From: Alan Third <alan@idiocy.org>
To: "Basil L. Contovounesios" <contovob@tcd.ie>
Cc: 50767@debbugs.gnu.org
Subject: bug#50767: 28.0.50; Warnings about snprintf in image.c on armv7l
Date: Thu, 23 Sep 2021 23:49:37 +0100 [thread overview]
Message-ID: <YU0EgZuq4OuT8mTe@idiocy.org> (raw)
In-Reply-To: <878rzmuddd.fsf@tcd.ie>
On Thu, Sep 23, 2021 at 11:38:06PM +0100, Basil L. Contovounesios wrote:
> Alan Third [2021-09-23 22:46 +0100] wrote:
>
> > On Thu, Sep 23, 2021 at 06:04:12PM +0100, Basil L. Contovounesios via Bug
> > reports for GNU Emacs, the Swiss army knife of text editors wrote:
> >>
> >> > const char *css_spec = "svg{font-family:\"%s\";font-size:%4dpx}";
> >>
> >> Why specifically '%4d' for face_font_size?
> >
> > I figured it unlikely that anyone would be using a font size of 10000
> > pixels or larger and I wanted to set an upper limit on the string size.
>
> AFAIK %d does not truncate numbers with more digits than the specified
> width or precision...
Hmm, I guess so.
> >> > int css_len = strlen (css_spec) + strlen (img->face_font_family);
> >> > css = xmalloc (css_len);
> >> > snprintf (css, css_len, css_spec, img->face_font_family, img->face_font_size);
> >> > rsvg_handle_set_stylesheet (rsvg_handle, (guint8 *)css, strlen (css), NULL);
> >>
> >> Does css_len not need to include the terminating null byte?
> >
> > It does. If you add up the length of the spec string which includes
> > the escape codes, and the length of the font name, then if the font
> > size does produce it's maximum sized string of 4 characters css_len is
> > exactly one byte larger than the string length.
>
> ...which would mean this only holds in the common case that
> face_font_size has fewer than 5 digits, right?
Looks that way.
I suppose in this particular case we could limit the font size to a
maximum of 9999 or something, but surely there's a better way of
calculating string sizes?
> >> What if xmalloc or snprintf fail?
> >
> > Doesn't xmalloc causes some sort of error to occur? I'm not sure.
>
> I think it exits only while Emacs is still initialising itself before
> entering the top-level command loop, and otherwise frees ballast memory
> and signals a Lisp error.
>
> At least the second snprintf in svg_load_image does check xmalloc's
> return value.
None of the other uses of xmalloc in image.c check the return value
either, as far as I can see, and I certainly didn't write them all...
--
Alan Third
next prev parent reply other threads:[~2021-09-23 22:49 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-09-23 17:04 bug#50767: 28.0.50; Warnings about snprintf in image.c on armv7l Basil L. Contovounesios via Bug reports for GNU Emacs, the Swiss army knife of text editors
2021-09-23 21:46 ` Alan Third
2021-09-23 22:38 ` Basil L. Contovounesios via Bug reports for GNU Emacs, the Swiss army knife of text editors
2021-09-23 22:49 ` Alan Third [this message]
2021-09-23 22:59 ` Alan Third
2021-09-24 6:41 ` Eli Zaretskii
2021-10-14 15:42 ` Basil L. Contovounesios via Bug reports for GNU Emacs, the Swiss army knife of text editors
2021-10-14 16:00 ` Eli Zaretskii
2021-10-14 16:37 ` Basil L. Contovounesios via Bug reports for GNU Emacs, the Swiss army knife of text editors
2021-10-14 16:43 ` Eli Zaretskii
2021-10-04 21:45 ` Alan Third
2021-10-14 15:43 ` Basil L. Contovounesios via Bug reports for GNU Emacs, the Swiss army knife of text editors
2021-10-15 17:26 ` Alan Third
2021-11-05 3:13 ` Lars Ingebrigtsen
2021-11-06 11:58 ` Alan Third
2021-11-06 18:20 ` Lars Ingebrigtsen
2021-11-14 23:28 ` Basil L. Contovounesios via Bug reports for GNU Emacs, the Swiss army knife of text editors
2021-11-15 5:53 ` Lars Ingebrigtsen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YU0EgZuq4OuT8mTe@idiocy.org \
--to=alan@idiocy.org \
--cc=50767@debbugs.gnu.org \
--cc=contovob@tcd.ie \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).