Re: Warning in svg_load_image

[Michael Welsh Duggan]

Eli Zaretskii <eliz@gnu.org> writes:

>> From: Michael Welsh Duggan <mwd@md5i.com>
>> Cc: Po Lu <luangruo@yahoo.com>,  emacs-devel@gnu.org
>> Date: Wed, 23 Feb 2022 12:11:24 -0500
>> 
>> Eli Zaretskii <eliz@gnu.org> writes:
>> 
>> >        "xmlns:xi=\"http://www.w3.org/2001/XInclude\"; "
>> >        "style=\"color: #%06X; fill: currentColor;\" "
>> >        "width=\"%d\" height=\"%d\" preserveAspectRatio=\"none\" "
>> > -      "viewBox=\"0 0 %f %f\">"
>> > +      "viewBox=\"0 0 %5.0f %5.0f\">"
>> >        "<rect width=\"100%%\" height=\"100%%\" fill=\"#%06X\"/>"
>> >        "<xi:include href=\"data:image/svg+xml;base64,%s\"></xi:include>"
>> >        "</svg>";
>> > @@ -10801,7 +10801,9 @@ svg_load_image (struct frame *f, struct image 
>> > *img, char *contents,
>> >  
>> >      if (buffer_size <= snprintf (wrapped_contents, buffer_size, wrapper,
>> >                             foreground & 0xFFFFFF, width, height,
>> > -                           viewbox_width, viewbox_height,
>> > +                           /* Sanitize the viewBox dimensions.  */
>> > +                           min (viewbox_width, 10000.),
>> > +                           min (viewbox_height, 10000.),
>> >                             background & 0xFFFFFF,
>> >                             SSDATA (encoded_contents)))
>> >        goto rsvg_error;
>> >
>> 
>> So, a couple of questions and comments...  
>> 
>> As mentioned in other messages, % sizes affect only the minimum sizes of
>> results, so changing those values shouldn't help.  (It's possible that
>> using * might, but only as a possible subversion of the heuristics that
>> this warning uses.)
>
> If the compiler doesn't understand that the value is being limited to
> a maximum of 5 digits, then it shouldn't attempt to emit such
> "helpful" warnings.

Is it being limited?  What is limiting it?  "%5.0f" will not limit it's
size; it will only limit its minimum size, unless I am misunderstanding
the printf specs.

>> The principled way to solve this would be to call the snprintf twice,
>> the first time with a zero-sized buffer, and then to use the return
>> value to allocate the actual buffer.  This is a pessimisation, but I
>> don't know if it's a bad one (it depends on how frequently this code
>> would be called.
>
> This is madness.  I'd rather we used a pragma to disable that
> particular warning around this part of the code than jump through
> hoops because the compiler is too stupid to understand the code it
> warns about.

Another possible option: you may be able to work around this by
declaring buffer_size to be volatile.

-- 
Michael Welsh Duggan
(md5i@md5i.com)