Re: master 370a386633b 1/4: Pacify -Wanalyzer-null-dereference in sfnt.c

Re: master 370a386633b 1/4: Pacify -Wanalyzer-null-dereference in sfnt.c

[Po Lu]

Paul Eggert <eggert@cs.ucla.edu> writes:

>     The change to sfnt_read_cvar_table fixes what appears to be
>     an actual null-dereference bug.

I'm curious as to how you reached this conclusion.  In this branch:

	  if (points && npoints != UINT16_MAX)
	    {
	      if (cvar->variation[i].num_points > cvt->num_elements)
		cvar->variation[i].num_points = cvt->num_elements;

	      cvar->variation[i].points = (uint16_t *) coords;
	      for (j = 0; j < cvar->variation[i].num_points; ++j)
		*coords++ = points[j];
	    }

cvt->variation[i].num_points is set to npoints and never increased
beyond it, so that `points' is not indexed if it is zero.

Thanks.

Re: master 370a386633b 1/4: Pacify -Wanalyzer-null-dereference in sfnt.c

[Paul Eggert]

On 2024-05-19 18:09, Po Lu wrote:
> I'm curious as to how you reached this conclusion.

Oh, in rereading it I think you're right, the code was fine before the 
change and GCC was issuing a false positive. (The code's also fine now 
and GCC is happy...) Sorry about the noise.

Re: master 370a386633b 1/4: Pacify -Wanalyzer-null-dereference in sfnt.c

[Po Lu]

Paul Eggert <eggert@cs.ucla.edu> writes:

> Oh, in rereading it I think you're right, the code was fine before the
> change and GCC was issuing a false positive. (The code's also fine now
> and GCC is happy...) Sorry about the noise.

No worries, and thanks for the additional scrutiny, off the mark though
it was in this instance.