diff options
| author | Philip Withnall <withnall@endlessm.com> | 2017-01-20 10:13:36 +0000 |
|---|---|---|
| committer | Philip Withnall <withnall@endlessm.com> | 2017-02-07 11:10:04 +0000 |
| commit | d5fc7e3ca47aa90cc75fc0c53f2d12a6457ec987 (patch) | |
| tree | ff7258164f4b8c2b16393d36aba42f3551a8dd9b /gdk-pixbuf | |
| parent | 71e3b4a413a03627475944781f376da909de8dd5 (diff) | |
| download | gdk-pixbuf-d5fc7e3ca47aa90cc75fc0c53f2d12a6457ec987.tar.gz | |
io-ico: Add an assertion to clarify potential NULL pointer dereference
At a first read through, it looks like the call to OneLine() could end
up dereferencing context->pixbuf when it’s NULL. However, due to a
combination of other checks in the caller, OneLine() will only be called
after DecodeHeader() has set context->pixbuf to a valid object.
Otherwise, if DecodeHeader() bails with an error, the pixbuf will never
be dereferenced.
Add a comment trying to explain this, and an assertion which backs it up
more rigorously.
Coverity ID: 1388531
https://bugzilla.gnome.org/show_bug.cgi?id=777374
Diffstat (limited to 'gdk-pixbuf')
| -rw-r--r-- | gdk-pixbuf/io-ico.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/gdk-pixbuf/io-ico.c b/gdk-pixbuf/io-ico.c index 4fa7d2fea..2b0441fa2 100644 --- a/gdk-pixbuf/io-ico.c +++ b/gdk-pixbuf/io-ico.c @@ -944,9 +944,14 @@ gdk_pixbuf__ico_image_load_increment(gpointer data, buf += BytesToCopy; context->LineDone += BytesToCopy; } - if ((context->LineDone >= context->LineWidth) && - (context->LineWidth > 0)) + if ((context->LineDone >= context->LineWidth) && (context->LineWidth > 0)) { + /* By this point, DecodeHeader() will have been called, and should have returned successfully + * or set a #GError, as its only return-FALSE-without-setting-a-GError paths are when + * (context->HeaderDone < context->HeaderSize) or (context->LineWidth == 0). + * If it’s returned a #GError, we will have bailed already; otherwise, pixbuf will be set. */ + g_assert (context->pixbuf != NULL); OneLine(context); + } } |