[gdk-pixbuf] io-ico: Add an assertion to clarify potential NULL pointer dereference

From: Philip Withnall <pwithnall src gnome org>
To: commits-list gnome org
Cc:
Subject: [gdk-pixbuf] io-ico: Add an assertion to clarify potential NULL pointer dereference
Date: Tue, 7 Feb 2017 11:16:17 +0000 (UTC)

commit d5fc7e3ca47aa90cc75fc0c53f2d12a6457ec987
Author: Philip Withnall <withnall endlessm com>
Date:   Fri Jan 20 10:13:36 2017 +0000

    io-ico: Add an assertion to clarify potential NULL pointer dereference
    
    At a first read through, it looks like the call to OneLine() could end
    up dereferencing context->pixbuf when it’s NULL. However, due to a
    combination of other checks in the caller, OneLine() will only be called
    after DecodeHeader() has set context->pixbuf to a valid object.
    Otherwise, if DecodeHeader() bails with an error, the pixbuf will never
    be dereferenced.
    
    Add a comment trying to explain this, and an assertion which backs it up
    more rigorously.
    
    Coverity ID: 1388531
    
    https://bugzilla.gnome.org/show_bug.cgi?id=777374

 gdk-pixbuf/io-ico.c |    9 +++++++--
 1 files changed, 7 insertions(+), 2 deletions(-)
---
diff --git a/gdk-pixbuf/io-ico.c b/gdk-pixbuf/io-ico.c
index 4fa7d2f..2b0441f 100644
--- a/gdk-pixbuf/io-ico.c
+++ b/gdk-pixbuf/io-ico.c
@@ -944,9 +944,14 @@ gdk_pixbuf__ico_image_load_increment(gpointer data,
                                buf += BytesToCopy;
                                context->LineDone += BytesToCopy;
                        }
-                       if ((context->LineDone >= context->LineWidth) &&
-                           (context->LineWidth > 0))
+                       if ((context->LineDone >= context->LineWidth) && (context->LineWidth > 0)) {
+                               /* By this point, DecodeHeader() will have been called, and should have 
returned successfully
+                                * or set a #GError, as its only return-FALSE-without-setting-a-GError paths 
are when
+                                * (context->HeaderDone < context->HeaderSize) or (context->LineWidth == 0).
+                                * If it’s returned a #GError, we will have bailed already; otherwise, pixbuf 
will be set. */
+                               g_assert (context->pixbuf != NULL);
                                OneLine(context);
+                       }
 
 
                }

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]