De-volatilize the internal implementation of png_safe_execute

`png_safe_execute` called `setjmp` in a context where the result was undefined (an assignment statement). This corrects the code and removes volatile statements that were introduced previously to quell warnings from earlier versions of GCC. Co-authored-by: John Bowler <jbowler@acm.org>
2025-07-10 18:04:09 +02:00 · 2024-01-17 18:06:47 +02:00 · 2024-01-17 18:06:47 +02:00 · 2a4f0f5aee
commit 2a4f0f5aee
parent 7dacc4d5aa
1 changed files with 10 additions and 16 deletions
--- a/pngerror.c
+++ b/pngerror.c
@ -933,31 +933,25 @@ png_safe_warning(png_structp png_nonconst_ptr, png_const_charp warning_message)
 #endif

 int /* PRIVATE */
-png_safe_execute(png_imagep image_in, int (*function)(png_voidp), png_voidp arg)
+png_safe_execute(png_imagep image, int (*function)(png_voidp), png_voidp arg)
 {
-   volatile png_imagep image = image_in;
-   volatile int result;
-   volatile png_voidp saved_error_buf;
+   png_voidp saved_error_buf = image->opaque->error_buf;
   jmp_buf safe_jmpbuf;
+   int result;

-   /* Safely execute function(arg) with png_error returning to this function. */
-   saved_error_buf = image->opaque->error_buf;
-   result = setjmp(safe_jmpbuf) == 0;
-
-   if (result != 0)
+   /* Safely execute function(arg), with png_error returning back here. */
+   if (setjmp(safe_jmpbuf) == 0)
   {
-
      image->opaque->error_buf = safe_jmpbuf;
      result = function(arg);
+      image->opaque->error_buf = saved_error_buf;
+      return result;
   }

+   /* On png_error, return via longjmp, pop the jmpbuf, and free the image. */
   image->opaque->error_buf = saved_error_buf;
-
-   /* And do the cleanup prior to any failure return. */
-   if (result == 0)
-      png_image_free(image);
-
-   return result;
+   png_image_free(image);
+   return 0;
 }
 #endif /* SIMPLIFIED READ || SIMPLIFIED_WRITE */
 #endif /* READ || WRITE */