patch 9.1.0608: Coverity warns about a few potential issues
Commit:
https://github.com/vim/vim/commit/220474d239bfca0b36f7ca9cc9fdb9dab5dd384e
Author: Christian Brabandt <c...@256bit.org>
Date: Sat Jul 20 13:26:44 2024 +0200
patch 9.1.0608: Coverity warns about a few potential issues
Problem: Coverity warns about a few potential issues
Solution: Fix those issues (see details below)
1) Fix overflow warning in highlight.c
This happens because we are comparing int with long
and assign a potential long value to an int, which
could cause an overflow. So add some casts to ensure
the value fits into an int.
2) Fix Overflow warning in shift_line().
This happens because we are performing a division/modulo
operation of a long type by an int type and assign the result
to an int, which could then overflow. So before performing
the operation, trim the long to value to at most max int value,
so that it can't overflow.
3) Fix overflow warning in syn_list_cluster in syntax.c
This is essential the same issue as 1)
4) not checking the return value of vim_mkdir() in spellfile.c
Creating the spell directory could fail. Handle this case
and return early in this case.
5) qsort() may deref a NULL pointer when fuzzy match does not
return a result. Fix this by checking that the accessed growarray
fuzzy_indices actually contains data. If not we can silently skip
the qsort() and related logic.
closes: #15284
Signed-off-by: Christian Brabandt <c...@256bit.org>
diff --git a/src/highlight.c b/src/highlight.c
index a71a100dc..d3ea2d201 100644
--- a/src/highlight.c
+++ b/src/highlight.c
@@ -3351,8 +3351,8 @@ syn_list_header(
if (msg_col >= endcol) // output at least one space
endcol = msg_col + 1;
- if (Columns <= endcol) // avoid hang for tiny window
- endcol = Columns - 1;
+ if (Columns <= (long)endcol) // avoid hang for tiny window
+ endcol = (int)(Columns - 1);
msg_advance(endcol);
diff --git a/src/insexpand.c b/src/insexpand.c
index 4ad1f41a6..2be63a58e 100644
--- a/src/insexpand.c
+++ b/src/insexpand.c
@@ -3618,16 +3618,21 @@ get_next_filename_completion(void)
}
}
- fuzzy_indices_data = (int *)fuzzy_indices.ga_data;
- qsort(fuzzy_indices_data, fuzzy_indices.ga_len, sizeof(int),
compare_scores);
+ // prevent qsort from deref NULL pointer
+ if (fuzzy_indices.ga_len > 0)
+ {
+ fuzzy_indices_data = (int *)fuzzy_indices.ga_data;
+ qsort(fuzzy_indices_data, fuzzy_indices.ga_len, sizeof(int),
compare_scores);
+
+ sorted_matches = (char_u **)alloc(sizeof(char_u *) *
fuzzy_indices.ga_len);
+ for (i = 0; i < fuzzy_indices.ga_len; ++i)
+ sorted_matches[i] = vim_strsave(matches[fuzzy_indices_data[i]]);
- sorted_matches = (char_u **)alloc(sizeof(char_u *) *
fuzzy_indices.ga_len);
- for (i = 0; i < fuzzy_indices.ga_len; ++i)
- sorted_matches[i] = vim_strsave(matches[fuzzy_indices_data[i]]);
+ FreeWild(num_matches, matches);
+ matches = sorted_matches;
+ num_matches = fuzzy_indices.ga_len;
+ }
- FreeWild(num_matches, matches);
- matches = sorted_matches;
- num_matches = fuzzy_indices.ga_len;
vim_free(compl_fuzzy_scores);
ga_clear(&fuzzy_indices);
}
diff --git a/src/ops.c b/src/ops.c
index 2de2557fb..eb8f64c1f 100644
--- a/src/ops.c
+++ b/src/ops.c
@@ -240,8 +240,8 @@ shift_line(
if (round) // round off indent
{
- i = count / sw_val; // number of 'shiftwidth' rounded down
- j = count % sw_val; // extra spaces
+ i = trim_to_int(count) / sw_val; // number of 'shiftwidth'
rounded down
+ j = trim_to_int(count) % sw_val; // extra spaces
if (j && left) // first remove extra spaces
--amount;
if (left)
diff --git a/src/spellfile.c b/src/spellfile.c
index 51261abfb..0b9536dc1 100644
--- a/src/spellfile.c
+++ b/src/spellfile.c
@@ -6434,7 +6434,13 @@ init_spellfile(void)
l = (int)STRLEN(buf);
vim_snprintf((char *)buf + l, MAXPATHL - l, "/spell");
if (filewritable(buf) != 2)
- vim_mkdir(buf, 0755);
+ {
+ if (vim_mkdir(buf, 0755) != 0)
+ {
+ vim_free(buf);
+ return;
+ }
+ }
l = (int)STRLEN(buf);
vim_snprintf((char *)buf + l, MAXPATHL - l,
diff --git a/src/syntax.c b/src/syntax.c
index 48e715201..02120529f 100644
--- a/src/syntax.c
+++ b/src/syntax.c
@@ -4084,8 +4084,8 @@ syn_list_cluster(int id)
if (msg_col >= endcol) // output at least one space
endcol = msg_col + 1;
- if (Columns <= endcol) // avoid hang for tiny window
- endcol = Columns - 1;
+ if (Columns <= (long)endcol) // avoid hang for tiny window
+ endcol = (int)(Columns - 1);
msg_advance(endcol);
if (SYN_CLSTR(curwin->w_s)[id].scl_list != NULL)
diff --git a/src/version.c b/src/version.c
index e174c790a..bd7457384 100644
--- a/src/version.c
+++ b/src/version.c
@@ -704,6 +704,8 @@ static char *(features[]) =
static int included_patches[] =
{ /* Add new patch number below this line */
+/**/
+ 608,
/**/
607,
/**/
--
--
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php
---
You received this message because you are subscribed to the Google Groups
"vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to vim_dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/vim_dev/E1sV8Hs-00GB48-7X%40256bit.org.
