On Thu, 1 Oct 2020 at 23:48, Albert Astals Cid <[email protected]> wrote: > > If it's guarded, it's not wrong. > > It's like saying that code this code > > if (!a) > return; > > a->doSomething(); > > is technically wrong because if a is null it will crash and is only guarded > by the if. > > Yes, that's what guards do, they make subsequent code free to assume stuff.
The issue is the guard is distant from all the rest of the code depending on it. At the moment there are lots of methods with implicit preconditions, some obvious (height is greater than zero), others less so (width times components_of_mode plus row_pad times height is less than some_large_number). It's just easier to work with code that is trivially correct due to the types and operations being used, and the compiler does more verification for you. > Make the patches correct (to by possibly wrong perception). Rather than make the prerequisite patches pointless, I've put up the full set in a PR that you can build and try. You can also try removing the type casts you don't see the reason for, and see where the program then segfaults. https://gitlab.freedesktop.org/poppler/poppler/-/merge_requests/645 Thanks, Martin _______________________________________________ poppler mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/poppler
