Ticket #9487: 0001-Fix-9487-GIFLoad-array-subscript-below-array-bounds.patch

File 0001-Fix-9487-GIFLoad-array-subscript-below-array-bounds.patch, 2.5 KB (added by pdziepak, 11 years ago)

  • src/add-ons/translators/gif/GIFLoad.cpp 

    From a538dd33b70b097a86950e78df43fd3c5bd60cdd Mon Sep 17 00:00:00 2001
From: Pawel Dziepak <pdziepak@quarnos.org>
Date: Thu, 28 Feb 2013 23:08:16 +0100
Subject: [PATCH] Fix #9487: GIFLoad array subscript below array bounds

Recently enabled variable range propagation enables GCC to among others analyze
whether array subscript is in a valid range. While being quite useful this
particular feature also happens to produce false positives. This is merely
a workaround to make compiler happy.

The actual reason why compiler is reporting false positive is that array is
indexed with a signed integer and it is not clear for compiler what value it may
have due to it being a member of the class and and external procedure being
invoked between its initialization and usage.
---
 src/add-ons/translators/gif/GIFLoad.cpp |    6 +++---
 src/add-ons/translators/gif/GIFLoad.h   |    2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/add-ons/translators/gif/GIFLoad.cpp b/src/add-ons/translators/gif/GIFLoad.cpp
index 02a44f3..64e73fe 100644
    a b GIFLoad::ReadGIFImageData()  
    339339                goto bad_end;
    340340           
    341341            //memcpy(newEntry, fOldCode, fOldCodeLength);
    342             for (int x = 0; x < fOldCodeLength; x++) {
     342            for (unsigned int x = 0; x < fOldCodeLength; x++) {
    343343                newEntry[x] = fOldCode[x];
    344344            }
    345345           
    GIFLoad::ReadGIFImageData()  
    347347            newEntry[fOldCodeLength] = *fTable[fNewCode];
    348348        } else { // Does not exist in table
    349349            //memcpy(newEntry, fOldCode, fOldCodeLength);
    350             for (int x = 0; x < fOldCodeLength; x++) {
     350            for (unsigned int x = 0; x < fOldCodeLength; x++) {
    351351                newEntry[x] = fOldCode[x];
    352352            }
    353353           
    GIFLoad::ReadGIFImageData()  
    360360        fTable[fNextCode] = MemblockAllocate(fOldCodeLength + 1);
    361361
    362362        //memcpy(fTable[fNextCode], newEntry, fOldCodeLength + 1);
    363         for (int x = 0; x < fOldCodeLength + 1; x++) {
     363        for (unsigned int x = 0; x < fOldCodeLength + 1; x++) {
    364364            fTable[fNextCode][x] = newEntry[x];
    365365        }
    366366       

  • src/add-ons/translators/gif/GIFLoad.h 

    diff --git a/src/add-ons/translators/gif/GIFLoad.h b/src/add-ons/translators/gif/GIFLoad.h
index 885364d..a981b3f 100644
    a b class GIFLoad {  
    8686        int fPass, fRow, fWidth, fHeight;
    8787       
    8888        unsigned char fOldCode[4096];
    89         int fOldCodeLength;
     89        unsigned int fOldCodeLength;
    9090        short fNewCode;
    9191        int fBits, fMaxCode, fCodeSize;
    9292        short fClearCode, fEndCode, fNextCode;