mewin/libpng
1
0
Fork 0
mirror of https://git.code.sf.net/p/libpng/code.git synced 2025-07-10 18:04:09 +02:00
Code Issues Projects Releases Wiki Activity

[libpng16] Removed one of the GCC-7.1.0 'strict-overflow' warnings that

Browse Source 
result when integers appear on both sides of a compare.  Worked around the
  others by forcing the strict-overflow setting in the relevant functions to
  a level where they are not reported.
Changed "FALL THROUGH" comments to "FALLTHROUGH" because GCC doesn't like
  the space.
Worked around some C-style casts from (void*) because g++ 5.4.0 objects
  to them.
Increased the buffer size for 'sprint' to pass the gcc 7.1.0 'sprint
  overflow' check that is on by default with -Wall -Wextra.
This commit is contained in:
John Bowler
2017-07-11 07:50:35 -05:00
committed by Glenn Randers-Pehrson
parent ecea632c4c
commit 72d07d3202
13 changed files with 124 additions and 60 deletions
Download Patch File Download Diff File Expand all files Collapse all files

55
png.c
View File

@@ -1,7 +1,7 @@
/* png.c - location for general purpose libpng functions
*
* Last changed in libpng 1.6.30 [June 28, 2017]
* Last changed in libpng 1.6.31 [(PENDING RELEASE)]
* Copyright (c) 1998-2002,2004,2006-2017 Glenn Randers-Pehrson
* (Version 0.96 Copyright (c) 1996, 1997 Andreas Dilger)
* (Version 0.88 Copyright (c) 1995, 1996 Guy Eric Schalnat, Group 42, Inc.)
@@ -16,6 +16,26 @@
/* Generate a compiler error if there is an old png.h in the search path. */
typedef png_libpng_version_1_6_31beta04 Your_png_h_is_not_version_1_6_31beta04;
#ifdef __GNUC__
/* The version tests may need to be added to, but the problem warning has
* consistently been fixed in GCC versions which obtain wide-spread release.
* The problem is that many versions of GCC rearrange comparison expressions in
* the optimizer in such a way that the results of the comparison will change
* if signed integer overflow occurs. Such comparisons are not permitted in
* ANSI C90, however GCC isn't clever enough to work out that that do not occur
* below in png_ascii_from_fp and png_muldiv, so it produces a warning with
* -Wextra. Unfortunately this is highly dependent on the optimizer and the
* machine architecture so the warning comes and goes unpredictably and is
* impossible to "fix", even were that a good idea.
*/
#if __GNUC__ == 7 && __GNUC_MINOR__ == 1
#define GCC_STRICT_OVERFLOW 1
#endif /* GNU 7.1.x */
#endif /* GNU */
#ifndef GCC_STRICT_OVERFLOW
#define GCC_STRICT_OVERFLOW 0
#endif
/* Tells libpng that we have already handled the first "num_bytes" bytes
* of the PNG file signature. If the PNG data is embedded into another
* stream we can set num_bytes = 8 so that libpng will not attempt to read
@@ -2857,6 +2877,14 @@ png_pow10(int power)
/* Function to format a floating point value in ASCII with a given
* precision.
*/
#if GCC_STRICT_OVERFLOW
#pragma GCC diagnostic push
/* The problem arises below with exp_b10, which can never overflow because it
* comes, originally, from frexp and is therefore limited to a range which is
* typically +/-710 (log2(DBL_MAX)/log2(DBL_MIN)).
*/
#pragma GCC diagnostic warning "-Wstrict-overflow=2"
#endif /* GCC_STRICT_OVERFLOW */
void /* PRIVATE */
png_ascii_from_fp(png_const_structrp png_ptr, png_charp ascii, png_size_t size,
double fp, unsigned int precision)
@@ -2946,7 +2974,7 @@ png_ascii_from_fp(png_const_structrp png_ptr, png_charp ascii, png_size_t size,
*/
if (exp_b10 < 0 && exp_b10 > -3) /* PLUS 3 TOTAL 4 */
{
czero = (unsigned int)(-exp_b10); /* PLUS 2 digits: TOTAL 3 */
czero = 0U-exp_b10; /* PLUS 2 digits: TOTAL 3 */
exp_b10 = 0; /* Dot added below before first output. */
}
else
@@ -3087,7 +3115,7 @@ png_ascii_from_fp(png_const_structrp png_ptr, png_charp ascii, png_size_t size,
/* Check for an exponent, if we don't need one we are
* done and just need to terminate the string. At
* this point exp_b10==(-1) is effectively if flag - it got
* this point exp_b10==(-1) is effectively a flag - it got
* to '-1' because of the decrement after outputting
* the decimal point above (the exponent required is
* *not* -1!)
@@ -3101,7 +3129,7 @@ png_ascii_from_fp(png_const_structrp png_ptr, png_charp ascii, png_size_t size,
* zeros were *not* output, so this doesn't increase
* the output count.
*/
while (--exp_b10 >= 0) *ascii++ = 48;
while (exp_b10-- > 0) *ascii++ = 48;
*ascii = 0;
@@ -3131,11 +3159,11 @@ png_ascii_from_fp(png_const_structrp png_ptr, png_charp ascii, png_size_t size,
if (exp_b10 < 0)
{
*ascii++ = 45; --size; /* '-': PLUS 1 TOTAL 3+precision */
uexp_b10 = (unsigned int)(-exp_b10);
uexp_b10 = 0U-exp_b10;
}
else
uexp_b10 = (unsigned int)exp_b10;
uexp_b10 = 0U+exp_b10;
cdigits = 0;
@@ -3178,6 +3206,9 @@ png_ascii_from_fp(png_const_structrp png_ptr, png_charp ascii, png_size_t size,
/* Here on buffer too small. */
png_error(png_ptr, "ASCII conversion buffer too small");
}
#if GCC_STRICT_OVERFLOW
#pragma GCC diagnostic pop
#endif /* GCC_STRICT_OVERFLOW */
# endif /* FLOATING_POINT */
@@ -3291,6 +3322,15 @@ png_fixed(png_const_structrp png_ptr, double fp, png_const_charp text)
* the nearest .00001). Overflow and divide by zero are signalled in
* the result, a boolean - true on success, false on overflow.
*/
#if GCC_STRICT_OVERFLOW /* from above */
/* It is not obvious which comparison below gets optimized in such a way that
* signed overflow would change the result; looking through the code does not
* reveal any tests which have the form GCC complains about, so presumably the
* optimizer is moving an add or subtract into the 'if' somewhere.
*/
#pragma GCC diagnostic push
#pragma GCC diagnostic warning "-Wstrict-overflow=2"
#endif /* GCC_STRICT_OVERFLOW */
int
png_muldiv(png_fixed_point_p res, png_fixed_point a, png_int_32 times,
png_int_32 divisor)
@@ -3405,6 +3445,9 @@ png_muldiv(png_fixed_point_p res, png_fixed_point a, png_int_32 times,
return 0;
}
#if GCC_STRICT_OVERFLOW
#pragma GCC diagnostic pop
#endif /* GCC_STRICT_OVERFLOW */
#endif /* READ_GAMMA || INCH_CONVERSIONS */
#if defined(PNG_READ_GAMMA_SUPPORTED) || defined(PNG_INCH_CONVERSIONS_SUPPORTED)