gvc: read MSB data as 'int' values

These are dealt with as `int` internally, so better to use `int` the whole way
through. Note that this rejects values that do not fit in an `int` which would
silently overflow before. This squashes:

  gvusershape.c: In function ‘png_size’:
  gvusershape.c:271:17: warning: conversion to ‘int’ from ‘unsigned int’ may
    change the sign of the result [-Wsign-conversion]
    271 |         us->w = w;
        |                 ^
  gvusershape.c:272:17: warning: conversion to ‘int’ from ‘unsigned int’ may
    change the sign of the result [-Wsign-conversion]
    272 |         us->h = h;
        |                 ^
  gvusershape.c: In function ‘ico_size’:
  gvusershape.c:283:17: warning: conversion to ‘int’ from ‘unsigned int’ may
    change the sign of the result [-Wsign-conversion]
    283 |         us->w = w;
        |                 ^
  gvusershape.c:284:17: warning: conversion to ‘int’ from ‘unsigned int’ may
    change the sign of the result [-Wsign-conversion]
    284 |         us->h = h;
        |                 ^
  gvusershape.c: In function ‘jpeg_size’:
  gvusershape.c:381:25: warning: conversion to ‘int’ from ‘unsigned int’ may
    change the sign of the result [-Wsign-conversion]
    381 |                 us->h = size_x;
        |                         ^~~~~~
  gvusershape.c:382:25: warning: conversion to ‘int’ from ‘unsigned int’ may
    change the sign of the result [-Wsign-conversion]
    382 |                 us->w = size_y;
        |                         ^~~~~~
  gvusershape.c:396:25: warning: conversion to ‘int’ from ‘unsigned int’ may
    change the sign of the result [-Wsign-conversion]
    396 |                 us->h = size_x;
        |                         ^~~~~~
  gvusershape.c:397:25: warning: conversion to ‘int’ from ‘unsigned int’ may
    change the sign of the result [-Wsign-conversion]
    397 |                 us->w = size_y;
        |                         ^~~~~~

diff --git a/lib/gvc/gvusershape.c b/lib/gvc/gvusershape.c
index 4106a42d6daa71a4a2266a336a43debc69659f02..3c7ce98f81c8861fe4e18f200f7162058071fa44 100644 (file)
--- a/lib/gvc/gvusershape.c
+++ b/lib/gvc/gvusershape.c
@@ -9,7 +9,7 @@
  *************************************************************************/
 
 #include "config.h"
-
+#include <limits.h>
 #include <stdbool.h>
 #include <stdio.h>
 #include <string.h>
@@ -129,17 +129,21 @@ static bool get_int_lsb_first(FILE *f, size_t sz, unsigned int *val) {
     return true;
 }
        
-static bool get_int_msb_first(FILE *f, size_t sz, unsigned int *val) {
+static bool get_int_msb_first(FILE *f, size_t sz, int *val) {
     int ch;
 
-    *val = 0;
+    unsigned value = 0;
     for (size_t i = 0; i < sz; i++) {
        ch = fgetc(f);
        if (feof(f))
            return false;
-        *val <<= 8;
-       *val |= (unsigned)ch;
+        value <<= 8;
+       value |= (unsigned)ch;
+    }
+    if (value > INT_MAX) {
+       return false;
     }
+    *val = (int)value;
     return true;
 }
 
@@ -263,7 +267,7 @@ static void svg_size (usershape_t *us)
 
 static void png_size (usershape_t *us)
 {
-    unsigned int w, h;
+    int w, h;
 
     us->dpi = 0;
     fseek(us->f, 16, SEEK_SET);
@@ -275,7 +279,7 @@ static void png_size (usershape_t *us)
 
 static void ico_size (usershape_t *us)
 {
-    unsigned int w, h;
+    int w, h;
 
     us->dpi = 0;
     fseek(us->f, 6, SEEK_SET);
@@ -334,7 +338,7 @@ static void bmp_size (usershape_t *us) {
 }
 
 static void jpeg_size (usershape_t *us) {
-    unsigned int marker, length, size_x, size_y;
+    int marker, length, size_x, size_y;
 
     /* These are the markers that follow 0xff in the file.
      * Other markers implicitly have a 2-byte length field that follows.
@@ -367,7 +371,7 @@ static void jpeg_size (usershape_t *us) {
          */
 
         /* A stand-alone... */
-        if (memchr(standalone_markers, (int)marker, sizeof(standalone_markers)))
+        if (memchr(standalone_markers, marker, sizeof(standalone_markers)))
             continue;
 
         /* Incase of a 0xc0 marker: */