Fix operator[] for vector2d and vector3d being potentially UB (#15977)

We don't have a C++ expert on hand, but taking a pointer to one member and expecting to access another by an offset is very fishy: - for one, there could theoretically be padding - the compiler might assume that we are only writing to that first member The new code has shown to be free for constant parameter values. Non-constant ones cause the assembly to have branches (why?), but we don't use that much.
2025-06-27 16:36:03 +00:00 · 2025-04-08 22:25:45 +02:00 · 2025-04-08 22:25:45 +02:00 · a00b9cab36
commit a00b9cab36
parent 46db688cc8
5 changed files with 39 additions and 30 deletions
--- a/irr/include/irrTypes.h
+++ b/irr/include/irrTypes.h
@ -85,6 +85,22 @@ typedef char fschar_t;
 /** prefer to use the override keyword for new code */
 #define _IRR_OVERRIDE_ override
 // Invokes undefined behavior for unreachable code optimization
 // Note: an assert(false) is included first to catch this in debug builds
 #if defined(__cpp_lib_unreachable)
 #include <utility>
 #define IRR_CODE_UNREACHABLE() do { _IRR_DEBUG_BREAK_IF(1) std::unreachable(); } while(0)
 #elif defined(__has_builtin)
 #if __has_builtin(__builtin_unreachable)
 #define IRR_CODE_UNREACHABLE() do { _IRR_DEBUG_BREAK_IF(1) __builtin_unreachable(); } while(0)
 #endif
 #elif defined(_MSC_VER)
 #define IRR_CODE_UNREACHABLE() do { _IRR_DEBUG_BREAK_IF(1) __assume(false); } while(0)
 #endif
 #ifndef IRR_CODE_UNREACHABLE
 #define IRR_CODE_UNREACHABLE() (void)0
 #endif
 //! creates four CC codes used in Irrlicht for simple ids
 /** some compilers can create those by directly writing the
 code like 'code', but some generate warnings so we use this macro here */
--- a/irr/include/vector2d.h
+++ b/irr/include/vector2d.h
@ -131,16 +131,20 @@ public:
 	T &operator[](u32 index)
 	{
-		_IRR_DEBUG_BREAK_IF(index > 1) // access violation
+		switch (index) {
-
+			case 0: return X;
-		return *(&X + index);
+			case 1: return Y;
 			default: IRR_CODE_UNREACHABLE();
 		}
 	}
 	const T &operator[](u32 index) const
 	{
-		_IRR_DEBUG_BREAK_IF(index > 1) // access violation
+		switch (index) {
-
+			case 0: return X;
-		return *(&X + index);
+			case 1: return Y;
 			default: IRR_CODE_UNREACHABLE();
 		}
 	}
 	//! sort in order X, Y.
--- a/irr/include/vector3d.h
+++ b/irr/include/vector3d.h
@ -117,16 +117,22 @@ public:
 	T &operator[](u32 index)
 	{
-		_IRR_DEBUG_BREAK_IF(index > 2) // access violation
+		switch (index) {
-
+			case 0: return X;
-		return *(&X + index);
+			case 1: return Y;
 			case 2: return Z;
 			default: IRR_CODE_UNREACHABLE();
 		}
 	}
 	const T &operator[](u32 index) const
 	{
-		_IRR_DEBUG_BREAK_IF(index > 2) // access violation
+		switch (index) {
-
+			case 0: return X;
-		return *(&X + index);
+			case 1: return Y;
 			case 2: return Z;
 			default: IRR_CODE_UNREACHABLE();
 		}
 	}
 	//! sort in order X, Y, Z.
--- a/irr/src/OpenGL/Driver.cpp
+++ b/irr/src/OpenGL/Driver.cpp
@ -104,8 +104,7 @@ static const VertexType &getVertexTypeDescription(E_VERTEX_TYPE type)
 	case EVT_TANGENTS:
 		return vtTangents;
 	default:
-		assert(false);
+		IRR_CODE_UNREACHABLE();
 		CODE_UNREACHABLE();
 	}
 }
--- a/irr/src/os.h
+++ b/irr/src/os.h
@ -10,22 +10,6 @@
 #include "ILogger.h"
 #include "ITimer.h"
 // CODE_UNREACHABLE(): Invokes undefined behavior for unreachable code optimization
 #if defined(__cpp_lib_unreachable)
 #include <utility>
 #define CODE_UNREACHABLE() std::unreachable()
 #elif defined(__has_builtin)
 #if __has_builtin(__builtin_unreachable)
 #define CODE_UNREACHABLE() __builtin_unreachable()
 #endif
 #elif defined(_MSC_VER)
 #define CODE_UNREACHABLE() __assume(false)
 #endif
 #ifndef CODE_UNREACHABLE
 #define CODE_UNREACHABLE() (void)0
 #endif
 namespace irr
 {