freetype-commit
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[freetype2] master 3f2ac7d89: * src/base/ftsystem.c (ft_ansi_stream_io):

From: Werner Lemberg
Subject: [freetype2] master 3f2ac7d89: * src/base/ftsystem.c (ft_ansi_stream_io): Avoid undefined behaviour.
Date: Fri, 24 Feb 2023 23:22:12 -0500 (EST) 
branch: master
commit 3f2ac7d890941b747794cbdbf9a08aa3ec667c3d
Author: Tamir Duberstein <tamird@google.com>
Commit: Werner Lemberg <wl@gnu.org>

    * src/base/ftsystem.c (ft_ansi_stream_io): Avoid undefined behaviour.
    Also short-circuit on `offset` to avoid checking `count` a second time when
    `ft_ansi_stream_io` is used for reading.
    
    Per ISO/IEC 9899:
    
      If an argument to a function has an invalid value (such as a value outside
      the domain of the function, or a pointer outside the address space of the
      program, or a null pointer, or apointer to non-modifiable storage when the
      corresponding parameter is not const-qualified) or a type (after
      promotion) not expected by a function with variable number of arguments,
      the behavior is undefined.  If a function argument is described as being
      an array, the pointer actually passed to the function shall have a value
      such that all address computations and accesses to objects (that would be
      valid if the pointer did point to the first element of such an array) are
      in fact valid.
    
    Per IEEE Std 1003.1:
    
      size_t fread(void *restrict ptr, size_t size, size_t nitems,
                   FILE *restrict stream);
    
      The `fread` function shall read into the array pointed to by `ptr` up to
      `nitems` elements whose size is specified by `size` in bytes, from the
      stream pointed to by `stream`.
    
    Since the first argument to `fread` is described as being an array, its
    behavior is undefined when that argument is a null pointer.
    
    Per the documentation on `ft_ansi_stream_io`:
    
      If `count' is zero (this is, the function is used for seeking), a non-zero
      return value indicates an error.
    
    Thus the intent is clear, and the call to `fread` can be skipped, avoiding
    undefined behaviour.
---
 src/base/ftsystem.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/base/ftsystem.c b/src/base/ftsystem.c
index fcd289d19..98c046b83 100644
--- a/src/base/ftsystem.c
+++ b/src/base/ftsystem.c
@@ -219,7 +219,7 @@
     FT_FILE*  file;
 
 
-    if ( !count && offset > stream->size )
+    if ( offset > stream->size && !count )
       return 1;
 
     file = STREAM_FILE( stream );
@@ -227,6 +227,11 @@
     if ( stream->pos != offset )
       ft_fseek( file, (long)offset, SEEK_SET );
 
+    /* Avoid calling `fread` with `buffer=NULL` and `count=0`, */
+    /* which is undefined behaviour.                           */
+    if ( !count )
+      return 0;
+
     return (unsigned long)ft_fread( buffer, 1, count, file );
   }
reply via email to
[Prev in Thread] Current Thread [Next in Thread]