Skip to content

[CPU]Coverity scan issues #32343

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Oct 13, 2025
Merged

[CPU]Coverity scan issues #32343

merged 3 commits into from
Oct 13, 2025

Conversation

chenhu-wang
Copy link
Contributor

@chenhu-wang chenhu-wang commented Oct 9, 2025
edited
Loading

Details:

  • nullptr dereference, integer overflow, remove dead code, remove unused computation

Tickets:

@chenhu-wang chenhu-wang requested review from a team as code owners October 9, 2025 07:33
@github-actions github-actions bot added the category: CPU OpenVINO CPU plugin label Oct 9, 2025
@chenhu-wang chenhu-wang force-pushed the chenhu/fix_coverity_issue branch from 3e08272 to f8060cf Compare October 9, 2025 07:50
@chenhu-wang
Copy link
Contributor Author

@maxnick, could you please take a look?

@yuxu42 yuxu42 requested a review from Copilot October 13, 2025 02:06
Copilot
Copilot AI reviewed Oct 13, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR addresses Coverity scan issues by fixing potential null pointer dereferences, integer overflow, and removing dead code to improve code safety and quality.

  • Added bounds checking and null pointer validation through OPENVINO_ASSERT statements
  • Removed unused computation and dead code to eliminate unnecessary operations
  • Fixed loop bounds to prevent potential integer overflow conditions

Reviewed Changes

Copilot reviewed 8 out of 8 changed files in this pull request and generated 1 comment.

Show a summary per file
File Description
src/plugins/intel_cpu/src/shape_inference/static_shape.hpp Added bounds checking for array access operator
src/plugins/intel_cpu/src/shape_inference/custom/reshape.cpp Removed unused computation that was redundant
src/plugins/intel_cpu/src/nodes/tensoriterator.cpp Added validation for loop body condition output index
src/plugins/intel_cpu/src/nodes/strided_slice.cpp Fixed loop bounds and added size validation
src/plugins/intel_cpu/src/nodes/log_softmax.cpp Added axis bounds validation
src/plugins/intel_cpu/src/nodes/input.cpp Added null pointer check for external memory descriptor
src/plugins/intel_cpu/src/nodes/executors/dnnl/dnnl_convolution_primitive.cpp Removed dead return statement
src/plugins/intel_cpu/src/nodes/deconv.cpp Added validation for DNNL compatible weights

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

liubo-intel
liubo-intel reviewed Oct 13, 2025
View reviewed changes
Copy link
Contributor

@liubo-intel liubo-intel left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

current changes LGTM just one minor comments in static_shape.hpp.
and another question is: from Jaroslaw's comments in the ticket. it seems some fix not included in this pr: e.g.

/src/plugins/intel_cpu/src/nodes/fullyconnected.cpp
/src/plugins/intel_cpu/src/nodes/subgraph.cpp
/src/plugins/intel_cpu/src/nodes/color_convert.cpp
/src/plugins/intel_cpu/src/nodes/llm_mlp.cpp

I don't know whether because there's another step/plan for these left fix?

@maxnick maxnick added this to the 2025.4 milestone Oct 13, 2025
maxnick
maxnick requested changes Oct 13, 2025
View reviewed changes
@maxnick maxnick self-assigned this Oct 13, 2025
@chenhu-wang chenhu-wang force-pushed the chenhu/fix_coverity_issue branch from 386555a to 89b3df8 Compare October 13, 2025 08:18
@chenhu-wang
Copy link
Contributor Author

current changes LGTM just one minor comments in static_shape.hpp. and another question is: from Jaroslaw's comments in the ticket. it seems some fix not included in this pr: e.g.

/src/plugins/intel_cpu/src/nodes/fullyconnected.cpp
/src/plugins/intel_cpu/src/nodes/subgraph.cpp
/src/plugins/intel_cpu/src/nodes/color_convert.cpp
/src/plugins/intel_cpu/src/nodes/llm_mlp.cpp

I don't know whether because there's another step/plan for these left fix?

Others are false positive.

@chenhu-wang chenhu-wang force-pushed the chenhu/fix_coverity_issue branch 2 times, most recently from c7cb066 to 2cf2b24 Compare October 13, 2025 08:41
@maxnick maxnick enabled auto-merge October 13, 2025 08:53
@maxnick maxnick added this pull request to the merge queue Oct 13, 2025
Merged via the queue into openvinotoolkit:master with commit 46f86fd Oct 13, 2025
201 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@maxnick maxnick maxnick approved these changes

@liubo-intel liubo-intel liubo-intel approved these changes

Assignees

@maxnick maxnick

Labels

category: CPU OpenVINO CPU plugin

Projects

None yet

Milestone

2025.4

Development

Successfully merging this pull request may close these issues.

3 participants

@chenhu-wang @maxnick @liubo-intel