codemadness.org

       fix width/height loading - lel - Farbfeld image viewer
 (HTM) git clone git://git.codemadness.org/lel
 (DIR) Log
 (DIR) Files
 (DIR) Refs
 (DIR) README
 (DIR) LICENSE
       ---
 (DIR) commit 315842241bfb79a764962c2ed86f24db2a5a3946
 (DIR) parent c34f9949c648ba8fe0ca7e2230a3bb72ced5810b
 (HTM) Author: NRK <nrk@disroot.org>
       Date:   Thu, 15 Feb 2024 06:48:40 +0000
       
       fix width/height loading
       
       - shift by 24 places might overflow INT_MAX (uint8_t gets
         promoted to `int` due to integer promotion rules). cast to
         uint32_t to fix. to reproduce:
       
               [lel]~> gcc -g3 -std=c99 -Wall -pedantic -DVERSION=\"0.2\" lel.c -fsanitize=address,undefined -o lel -lX11
               [lel]~> printf "farbfeld\xff\xff\xff\xff\xff\xff\xff\xff" | ./lel
               lel.c:110:80: runtime error: left shift of 255 by 24 places cannot be represented in type 'int'
               lel.c:111:83: runtime error: left shift of 255 by 24 places cannot be represented in type 'int'
       
       - the width and height would be broken on big-endian systems
         because they are being loaded as little-endian (via the
         shift-or construct) and then being fed to ntohl(). this works
         on little-endian systems since ntohl does a byte swap but on
         big-endian systems ntohl() is a no-op and will leave the
         integer at wrong state.
       
       fix by just shifting the proper byte into the right place to
       begin with: https://commandcenter.blogspot.com/2012/04/byte-order-fallacy.html?m=1
       
       Diffstat:
         M lel.c                               |       5 ++---
       
       1 file changed, 2 insertions(+), 3 deletions(-)
       ---
 (DIR) diff --git a/lel.c b/lel.c
       @@ -1,5 +1,4 @@
        /* See LICENSE file for copyright and license details. */
       -#include <arpa/inet.h>
        
        #include <errno.h>
        #include <signal.h>
       @@ -107,8 +106,8 @@ ff_open(struct img *img)
                if (memcmp(hdr, "farbfeld", 8))
                        return -1;
        
       -        img->width = ntohl((hdr[8] << 0) | (hdr[9] << 8) | (hdr[10] << 16) | (hdr[11] << 24));
       -        img->height = ntohl((hdr[12] << 0) | (hdr[13] << 8) | (hdr[14] << 16) | (hdr[15] << 24));
       +        img->width =  ((uint32_t)hdr[8] << 24) | (hdr[9] << 16) | (hdr[10] << 8) | (hdr[11] << 0);
       +        img->height = ((uint32_t)hdr[12] << 24) | (hdr[13] << 16) | (hdr[14] << 8) | (hdr[15] << 0);
                if (img->width <= 0 || img->height <= 0)
                        return -1;