Description of the false positive

It's true that denom is initialized to 1:

    npy_uint64 num = 1, denom = 1, tmp, gcd;

and subsequently multiplied by positive integers::

                denom *= 400*7;

                denom *= 400*12*7;

                denom *= 400*12*7;

                denom *= 400*12;

I can see why LGTM reports that demon cannot be but larger than 1. However, what happens in case of an overflow? That's precisely what the code tries to detect here:

    /* If something overflowed, make both num and denom 0 */
    if (denom == 0 || num == 0) {

Here is a simple example:

#include <stdio.h>
#include <inttypes.h>

int main() {
	uint64_t denom = UINT64_MAX/2+1;
	printf("denom = %"PRIu64"\n", denom);
	denom *= 2;
	printf("denom = %"PRIu64"\n", denom);
}

which outputs:

denom = 9223372036854775808
denom = 0

Perhaps LGTM is smarter than that and know this cannot happen in this case, for example for a reason involving considerations such as 18446744073709551616 cannot be divided by 400, 12 or 7. However, I suspect that's not the case.

URL to the alert on the project page on LGTM.com

https://lgtm.com/projects/g/numpy/numpy/snapshot/6fd377657ac7fcc9d244e2d1ebae26e70f60db51/files/numpy/core/src/multiarray/datetime.c?sort=name&dir=ASC&mode=heatmap#x2f5c881720f6cdf2:1