mirror of
https://git.code.sf.net/p/libpng/code.git
synced 2025-07-10 18:04:09 +02:00
[libpng16] Fixed array size calculations to avoid warnings. At various points
in the code the number of elements in an array is calculated using sizeof. This generates a compile time constant of type (size_t) which is then typically assigned to an (unsigned int) or (int). Some versions of GCC on 64-bit systems warn about the apparent narrowing, even though the same compiler does apparently generate the correct, in-range, numeric constant. This adds appropriate, safe, casts to make the warnings go away.
This commit is contained in:
John Bowler
Glenn Randers-Pehrson
parent
6f2c50e7fc
commit
03df189954
15
ANNOUNCE
15
ANNOUNCE
@ -45,6 +45,21 @@ Version 1.6.15beta05 [November 5, 2014]
|
|||||||
example.c, pngtest.c, and applications in the contrib directory.
|
example.c, pngtest.c, and applications in the contrib directory.
|
||||||
Avoid out-of-bounds memory access in png_user_version_check().
|
Avoid out-of-bounds memory access in png_user_version_check().
|
||||||
Simplified and future-proofed png_user_version_check().
|
Simplified and future-proofed png_user_version_check().
|
||||||
|
Fixed GCC unsigned int->float warnings. Various versions of GCC
|
||||||
|
seem to generate warnings when an unsigned value is implicitly
|
||||||
|
converted to double. This is probably a GCC bug but this change
|
||||||
|
avoids the issue by explicitly converting to (int) where safe.
|
||||||
|
Free all allocated memory in pngimage. The file buffer cache was left
|
||||||
|
allocated at the end of the program, harmless but it causes memory
|
||||||
|
leak reports from clang.
|
||||||
|
Fixed array size calculations to avoid warnings. At various points
|
||||||
|
in the code the number of elements in an array is calculated using
|
||||||
|
sizeof. This generates a compile time constant of type (size_t) which
|
||||||
|
is then typically assigned to an (unsigned int) or (int). Some versions
|
||||||
|
of GCC on 64-bit systems warn about the apparent narrowing, even though
|
||||||
|
the same compiler does apparently generate the correct, in-range,
|
||||||
|
numeric constant. This adds appropriate, safe, casts to make the
|
||||||
|
warnings go away.
|
||||||
|
|
||||||
Send comments/corrections/commendations to png-mng-implement at lists.sf.net
|
Send comments/corrections/commendations to png-mng-implement at lists.sf.net
|
||||||
(subscription required; visit
|
(subscription required; visit
|
||||||
|
|||||||
8
CHANGES
8
CHANGES
@ -5060,6 +5060,14 @@ Version 1.6.15beta05 [November 5, 2014]
|
|||||||
Free all allocated memory in pngimage. The file buffer cache was left
|
Free all allocated memory in pngimage. The file buffer cache was left
|
||||||
allocated at the end of the program, harmless but it causes memory
|
allocated at the end of the program, harmless but it causes memory
|
||||||
leak reports from clang.
|
leak reports from clang.
|
||||||
|
Fixed array size calculations to avoid warnings. At various points
|
||||||
|
in the code the number of elements in an array is calculated using
|
||||||
|
sizeof. This generates a compile time constant of type (size_t) which
|
||||||
|
is then typically assigned to an (unsigned int) or (int). Some versions
|
||||||
|
of GCC on 64-bit systems warn about the apparent narrowing, even though
|
||||||
|
the same compiler does apparently generate the correct, in-range,
|
||||||
|
numeric constant. This adds appropriate, safe, casts to make the
|
||||||
|
warnings go away.
|
||||||
|
|
||||||
Send comments/corrections/commendations to png-mng-implement at lists.sf.net
|
Send comments/corrections/commendations to png-mng-implement at lists.sf.net
|
||||||
(subscription required; visit
|
(subscription required; visit
|
||||||
|
|||||||
@ -157,6 +157,13 @@ define_exception_type(struct png_store*);
|
|||||||
&(ps)->exception_context
|
&(ps)->exception_context
|
||||||
#define context(ps,fault) anon_context(ps); png_store *fault
|
#define context(ps,fault) anon_context(ps); png_store *fault
|
||||||
|
|
||||||
|
/* This macro returns the number of elements in an array as an (unsigned int),
|
||||||
|
* it is necessary to avoid the inability of certain versions of GCC to use
|
||||||
|
* the value of a compile-time constant when performing range checks. It must
|
||||||
|
* be passed an array name.
|
||||||
|
*/
|
||||||
|
#define ARRAY_SIZE(a) ((unsigned int)((sizeof (a))/(sizeof (a)[0])))
|
||||||
|
|
||||||
/******************************* UTILITIES ************************************/
|
/******************************* UTILITIES ************************************/
|
||||||
/* Error handling is particularly problematic in production code - error
|
/* Error handling is particularly problematic in production code - error
|
||||||
* handlers often themselves have bugs which lead to programs that detect
|
* handlers often themselves have bugs which lead to programs that detect
|
||||||
@ -4106,7 +4113,7 @@ make_errors(png_modifier* PNG_CONST pm, png_byte PNG_CONST colour_type,
|
|||||||
standard_name(name, sizeof name, 0, colour_type, 1<<bdlo, 0,
|
standard_name(name, sizeof name, 0, colour_type, 1<<bdlo, 0,
|
||||||
interlace_type, 0, 0, 0);
|
interlace_type, 0, 0, 0);
|
||||||
|
|
||||||
for (test=0; test<(sizeof error_test)/(sizeof error_test[0]); ++test)
|
for (test=0; test<ARRAY_SIZE(error_test); ++test)
|
||||||
{
|
{
|
||||||
make_error(&pm->this, colour_type, DEPTH(bdlo), interlace_type,
|
make_error(&pm->this, colour_type, DEPTH(bdlo), interlace_type,
|
||||||
test, name);
|
test, name);
|
||||||
@ -10098,12 +10105,12 @@ int main(int argc, char **argv)
|
|||||||
|
|
||||||
/* Store the test gammas */
|
/* Store the test gammas */
|
||||||
pm.gammas = gammas;
|
pm.gammas = gammas;
|
||||||
pm.ngammas = (sizeof gammas) / (sizeof gammas[0]);
|
pm.ngammas = ARRAY_SIZE(gammas);
|
||||||
pm.ngamma_tests = 0; /* default to off */
|
pm.ngamma_tests = 0; /* default to off */
|
||||||
|
|
||||||
/* And the test encodings */
|
/* And the test encodings */
|
||||||
pm.encodings = test_encodings;
|
pm.encodings = test_encodings;
|
||||||
pm.nencodings = (sizeof test_encodings) / (sizeof test_encodings[0]);
|
pm.nencodings = ARRAY_SIZE(test_encodings);
|
||||||
|
|
||||||
pm.sbitlow = 8U; /* because libpng doesn't do sBIT below 8! */
|
pm.sbitlow = 8U; /* because libpng doesn't do sBIT below 8! */
|
||||||
|
|
||||||
|
|||||||
@ -1619,7 +1619,7 @@ png_image_skip_unused_chunks(png_structrp png_ptr)
|
|||||||
|
|
||||||
/* But do not ignore image data handling chunks */
|
/* But do not ignore image data handling chunks */
|
||||||
png_set_keep_unknown_chunks(png_ptr, PNG_HANDLE_CHUNK_AS_DEFAULT,
|
png_set_keep_unknown_chunks(png_ptr, PNG_HANDLE_CHUNK_AS_DEFAULT,
|
||||||
chunks_to_process, (sizeof chunks_to_process)/5);
|
chunks_to_process, (int)/*SAFE*/(sizeof chunks_to_process)/5);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
2
pngset.c
2
pngset.c
@ -1329,7 +1329,7 @@ png_set_keep_unknown_chunks(png_structrp png_ptr, int keep,
|
|||||||
};
|
};
|
||||||
|
|
||||||
chunk_list = chunks_to_ignore;
|
chunk_list = chunks_to_ignore;
|
||||||
num_chunks = (sizeof chunks_to_ignore)/5;
|
num_chunks = (unsigned int)/*SAFE*/(sizeof chunks_to_ignore)/5U;
|
||||||
}
|
}
|
||||||
|
|
||||||
else /* num_chunks_in > 0 */
|
else /* num_chunks_in > 0 */
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user