CodeQL scan reports some alerts (marked as high severity) in miniaudio and osaudio from release 0.11.25:
Detected by CodeQL in libs/miniaudio/miniaudio.h :20399
Detected by CodeQL in libs/miniaudio/miniaudio.h :29468
Detected by CodeQL in libs/miniaudio/miniaudio.h :29416
Detected by CodeQL in libs/miniaudio/miniaudio.h :33025
Detected by CodeQL in libs/miniaudio/miniaudio.h :33012
Detected by CodeQL in libs/miniaudio/miniaudio.h :33239
Detected by CodeQL in libs/miniaudio/miniaudio.h :33187
Detected by CodeQL in libs/miniaudio/miniaudio.h :43911
Detected by CodeQL in libs/miniaudio/miniaudio.h :58667
Detected by CodeQL in libs/miniaudio/miniaudio.h :58667
Detected by CodeQL in libs/miniaudio/miniaudio.h :58724
Detected by CodeQL in libs/miniaudio/miniaudio.h :58741
Detected by CodeQL in libs/miniaudio/miniaudio.h :58753
Detected by CodeQL in libs/miniaudio/miniaudio.h :58770
Detected by CodeQL in libs/miniaudio/miniaudio.h :58779
Detected by CodeQL in libs/miniaudio/miniaudio.h :58788
Detected by CodeQL in libs/miniaudio/osaudio_miniaudio.c :401
Detected by CodeQL in libs/miniaudio/osaudio_miniaudio.c :442
This is the description for the warning:
This rule finds code that converts the result of an integer multiplication to a larger type. Since the conversion applies after the multiplication, arithmetic overflow may still occur.
The rule flags every multiplication of two non-constant integer expressions that is (explicitly or implicitly) converted to a larger integer type. The conversion is an indication that the expression would produce a result that would be too large to fit in the smaller integer type.
Recommendation
Use a cast to ensure that the multiplication is done using the larger integer type to avoid overflow.
CodeQL scan reports some alerts (marked as high severity) in miniaudio and osaudio from release 0.11.25:
This is the description for the warning: