Comments (18)
yet any new bounds check doesn't help (I tried several)
I've been compiling with:
for (k = 0; k < s->img_n && k < 3; ++k) tc[k] = (stbi_uc)(stbi__get16be(s) & 255) * stbi__depth_scale_table[z->depth]; // non 8-bit images will be larger
Not ideal as it seems to imply s->img_n
can be 4, but at least it compiles.
from stb.
Same compiler error.
from stb.
It fixes the warning for us in SDL_image.
from stb.
It's not a real bug; s->img_n
must be 1 or 3 when the loop runs;; this is enforced obscurely at line 5156. I guess it figured out from elsewhere that it must be 1,2,3, or 4, but it doesn't notice the narrowing of the range in line 5156. Expanding the tc[] array to 4 to suppress the warning will be harmless I guess. Or maybe just deobfuscating 5156 and explicitly test for 2 & 4, not 1 & 3.
from stb.
Can you try replacing 5156:
if (!(s->img_n & 1)) return stbi__err("tRNS with alpha","Corrupt PNG");
with
if (s->img_n == 2 || s->img_n == 4) return stbi__err("tRNS with alpha","Corrupt PNG");
and see if the warning goes away?
from stb.
no luck with either that change, setting the struct to 4 or "s->img_n != 1 && s->img_n != 3"
from stb.
by "the struct" do you mean the variable "tc"?
from stb.
Anyway, if so, I have no idea what the warning is. Indeed, if != 1 && != 3
didn't work, it seems like an inherently broken warning, unless I'm missing something.
from stb.
Are you loading an image from a file, or is it stored in a big array in C++ code?
from stb.
There was a similar issue reported in gcc 12.2 that doesn't seem to have been fixed, potentially the same issue. https://gcc.gnu.org/bugzilla/show_bug.cgi?id=106757
Are you compiling -O2 or -O3?
from stb.
After your comments, this definitely is a gcc bug as the logic looks correct, yet any new bounds check doesn't help (I tried several)
compiling with 03 and it only complains in the LTO stage, not the initial file compile. I'm loading an image from a memory buffer
2 different fixes, but the 1st allows vectorization
- enlarge tc to 16 items (less than that still errors out)
- add attribute((optimize("no-tree-vectorize"))) before stbi__parse_png_file
from stb.
But how is the image getting to the memory buffer? Is it available in the C++ code (is the optimizer able to see the actual image data being used? if so maybe there's a real bug) or is it coming from a source at runtime like being loaded from a file (so, no, the optimizer doesn't know what the actual data is).
from stb.
It definitely looks like a GCC bug.
No bounds check changes are needed if has_trans
isn't set to 1
, or if we keep the has_trans
assignment, but in line 5212
, the has_trans
branch is disabled. This seems to suggest that GCC thinks img_n
can change between the has_trans
assignment and the for loop, which could be why changing the bounds check on img_n
doesn't seem to help.
from stb.
It definitely looks like a GCC bug.
No bounds check changes are needed if
has_trans
isn't set to1
What if you move the assignment of has_trans=1 to after the tc[]-assigning loop, at the end of the else clause (after both of the tc[]-assigning loops, i.e. at the same indent level it is currently)
from stb.
But how is the image getting to the memory buffer? Is it available in the C++ code (is the optimizer able to see the actual image data being used? if so maybe there's a real bug) or is it coming from a source at runtime like being loaded from a file (so, no, the optimizer doesn't know what the actual data is).
the image is read in from the filesystem so not available to the compiler. I compiled close to 300 opensource components with gcc14 and this is the first analyzer error I found - though I did notice what seemed like more bogus stringop overflow warnings relative to 13.2
from stb.
Same issue in this project here: https://github.com/ggerganov/llama.cpp
Related report: ggerganov/llama.cpp#7431
from stb.
Same issue seen in SDL_image: libsdl-org/SDL_image#453
from stb.
I've released stb_image 2.30 with just the fix suggested by @EvilPudding. Let me know if it's not fixed.
from stb.
Related Issues (20)
- Long double support
- stb_truetype: GPOS advance always 0 (while GPOS and KERN tables exist), while KERN works fine
- stb_truetype: stbtt_GetCodepointHMetrics() outputs weird advanceWidth values after being called several times HOT 1
- stb_image_resize2: assert/crash on resizing 2x2 to 1x1 images with wrap HOT 5
- stb_image: loading of an invalid JPEG image succeeds
- problem in reading libraries HOT 1
- 16 bit PNG Support
- Array Out Of Bounds - stb_image_resize2.h HOT 12
- Out-of-bounds Memory Access in stb_image Library during GIF Image Processing
- possibly incorrect function signatures in stb_sprintf
- The output of `stbir_resize_uint8_linear` function is competely wrong HOT 3
- stb_truetype valgrind: invalid read of size 1 HOT 1
- shput never fills in "key" field HOT 7
- STBDS_FREE is used outside of STB_DS_IMPLEMENTATION causing custom implementation to be replaced by free(). HOT 1
- how to hmdel in iterate hashmap? HOT 7
- stb_image: Add support for gainmaps (`libultrahdr`) support to image loader HOT 2
- Characterizing crashes with respect to file size HOT 1
- VS2022 stbir_resize_uint8 ERROR HOT 1
- Malloc return not checked in stbi_write_hdr_core
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from stb.