Skip to content

CodeQL warnings: Multiplication result converted to larger type #1121

Description

@drfiemost

CodeQL scan reports some alerts (marked as high severity) in miniaudio and osaudio from release 0.11.25:

Detected by CodeQL in libs/miniaudio/miniaudio.h :20399
Detected by CodeQL in libs/miniaudio/miniaudio.h :29468
Detected by CodeQL in libs/miniaudio/miniaudio.h :29416
Detected by CodeQL in libs/miniaudio/miniaudio.h :33025
Detected by CodeQL in libs/miniaudio/miniaudio.h :33012
Detected by CodeQL in libs/miniaudio/miniaudio.h :33239
Detected by CodeQL in libs/miniaudio/miniaudio.h :33187
Detected by CodeQL in libs/miniaudio/miniaudio.h :43911
Detected by CodeQL in libs/miniaudio/miniaudio.h :58667
Detected by CodeQL in libs/miniaudio/miniaudio.h :58667
Detected by CodeQL in libs/miniaudio/miniaudio.h :58724
Detected by CodeQL in libs/miniaudio/miniaudio.h :58741
Detected by CodeQL in libs/miniaudio/miniaudio.h :58753
Detected by CodeQL in libs/miniaudio/miniaudio.h :58770
Detected by CodeQL in libs/miniaudio/miniaudio.h :58779
Detected by CodeQL in libs/miniaudio/miniaudio.h :58788


Detected by CodeQL in libs/miniaudio/osaudio_miniaudio.c :401
Detected by CodeQL in libs/miniaudio/osaudio_miniaudio.c :442

This is the description for the warning:

This rule finds code that converts the result of an integer multiplication to a larger type. Since the conversion applies after the multiplication, arithmetic overflow may still occur.

The rule flags every multiplication of two non-constant integer expressions that is (explicitly or implicitly) converted to a larger integer type. The conversion is an indication that the expression would produce a result that would be too large to fit in the smaller integer type.

Recommendation

Use a cast to ensure that the multiplication is done using the larger integer type to avoid overflow.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions