Mercurial > vim
changeset 35764:3ead9668d632 v9.1.0608
patch 9.1.0608: Coverity warns about a few potential issues
Commit: https://github.com/vim/vim/commit/220474d239bfca0b36f7ca9cc9fdb9dab5dd384e
Author: Christian Brabandt <cb@256bit.org>
Date: Sat Jul 20 13:26:44 2024 +0200
patch 9.1.0608: Coverity warns about a few potential issues
Problem: Coverity warns about a few potential issues
Solution: Fix those issues (see details below)
1) Fix overflow warning in highlight.c
This happens because we are comparing int with long
and assign a potential long value to an int, which
could cause an overflow. So add some casts to ensure
the value fits into an int.
2) Fix Overflow warning in shift_line().
This happens because we are performing a division/modulo
operation of a long type by an int type and assign the result
to an int, which could then overflow. So before performing
the operation, trim the long to value to at most max int value,
so that it can't overflow.
3) Fix overflow warning in syn_list_cluster in syntax.c
This is essential the same issue as 1)
4) not checking the return value of vim_mkdir() in spellfile.c
Creating the spell directory could fail. Handle this case
and return early in this case.
5) qsort() may deref a NULL pointer when fuzzy match does not
return a result. Fix this by checking that the accessed growarray
fuzzy_indices actually contains data. If not we can silently skip
the qsort() and related logic.
closes: #15284
Signed-off-by: Christian Brabandt <cb@256bit.org>
author | Christian Brabandt <cb@256bit.org> |
---|---|
date | Sat, 20 Jul 2024 13:30:04 +0200 |
parents | 9faa0b5ef59e |
children | 2bf0b3709a32 |
files | src/highlight.c src/insexpand.c src/ops.c src/spellfile.c src/syntax.c src/version.c |
diffstat | 6 files changed, 30 insertions(+), 17 deletions(-) [+] |
line wrap: on
line diff
--- a/src/highlight.c +++ b/src/highlight.c @@ -3351,8 +3351,8 @@ syn_list_header( if (msg_col >= endcol) // output at least one space endcol = msg_col + 1; - if (Columns <= endcol) // avoid hang for tiny window - endcol = Columns - 1; + if (Columns <= (long)endcol) // avoid hang for tiny window + endcol = (int)(Columns - 1); msg_advance(endcol);
--- a/src/insexpand.c +++ b/src/insexpand.c @@ -3618,16 +3618,21 @@ get_next_filename_completion(void) } } - fuzzy_indices_data = (int *)fuzzy_indices.ga_data; - qsort(fuzzy_indices_data, fuzzy_indices.ga_len, sizeof(int), compare_scores); - - sorted_matches = (char_u **)alloc(sizeof(char_u *) * fuzzy_indices.ga_len); - for (i = 0; i < fuzzy_indices.ga_len; ++i) - sorted_matches[i] = vim_strsave(matches[fuzzy_indices_data[i]]); - - FreeWild(num_matches, matches); - matches = sorted_matches; - num_matches = fuzzy_indices.ga_len; + // prevent qsort from deref NULL pointer + if (fuzzy_indices.ga_len > 0) + { + fuzzy_indices_data = (int *)fuzzy_indices.ga_data; + qsort(fuzzy_indices_data, fuzzy_indices.ga_len, sizeof(int), compare_scores); + + sorted_matches = (char_u **)alloc(sizeof(char_u *) * fuzzy_indices.ga_len); + for (i = 0; i < fuzzy_indices.ga_len; ++i) + sorted_matches[i] = vim_strsave(matches[fuzzy_indices_data[i]]); + + FreeWild(num_matches, matches); + matches = sorted_matches; + num_matches = fuzzy_indices.ga_len; + } + vim_free(compl_fuzzy_scores); ga_clear(&fuzzy_indices); }
--- a/src/ops.c +++ b/src/ops.c @@ -240,8 +240,8 @@ shift_line( if (round) // round off indent { - i = count / sw_val; // number of 'shiftwidth' rounded down - j = count % sw_val; // extra spaces + i = trim_to_int(count) / sw_val; // number of 'shiftwidth' rounded down + j = trim_to_int(count) % sw_val; // extra spaces if (j && left) // first remove extra spaces --amount; if (left)
--- a/src/spellfile.c +++ b/src/spellfile.c @@ -6434,7 +6434,13 @@ init_spellfile(void) l = (int)STRLEN(buf); vim_snprintf((char *)buf + l, MAXPATHL - l, "/spell"); if (filewritable(buf) != 2) - vim_mkdir(buf, 0755); + { + if (vim_mkdir(buf, 0755) != 0) + { + vim_free(buf); + return; + } + } l = (int)STRLEN(buf); vim_snprintf((char *)buf + l, MAXPATHL - l,
--- a/src/syntax.c +++ b/src/syntax.c @@ -4084,8 +4084,8 @@ syn_list_cluster(int id) if (msg_col >= endcol) // output at least one space endcol = msg_col + 1; - if (Columns <= endcol) // avoid hang for tiny window - endcol = Columns - 1; + if (Columns <= (long)endcol) // avoid hang for tiny window + endcol = (int)(Columns - 1); msg_advance(endcol); if (SYN_CLSTR(curwin->w_s)[id].scl_list != NULL)