search

nothings / stb

stb single-file public domain libraries for C/C++
https://twitter.com/nothings
Other
25.99k stars 7.67k forks source link

stb_vorbis: Unchecked return value from stb_vorbis_get_frame_float #1528

Open weirddan455 opened 9 months ago

weirddan455 commented 9 months ago

Hello, I am a developer of Dosbox Staging. As part of our CI, we have Coverity static analyzer which detected the following issue:

https://github.com/dosbox-staging/dosbox-staging/issues/2996

https://user-images.githubusercontent.com/1557255/274740089-0bc591db-a476-4b6b-8a0e-d49ea08d30ac.png

Every other time stb_vorbis_get_frame_float is called, the return value is checked.

We've done some modification of the source but the function it is alerting on is unchanged:

https://github.com/nothings/stb/blob/beebb24b945efdea3b9bba23affb8eb3ba8982e7/stb_vorbis.c#L4919-L4934

I just wanted to raise this issue here in case this is a bug. Does the return value need to be checked here? It appears to be length of some sort but I was having a bit of hard time following the logic as I'm not very familiar with this code.

Thanks!

nothings commented 9 months ago

I would guess it's not a bug; since it's part of the seeking logic, it's intentionally consuming a frame and expecting particular behavior based on knowledge of the internals. (I didn't actually write the seeking logic though.)