From: Paul Eggert <eggert@cs.ucla.edu>
Date: Sat, 18 May 2024 20:18:32 +0000 (-0700)
Subject: Pacify -Wanalyzer-null-dereference in sfnt.c
X-Git-Url: http://git.eshelyaron.com/gitweb/?a=commitdiff_plain;h=60127bed2f29bc4694d4387910db5bb94c08d086;p=emacs.git

Pacify -Wanalyzer-null-dereference in sfnt.c

* src/sfnt.c (sfnt_map_table, sfnt_read_table)
(sfnt_read_cvar_table): Pacify GCC -Wanalyzer-null-dereference.
The change to sfnt_read_cvar_table fixes what appears to be
an actual null-dereference bug.

(cherry picked from commit 370a386633b081107d30a00463dd0fe8d81b7e0f)
---

diff --git a/src/sfnt.c b/src/sfnt.c
index 1832082e4f9..8b7392b3af2 100644
--- a/src/sfnt.c
+++ b/src/sfnt.c
@@ -14085,22 +14085,18 @@ sfnt_map_table (int fd, struct sfnt_offset_subtable *subtable,
   struct sfnt_table_directory *directory;
   size_t offset, page, map_offset;
   void *data;
-  int i;
 
   /* Find the table in the directory.  */
 
-  for (i = 0; i < subtable->num_tables; ++i)
+  for (int i = 0; ; i++)
     {
-      if (subtable->subtables[i].tag == tag)
-	{
-	  directory = &subtable->subtables[i];
-	  break;
-	}
+      if (! (i < subtable->num_tables))
+	return 1;
+      directory = &subtable->subtables[i];
+      if (directory->tag == tag)
+	break;
     }
 
-  if (i == subtable->num_tables)
-    return 1;
-
   /* Now try to map the glyph data.  Make sure offset is a multiple of
      the page size.  */
 
@@ -14152,22 +14148,18 @@ sfnt_read_table (int fd, struct sfnt_offset_subtable *subtable,
 {
   struct sfnt_table_directory *directory;
   void *data;
-  int i;
 
   /* Find the table in the directory.  */
 
-  for (i = 0; i < subtable->num_tables; ++i)
+  for (int i = 0; ; i++)
     {
-      if (subtable->subtables[i].tag == tag)
-	{
-	  directory = &subtable->subtables[i];
-	  break;
-	}
+      if (! (i < subtable->num_tables))
+	return NULL;
+      directory = &subtable->subtables[i];
+      if (directory->tag == tag)
+	break;
     }
 
-  if (i == subtable->num_tables)
-    return NULL;
-
   /* Seek to the table.  */
 
   if (lseek (fd, directory->offset, SEEK_SET) != directory->offset)
@@ -15160,7 +15152,7 @@ sfnt_read_cvar_table (int fd, struct sfnt_offset_subtable *subtable,
 	  /* Copy in the shared point numbers instead.  */
 	  cvar->variation[i].num_points = npoints;
 
-	  if (npoints != UINT16_MAX)
+	  if (points && npoints != UINT16_MAX)
 	    {
 	      if (cvar->variation[i].num_points > cvt->num_elements)
 		cvar->variation[i].num_points = cvt->num_elements;