[tor-bugs] #29805 [Core Tor/Tor]: 41 coverity defects on prob_distr.c
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Mar 18 15:55:51 UTC 2019
#29805: 41 coverity defects on prob_distr.c
------------------------------+---------------------------------
Reporter: asn | Owner: (none)
Type: defect | Status: new
Priority: Medium | Milestone: Tor: 0.4.1.x-final
Component: Core Tor/Tor | Version:
Severity: Normal | Keywords: prob-distr coverity
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
------------------------------+---------------------------------
The `DIST_BASE_TYPED` macro in `prob_distr.h` is causing us 41 new
coverity defects. I don't think it's wrong but it's quite hacky so we
should fix it in some way.
{{{
*** CID 1444029: Incorrect expression (SIZEOF_MISMATCH)
/src/lib/math/prob_distr.c: 1511 in log_logistic_sf()
1505 return cdf_log_logistic(x, LL->alpha, LL->beta);
1506 }
1507
1508 static double
1509 log_logistic_sf(const struct dist *dist, double x)
1510 {
>>> CID 1444029: Incorrect expression (SIZEOF_MISMATCH)
>>> Adding "0UL /* 0 * sizeof (dist - &((struct log_logistic const
*)((char const *)dist - __builtin_offsetof()))->base) */" to pointer
>>> "(struct log_logistic const *)((char const *)dist - 0UL)" of type
"struct log_logistic const *" is suspicious because adding an integral
value
>>> to this pointer automatically scales that value by the size, 24 bytes,
of the pointed-to type, "struct log_logistic const". Most likely, the
>>> multiplication by "sizeof (dist - &((struct log_logistic const
*)((char const *)dist - 0UL))->base)" in this expression is extraneous and
>>> should be eliminated.
1511 const struct log_logistic *LL = const_container_of(dist,
1512 struct log_logistic, base);
1513
1514 return sf_log_logistic(x, LL->alpha, LL->beta);
1515 }
1516
}}}
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29805>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list