From 389074a805b56e16041849e3f9a9342c85f17abe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?DOTTEL=20Ga=C3=ABl?= Date: Wed, 11 Mar 2026 23:37:54 +0100 Subject: [PATCH 1/6] Add a check for VideoSnapshot&& to ImageViewRGB32 conversion --- .github/workflows/cpp-ci-serial-programs-base.yml | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/.github/workflows/cpp-ci-serial-programs-base.yml b/.github/workflows/cpp-ci-serial-programs-base.yml index 09d52a5ba1..403c992426 100644 --- a/.github/workflows/cpp-ci-serial-programs-base.yml +++ b/.github/workflows/cpp-ci-serial-programs-base.yml @@ -138,12 +138,20 @@ jobs: hasDeclaration(cxxConstructorDecl(ofClass(hasName("std::filesystem::path")))), hasArgument(0, hasType(asString("std::string"))) ) + match cxxConstructExpr( + isExpansionInFileMatching("SerialPrograms/"), + hasDeclaration(cxxConstructorDecl(ofClass(hasName("ImageViewRGB32")))), + hasArgument(0, hasType(rValueReferenceType(pointee(hasType(hasName("VideoSnapshot")))))), + unless(hasAncestor(functionDecl(isInline()))) + ) EOF files=$(jq -r '.[].file' SerialPrograms/bin/compile_commands.json) echo "$files" | xargs --max-args=150 clang-query -p SerialPrograms/bin/ -f query.txt >> output.txt cat output.txt if grep --silent "Match #" output.txt; then - echo "::error Forbidden std::filesystem::path construction detected!" + echo "::error Forbidden code detected. It can be" + echo "::error - a std::filesystem::path created from std::string. More information https://discord.com/channels/695809740428673034/1462210406616531259/1462567541825339635" + echo "::error - a ImageViewRGB32 created from VideoSnapshot&& that is stored. It is a dangling pointer as nothing hold the data anymore" exit 1 fi From 7986db3f564e594a61cd23c4f56761e5cc062312 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?DOTTEL=20Ga=C3=ABl?= Date: Thu, 12 Mar 2026 18:37:35 +0100 Subject: [PATCH 2/6] Remove --silent --- .github/workflows/cpp-ci-serial-programs-base.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cpp-ci-serial-programs-base.yml b/.github/workflows/cpp-ci-serial-programs-base.yml index 403c992426..591f904b01 100644 --- a/.github/workflows/cpp-ci-serial-programs-base.yml +++ b/.github/workflows/cpp-ci-serial-programs-base.yml @@ -149,7 +149,7 @@ jobs: files=$(jq -r '.[].file' SerialPrograms/bin/compile_commands.json) echo "$files" | xargs --max-args=150 clang-query -p SerialPrograms/bin/ -f query.txt >> output.txt cat output.txt - if grep --silent "Match #" output.txt; then + if grep "Match #" output.txt; then echo "::error Forbidden code detected. It can be" echo "::error - a std::filesystem::path created from std::string. More information https://discord.com/channels/695809740428673034/1462210406616531259/1462567541825339635" echo "::error - a ImageViewRGB32 created from VideoSnapshot&& that is stored. It is a dangling pointer as nothing hold the data anymore" From a809000a423132f3c017ebcfaab5261ecdd80605 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?DOTTEL=20Ga=C3=ABl?= Date: Thu, 12 Mar 2026 18:55:57 +0100 Subject: [PATCH 3/6] --max-args=50 --- .github/workflows/cpp-ci-serial-programs-base.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cpp-ci-serial-programs-base.yml b/.github/workflows/cpp-ci-serial-programs-base.yml index 591f904b01..fc12507504 100644 --- a/.github/workflows/cpp-ci-serial-programs-base.yml +++ b/.github/workflows/cpp-ci-serial-programs-base.yml @@ -147,7 +147,7 @@ jobs: EOF files=$(jq -r '.[].file' SerialPrograms/bin/compile_commands.json) - echo "$files" | xargs --max-args=150 clang-query -p SerialPrograms/bin/ -f query.txt >> output.txt + echo "$files" | xargs --max-args=50 clang-query -p SerialPrograms/bin/ -f query.txt >> output.txt cat output.txt if grep "Match #" output.txt; then echo "::error Forbidden code detected. It can be" From 20fa582ed417abfb116262486c740fdd0ce1311a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?DOTTEL=20Ga=C3=ABl?= Date: Thu, 12 Mar 2026 18:56:12 +0100 Subject: [PATCH 4/6] --max-procs=0 --- .github/workflows/cpp-ci-serial-programs-base.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cpp-ci-serial-programs-base.yml b/.github/workflows/cpp-ci-serial-programs-base.yml index fc12507504..a588e5b419 100644 --- a/.github/workflows/cpp-ci-serial-programs-base.yml +++ b/.github/workflows/cpp-ci-serial-programs-base.yml @@ -147,7 +147,7 @@ jobs: EOF files=$(jq -r '.[].file' SerialPrograms/bin/compile_commands.json) - echo "$files" | xargs --max-args=50 clang-query -p SerialPrograms/bin/ -f query.txt >> output.txt + echo "$files" | xargs --max-procs=0 --max-args=50 clang-query -p SerialPrograms/bin/ -f query.txt >> output.txt cat output.txt if grep "Match #" output.txt; then echo "::error Forbidden code detected. It can be" From e63f29ea5bca7f68dc48711f74e506f261922249 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?DOTTEL=20Ga=C3=ABl?= Date: Fri, 13 Mar 2026 00:57:29 +0100 Subject: [PATCH 5/6] remove // --- .github/workflows/cpp-ci-serial-programs-base.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cpp-ci-serial-programs-base.yml b/.github/workflows/cpp-ci-serial-programs-base.yml index a588e5b419..fc12507504 100644 --- a/.github/workflows/cpp-ci-serial-programs-base.yml +++ b/.github/workflows/cpp-ci-serial-programs-base.yml @@ -147,7 +147,7 @@ jobs: EOF files=$(jq -r '.[].file' SerialPrograms/bin/compile_commands.json) - echo "$files" | xargs --max-procs=0 --max-args=50 clang-query -p SerialPrograms/bin/ -f query.txt >> output.txt + echo "$files" | xargs --max-args=50 clang-query -p SerialPrograms/bin/ -f query.txt >> output.txt cat output.txt if grep "Match #" output.txt; then echo "::error Forbidden code detected. It can be" From e44b77ca67a9f28d8788974bec95cfafbac226f1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?DOTTEL=20Ga=C3=ABl?= Date: Fri, 13 Mar 2026 17:57:26 +0100 Subject: [PATCH 6/6] --max-procs=0 --max-args=1 --- .github/workflows/cpp-ci-serial-programs-base.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cpp-ci-serial-programs-base.yml b/.github/workflows/cpp-ci-serial-programs-base.yml index fc12507504..f76071af4e 100644 --- a/.github/workflows/cpp-ci-serial-programs-base.yml +++ b/.github/workflows/cpp-ci-serial-programs-base.yml @@ -147,7 +147,7 @@ jobs: EOF files=$(jq -r '.[].file' SerialPrograms/bin/compile_commands.json) - echo "$files" | xargs --max-args=50 clang-query -p SerialPrograms/bin/ -f query.txt >> output.txt + echo "$files" | xargs --max-procs=0 --max-args=1 clang-query -p SerialPrograms/bin/ -f query.txt >> output.txt cat output.txt if grep "Match #" output.txt; then echo "::error Forbidden code detected. It can be"