From 03df189954cd9715c9dbd532e486b5a0338e381d Mon Sep 17 00:00:00 2001
From: John Bowler <jbowler@acm.org>
Date: Wed, 5 Nov 2014 17:19:36 -0600
Subject: [PATCH] [libpng16] Fixed array size calculations to avoid warnings.
 At various points

in the code the number of elements in an array is calculated using
sizeof.  This generates a compile time constant of type (size_t) which
is then typically assigned to an (unsigned int) or (int). Some versions
of GCC on 64-bit systems warn about the apparent narrowing, even though
the same compiler does apparently generate the correct, in-range,
numeric constant.  This adds appropriate, safe, casts to make the
warnings go away.
---
 ANNOUNCE                    | 15 +++++++++++++++
 CHANGES                     |  8 ++++++++
 contrib/libtests/pngvalid.c | 13 ++++++++++---
 pngread.c                   |  2 +-
 pngset.c                    |  2 +-
 5 files changed, 35 insertions(+), 5 deletions(-)

diff --git a/ANNOUNCE b/ANNOUNCE
index 72c02c283..1507ea4c8 100644
--- a/ANNOUNCE
+++ b/ANNOUNCE
@@ -45,6 +45,21 @@ Version 1.6.15beta05 [November 5, 2014]
     example.c, pngtest.c, and applications in the contrib directory.
   Avoid out-of-bounds memory access in png_user_version_check().
   Simplified and future-proofed png_user_version_check().
+  Fixed GCC unsigned int->float warnings. Various versions of GCC
+    seem to generate warnings when an unsigned value is implicitly
+    converted to double. This is probably a GCC bug but this change
+    avoids the issue by explicitly converting to (int) where safe.
+  Free all allocated memory in pngimage. The file buffer cache was left
+    allocated at the end of the program, harmless but it causes memory
+    leak reports from clang.
+  Fixed array size calculations to avoid warnings. At various points
+    in the code the number of elements in an array is calculated using
+    sizeof.  This generates a compile time constant of type (size_t) which
+    is then typically assigned to an (unsigned int) or (int). Some versions
+    of GCC on 64-bit systems warn about the apparent narrowing, even though
+    the same compiler does apparently generate the correct, in-range,
+    numeric constant.  This adds appropriate, safe, casts to make the
+    warnings go away.
 
 Send comments/corrections/commendations to png-mng-implement at lists.sf.net
 (subscription required; visit
diff --git a/CHANGES b/CHANGES
index d96b1d834..8cddc7d3f 100644
--- a/CHANGES
+++ b/CHANGES
@@ -5060,6 +5060,14 @@ Version 1.6.15beta05 [November 5, 2014]
   Free all allocated memory in pngimage. The file buffer cache was left
     allocated at the end of the program, harmless but it causes memory
     leak reports from clang.
+  Fixed array size calculations to avoid warnings. At various points
+    in the code the number of elements in an array is calculated using
+    sizeof.  This generates a compile time constant of type (size_t) which
+    is then typically assigned to an (unsigned int) or (int). Some versions
+    of GCC on 64-bit systems warn about the apparent narrowing, even though
+    the same compiler does apparently generate the correct, in-range,
+    numeric constant.  This adds appropriate, safe, casts to make the
+    warnings go away.
 
 Send comments/corrections/commendations to png-mng-implement at lists.sf.net
 (subscription required; visit
diff --git a/contrib/libtests/pngvalid.c b/contrib/libtests/pngvalid.c
index c3fe7b8c2..d6a50c8cc 100644
--- a/contrib/libtests/pngvalid.c
+++ b/contrib/libtests/pngvalid.c
@@ -157,6 +157,13 @@ define_exception_type(struct png_store*);
    &(ps)->exception_context
 #define context(ps,fault) anon_context(ps); png_store *fault
 
+/* This macro returns the number of elements in an array as an (unsigned int),
+ * it is necessary to avoid the inability of certain versions of GCC to use
+ * the value of a compile-time constant when performing range checks.  It must
+ * be passed an array name.
+ */
+#define ARRAY_SIZE(a) ((unsigned int)((sizeof (a))/(sizeof (a)[0])))
+
 /******************************* UTILITIES ************************************/
 /* Error handling is particularly problematic in production code - error
  * handlers often themselves have bugs which lead to programs that detect
@@ -4106,7 +4113,7 @@ make_errors(png_modifier* PNG_CONST pm, png_byte PNG_CONST colour_type,
          standard_name(name, sizeof name, 0, colour_type, 1<<bdlo, 0,
             interlace_type, 0, 0, 0);
 
-         for (test=0; test<(sizeof error_test)/(sizeof error_test[0]); ++test)
+         for (test=0; test<ARRAY_SIZE(error_test); ++test)
          {
             make_error(&pm->this, colour_type, DEPTH(bdlo), interlace_type,
                test, name);
@@ -10098,12 +10105,12 @@ int main(int argc, char **argv)
 
    /* Store the test gammas */
    pm.gammas = gammas;
-   pm.ngammas = (sizeof gammas) / (sizeof gammas[0]);
+   pm.ngammas = ARRAY_SIZE(gammas);
    pm.ngamma_tests = 0; /* default to off */
 
    /* And the test encodings */
    pm.encodings = test_encodings;
-   pm.nencodings = (sizeof test_encodings) / (sizeof test_encodings[0]);
+   pm.nencodings = ARRAY_SIZE(test_encodings);
 
    pm.sbitlow = 8U; /* because libpng doesn't do sBIT below 8! */
 
diff --git a/pngread.c b/pngread.c
index f5ea01e2d..61077e971 100644
--- a/pngread.c
+++ b/pngread.c
@@ -1619,7 +1619,7 @@ png_image_skip_unused_chunks(png_structrp png_ptr)
 
        /* But do not ignore image data handling chunks */
        png_set_keep_unknown_chunks(png_ptr, PNG_HANDLE_CHUNK_AS_DEFAULT,
-         chunks_to_process, (sizeof chunks_to_process)/5);
+         chunks_to_process, (int)/*SAFE*/(sizeof chunks_to_process)/5);
     }
 }
 
diff --git a/pngset.c b/pngset.c
index 502f4db2f..07d5eee5f 100644
--- a/pngset.c
+++ b/pngset.c
@@ -1329,7 +1329,7 @@ png_set_keep_unknown_chunks(png_structrp png_ptr, int keep,
       };
 
       chunk_list = chunks_to_ignore;
-      num_chunks = (sizeof chunks_to_ignore)/5;
+      num_chunks = (unsigned int)/*SAFE*/(sizeof chunks_to_ignore)/5U;
    }
 
    else /* num_chunks_in > 0 */