patch 9.1.0608: Coverity warns about a few potential issues

Problem:  Coverity warns about a few potential issues
Solution: Fix those issues (see details below)

1) Fix overflow warning in highlight.c
   This happens because we are comparing int with long
   and assign a potential long value to an int, which
   could cause an overflow. So add some casts to ensure
   the value fits into an int.

2) Fix Overflow warning in shift_line().
   This happens because we are performing a division/modulo
   operation of a long type by an int type and assign the result
   to an int, which could then overflow. So before performing
   the operation, trim the long to value to at most max int value,
   so that it can't overflow.

3) Fix overflow warning in syn_list_cluster in syntax.c
   This is essential the same issue as 1)

4) not checking the return value of vim_mkdir() in spellfile.c
   Creating the spell directory could fail. Handle this case
   and return early in this case.

5) qsort() may deref a NULL pointer when fuzzy match does not
   return a result. Fix this by checking that the accessed growarray
   fuzzy_indices actually contains  data. If not we can silently skip
   the qsort() and related logic.

closes: #15284

Signed-off-by: Christian Brabandt <cb@256bit.org>
This commit is contained in:
Christian Brabandt
2024-07-20 13:26:44 +02:00
parent 4aa6b52e82
commit 220474d239
6 changed files with 28 additions and 15 deletions

View File

@ -3351,8 +3351,8 @@ syn_list_header(
if (msg_col >= endcol) // output at least one space
endcol = msg_col + 1;
if (Columns <= endcol) // avoid hang for tiny window
endcol = Columns - 1;
if (Columns <= (long)endcol) // avoid hang for tiny window
endcol = (int)(Columns - 1);
msg_advance(endcol);

View File

@ -3618,16 +3618,21 @@ get_next_filename_completion(void)
}
}
fuzzy_indices_data = (int *)fuzzy_indices.ga_data;
qsort(fuzzy_indices_data, fuzzy_indices.ga_len, sizeof(int), compare_scores);
// prevent qsort from deref NULL pointer
if (fuzzy_indices.ga_len > 0)
{
fuzzy_indices_data = (int *)fuzzy_indices.ga_data;
qsort(fuzzy_indices_data, fuzzy_indices.ga_len, sizeof(int), compare_scores);
sorted_matches = (char_u **)alloc(sizeof(char_u *) * fuzzy_indices.ga_len);
for (i = 0; i < fuzzy_indices.ga_len; ++i)
sorted_matches[i] = vim_strsave(matches[fuzzy_indices_data[i]]);
sorted_matches = (char_u **)alloc(sizeof(char_u *) * fuzzy_indices.ga_len);
for (i = 0; i < fuzzy_indices.ga_len; ++i)
sorted_matches[i] = vim_strsave(matches[fuzzy_indices_data[i]]);
FreeWild(num_matches, matches);
matches = sorted_matches;
num_matches = fuzzy_indices.ga_len;
}
FreeWild(num_matches, matches);
matches = sorted_matches;
num_matches = fuzzy_indices.ga_len;
vim_free(compl_fuzzy_scores);
ga_clear(&fuzzy_indices);
}

View File

@ -240,8 +240,8 @@ shift_line(
if (round) // round off indent
{
i = count / sw_val; // number of 'shiftwidth' rounded down
j = count % sw_val; // extra spaces
i = trim_to_int(count) / sw_val; // number of 'shiftwidth' rounded down
j = trim_to_int(count) % sw_val; // extra spaces
if (j && left) // first remove extra spaces
--amount;
if (left)

View File

@ -6434,7 +6434,13 @@ init_spellfile(void)
l = (int)STRLEN(buf);
vim_snprintf((char *)buf + l, MAXPATHL - l, "/spell");
if (filewritable(buf) != 2)
vim_mkdir(buf, 0755);
{
if (vim_mkdir(buf, 0755) != 0)
{
vim_free(buf);
return;
}
}
l = (int)STRLEN(buf);
vim_snprintf((char *)buf + l, MAXPATHL - l,

View File

@ -4084,8 +4084,8 @@ syn_list_cluster(int id)
if (msg_col >= endcol) // output at least one space
endcol = msg_col + 1;
if (Columns <= endcol) // avoid hang for tiny window
endcol = Columns - 1;
if (Columns <= (long)endcol) // avoid hang for tiny window
endcol = (int)(Columns - 1);
msg_advance(endcol);
if (SYN_CLSTR(curwin->w_s)[id].scl_list != NULL)

View File

@ -704,6 +704,8 @@ static char *(features[]) =
static int included_patches[] =
{ /* Add new patch number below this line */
/**/
608,
/**/
607,
/**/