codeql: fix 4 integer-overflow findings + filter vendored SARIF

[borisbat]

Triage of the CodeQL c-cpp backlog (26 open alerts). 4 are real bugs in our own code — fixed here. The other 21 are vendored or generated; a SARIF filter (below) excludes them so they auto-close on the next master scan and stop diluting PR diffs. (PREfast's 16 C26819/C28251 alerts are style-class fallthrough/SAL nits, left as-is.)

Code fixes

• string_repeat heap overflow (module_builtin_string.cpp) — len * count was a 32-bit multiply feeding allocateString, which takes uint64_t. repeat(s, count) with len*count > 4G (e.g. a 64KB string repeated 65537×) wrapped to a tiny allocation while the copy loop wrote ~4GB past it — script-reachable heap overflow. Widened to uint64_t * uint64_t.
• dasRaster same-channel memcpy (dasRaster.cpp, 3 sites) — num_pixels * src_ch [* sizeof(T)] multiplied in int32 before promoting to the size_t length; wraps for >2G-element images. Operands cast to size_t. CodeQL flagged the u16/f32 paths; the u8 path has the identical shape and is fixed too.
• volume_mixer lookahead index (volume_mixer.h) — attack_samples * nChannels was a uint32 multiply inside otherwise-64-bit frame indexing. Cast to uint64_t.
• tutorial printf UB (14_passing_arrays.c) — printf("%u", owned.size) on a uint64_t field is a varargs type mismatch. %llu + cast.

Workflow: filter vendored / generated SARIF

build-mode: none does not honor the init paths-ignore for C/C++ results — a tests-cpp/3rdparty/doctest alert survived two master scans with that config in place. So vendored findings never auto-filtered and sat in the Security tab (sqlite amalgamation + its CLI shell, stb headers, minfft, the frozen v1 dasFormatter bison parser, doctest).

Added a github/filter-sarif pass between analyze (upload: false) and upload-sarif, excluding 3rdparty, stb_*.h, modules/dasSQLITE/sqlite, modules/dasMinfft/minfft, and utils/dasFormatter/ds_parser.cpp. src/parser generated lexers are deliberately NOT excluded — our hand-written rule bodies live in them (that's exactly where the PVS OOB write in #3111 was hiding). Dropped results auto-close their alerts on the next master scan.

Net after merge + next scan: all 26 CodeQL alerts clear (4 fixed, 21 filtered, plus the 5 alerts on the 4 fixed sites close as fixed).

Validation

• incremental build clean
• module suites green: strings 363, stbimage 445, audio 10 — 0 failed
• repeat("ab",3)=="ababab", repeat("x",0)=="", repeat("",5)=="" probed
• workflow change can only be validated post-merge (CodeQL runs on push to master); the SARIF filename (cpp.sarif) and filter-sarif@v1 usage follow the documented compiled-language pattern

🤖 Generated with Claude Code

[Copilot]

Pull request overview

Fixes several CodeQL-reported integer overflow / varargs issues in core C++ modules and adjusts the CodeQL workflow to post-filter SARIF so vendored/generated findings don’t remain open and dilute alert diffs.

Changes:

• Widened arithmetic in string_repeat and audio limiter lookahead indexing to avoid 32-bit overflow.
• Fixed potential memcpy length overflows in raster channel-conversion fast paths.
• Updated CodeQL workflow to generate SARIF without uploading, filter out vendored/generated paths, then upload the filtered SARIF.

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 3 comments.

Show a summary per file

File	Description
tutorials/integration/c/14_passing_arrays.c	Fix printf varargs mismatch when printing a uint64_t array size.
src/builtin/module_builtin_string.cpp	Prevent 32-bit overflow when computing repeated string allocation size.
modules/dasStbImage/src/dasRaster.cpp	Use size_t math for memcpy byte counts in same-channel conversion paths.
modules/dasAudio/src/volume_mixer.h	Widen lookahead index arithmetic to avoid 32-bit overflow in frame indexing.
.github/workflows/codeql.yml	Add SARIF post-processing step to filter vendored/generated findings before upload.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.