Skip to content

Commit 3ff5415

Browse files
hathachhathach
authored
Merge pull request #3320 from hathach/more-sast
fix warnings
2 parents a6efc7d + 78bd623 commit 3ff5415

File tree

191 files changed

+774
-606
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

191 files changed

+774
-606
lines changed

.PVS-Studio/.pvsconfig

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
//-V::2506,2514

.github/actions/get_deps/action.yml

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,9 @@ runs:
2626
shell: bash
2727

2828
- name: Get Dependencies
29+
env:
30+
ARG: ${{ inputs.arg }}
2931
run: |
30-
python3 tools/get_deps.py ${{ inputs.arg }}
32+
python3 tools/get_deps.py ${ARG}
3133
echo "PICO_SDK_PATH=${{ github.workspace }}/pico-sdk" >> $GITHUB_ENV
3234
shell: bash

.github/actions/setup_toolchain/action.yml

Lines changed: 7 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -30,8 +30,10 @@ runs:
3030
inputs.toolchain != 'arm-gcc' &&
3131
inputs.toolchain != 'esp-idf'
3232
id: set-toolchain-url
33+
env:
34+
TOOLCHAIN: ${{ inputs.toolchain }}
3335
run: |
34-
TOOLCHAIN_URL=$(jq -r '."${{ inputs.toolchain }}"' .github/actions/setup_toolchain/toolchain.json)
36+
TOOLCHAIN_URL=$(jq -r --arg tc "$TOOLCHAIN" '.[$tc]' .github/actions/setup_toolchain/toolchain.json)
3537
echo "toolchain_url=$TOOLCHAIN_URL"
3638
echo "toolchain_url=$TOOLCHAIN_URL" >> $GITHUB_OUTPUT
3739
shell: bash
@@ -47,11 +49,13 @@ runs:
4749

4850
- name: Set toolchain option
4951
id: set-toolchain-option
52+
env:
53+
TOOLCHAIN: ${{ inputs.toolchain }}
5054
run: |
5155
BUILD_OPTION=""
52-
if [[ "${{ inputs.toolchain }}" == *"clang"* ]]; then
56+
if [[ "$TOOLCHAIN" == *"clang"* ]]; then
5357
BUILD_OPTION="--toolchain clang"
54-
elif [[ "${{ inputs.toolchain }}" == "arm-iar" ]]; then
58+
elif [[ "$TOOLCHAIN" == "arm-iar" ]]; then
5559
BUILD_OPTION="--toolchain iar"
5660
fi
5761
echo "build_option=$BUILD_OPTION"

.github/actions/setup_toolchain/download/action.yml

Lines changed: 18 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -21,29 +21,34 @@ runs:
2121

2222
- name: Install Toolchain
2323
if: steps.cache-toolchain-download.outputs.cache-hit != 'true'
24+
env:
25+
TOOLCHAIN: ${{ inputs.toolchain }}
26+
TOOLCHAIN_URL: ${{ inputs.toolchain_url }}
2427
run: |
25-
mkdir -p ~/cache/${{ inputs.toolchain }}
28+
mkdir -p ~/cache/${TOOLCHAIN}
2629
27-
if [[ ${{ inputs.toolchain }} == rx-gcc ]]; then
28-
wget --progress=dot:giga ${{ inputs.toolchain_url }} -O toolchain.run
30+
if [[ ${TOOLCHAIN} == rx-gcc ]]; then
31+
wget --progress=dot:giga ${TOOLCHAIN_URL} -O toolchain.run
2932
chmod +x toolchain.run
30-
./toolchain.run -p ~/cache/${{ inputs.toolchain }}/gnurx -y
31-
elif [[ ${{ inputs.toolchain }} == arm-iar ]]; then
32-
wget --progress=dot:giga https://netstorage.iar.com/FileStore/STANDARD/001/003/926/iar-lmsc-tools_1.8_amd64.deb -O ~/cache/${{ inputs.toolchain }}/iar-lmsc-tools.deb
33-
wget --progress=dot:giga ${{ inputs.toolchain_url }} -O ~/cache/${{ inputs.toolchain }}/cxarm.deb
33+
./toolchain.run -p ~/cache/${TOOLCHAIN}/gnurx -y
34+
elif [[ ${TOOLCHAIN} == arm-iar ]]; then
35+
wget --progress=dot:giga https://netstorage.iar.com/FileStore/STANDARD/001/003/926/iar-lmsc-tools_1.8_amd64.deb -O ~/cache/${TOOLCHAIN}/iar-lmsc-tools.deb
36+
wget --progress=dot:giga ${TOOLCHAIN_URL} -O ~/cache/${TOOLCHAIN}/cxarm.deb
3437
else
35-
wget --progress=dot:giga ${{ inputs.toolchain_url }} -O toolchain.tar.gz
36-
tar -C ~/cache/${{ inputs.toolchain }} -xaf toolchain.tar.gz
38+
wget --progress=dot:giga ${TOOLCHAIN_URL} -O toolchain.tar.gz
39+
tar -C ~/cache/${TOOLCHAIN} -xaf toolchain.tar.gz
3740
fi
3841
shell: bash
3942

4043
- name: Setup Toolchain
44+
env:
45+
TOOLCHAIN: ${{ inputs.toolchain }}
4146
run: |
42-
if [[ ${{ inputs.toolchain }} == arm-iar ]]; then
43-
sudo dpkg -i ~/cache/${{ inputs.toolchain }}/iar-lmsc-tools.deb
44-
sudo apt install -y ~/cache/${{ inputs.toolchain }}/cxarm.deb
47+
if [[ ${TOOLCHAIN} == arm-iar ]]; then
48+
sudo dpkg -i ~/cache/${TOOLCHAIN}/iar-lmsc-tools.deb
49+
sudo apt install -y ~/cache/${TOOLCHAIN}/cxarm.deb
4550
echo >> $GITHUB_PATH "/opt/iar/cxarm/arm/bin"
4651
else
47-
echo >> $GITHUB_PATH `echo ~/cache/${{ inputs.toolchain }}/*/bin`
52+
echo >> $GITHUB_PATH `echo ~/cache/${TOOLCHAIN}/*/bin`
4853
fi
4954
shell: bash

.github/actions/setup_toolchain/espressif/action.yml

Lines changed: 10 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -13,8 +13,10 @@ runs:
1313
using: "composite"
1414
steps:
1515
- name: Set DOCKER_ESP_IDF
16+
env:
17+
TOOLCHAIN: ${{ inputs.toolchain }}
1618
run: |
17-
DOCKER_ESP_IDF=$HOME/cache/${{ inputs.toolchain }}/docker_image.tar
19+
DOCKER_ESP_IDF=$HOME/cache/${TOOLCHAIN}/docker_image.tar
1820
echo "DOCKER_ESP_IDF=$DOCKER_ESP_IDF" >> $GITHUB_ENV
1921
shell: bash
2022

@@ -27,10 +29,12 @@ runs:
2729

2830
- name: Pull and Save Docker Image
2931
if: steps.cache-toolchain-espressif.outputs.cache-hit != 'true'
32+
env:
33+
TOOLCHAIN_VERSION: ${{ inputs.toolchain_version }}
3034
run: |
31-
docker pull espressif/idf:${{ inputs.toolchain_version }}
35+
docker pull espressif/idf:${TOOLCHAIN_VERSION}
3236
mkdir -p $(dirname $DOCKER_ESP_IDF)
33-
docker save -o $DOCKER_ESP_IDF espressif/idf:${{ inputs.toolchain_version }}
37+
docker save -o $DOCKER_ESP_IDF espressif/idf:${TOOLCHAIN_VERSION}
3438
du -sh $DOCKER_ESP_IDF
3539
shell: bash
3640

@@ -42,7 +46,9 @@ runs:
4246
shell: bash
4347

4448
- name: Tag Local Image
49+
env:
50+
TOOLCHAIN_VERSION: ${{ inputs.toolchain_version }}
4551
run: |
46-
docker tag espressif/idf:${{ inputs.toolchain_version }} espressif/idf:tinyusb
52+
docker tag espressif/idf:${TOOLCHAIN_VERSION} espressif/idf:tinyusb
4753
docker images
4854
shell: bash

.github/workflows/static_analysis.yml

Lines changed: 34 additions & 32 deletions
Original file line numberDiff line numberDiff line change
@@ -2,15 +2,30 @@ name: Static Analysis
22
on:
33
workflow_dispatch:
44
push:
5-
branches:
6-
- master
5+
branches: [ master ]
6+
paths:
7+
- 'src/**'
8+
- 'examples/**'
9+
- 'hw/bsp/**'
10+
- '.github/workflows/static_analysis.yml'
711
pull_request:
8-
types: [opened, synchronize, reopened]
12+
branches: [ master ]
13+
paths:
14+
- 'src/**'
15+
- 'examples/**'
16+
- 'hw/bsp/**'
17+
- '.github/workflows/static_analysis.yml'
918

1019
permissions:
1120
actions: read
1221
contents: read
1322
security-events: write
23+
# pull-requests: write
24+
# checks: write
25+
26+
concurrency:
27+
group: ${{ github.workflow }}-${{ github.ref }}
28+
cancel-in-progress: true
1429

1530
jobs:
1631
CodeQL:
@@ -50,36 +65,23 @@ jobs:
5065
uses: github/codeql-action/analyze@v4
5166
with:
5267
category: CodeQL
53-
upload: always
68+
upload: false
5469
id: analyze
5570

56-
# - name: Filter out unwanted errors and warnings
57-
# uses: advanced-security/filter-sarif@v1
58-
# with:
59-
# patterns: |
60-
# -**:cpp/path-injection
61-
# -**:cpp/world-writable-file-creation
62-
# -**:cpp/poorly-documented-function
63-
# -**:cpp/potentially-dangerous-function
64-
# -**:cpp/use-of-goto
65-
# -**:cpp/integer-multiplication-cast-to-long
66-
# -**:cpp/comparison-with-wider-type
67-
# -**:cpp/leap-year/*
68-
# -**:cpp/ambiguously-signed-bit-field
69-
# -**:cpp/suspicious-pointer-scaling
70-
# -**:cpp/suspicious-pointer-scaling-void
71-
# -**:cpp/unsigned-comparison-zero
72-
# -**/third*party/**
73-
# -**/3rd*party/**
74-
# -**/external/**
75-
# input: ${{ steps.analyze.outputs.sarif-output }}/cpp.sarif
76-
# output: ${{ steps.analyze.outputs.sarif-output }}/cpp.sarif
77-
#
78-
# - name: Upload SARIF
79-
# uses: github/codeql-action/upload-sarif@v4
80-
# with:
81-
# sarif_file: ${{ steps.analyze.outputs.sarif-output }}
82-
# category: CodeQL
71+
- name: Filter SARIF report
72+
uses: advanced-security/filter-sarif@v1
73+
with:
74+
patterns: |
75+
-hw/mcu/**
76+
-lib/**
77+
input: ${{ steps.analyze.outputs.sarif-output }}/cpp.sarif
78+
output: ${{ steps.analyze.outputs.sarif-output }}/cpp.sarif
79+
80+
- name: Upload SARIF
81+
uses: github/codeql-action/upload-sarif@v4
82+
with:
83+
sarif_file: ${{ steps.analyze.outputs.sarif-output }}
84+
category: CodeQL
8385

8486
- name: Upload artifact
8587
uses: actions/upload-artifact@v5
@@ -122,7 +124,7 @@ jobs:
122124
mkdir -p build
123125
cmake examples -B build -G Ninja -DBOARD=${{ matrix.board }} -DCMAKE_BUILD_TYPE=MinSizeRel
124126
cmake --build build
125-
pvs-studio-analyzer analyze -f build/compile_commands.json -j --exclude-path hw/mcu/ --exclude-path lib/
127+
pvs-studio-analyzer analyze -R .PVS-Studio/.pvsconfig -f build/compile_commands.json --exclude-path hw/mcu/ --exclude-path lib/ -j
126128
plog-converter -t sarif -o pvs-studio-${{ matrix.board }}.sarif PVS-Studio.log
127129
128130
- name: Upload SARIF

examples/build_system/cmake/toolchain/arm_iar.cmake

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,12 @@ find_program(CMAKE_IAR_REPORT ireport)
2020

2121
if (IAR_CSTAT)
2222
cmake_minimum_required(VERSION 4.1)
23-
set(CMAKE_C_ICSTAT ${CMAKE_IAR_CSTAT} --checks=${CMAKE_CURRENT_LIST_DIR}/cstat_sel_checks.txt --db=${CMAKE_BINARY_DIR}/cstat.db --sarif_dir=${CMAKE_BINARY_DIR}/cstat_sarif)
23+
set(CMAKE_C_ICSTAT ${CMAKE_IAR_CSTAT}
24+
--checks=${CMAKE_CURRENT_LIST_DIR}/cstat_sel_checks.txt
25+
--db=${CMAKE_BINARY_DIR}/cstat.db
26+
--sarif_dir=${CMAKE_BINARY_DIR}/cstat_sarif
27+
--exclude ${TOP}/hw/mcu --exclude ${TOP}/lib
28+
)
2429
endif ()
2530

2631
include(${CMAKE_CURRENT_LIST_DIR}/common.cmake)

examples/device/audio_4_channel_mic/src/tusb_config.h

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -23,8 +23,8 @@
2323
*
2424
*/
2525

26-
#ifndef _TUSB_CONFIG_H_
27-
#define _TUSB_CONFIG_H_
26+
#ifndef TUSB_CONFIG_H_
27+
#define TUSB_CONFIG_H_
2828

2929
#ifdef __cplusplus
3030
extern "C" {
@@ -123,4 +123,4 @@ extern "C" {
123123
}
124124
#endif
125125

126-
#endif /* _TUSB_CONFIG_H_ */
126+
#endif /* TUSB_CONFIG_H_ */

examples/device/audio_4_channel_mic/src/usb_descriptors.c

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -32,9 +32,9 @@
3232
* Auto ProductID layout's Bitmap:
3333
* [MSB] AUDIO | MIDI | HID | MSC | CDC [LSB]
3434
*/
35-
#define _PID_MAP(itf, n) ( (CFG_TUD_##itf) << (n) )
36-
#define USB_PID (0x4000 | _PID_MAP(CDC, 0) | _PID_MAP(MSC, 1) | _PID_MAP(HID, 2) | \
37-
_PID_MAP(MIDI, 3) | _PID_MAP(AUDIO, 4) | _PID_MAP(VENDOR, 5) )
35+
#define PID_MAP(itf, n) ((CFG_TUD_##itf) ? (1 << (n)) : 0)
36+
#define USB_PID (0x4000 | PID_MAP(CDC, 0) | PID_MAP(MSC, 1) | PID_MAP(HID, 2) | \
37+
PID_MAP(MIDI, 3) | PID_MAP(AUDIO, 4) | PID_MAP(VENDOR, 5) )
3838

3939
//--------------------------------------------------------------------+
4040
// Device Descriptors

examples/device/audio_4_channel_mic_freertos/src/tusb_config.h

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -23,8 +23,8 @@
2323
*
2424
*/
2525

26-
#ifndef _TUSB_CONFIG_H_
27-
#define _TUSB_CONFIG_H_
26+
#ifndef TUSB_CONFIG_H_
27+
#define TUSB_CONFIG_H_
2828

2929
#ifdef __cplusplus
3030
extern "C" {
@@ -129,4 +129,4 @@ extern "C" {
129129
}
130130
#endif
131131

132-
#endif /* _TUSB_CONFIG_H_ */
132+
#endif /* TUSB_CONFIG_H_ */

0 commit comments

Comments
 (0)