Fix build failure reported in gcc 9.

Apparently gcc 9 is clever enough to say 'Hey, runtime field width in an sprintf targeting a fixed-size buffer!', but not clever enough to notice that the width was computed earlier as the max of lots of default-width sprintfs into the same buffer (so _either_ it's safe, or else - on a hypothetical platform with a 263-bit int - the damage was already done). Added a bounds check or two to keep it happy.
2025-04-21 08:01:30 -07:00 · 2019-09-01 22:26:22 +01:00
parent e2135d51c5
commit 907c42bcf0
1 changed files with 11 additions and 0 deletions
--- a/twiddle.c
+++ b/twiddle.c
@ -550,6 +550,12 @@ static char *game_text_format(const game_state *state)
    int i, x, y, col, maxlen;
    bool o = state->orientable;

+    /* Pedantic check: ensure buf is large enough to format an int in
+     * decimal, using the bound log10(2) < 1/3. (Obviously in practice
+     * int is not going to be larger than even 32 bits any time soon,
+     * but.) */
+    assert(sizeof(buf) >= 1 + sizeof(int) * CHAR_BIT/3);
+
    /*
     * First work out how many characters we need to display each
     * number. We're pretty flexible on grid contents here, so we
@ -561,6 +567,11 @@ static char *game_text_format(const game_state *state)
 	if (col < x) col = x;
    }

+    /* Reassure sprintf-checking compilers like gcc that the field
+     * width we've just computed is not now excessive */
+    if (col >= sizeof(buf))
+        col = sizeof(buf)-1;
+
    /*
     * Now we know the exact total size of the grid we're going to
     * produce: it's got h rows, each containing w lots of col+o,