Fix for SecBug cpp/comparison-with-wider-type

[kingster]

The return type for vector.size() is size_t which is larger than uint16_t and hence an overflow can cause infinite loop.

Fixes this security bug https://codeql.github.com/codeql-query-help/cpp/cpp-comparison-with-wider-type/

[The-EDev]

Since concurrency can be set to only a uint16_t, the maximum size for task_queue_length_pool_ would be within the limits of an unsigned 16bit integer. Please let me know if I missed anything, otherwise I will close this PR.

[kingster]

In that case, maybe we should cast the size_t into uint16_t so that the security tools don't throw this as a security issue?

[The-EDev]

I think I want to test the effect of adding a cast first, I don't want to hamper performance (even if very slightly) just to get a tool not to throw an incorrect error.

[kingster]

True I had the same thoughts, and that's why my first proposal was to use size_t so that it doesn't effect performance at all, and the code analysis tools are also happy!

[The-EDev]

Seems like the only difference between the 2 versions is a single movzx operation.. Interestingly enough this is added to the version of the code without static_cast, so at worst there's no difference and at best this version would be faster somehow..

What's your opinion @kingster?

[kingster]

IMHO the size_t is a simpler solution which also avoids a cast in the loop at least (even though it doesn't affect) and is future proof even if the type of concurrency is changed in future.

[The-EDev]

I would prefer it if there was a comment above the loop specifying why size_t is being used instead of uint16_t

[kingster]

Done. Pushed the updated changes, please have a look.

[The-EDev]

seems alright, will merge soon.