[cairo] [cairo-commit] 3 commits - src/cairo-array.c src/cairoint.h src/cairo-types-private.h

Bill Spitzak spitzak at gmail.com
Sat Nov 27 19:36:22 PST 2010

This code in the comment makes no sense to me:

>>>> +    /* We allow an index of 0 for the no-elements case.
>>>> +     * This makes for cleaner calling code which will often look like:
>>>> +     *
>>>> +     *    elements = _cairo_array_index_const (array, num_elements);
>>>> +     *         for (i=0; i < num_elements; i++) {
>>>> +     *        ... read elements[i] here ...
>>>> +     *    }
>>>> +     *
>>>> +     * which in the num_elements==0 case gets the NULL pointer here,
>>>> +     * but never dereferences it.
>>>> +     */

If we assume the size of the array items is 1, the first line is the 
same as elements = array+num_elements. The next line of the code seems 
to think this means that elements[num_elements-1] will not go off the 
end of the array. But this is actually array[num_elements*2-1], and we 
only know array is num_elements long or more.

My best guess is that the last line of the code in the comment is 
supposed to be "read array[i] here".

But this still makes no sense. If the purpose is to get the assert to 
throw before the code will index off the end of the array, this will 
only work if you pass num_elements-1 to the call. This means that if the 
loop is given num_elements == 0, it will actually pass -1 to the call 
(or ~0 if this is unsigned).

I really see no purpose in the way the code is written. Either it should 
always throw an assert for a zero-length array, or it should not throw 
an assert for indexing one off the end of a non-zero-length array.

More information about the cairo mailing list