diff options
| author | Christian Brabandt <cb@256bit.org> | 2024-07-20 13:26:44 +0200 |
|---|---|---|
| committer | Christian Brabandt <cb@256bit.org> | 2024-07-20 13:26:44 +0200 |
| commit | 220474d239bfca0b36f7ca9cc9fdb9dab5dd384e (patch) | |
| tree | e24475ed0c2ba2524ba7ad4bb2c5bde660818eb3 | |
| parent | 4aa6b52e82871fe3a607756de609b9c14feb4e04 (diff) | |
patch 9.1.0608: Coverity warns about a few potential issuesv9.1.0608
Problem: Coverity warns about a few potential issues
Solution: Fix those issues (see details below)
1) Fix overflow warning in highlight.c
This happens because we are comparing int with long
and assign a potential long value to an int, which
could cause an overflow. So add some casts to ensure
the value fits into an int.
2) Fix Overflow warning in shift_line().
This happens because we are performing a division/modulo
operation of a long type by an int type and assign the result
to an int, which could then overflow. So before performing
the operation, trim the long to value to at most max int value,
so that it can't overflow.
3) Fix overflow warning in syn_list_cluster in syntax.c
This is essential the same issue as 1)
4) not checking the return value of vim_mkdir() in spellfile.c
Creating the spell directory could fail. Handle this case
and return early in this case.
5) qsort() may deref a NULL pointer when fuzzy match does not
return a result. Fix this by checking that the accessed growarray
fuzzy_indices actually contains data. If not we can silently skip
the qsort() and related logic.
closes: #15284
Signed-off-by: Christian Brabandt <cb@256bit.org>
| -rw-r--r-- | src/highlight.c | 4 | ||||
| -rw-r--r-- | src/insexpand.c | 21 | ||||
| -rw-r--r-- | src/ops.c | 4 | ||||
| -rw-r--r-- | src/spellfile.c | 8 | ||||
| -rw-r--r-- | src/syntax.c | 4 | ||||
| -rw-r--r-- | src/version.c | 2 |
6 files changed, 28 insertions, 15 deletions
diff --git a/src/highlight.c b/src/highlight.c index a71a100dcd..d3ea2d2016 100644 --- a/src/highlight.c +++ b/src/highlight.c @@ -3351,8 +3351,8 @@ syn_list_header( if (msg_col >= endcol) // output at least one space endcol = msg_col + 1; - if (Columns <= endcol) // avoid hang for tiny window - endcol = Columns - 1; + if (Columns <= (long)endcol) // avoid hang for tiny window + endcol = (int)(Columns - 1); msg_advance(endcol); diff --git a/src/insexpand.c b/src/insexpand.c index 4ad1f41a64..2be63a58ef 100644 --- a/src/insexpand.c +++ b/src/insexpand.c @@ -3618,16 +3618,21 @@ get_next_filename_completion(void) } } - fuzzy_indices_data = (int *)fuzzy_indices.ga_data; - qsort(fuzzy_indices_data, fuzzy_indices.ga_len, sizeof(int), compare_scores); + // prevent qsort from deref NULL pointer + if (fuzzy_indices.ga_len > 0) + { + fuzzy_indices_data = (int *)fuzzy_indices.ga_data; + qsort(fuzzy_indices_data, fuzzy_indices.ga_len, sizeof(int), compare_scores); + + sorted_matches = (char_u **)alloc(sizeof(char_u *) * fuzzy_indices.ga_len); + for (i = 0; i < fuzzy_indices.ga_len; ++i) + sorted_matches[i] = vim_strsave(matches[fuzzy_indices_data[i]]); - sorted_matches = (char_u **)alloc(sizeof(char_u *) * fuzzy_indices.ga_len); - for (i = 0; i < fuzzy_indices.ga_len; ++i) - sorted_matches[i] = vim_strsave(matches[fuzzy_indices_data[i]]); + FreeWild(num_matches, matches); + matches = sorted_matches; + num_matches = fuzzy_indices.ga_len; + } - FreeWild(num_matches, matches); - matches = sorted_matches; - num_matches = fuzzy_indices.ga_len; vim_free(compl_fuzzy_scores); ga_clear(&fuzzy_indices); } @@ -240,8 +240,8 @@ shift_line( if (round) // round off indent { - i = count / sw_val; // number of 'shiftwidth' rounded down - j = count % sw_val; // extra spaces + i = trim_to_int(count) / sw_val; // number of 'shiftwidth' rounded down + j = trim_to_int(count) % sw_val; // extra spaces if (j && left) // first remove extra spaces --amount; if (left) diff --git a/src/spellfile.c b/src/spellfile.c index 51261abfb5..0b9536dc16 100644 --- a/src/spellfile.c +++ b/src/spellfile.c @@ -6434,7 +6434,13 @@ init_spellfile(void) l = (int)STRLEN(buf); vim_snprintf((char *)buf + l, MAXPATHL - l, "/spell"); if (filewritable(buf) != 2) - vim_mkdir(buf, 0755); + { + if (vim_mkdir(buf, 0755) != 0) + { + vim_free(buf); + return; + } + } l = (int)STRLEN(buf); vim_snprintf((char *)buf + l, MAXPATHL - l, diff --git a/src/syntax.c b/src/syntax.c index 48e7152011..02120529f3 100644 --- a/src/syntax.c +++ b/src/syntax.c @@ -4084,8 +4084,8 @@ syn_list_cluster(int id) if (msg_col >= endcol) // output at least one space endcol = msg_col + 1; - if (Columns <= endcol) // avoid hang for tiny window - endcol = Columns - 1; + if (Columns <= (long)endcol) // avoid hang for tiny window + endcol = (int)(Columns - 1); msg_advance(endcol); if (SYN_CLSTR(curwin->w_s)[id].scl_list != NULL) diff --git a/src/version.c b/src/version.c index e174c790a2..bd7457384b 100644 --- a/src/version.c +++ b/src/version.c @@ -705,6 +705,8 @@ static char *(features[]) = static int included_patches[] = { /* Add new patch number below this line */ /**/ + 608, +/**/ 607, /**/ 606, |