<table border="1" cellspacing="0" cellpadding="8">

    <tr>

        <th>Issue</th>

        <td>

            <a href=https://github.com/llvm/llvm-project/issues/105970>105970</a>

        </td>

    </tr>

    <tr>

        <th>Summary</th>

        <td>

            clang:static analyzer-Discrepancy Between COVERITY and clang-tidy in Detecting WRAPPER_ESCAPE Issues

        </td>

    </tr>

    <tr>

      <th>Labels</th>

      <td>

            clang,

            clang-tidy

      </td>

    </tr>

    <tr>

      <th>Assignees</th>

      <td>

      </td>

    </tr>

    <tr>

      <th>Reporter</th>

      <td>

          zxyzxy1111

      </td>

    </tr>

</table>

<pre>

    **Background:**

While analyzing the code, I found that using the COVERITY static analysis tool, it reported the following errors. However, the same location did not report any errors when analyzed using clang-tidy.

**Issue 1:**

The known error code is located at: `opencv/3rdparty/openexr/IlmImf/ImfDwaCompressor.cpp:[1389, 1400, 1428]:escape [COVERITY WRAPPER_ESCAPE]`.

The error function code is as follows:

![image](https://github.com/user-attachments/assets/7ae11ce3-fe25-4f5b-abf1-13ce44a41efc)

![image](https://github.com/user-attachments/assets/79d010b7-bc8e-4dea-bfb6-4cbd679e3892)

![image](https://github.com/user-attachments/assets/b1091d45-0d14-4b18-8ced-4135567d6c1f)

Specifically, this error reports that the internal representation of the local variable `tmpHalfBuffer` is transferred to `this->_rowPtrs[chan][y]` in the `Imf_opencv::DwaCompressor::LossyDctEncoderBase::execute` function, but it is destroyed when exiting the scope. This situation may lead to undefined behavior or program crashes.

**Detailed explanation of the error by COVERITY:**

**Conditional Judgments and Loops:**

- At line 1370, the condition `this->_type.size() == this->_rowPtrs.size()` is true.

- At line 1371, the condition `this->_rowPtrs.size() == 3` is true.

- At line 1380, the condition `chan < this->_rowPtrs.size()` is true.

- At line 1381, the condition `this->_type[chan] == Imf_opencv::FLOAT` is true.

These conditional judgments and loops appear multiple times in the code, indicating that the code iterates multiple times when processing multiple channels and rows.

**Usage of the local variable `tmpHalfBuffer`:**

- At line 1388, the condition `tmpHalfBufferElements` is true.

- At line 1389, `operator[]` is called, extracting the wrapped state of the local variable `tmpHalfBuffer` and assigning it to `tmpHalfBufferPtr`.

**Continuing the Loop:**

- At line 1397, the condition `chan < this->_rowPtrs.size()` is true.

- At line 1399, the condition `this->_type[chan] != Imf_opencv::FLOAT` is true, continuing the loop.

**Nested Loop:**

- At line 1402, the condition `y < this->_height` is true.

- At line 1408, the condition `x < this->_width` is true.

These conditional judgments and loops appear multiple times in the code, indicating that the code iterates multiple times when processing the width and height of the image.

**Main Issue:**

- At line 1428, the internal representation of the local variable `tmpHalfBuffer` is transferred to `this->_rowPtrs[chan][y]`, but it is destroyed when exiting the scope. This means that the contents of `tmpHalfBuffer` will be destroyed when the function exits, but its reference is still stored in `this->_rowPtrs[chan][y]`, which may lead to undefined behavior or program crashes.

**Issue 2:**

`ogre/RenderSystems/GLSupport/src/GLSL/OgreGLSLShaderCommon.cpp:[87, 96, 103, 104]:use_after_free [COVERITY WRAPPER_ESCAPE]`

![image](https://github.com/user-attachments/assets/97ce9e4c-16c6-463b-bae0-1072307acbe0)

- Line 96: `src` is assigned to `mSource.c_str()`, at this point `src` points to the internal data of `mSource`.

- Line 103: `mSource` is reassigned to `String(out, out_size)`, which may cause the internal data of `mSource` to be reallocated or modified.

- Line 104: `if (out < src || out > src + src_len)`, at this point `src` may already point to invalid memory because the internal data of `mSource` has been modified.

**Summary:**

The internal representation of `this->mSource` is used after being invalidated, leading to potential undefined behavior. This belongs to WRAPPER-ESCAPE.

- Line: 101

  - Description: End of the `if` statement.

  - Calling `operator=` invalidates the internal representation of `this->mSource`.

- Line: 103

  - Description: Calling `operator=` invalidates the internal representation of `this->mSource`.

- Line: 104

  - Description: Using the invalidated internal representation of `this->mSource`.

**Thoughts:**

Are the above COVERITY error reports correct? Why did the clang-tidy WRAPPER_ESCAPE related rules not report any errors? Where is the problem? How should it be  resolved?    

@NagyDonat @evanphx @haberman . Do you have any suggestions?

</pre>

<img width="1px" height="1px" alt="" src="http://email.email.llvm.org/o/eJzMWEtz2zgS_jX0BUUVn5J40EGyrB1veWdSsWdTe3KBQFPEDAiwAFAy8-u3GqSeUZxMKvu4WDQBNL7u_vpFaq3YKoBFkK-CfH1HO1drs_j81n9-6-M4ju9KzftFkCyDZLmi7M-t0Z3iQbocXgXROoiWn2ohgVBFZf9ZqC1xNRCmOQTJPXkkFZ4grqaOdPawfP_bPx8-Pr78i1hHnWDDYSsscVpLPCccMdBq44D7A5WWUu_xOBijjZ2QX_QedmBwM26wtAEiNaNOaEW44ETpgwxCVT-eI_sa1IgV-IiISaq2oRO8nwwajX-9jo_WdkDiK51faiB_Kr1Xg1yvLxF2QACcUBekSxJMI92CYrsg2aSGt9S4Pkg2-A7eTJBsHmXz2FT40FTrPb3XTWvAWm0mrG3xynwVp_MClYyzKBp-k3mQr4N0CZbRFkiQr47m_PRx-eHDw8fXh-f75YcH3DaNJifEA9aqU8xb6QCa2tG-Fq8cdY-DfCUaugWUksxr51q_nGyCZLMVru7KCdNNkGw6CyakzlFWN6CcDZINtRb8w4xCHDNIwwqSPMyqvAxpWcVhnDLIMprFULEgKX7ypQWP4qichSWbQ5hxoGFZldMwYyWfzgpI50Xy0y8t46iIeZaHEY-zMCvjeThnwMMsTvN8OuNTFlenS_3f5xaYqASjUvYDj4UdfTQQ1w5xg_wWyoFRVOKKAQvKDUzXlV9G3kmyo0bQUgISzzXtL1RWq66qwATTCB3tDFW2AmMwqrTfVQsbBunDq9H7D87YIF-xmiq0RL7qBwIRofwdwTR6bKrXkdHpMkiXF5wdXj1pa_s1cw8K6WVW1MKwAG_AOgco8MBAVLrsHEa7sISDdUb3wIcghTfhDvnCMt3ChLyggaxw3aB7Q3sigXpdOsWhEgo4KaGmO6EN0Ya0Rm8NbQgz1NZgb4T3GhwVEjiBt1ZSdWHUwRVlf0xXV0ngXM69VlzgYSrJ3zu-9fwgVHHypPXIp9PJkCwdkUIBidNZdMhh7CDjwjOub2FixWcIknmQFCRI10G6JteeO9ty9HYHkxv3xe_f96W8w5Xp-4LntxVBPpEgvf9xxPNvIEYLnYh7QHvN1c3Tb8uXLy96qcGeCaaS_HHhPonuI7RtgRrSdNKJVgJxogF7CIxDsROKCyxAnrRj3A451oGhDuz1ec_z1mgG1hei4zKqokAOCIze32Lu75Zu4fvj_x0Gzue37Xsu4UHCkPLe95QvVUPZM9RpMzQW4yFMdMBxB7w5Q9kxvPcG7ct9N_AXVPLWGXoYlCTcIamd7_vgzKkIXkWsE6o7YMAwfcdGxew_RO6i-GvkTuLvITfKZJcKIpFvmOFXsNiwvK9-FiU3UfaXutcgtrV7V98suk22t0tJe8Fd_f8drJ64CNPfPKh-4K5vJ24Y-x9UKOI7yndsnRwt9D8s-j9Umhugyp6bUznvGl3dBLcXUpISrqX7fv_Qo-JV9gTGEgMVGFDMd67WoQjrNConbtaxrym3rwWrf0oLMUwIyXVzMI301kCQbD6C4mCee-ugwU7xb0_PXYvtXZBsrGHDm6cg2fy2NYCPzzXlYO5102h1GgTmPgMVUz8EROnwkw2jQGfhlVYOzGtl4Nsjwc_tfIsZgwIyFsZTNg2zaVqGJYUojKNZkkYzykqIjp1vSJ6Q5cV0nI_QAANPx2H0QNLmWXeGwYS9WmeOiRS19uwSlrRaKHcmw_-PI-Rl7HDq6MjAUeapHoxo0JwDnNMOhGTgCtSzM0Jtg2SuO4dQdOdeh0RffEErRjsL3wEFRZeAd8nD9KgNaTQXlQB-DTQbgYqKDDB83rSGkWB2H8w8JBKkD8OrZIW_rxLUt82HmKk0QHk_rjlNhNpRKThpoNGmJyV8t1Y1taQEUNeanEfOc9c01PQ3Zut3Mt9ZjF96q7M4eGMUkBJ8QzCAR5Oi4hjnPmtp0mpMTILKG0E_5rISpFZbT6cxhMIhhC48gt6Io3h4RUhI1mCZEa2fbtIleVD8kK290xCq73IwiianY_dUSsR23jql4_B1UMJ-qybctMwNuOlX4f5XYWRfhfH7scCeufBHrzwn3Eutu23trsexpRkoTUu9O_s4dTmKM20MMBekG_Kp7v0nJl_kjh-PrlItMSA9btNJsLc_Rw3CwPhihtJao0sJDb7_Re-JrXUnORbhEggxYLXcAcdVQsioWBb9Srf9WivqSJBFsKOqrd_wsaYlmIYqMiFrTXrdkZruwF9vu-0WLJoPMdzxRcqLtKB3sIhnSZbn2SyP7upFBdWUw5TPi7SYQ85oVc2SMo9iGpdlXNE7sUiiJIvmSR4leRFHkzydptWMR1VURkmezhBRQ4WcSLlrJtps7wSWy0Uc5cUsupO0BGn998ck8aYMEmw1D_95w-KrfH1nFigjLLutDbJICuvsSaoTTsJikJAuzz8rfgYTroVlBlqqWE9W4PaYl45uxvbtzItCkTU4GKaTK5f6Um_vOiMX7xRLBDX-hK3RfyBrko3XG-vlqPpukfw7AAD__13w4wQ">