[Interest] Klocwork CWE warnings in Qt5

Sun Jul 19 18:35:20 CEST 2020

Hi,

There are 5 different CWEs of the below type thrown by Klocwork as warnings
in the below mentioned condition in findNext():-

 https://code.woboq.org/qt5/include/qt/QtCore/qiterator.h.html#144
  inline bool findNext(const T &t) \
    { while (const_iterator(n = i) != c->constEnd()) if (*i++ == t) return
true; return false; } \

  https://code.woboq.org/qt5/qtbase/src/corelib/tools/qmap.h.html
Q_DECLARE_MUTABLE_ASSOCIATIVE_ITERATOR(Map)
https://code.woboq.org/qt5/qtbase/src/corelib/tools/qvector.h.html
Q_DECLARE_MUTABLE_SEQUENTIAL_ITERATOR(Vector)
https://code.woboq.org/qt5/qtbase/src/corelib/tools/qlinkedlist.h.html
Q_DECLARE_MUTABLE_SEQUENTIAL_ITERATOR(LinkedList)
https://code.woboq.org/qt5/qtbase/src/corelib/tools/qlist.h.html
Q_DECLARE_MUTABLE_SEQUENTIAL_ITERATOR(List)
https://code.woboq.org/qt5/qtbase/src/corelib/tools/qhash.h.html
Q_DECLARE_MUTABLE_ASSOCIATIVE_ITERATOR(Hash)

Details description of the CWE is mentioned below:

Assignment in conditional expression
The ASSIGCOND.GEN checker finds conditional statements that include an
assignment expression.

Vulnerability and risk
This checker typically finds syntax errors, usually cases in which an
assignment operator is used mistakenly instead of a comparison operator. If
the error isn't corrected, unintended program behavior is likely to
occur.External guidance

External guidance
CWE-480:Use of Incorrect Operator
http://cwe.mitre.org/data/definitions/480.html
CWE-481:Assigning instead of Comparing
http://cwe.mitre.org/data/definitions/481.html
EXP45-C. Do not perform assignments in selection statements
https://www.securecoding.cert.org/confluence/x/nYFtAg

Please let me know if the assignment expression in conditional statements
in findNext() could be ignored?

Thanks and Regards,
Ramakanth
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.qt-project.org/pipermail/interest/attachments/20200719/682ce5f7/attachment.html>