freetype-commit
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Git][freetype/freetype][master] * src/base/ftsystem.c (ft_ansi_stream_i

From: Werner Lemberg (@wl)
Subject: [Git][freetype/freetype][master] * src/base/ftsystem.c (ft_ansi_stream_io): Avoid undefined behaviour.
Date: Sat, 25 Feb 2023 04:22:12 +0000

Werner Lemberg pushed to branch master at FreeType / FreeType

Commits:

  • 3f2ac7d8
    by Tamir Duberstein at 2023-02-25T05:20:57+01:00 
    * src/base/ftsystem.c (ft_ansi_stream_io): Avoid undefined behaviour.
Also short-circuit on `offset` to avoid checking `count` a second time when
`ft_ansi_stream_io` is used for reading.

Per ISO/IEC 9899:

  If an argument to a function has an invalid value (such as a value outside
  the domain of the function, or a pointer outside the address space of the
  program, or a null pointer, or apointer to non-modifiable storage when the
  corresponding parameter is not const-qualified) or a type (after
  promotion) not expected by a function with variable number of arguments,
  the behavior is undefined.  If a function argument is described as being
  an array, the pointer actually passed to the function shall have a value
  such that all address computations and accesses to objects (that would be
  valid if the pointer did point to the first element of such an array) are
  in fact valid.

Per IEEE Std 1003.1:

  size_t fread(void *restrict ptr, size_t size, size_t nitems,
               FILE *restrict stream);

  The `fread` function shall read into the array pointed to by `ptr` up to
  `nitems` elements whose size is specified by `size` in bytes, from the
  stream pointed to by `stream`.

Since the first argument to `fread` is described as being an array, its
behavior is undefined when that argument is a null pointer.

Per the documentation on `ft_ansi_stream_io`:

  If `count' is zero (this is, the function is used for seeking), a non-zero
  return value indicates an error.

Thus the intent is clear, and the call to `fread` can be skipped, avoiding
undefined behaviour.

1 changed file:

Changes:

  • src/base/ftsystem.c
    ... ... @@ -219,7 +219,7 @@
    219 219 
         FT_FILE*  file;
    220 220
    221 221
    222 
    -    if ( !count && offset > stream->size )
    222 
    +    if ( offset > stream->size && !count )
    223 223 
           return 1;
    224 224
    225 225 
         file = STREAM_FILE( stream );
    ... ... @@ -227,6 +227,11 @@
    227 227 
         if ( stream->pos != offset )
    228 228 
           ft_fseek( file, (long)offset, SEEK_SET );
    229 229
    230 
    +    /* Avoid calling `fread` with `buffer=NULL` and `count=0`, */
    231 
    +    /* which is undefined behaviour.                           */
    232 
    +    if ( !count )
    233 
    +      return 0;
    234 
    +
    230 235 
         return (unsigned long)ft_fread( buffer, 1, count, file );
    231 236 
       }
    232 237


    • View it on GitLab.
    You're receiving this email because of your account on gitlab.freedesktop.org. Manage all notifications · Help

    reply via email to
    [Prev in Thread] Current Thread [Next in Thread]