ist: suppress Coverity false INTEGER_OVERFLOW via __COVERITY__ guard#32
Draft
ist: suppress Coverity false INTEGER_OVERFLOW via __COVERITY__ guard#32
Conversation
The ist() macro uses an intentional size_t underflow trick for efficient
runtime string length measurement:
size_t __l = 0;
if (__x) for (__l--; __x[++__l]; ) ;
Coverity reports this as INTEGER_OVERFLOW (CID 1646569) because __l--
underflows from 0 to SIZE_MAX, and ++__l overflows from SIZE_MAX back to 0.
Add a #ifdef __COVERITY__ guard that provides a straightforward strlen()-
based implementation when Coverity runs its analysis. Coverity defines
__COVERITY__ automatically during scans, so no workflow changes are needed.
Agent-Logs-Url: https://github.com/chipitsine/haproxy/sessions/5eb4610f-492c-4202-a2b6-8ed07062a798
Co-authored-by: chipitsine <2217296+chipitsine@users.noreply.github.com>
Copilot
AI
changed the title
[WIP] Add coverity modeling to suppress integer overflow findings
ist: suppress Coverity false INTEGER_OVERFLOW via __COVERITY__ guard
Apr 1, 2026
Owner
|
can we use modelling instead of guard? |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Coverity (CID 1646569) flags the
ist()macro as INTEGER_OVERFLOW because it uses an intentionalsize_tunderflow trick to measure string length inline without callingstrlen():Coverity sees
__l--from 0 as underflow and++__lfromSIZE_MAXas overflow, and cannot determine the pattern is safe.Changes
include/import/ist.h: Restructureist()macro guards to#ifdef __COVERITY__/#elif __GNUC__ >= 4/#else. The Coverity branch uses a plainstrlen()-based implementation (no underflow trick), which Coverity understands cleanly. Normal builds are unaffected.Coverity defines
__COVERITY__automatically during analysis, so no workflow changes are required.