gbranden pushed a commit to branch master
in repository groff.

commit 4c11e40e343c4a8a6e11b18e96197b082a888dd2
Author: G. Branden Robinson <[email protected]>
AuthorDate: Tue Jun 16 14:46:11 2026 -0500

    [libgroff]: Further update `string` assertions.
    
    * src/libs/libgroff/string.cpp: Manipulate assert(3)ions verifying the
      invariant of `ptr`'s non-nullity to sit closer to assignments thereto.
      This way the assertions can/should reliably fail prior to null pointer
      dereference.  Also check this invariant in more places.
    
      (string::string, string::operator+=, string::remove_spaces): Relocate
      assertions.
    
      (string::append, string::set_length, put_string): Add assertions.
    
      (string::clear): Uncomment assertion.  Its comment was inaccurate.
---
 ChangeLog                    | 14 ++++++++++++++
 src/libs/libgroff/string.cpp | 38 ++++++++++++++++++++++++--------------
 2 files changed, 38 insertions(+), 14 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index ce76b4d9b..6a08e0c6c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,17 @@
+2026-06-16  G. Branden Robinson <[email protected]>
+
+       * src/libs/libgroff/string.cpp: Manipulate assert(3)ions
+       verifying the invariant of `ptr`'s non-nullity to sit closer to
+       assignments thereto.  This way the assertions can/should
+       reliably fail prior to null pointer dereference.  Also check
+       this invariant in more places.
+       (string::string, string::operator+=, string::remove_spaces):
+       Relocate assertions.
+       (string::append, string::set_length, put_string): Add
+       assertions.
+       (string::clear): Uncomment assertion.  Its comment was
+       inaccurate.
+
 2026-06-20  G. Branden Robinson <[email protected]>
 
        * src/libs/libgroff/string.cpp: Document invariant.
diff --git a/src/libs/libgroff/string.cpp b/src/libs/libgroff/string.cpp
index dddcd6644..e391c9871 100644
--- a/src/libs/libgroff/string.cpp
+++ b/src/libs/libgroff/string.cpp
@@ -146,10 +146,10 @@ string::string() : len(0), sz(initial_string_buffer_size)
 string::string(const char *p, size_t n) : len(n)
 {
   ptr = salloc(n, &sz);
+  assert(ptr != 0 /* nullptr */);
   memset(ptr, 0, sz);
   if (n != 0)
     memcpy(ptr, p, n);
-  assert(ptr != 0 /* nullptr */);
 }
 
 string::string(const char *p)
@@ -157,33 +157,34 @@ string::string(const char *p)
   if (0 /* nullptr */ == p) {
     len = 0;
     ptr = salloc(initial_string_buffer_size, &sz);
+    assert(ptr != 0 /* nullptr */);
   }
   else {
     len = strlen(p);
     ptr = salloc(len, &sz);
+    assert(ptr != 0 /* nullptr */);
     if (len < sz)
       memset(ptr, 0, sz);
     if (len != 0)
       memcpy(ptr, p, len);
   }
-  assert(ptr != 0 /* nullptr */);
 }
 
 string::string(char c) : len(1)
 {
   ptr = salloc(1, &sz);
-  *ptr = c;
   assert(ptr != 0 /* nullptr */);
+  *ptr = c;
 }
 
 string::string(const string &s) : len(s.len)
 {
   ptr = salloc(len, &sz);
+  assert(ptr != 0 /* nullptr */);
   if (sz > 0)
     memset(ptr, 0, sz);
   if (len != 0)
     memcpy(ptr, s.ptr, len);
-  assert(ptr != 0 /* nullptr */);
 }
 
 string::~string()
@@ -248,12 +249,13 @@ string &string::operator+=(const char *p)
   if (p != 0 /* nullptr */) {
     size_t n = strlen(p);
     size_t newlen = len + n;
-    if (newlen > sz)
+    if (newlen > sz) {
       ptr = srealloc(ptr, sz, len, newlen, &sz);
+      assert(ptr != 0 /* nullptr */);
+    }
     memcpy(ptr + len, p, n);
     len = newlen;
   }
-  assert(ptr != 0 /* nullptr */);
   return *this;
 }
 
@@ -261,12 +263,13 @@ string &string::operator+=(const string &s)
 {
   if (s.len != 0) {
     size_t newlen = len + s.len;
-    if (newlen > sz)
+    if (newlen > sz) {
       ptr = srealloc(ptr, sz, len, newlen, &sz);
+      assert(ptr != 0 /* nullptr */);
+    }
     memcpy(ptr + len, s.ptr, s.len);
     len = newlen;
   }
-  assert(ptr != 0 /* nullptr */);
   return *this;
 }
 
@@ -274,8 +277,10 @@ void string::append(const char *p, size_t n)
 {
   if (n > 0) {
     size_t newlen = len + n;
-    if (newlen > sz)
+    if (newlen > sz) {
       ptr = srealloc(ptr, sz, len, newlen, &sz);
+      assert(ptr != 0 /* nullptr */);
+    }
     memcpy(ptr + len, p, n);
     len = newlen;
   }
@@ -284,10 +289,13 @@ void string::append(const char *p, size_t n)
 string::string(const char *s1, size_t n1, const char *s2, size_t n2)
 {
   len = n1 + n2;
-  if (0 == len)
+  if (0 == len) {
     ptr = salloc(initial_string_buffer_size, &sz);
+    assert(ptr != 0 /* nullptr */);
+  }
   else {
     ptr = salloc(len, &sz);
+    assert(ptr != 0 /* nullptr */);
     if (0 == n1)
       memcpy(ptr, s2, n2);
     else {
@@ -296,7 +304,6 @@ string::string(const char *s1, size_t n1, const char *s2, 
size_t n2)
        memcpy(ptr + n1, s2, n2);
     }
   }
-  assert(ptr != 0 /* nullptr */);
 }
 
 bool operator<=(const string &s1, const string &s2)
@@ -329,14 +336,16 @@ bool operator>(const string &s1, const string &s2)
 
 void string::set_length(size_t i)
 {
-  if (i > sz)
+  if (i > sz) {
     ptr = srealloc(ptr, sz, len, i, &sz);
+    assert(ptr != 0 /* nullptr */);
+  }
   len = i;
 }
 
 void string::clear()
 {
-  //assert(ptr != 0 /* nullptr */); // XXX: TODO: held up by refer(1)
+  assert(ptr != 0 /* nullptr */);
   if (ptr != 0 /* nullptr */)
     memset(ptr, 0, sz);
   len = 0;
@@ -484,14 +493,15 @@ void string::remove_spaces()
     memcpy(tmp, p, len);
     delete[] ptr;
     ptr = tmp;
+    assert(ptr != 0 /* nullptr */);
   }
-  assert(ptr != 0 /* nullptr */);
 }
 
 void put_string(const string &s, FILE *fp)
 {
   size_t len = s.length();
   const char *ptr = s.contents();
+  assert(ptr != 0 /* nullptr */);
   for (size_t i = 0; i < len; i++)
     putc(ptr[i], fp);
 }

_______________________________________________
groff-commit mailing list
[email protected]
https://lists.gnu.org/mailman/listinfo/groff-commit

Reply via email to