Hi Everyone, We were able to get a scan submitted to Coverity for both Debug and Release builds under Linux. Defects remained the same at 1 (Bad bit shift operation). With 123.3K (Debug) and 118.7K (Release) lines of code, that keeps our defect rate at 0.01.
I don't want to dismiss the finding because I think its valid with the right data. On the good side, I've never seen the data needed to tickle it. If we ever see it in action under a debugger, then we will be able to remediate it. Also see https://scan.coverity.com/projects/cryptopp . Jeff ********** // gf2n.cpp 25. Condition k, taking true branch 710 if (k) 711 { 712 word temp = b[0] << (WORD_BITS - k); 713 ShiftWordsRightByBits(b, BitsToWords(m), k); 714 26. Condition this->t1 < 64U /* CryptoPP::WORD_BITS */, taking true branch 27. cond_at_most: Checking this->t1 < 64U implies that this->t1 may be up to 63 on the true branch. 715 if (t1 < WORD_BITS) 716 { 28. assignment: Assigning: j = 0U. 29. Condition j < 64U /* CryptoPP::WORD_BITS */ - this->t1, taking true branch 31. incr: Incrementing j. The value of j is now 1. 32. Condition j < 64U /* CryptoPP::WORD_BITS */ - this->t1, taking true branch 717 for (unsigned int j=0; j<WORD_BITS-t1; j++) 718 { 719 // Coverity finding on shift amount of 'word x << (t1+j)'. 720 assert(t1+j < WORD_BITS); CID 147829 (#1 of 1): Bad bit shift operation (BAD_SHIFT)33. large_shift: In expression ((temp >> j) & 1ULL) << this->t1 + j, left shifting by more than 63 bits has undefined behavior. The shift amount, this->t1 + j, is as much as 64. 721 temp ^= ((temp >> j) & 1) << (t1 + j); 30. Jumping back to the beginning of the loop -- -- You received this message because you are subscribed to the "Crypto++ Users" Google Group. To unsubscribe, send an email to cryptopp-users-unsubscr...@googlegroups.com. More information about Crypto++ and this group is available at http://www.cryptopp.com. --- You received this message because you are subscribed to the Google Groups "Crypto++ Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to cryptopp-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
