Fix issues found using default CodeQL settings. #2923
+24
−9
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Describe the PR
This fix does the following:
int
.uint8_t
).In addition, because there was not previously any code to ensure that
TOTAL_DRIVER_COUNT
would be in the expected range of[0x01..0xFF]
, added aTU_ASSERT()
at the appropriate location to ensure this condition, and immediately stop execution if a configuration would ever exceed this.There is no change to the logical flow, except for that additional
TU_ASSERT()
.What is solved
When relying projects enable CodeQL (with default settings), and build tinyUSB,
ten (10x) high-severity alerts of the following type will be generated:
Comparison of narrow type with wide type in loop condition
This PR updates the code to prevent these CodeQL alerts,
which otherwise show up in all projects relying on TinyUSB.
Additional context
The alerts note that the loop variable (e.g.,
i
) is of a smaller size (e.g.,uint8_t
) than what it is being compared against (e.g.,int
). As an example, code which would generate this alert is:The type of
TOTAL_DRIVER_COUNT
isint
(uint8_t
+size_t
--> promoted toint
).The type of the loop variable was
uint8_t
.Therefore, this would loop infinitely if
TOTAL_DRIVER_COUNT
ever exceeds 0xFFu.As a result, a high severity alert is generated by CodeQL.
It is understood that the count of drivers is low (built-in is only ~12 right now), and unlikely to ever exceed 0xFFu.
However, there was no code that ensured that
TOTAL_DRIVER_COUNT
would be in the expected range of[ 0x01u .. 0xFFu ]
.