Backport CodeQl fixes from Oboe

[ann0see]

Short description of changes
One possible solution (what this PR does) is to just upgrade Oboe to the commit where the CodeQl fixes were included. That's what this does.

CHANGELOG: Internal: Backport Oboe's fixes CodeQl overflow warnings
Context: Fixes an issue?
Fixes: #2545

Does this change need documentation? What needs to be documented and how?
No.

Status of this Pull Request
Ready for review
What is missing until this pull request can be merged?
Test on Android, verification that the CodeQl errors disappeared.

Checklist

• I've verified that this Pull Request follows the general code principles
• I tested my code and it does what I want
• My code follows the style guide
• I waited some time after this Pull Request was opened and all GitHub checks completed without errors.
• I've filled all the content above

[hoffie]

Was that a cherry-pick of the fix? I don't think this can work. Submodule contents are not stored as part of our git and your cherry-pick is not part of upstream, so it's nowhere to get from.

Our options are:

• Replace the submodule by a copy of the code (I'd like to avoid that...)
• Use google/oboe@master
• Fork google/oboe to our org, use the latest release and cherry-pick the fixes we want. We can then update the submodule to use that fork with the cherry-picked rev.

[ann0see]

Yes, I used a cherry pick. And the CI failed.
Maybe the forking idea is possible for a short solution.

[pljones]

Can we check out from a specific commit? That way we get the full tree at that point - it means taking all the changes to that point but none after. That relies on the chosen point being safe, of course.

I'd rather take the opportunity to move to latest on the library and test it doesn't break anything. If it does, we can then think about what to do - but then it's harder.

[ann0see]

Yes, I basically moved to the commit where the CodeQl changes were fixed. However the CI doesn't think so...

[pljones]

Last master https://github.com/jamulussoftware/jamulus/runs/5680253483?check_suite_focus=true
oboe at 855ea841a93bf304065e5152909983b1b85ffabb

Yours https://github.com/jamulussoftware/jamulus/runs/5682859842?check_suite_focus=true
oboe at 2d4797ad433aa220499d7ea55f4d15a667decc27

What did you want?

[ann0see]

I want to update to 2d4797ad433aa220499d7ea55f4d15a667decc27

CodeQl however doesn’t seem to detect less errors

[pljones]

The CodeQL run isn't showing errors. What am I not understanding?

[ann0see]

Yes. But they should be shown as fixed. Maybe this will show up as soon as this PR is merged?

[pljones]

It's only showing the "Won't fix" errors, in fact... Either it should have shown the fixes or shown them still being there... weird.

[ann0see]

Probably merge it and look what happens on new PRs

[hoffie]

Tested: Submodule committish is as expected.
I did not run any further tests on Android for now.

[ann0see]

Hopefully the CodeQL errors are gone…