display_gl_get_property: assert correct size

MartinPulec · MartinPulec · commit 45f51f8bb029 · 2024-01-22T12:53:14.000+01:00
Enough space is rather assumed because in the oppiste case, hard-to-detect
behavior may occur, especially while the problem is not reported.
diff --git a/src/utils/macros.h b/src/utils/macros.h
@@ -73,7 +73,15 @@
 #endif // defined EXTERN_C
 
 /// unconditional alternative to assert that is not affected by NDEBUG macro
-#define UG_ASSERT(cond) do { if (!(cond)) { fprintf(stderr, "%s:%d: %s: Assertion `" #cond "' failed.\n", __FILE__, __LINE__, __func__); abort(); } } while(0)
+#define UG_ASSERT(cond) \
+        do { /* NOLINT(cppcoreguidelines-avoid-do-while) */ \
+                if (!(cond)) { \
+                        fprintf(stderr, \
+                                "%s:%d: %s: Assertion `" #cond "' failed.\n", \
+                                __FILE__, __LINE__, __func__); \
+                        abort(); \
+                } \
+        } while (0)
 
 /// shortcut for `snprintf(var, sizeof var...)`, `var` must be a char array
 #define snprintf_ch(str, ...) snprintf(str, sizeof str, __VA_ARGS__)
diff --git a/src/video_display/gl.cpp b/src/video_display/gl.cpp
@@ -1897,9 +1897,7 @@ display_gl_get_property(void *state, int property, void *val, size_t *len)
 
         switch (property) {
         case DISPLAY_PROPERTY_CODECS: {
-                if (sizeof gl_supp_codecs > *len) {
-                        return false;
-                }
+                UG_ASSERT(*len >= sizeof gl_supp_codecs);
                 auto filter_codecs = [s](codec_t c) {
                         if (get_bits_per_component(c) > DEPTH8 &&
                             commandline_params.find(
@@ -1925,23 +1923,18 @@ display_gl_get_property(void *state, int property, void *val, size_t *len)
                 return true;
         }
         case DISPLAY_PROPERTY_RGB_SHIFT:
-                if (sizeof(rgb_shift) > *len) {
-                        return false;
-                }
+                UG_ASSERT(*len >= sizeof rgb_shift);
                 memcpy(val, rgb_shift, sizeof(rgb_shift));
                 *len = sizeof(rgb_shift);
                 return true;
         case DISPLAY_PROPERTY_BUF_PITCH:
+                UG_ASSERT(*len >= sizeof(int));
                 *(int *) val = PITCH_DEFAULT;
                 *len         = sizeof(int);
                 return true;
         case DISPLAY_PROPERTY_SUPPORTED_IL_MODES:
-                if (sizeof(supported_il_modes) <= *len) {
-                        memcpy(val, supported_il_modes,
-                               sizeof(supported_il_modes));
-                } else {
-                        return false;
-                }
+                UG_ASSERT(*len >= sizeof supported_il_modes);
+                memcpy(val, supported_il_modes, sizeof(supported_il_modes));
                 *len = sizeof(supported_il_modes);
                 return true;
         default:
