From bbed7b696cd79c5af9afb58878f82c9c122db64d Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Wed, 1 Apr 2026 06:45:19 +0000
Subject: [PATCH 1/2] Initial plan


From 6700fdf636926da5a91253a20289181c723440cc Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Wed, 1 Apr 2026 06:57:03 +0000
Subject: [PATCH 2/2] ist: add __COVERITY__ guard to suppress false
 INTEGER_OVERFLOW warnings

The ist() macro uses an intentional size_t underflow trick for efficient
runtime string length measurement:

    size_t __l = 0;
    if (__x) for (__l--; __x[++__l]; ) ;

Coverity reports this as INTEGER_OVERFLOW (CID 1646569) because __l--
underflows from 0 to SIZE_MAX, and ++__l overflows from SIZE_MAX back to 0.

Add a #ifdef __COVERITY__ guard that provides a straightforward strlen()-
based implementation when Coverity runs its analysis. Coverity defines
__COVERITY__ automatically during scans, so no workflow changes are needed.

Agent-Logs-Url: https://github.com/chipitsine/haproxy/sessions/5eb4610f-492c-4202-a2b6-8ed07062a798

Co-authored-by: chipitsine <2217296+chipitsine@users.noreply.github.com>
---
 include/import/ist.h | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)
diff --git a/include/import/ist.h b/include/import/ist.h
index 962d63b802f48..3bfb445d15070 100644
--- a/include/import/ist.h
+++ b/include/import/ist.h
@@ -147,7 +147,19 @@ struct ist {
  * __builtin_strlen() with an expression otherwise it involves a real
  * measurement.
  */
-#if __GNUC__ >= 4
+#ifdef __COVERITY__
+/* Coverity does not understand the intentional size_t underflow/overflow
+ * trick in the regular implementation and reports false INTEGER_OVERFLOW
+ * warnings. Use a simple strlen() here to keep the Coverity analysis clean.
+ */
+#define ist(str) ({                                                    \
+	char *__x = (void *)(str);                                     \
+	(struct ist){                                                   \
+		.ptr = __x,                                            \
+		.len = __x ? strlen(__x) : 0,                         \
+	};                                                             \
+})
+#elif __GNUC__ >= 4
 // gcc >= 4 detects constant propagation of str through __x and resolves the
 // length of constant strings easily.
 #define ist(str) ({                                                    \
@@ -930,7 +942,7 @@ static inline int istissame(const struct ist ist1, const struct ist ist2)
 static inline struct ist istalloc(const size_t size)
 {
 	/* Note: do not use ist2 here, as it triggers a gcc11 warning.
-	 * €˜<unknown>€™ may be used uninitialized [-Werror=maybe-uninitialized]
+	 * ï¿½ï¿½<unknown>ï¿½ï¿½ may be used uninitialized [-Werror=maybe-uninitialized]
 	 *
 	 * This warning is reported because the uninitialized memory block
 	 * allocated by malloc should not be passed to a const argument as in
