirroring this to the MSVC-internal repo - please notify me if any further changes are pushed. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
// lgtm [cpp/unclear-array-index-validation]__msvc_string_view.hpp668: We havebool _Matches[256]and the index is cast tounsigned char.__msvc_string_view.hpp1334:basic_string_view::operator[]has optional validation controlled by_CONTAINER_DEBUG_LEVELand intentionally doesn't validate by default.charconv:_Digit_from_bytehas 256 elements (enforced by_STL_INTERNAL_STATIC_ASSERT) and the index is cast tounsigned char.char*towchar_t*" silenced by// lgtm [cpp/incorrect-string-type-conversion]xutility:_Copy_memmove()is correctly bypassing pointer arithmetic for performance.StlLCMapStringA.cpp: This function hasLCMapStringA's narrow interface, but implementsLCMAP_SORTKEYwith wideLCMapStringEx. "The sort key is stored in the buffer and treated as an opaque array of bytes" so there is no correctness issue.