Hi
I tried the static analyzer "smatch" (http://smatch.sourceforge.net/) with
Vim-7.3.3. It gives quite some noise but the following 3 defects look like
real bugs:
spell.c +7238 spell_read_wordfile(118) error: strcpy() '(line)' too
large for '(spin->si_region_name)' (17 vs 16)
spell.c +9548 init_spellfile(45) warn: add some parenthesis here?
syntax.c +7611 do_highlight(823) error: buffer overflow 'buf' 100 <= 100
Fixed in attached patch.
-- Dominique
--
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php
diff -r 073ff46fe397 src/spell.c
--- a/src/spell.c Fri Aug 20 11:11:57 2010 +0200
+++ b/src/spell.c Mon Aug 23 21:05:22 2010 +0200
@@ -7229,7 +7229,7 @@
else
{
line += 8;
- if (STRLEN(line) > 16)
+ if (STRLEN(line) >= 16)
smsg((char_u *)_("Too many regions in %s line %d: %s"),
fname, lnum, line);
else
@@ -9545,7 +9545,7 @@
/* Create the "spell" directory if it doesn't exist yet. */
l = (int)STRLEN(buf);
vim_snprintf((char *)buf + l, MAXPATHL - l, "/spell");
- if (!filewritable(buf) != 2)
+ if (filewritable(buf) != 2)
vim_mkdir(buf, 0755);
l = (int)STRLEN(buf);
diff -r 073ff46fe397 src/syntax.c
--- a/src/syntax.c Fri Aug 20 11:11:57 2010 +0200
+++ b/src/syntax.c Mon Aug 23 21:05:22 2010 +0200
@@ -7600,7 +7600,7 @@
/*
* Copy characters from arg[] to buf[], translating <> codes.
*/
- for (p = arg, off = 0; off < 100 && *p; )
+ for (p = arg, off = 0; off < 99 && *p; )
{
len = trans_special(&p, buf + off, FALSE);
if (len) /* recognized special char */
