On Sunday, 19 July 2020 09:35:20 PDT Ramakanth Kesireddy wrote: > Hi, > > There are 5 different CWEs of the below type thrown by Klocwork as warnings > in the below mentioned condition in findNext():- > > https://code.woboq.org/qt5/include/qt/QtCore/qiterator.h.html#144 > inline bool findNext(const T &t) \ > { while (const_iterator(n = i) != c->constEnd()) if (*i++ == t) return > true; return false; } \
> CWE-480:Use of Incorrect Operator > http://cwe.mitre.org/data/definitions/480.html The use of i++ is intentional and correct. > CWE-481:Assigning instead of Comparing > http://cwe.mitre.org/data/definitions/481.html The assignment of n = i is intentional and correct. > EXP45-C. Do not perform assignments in selection statements > https://www.securecoding.cert.org/confluence/x/nYFtAg Yes, the code quality is poor. That's what happens when you want to write short code in macros. > Please let me know if the assignment expression in conditional statements > in findNext() could be ignored? You decided to run a code scanning / static analysis tool on Qt. Please get your own senior engineers to review the results. If your engineers are uncertain, please post a detailed question (not like this email) on the exact issue and how the code should be fixed. And please submit the fixes you've needed to make. Qt is being scanned by a number of tools, including Coverity's public scanning of open source tools. Known issues are being fixed as quickly as possible. The latest releases (5.15) have all the fixes. -- Thiago Macieira - thiago.macieira (AT) intel.com Software Architect - Intel System Software Products _______________________________________________ Interest mailing list [email protected] https://lists.qt-project.org/listinfo/interest
