From 951d9121f1a865e63d2267404ec820c2a7572cd3 Mon Sep 17 00:00:00 2001 From: Thomas Debesse Date: Sat, 6 Jul 2024 04:41:52 +0200 Subject: [PATCH] crnlib: attempt to silence false positive CodeQL cpp/static-buffer-overflow On the default case it wrongly reports as critical: > Potential buffer-overflow: 'm_buf' has size 2 but 'm_buf[3]' may be accessed here. Because it fails to understand that default only happens with m_buf size being 4. --- crnlib/crn_threaded_clusterizer.h | 2 +- crnlib/crn_tree_clusterizer.h | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/crnlib/crn_threaded_clusterizer.h b/crnlib/crn_threaded_clusterizer.h index cd2acf4e..467596cd 100644 --- a/crnlib/crn_threaded_clusterizer.h +++ b/crnlib/crn_threaded_clusterizer.h @@ -219,7 +219,7 @@ class threaded_clusterizer { double sum = 0; for (uint j = 0; j < N; j++) - sum += axis[j] * covar[i][j]; + sum += static_cast(axis[j]) * static_cast(covar[i][j]); x[i] = static_cast(sum); diff --git a/crnlib/crn_tree_clusterizer.h b/crnlib/crn_tree_clusterizer.h index d6785c3b..6d05af10 100644 --- a/crnlib/crn_tree_clusterizer.h +++ b/crnlib/crn_tree_clusterizer.h @@ -72,7 +72,7 @@ class tree_clusterizer { m_weightedVectors[i] = v * (float)weight; root.m_centroid += m_weightedVectors[i]; root.m_total_weight += weight; - m_weightedDotProducts[i] = v.dot(v) * weight; + m_weightedDotProducts[i] = static_cast(v.dot(v)) * static_cast(weight); ttsum += m_weightedDotProducts[i]; } root.m_variance = (float)(ttsum - (root.m_centroid.dot(root.m_centroid) / root.m_total_weight)); @@ -289,7 +289,7 @@ class tree_clusterizer { double sum = 0; for (uint j = 0; j < N; j++) - sum += axis[j] * covar[i][j]; + sum += static_cast(axis[j]) * static_cast(covar[i][j]); x[i] = (float)sum;