De-volatilize the internal implementation of `png_safe_execute`
`png_safe_execute` called `setjmp` in a context where the result was
undefined (an assignment statement). This corrects the code and removes
volatile statements that were introduced previously to quell warnings
from earlier versions of GCC.
Co-authored-by: John Bowler <jbowler@acm.org>
diff --git a/pngerror.c b/pngerror.c
index 53e79ba..3469959 100644
--- a/pngerror.c
+++ b/pngerror.c
@@ -933,31 +933,25 @@
#endif
int /* PRIVATE */
-png_safe_execute(png_imagep image_in, int (*function)(png_voidp), png_voidp arg)
+png_safe_execute(png_imagep image, int (*function)(png_voidp), png_voidp arg)
{
- volatile png_imagep image = image_in;
- volatile int result;
- volatile png_voidp saved_error_buf;
+ png_voidp saved_error_buf = image->opaque->error_buf;
jmp_buf safe_jmpbuf;
+ int result;
- /* Safely execute function(arg) with png_error returning to this function. */
- saved_error_buf = image->opaque->error_buf;
- result = setjmp(safe_jmpbuf) == 0;
-
- if (result != 0)
+ /* Safely execute function(arg), with png_error returning back here. */
+ if (setjmp(safe_jmpbuf) == 0)
{
-
image->opaque->error_buf = safe_jmpbuf;
result = function(arg);
+ image->opaque->error_buf = saved_error_buf;
+ return result;
}
+ /* On png_error, return via longjmp, pop the jmpbuf, and free the image. */
image->opaque->error_buf = saved_error_buf;
-
- /* And do the cleanup prior to any failure return. */
- if (result == 0)
- png_image_free(image);
-
- return result;
+ png_image_free(image);
+ return 0;
}
#endif /* SIMPLIFIED READ || SIMPLIFIED_WRITE */
#endif /* READ || WRITE */
