ref: 907c42bcf0f06826279d5be91be7f7f9c45876d9
parent: e2135d51c51a39f05e2c20c70111b27c15952803
author: Simon Tatham <anakin@pobox.com>
date: Sun Sep 1 18:26:22 EDT 2019
Fix build failure reported in gcc 9. Apparently gcc 9 is clever enough to say 'Hey, runtime field width in an sprintf targeting a fixed-size buffer!', but not clever enough to notice that the width was computed earlier as the max of lots of default-width sprintfs into the same buffer (so _either_ it's safe, or else - on a hypothetical platform with a 263-bit int - the damage was already done). Added a bounds check or two to keep it happy.
--- a/twiddle.c
+++ b/twiddle.c
@@ -550,6 +550,12 @@
int i, x, y, col, maxlen;
bool o = state->orientable;
+ /* Pedantic check: ensure buf is large enough to format an int in
+ * decimal, using the bound log10(2) < 1/3. (Obviously in practice
+ * int is not going to be larger than even 32 bits any time soon,
+ * but.) */
+ assert(sizeof(buf) >= 1 + sizeof(int) * CHAR_BIT/3);
+
/*
* First work out how many characters we need to display each
* number. We're pretty flexible on grid contents here, so we
@@ -560,6 +566,11 @@
x = sprintf(buf, "%d", state->grid[i] / 4);
if (col < x) col = x;
}
+
+ /* Reassure sprintf-checking compilers like gcc that the field
+ * width we've just computed is not now excessive */
+ if (col >= sizeof(buf))
+ col = sizeof(buf)-1;
/*
* Now we know the exact total size of the grid we're going to