[libpng16] Fixed array size calculations to avoid warnings. At various points

in the code the number of elements in an array is calculated using sizeof. This generates a compile time constant of type (size_t) which is then typically assigned to an (unsigned int) or (int). Some versions of GCC on 64-bit systems warn about the apparent narrowing, even though the same compiler does apparently generate the correct, in-range, numeric constant. This adds appropriate, safe, casts to make the warnings go away.
2014-11-05 17:19:36 -06:00 · 2014-11-05 17:19:36 -06:00 · 03df189954
commit 03df189954
parent 6f2c50e7fc
5 changed files with 35 additions and 5 deletions
--- a/15
+++ b/15
@ -45,6 +45,21 @@ Version 1.6.15beta05 [November 5, 2014]
    example.c, pngtest.c, and applications in the contrib directory.
  Avoid out-of-bounds memory access in png_user_version_check().
  Simplified and future-proofed png_user_version_check().
+  Fixed GCC unsigned int->float warnings. Various versions of GCC
+    seem to generate warnings when an unsigned value is implicitly
+    converted to double. This is probably a GCC bug but this change
+    avoids the issue by explicitly converting to (int) where safe.
+  Free all allocated memory in pngimage. The file buffer cache was left
+    allocated at the end of the program, harmless but it causes memory
+    leak reports from clang.
+  Fixed array size calculations to avoid warnings. At various points
+    in the code the number of elements in an array is calculated using
+    sizeof.  This generates a compile time constant of type (size_t) which
+    is then typically assigned to an (unsigned int) or (int). Some versions
+    of GCC on 64-bit systems warn about the apparent narrowing, even though
+    the same compiler does apparently generate the correct, in-range,
+    numeric constant.  This adds appropriate, safe, casts to make the
+    warnings go away.

 Send comments/corrections/commendations to png-mng-implement at lists.sf.net
 (subscription required; visit
--- a/8
+++ b/8
@ -5060,6 +5060,14 @@ Version 1.6.15beta05 [November 5, 2014]
  Free all allocated memory in pngimage. The file buffer cache was left
    allocated at the end of the program, harmless but it causes memory
    leak reports from clang.
+  Fixed array size calculations to avoid warnings. At various points
+    in the code the number of elements in an array is calculated using
+    sizeof.  This generates a compile time constant of type (size_t) which
+    is then typically assigned to an (unsigned int) or (int). Some versions
+    of GCC on 64-bit systems warn about the apparent narrowing, even though
+    the same compiler does apparently generate the correct, in-range,
+    numeric constant.  This adds appropriate, safe, casts to make the
+    warnings go away.

 Send comments/corrections/commendations to png-mng-implement at lists.sf.net
 (subscription required; visit
--- a/contrib/libtests/pngvalid.c
+++ b/contrib/libtests/pngvalid.c
@ -157,6 +157,13 @@ define_exception_type(struct png_store*);
   &(ps)->exception_context
 #define context(ps,fault) anon_context(ps); png_store *fault

+/* This macro returns the number of elements in an array as an (unsigned int),
+ * it is necessary to avoid the inability of certain versions of GCC to use
+ * the value of a compile-time constant when performing range checks.  It must
+ * be passed an array name.
+ */
+#define ARRAY_SIZE(a) ((unsigned int)((sizeof (a))/(sizeof (a)[0])))
+
 /******************************* UTILITIES ************************************/
 /* Error handling is particularly problematic in production code - error
 * handlers often themselves have bugs which lead to programs that detect
@ -4106,7 +4113,7 @@ make_errors(png_modifier* PNG_CONST pm, png_byte PNG_CONST colour_type,
         standard_name(name, sizeof name, 0, colour_type, 1<<bdlo, 0,
            interlace_type, 0, 0, 0);

-         for (test=0; test<(sizeof error_test)/(sizeof error_test[0]); ++test)
+         for (test=0; test<ARRAY_SIZE(error_test); ++test)
         {
            make_error(&pm->this, colour_type, DEPTH(bdlo), interlace_type,
               test, name);
@ -10098,12 +10105,12 @@ int main(int argc, char **argv)

   /* Store the test gammas */
   pm.gammas = gammas;
-   pm.ngammas = (sizeof gammas) / (sizeof gammas[0]);
+   pm.ngammas = ARRAY_SIZE(gammas);
   pm.ngamma_tests = 0; /* default to off */

   /* And the test encodings */
   pm.encodings = test_encodings;
-   pm.nencodings = (sizeof test_encodings) / (sizeof test_encodings[0]);
+   pm.nencodings = ARRAY_SIZE(test_encodings);

   pm.sbitlow = 8U; /* because libpng doesn't do sBIT below 8! */

--- a/pngread.c
+++ b/pngread.c
@ -1619,7 +1619,7 @@ png_image_skip_unused_chunks(png_structrp png_ptr)

       /* But do not ignore image data handling chunks */
       png_set_keep_unknown_chunks(png_ptr, PNG_HANDLE_CHUNK_AS_DEFAULT,
-         chunks_to_process, (sizeof chunks_to_process)/5);
+         chunks_to_process, (int)/*SAFE*/(sizeof chunks_to_process)/5);
    }
 }

--- a/pngset.c
+++ b/pngset.c
@ -1329,7 +1329,7 @@ png_set_keep_unknown_chunks(png_structrp png_ptr, int keep,
      };

      chunk_list = chunks_to_ignore;
-      num_chunks = (sizeof chunks_to_ignore)/5;
+      num_chunks = (unsigned int)/*SAFE*/(sizeof chunks_to_ignore)/5U;
   }

   else /* num_chunks_in > 0 */