Coverity check please...

Sun Jan 19 18:24:29 UTC 2025

On Sunday, January 19, 2025 12:32:01 AM Pacific Standard Time Hal Murray via 
devel wrote:
> I think it's a bug in Coverity.  Would somebody please check.
> 
> Is there a way to report bugs to Coverity?  Or tell it not to check
> something?

It looks like one to me. I looked at the subject code and if the order of 
operations were wrong I could see it happening.

> It's getting here with n =2
>  11. known_value_assign: j = n, its value is now 2.
> 471        i = 0; j = n;
> 472        m = n - (n * 4) / 10;
> (n*4)/10 is 0, so m is 2
>       12. Condition j - i > m, taking true branch.
>       16. Condition j - i > m, taking true branch.
>       20. Condition j - i > m, taking true branch.
> 
> CID 497295: (#1 of 1): Overflowed constant (INTEGER_OVERFLOW)
> 24. overflow_const: Expression j - i, where j is known to be equal to 2,
> and i is known to be equal to 3, underflows the type of j - i, which is
> type unsigned long.
> (j-1) is 2, m is 2, so it never goes around the loop.
> 473        while ((j - i) > m) {
> 474                offset = off[(j + i) / 2];
>       13. Condition off[j - 1] - offset < offset - off[i], taking true
> branch.

```patch

--- a/ntpd/ntp_refclock.c
+++ b/ntpd/ntp_refclock.c
@@ -469,7 +469,7 @@ refclock_sample(
         * approximately 60 percent of the samples remain.
         */
        i = 0; j = n;
-       m = n - (n * 4) / 10;
+       m = n - ((n * 4) / 10);
        while ((j - i) > m) {
                offset = off[(j + i) / 2];
                if (off[j - 1] - offset < offset - off[i])
```

-30-


