Closed abd-770 closed 1 week ago
@abd-770 hi abd, would mind help us on fixing it?
@abd-770 @xiaofan-luan Technically, these macro statements are not used anywhere but inside this particular file and these macros are #undef
-ed at the end of the file. But I can add {}
in order to avoid Static Scan false alarms.
Btw, what is the static scan tool that you're using so that I could verify the outcome?
/assign @alexanderguzhva /unassign
@alexanderguzhva Adding executable statements such as do-while, can throw declaration error when used in global scope. A workaround fix using functions will solve this but overcomplicates the code unnecessarily. If you have an elegant solution, It would be great. Else, if these macros are called within this file only, and in future, these macros aren't called within any control statements, We need not make any changes.
We use contrast security scan for obtaining these vulnerabilities.
I see.
The issue may be closed, because all these macros were designed as local temporary ones and are not exposed outside of corresponding scopes, followed by #undef
s.
@abd-770 Please let me know if there is a way to mark these macro definitions in some way to stop triggering false alarms, similar to // clang-format off
. Thanks.
Sure, I think we can close this issue then. In contrast scanner, we don't have option to exclude particular code block but rather we can exclude unwanted files from the scanner. We'll do that from our end.
close for comments above
Is there an existing issue for this?
Environment
Current Behavior
Static Scan has reported PRE10-C. Wrap multistatement macros in a do-while loop vulnerability for the macros ALL_RANGE_OPS, ALL_COMPARE_OPS, and ALL_ARITH_CMP_OPS defined in the codebase. The issue arises when these macros are used within control structures (e.g., if, else) without proper wrapping, leading to unintended execution of code, which can introduce logical errors and unexpected behavior.
https://github.com/milvus-io/milvus/blob/323400c190c35c5b30e4f0580c4d822b022290e2/internal/core/src/bitset/detail/platform/x86/avx2-inst.cpp#L44-L49
Although these macros work fine currently since we call them directly. However in future, If we plan to use within an if statement or similar control structures without braces, only the first line will be controlled by the if, and the remaining lines will always execute. For example:
It expands into:
Expected Behavior
No response
Steps To Reproduce
No response
Milvus Log
No response
Anything else?
No response