Re: [Wireshark-dev] QtCustomPlot: New Defects reported by Coverity Scan for Wireshark

2019-09-25 Thread Dario Lombardo 
On Wed, Sep 25, 2019 at 8:24 AM Roland Knall  wrote:

> Hi Jaap
>
> I was in contact with the original developer of QCustomPlot. According to
> his statement, this warning is a false-positive, as it cannot occur with
> real numbers.
>
>
Maybe I'm wrong but I read

20769   result[i*2+0].setX(valueAxis->coordToPixel(0));

and the issue is within coordToPixel() called with 0. As far as I recall,
qcustomplot is "amalgamated" (QCustomPlot uses code amalgamation to
generate the single .h/.cpp pair from its source tree). Maybe the error is
in the amalgamation routine not the code itself. Just guessing.
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe

Re: [Wireshark-dev] QtCustomPlot: New Defects reported by Coverity Scan for Wireshark

2019-09-24 Thread Roland Knall 
Hi Jaap

I was in contact with the original developer of QCustomPlot. According to
his statement, this warning is a false-positive, as it cannot occur with
real numbers.

FYI, he will create a version 2.0.2 or 2.2.x depending on the changes,
sometime by the end of this year, beginning of next. We will upgrade to
this version, as soon as it is available, as it will also allow us to get
rid of our own internal modifications for the warnings.

kind regards
Roland

Am Fr., 20. Sept. 2019 um 14:13 Uhr schrieb Jaap Keuter <
jaap.keu...@xs4all.nl>:

> Hi Alexis, Roland,
>
> I assume you are aware of these:
>
> Begin forwarded message:
>
> *From: *scan-ad...@coverity.com
> *Subject: **New Defects reported by Coverity Scan for Wireshark*
> *Date: *20 September 2019 at 07:46:10 CEST
>
>
> ...
>
>
> ** CID 1453859:(DIVIDE_BY_ZERO)
>
>
>
> 
> *** CID 1453859:(DIVIDE_BY_ZERO)
> /home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/build/ui/qt/widgets/qcustomplot.cpp:
> 20769 in QCPGraph::dataToImpulseLines(const QVector &) const()
> 20763   // transform data points to pixels:
> 20764   if (keyAxis->orientation() == Qt::Vertical)
> 20765   {
> 20766 for (int i=0; i 20767 {
> 20768   const double key = keyAxis->coordToPixel(data.at(i).key);
>
>CID 1453859:(DIVIDE_BY_ZERO)
>In function call "coordToPixel", division by expression "0." has
> undefined behavior.
>
> 20769   result[i*2+0].setX(valueAxis->coordToPixel(0));
> 20770   result[i*2+0].setY(key);
> 20771   result[i*2+1].setX(valueAxis->coordToPixel(data.at
> (i).value));
> 20772   result[i*2+1].setY(key);
> 20773 }
> 20774   } else // key axis is horizontal
> /home/wireshark/builders/wireshark-master-fuzz/clangcodeanalysis/build/ui/qt/widgets/qcustomplot.cpp:
> 20780 in QCPGraph::dataToImpulseLines(const QVector &) const()
> 20774   } else // key axis is horizontal
> 20775   {
> 20776 for (int i=0; i 20777 {
> 20778   const double key = keyAxis->coordToPixel(data.at(i).key);
> 20779   result[i*2+0].setX(key);
>
>CID 1453859:(DIVIDE_BY_ZERO)
>In function call "coordToPixel", division by expression "0." has
> undefined behavior.
>
> 20780   result[i*2+0].setY(valueAxis->coordToPixel(0));
> 20781   result[i*2+1].setX(key);
> 20782   result[i*2+1].setY(valueAxis->coordToPixel(data.at
> (i).value));
> 20783 }
> 20784   }
> 20785   return result;
>
>
>
> ___
> Sent via:Wireshark-dev mailing list 
> Archives:https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
>  mailto:wireshark-dev-requ...@wireshark.org
> ?subject=unsubscribe
___
Sent via:Wireshark-dev mailing list 
Archives:https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
 mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe