On 4/7/06, <b class="gmail_sendername">James Hawkins</b> <<a href="mailto:truiken@gmail.com">truiken@gmail.com</a>> wrote:<div><span class="gmail_quote"></span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
On 4/7/06, Tom Spear (Dustin Booker, Dustin Navea) <<a href="mailto:speeddymon@gmail.com">speeddymon@gmail.com</a>> wrote:<br>> ><br>> > if (srclen < 0) srclen = strlenW(src) + 1;<br>> ><br>> > so we never access the string with a negative index.
<br>> ><br>><br>> Umm, all that does is increment it by 1... What if _somehow_ (dont ask<br>> me how, just venturing a guess) a bogus number is passed by strlenW(src)<br>> like -3789246? Then you end up with srclen == -3789245...
<br>><br><br>strlen returns a value of type size_t, which is an unsigned value, so<br>this is always going to be positive.<br><br>> > * Negative value can be returned and we don't check for it.<br>> ><br>> I could be wrong, but wouldnt it be (theoretically speaking) possible
<br>> for a program to force a negative number out of it (even though it isnt<br>> supposed to be able to), since it IS an int, regardless of the return<br>> value type?<br>><br><br>If I write a function foo(x,y) that returns a signed int, but I only
<br>ever return a value >= 0, then no matter what input the user gives for<br>x and y, a negative value can never be returned. The problem is that<br>MS decided to make the return type of WideCharToMultiByte int instead
<br>of unsigned int, which we can't change. Let's say hypothetically that<br>a negative value can be returned in our implementation, then it's<br>still a bug in WideCharToMultiByte and these Coverity bugs are still<br>false positives.
<br><br></blockquote></div>That is true, but we also need to make sure that since we are going for conformity (including conforming to MS's bugs) we don't fix a bug in our code that is reported by Coverity, but that is also a bug in MS code.. So if a game has to work around a bug in MS code, then our code should still have that bug (so the game will work correctly), even if Coverity picks it up....
<br><br>Tom<br>