-
Notifications
You must be signed in to change notification settings - Fork 919
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Clang static analyser: "division by zero" warning in HASH_EXPAND_BUCKETS #166
Comments
- Fix "uninitialized value" warning for sessionAttributes in esys-create-session-auth.int.c. - Supress "division by zero" warnings for HASH_ADD_INT in uthash.h, reported upstream as troydhanson/uthash#166. Signed-off-by: Jonas Witschel <[email protected]>
I admit that the existence of #129 does scare me a little. The other interesting thing about division (besides that it can have UB) is that it's very slow. I would gladly review a patch that replaced this division with an appropriate right-shift or something like that, as long as it preserved the current high-level asymptotic behaviors. |
I agree that static analysis is not always reliable, and I don't immediately see a way to exploit the undefined behaviour. Would using an assertion be an option? Adding something like
after the calculation of |
The code is definitely not time-critical (it happens only during reallocation). However, uthash currently doesn't use any Reading the code comment on
I wonder, what if we rewrote this as
Would that help the static analyzer at all? Also, I'm pretty sure that when |
@Quuxplusone WRT how do people generally work around that? - simply by adding an explicit check.
|
- Fix "uninitialized value" warning for sessionAttributes in esys-create-session-auth.int.c. - Supress "division by zero" warnings for HASH_ADD_INT in uthash.h, reported upstream as troydhanson/uthash#166. Signed-off-by: Jonas Witschel <[email protected]>
That makes sense. Without using assertions, I think a simple
Unfortunately the analyser seems to be pretty dumb when trying to deduce whether
is not recognised to be nonzero for every |
Actually, now that I look at this code...
...surely we could just eliminate the division completely by doing something like this: master...Quuxplusone:assert |
@Quuxplusone Great, that does not produce any warnings with |
The 2.1.0 version of uthash contains a fix for HASH_ADD_INT macro issue, which trigged a clang static analysis warning. troydhanson/uthash#166 Signed-off-by: Tadeusz Struk <[email protected]>
Consider this minimal example:
When running with the Clang 7.0.0 static analyser
scan-build
, the following warning is generated:Apparently
(tbl)->ideal_chain_maxlen
can be zero, leading to undefined behaviour when dividing through it. This seems undesirable, however I do not understand the code well enough to propose a fix. #129 seems to be related and might be an indicator that additional error handling for this case could be required.As this happens in a macro in the header file
uthash.h
, downstream projects might be affected by this issue when they usescan-build
on a project that includes uthash, see e.g. tpm2-software/tpm2-tss#1229 (comment).The text was updated successfully, but these errors were encountered: