coverity/13762: Out-of-bounds read: RI.

Problem    : Out-of-bounds read @ 2213.
Diagnostic : Real issue.
Rationale  : Error occurs if cmap == ARRAY_SIZE(prt_ps_mbfonts),
             but code takes the `if (prt_out_mbyte)` branch. That's it,
             if a matching encoding is found but not a matching charset.
             In that case, the first matching encoding is used.
Resolution : Remember the value of cmap for the first matching encoding.
             Reset cmap to that value if first matching encoding is
             going to be used.

1 files changed, 11 insertions, 5 deletions

diff --git a/src/nvim/hardcopy.c b/src/nvim/hardcopy.c
index fb04f4407c..c01f763d20 100644
--- a/src/nvim/hardcopy.c
+++ b/src/nvim/hardcopy.c
@@ -2122,19 +2122,25 @@ int mch_print_init(prt_settings_T *psettings, char_u *jobname, int forceit)
   props = enc_canon_props(p_encoding);
   if (!(props & ENC_8BIT) && ((*p_pmcs != NUL) || !(props & ENC_UNICODE))) {
     p_mbenc_first = NULL;
+    int effective_cmap;
     for (cmap = 0; cmap < (int)ARRAY_SIZE(prt_ps_mbfonts); cmap++)
       if (prt_match_encoding((char *)p_encoding, &prt_ps_mbfonts[cmap],
-              &p_mbenc)) {
-        if (p_mbenc_first == NULL)
+                             &p_mbenc)) {
+        if (p_mbenc_first == NULL) {
           p_mbenc_first = p_mbenc;
-        if (prt_match_charset((char *)p_pmcs, &prt_ps_mbfonts[cmap],
-                &p_mbchar))
+          effective_cmap = cmap;
+        }
+        if (prt_match_charset((char *)p_pmcs, &prt_ps_mbfonts[cmap], &p_mbchar))
           break;
       }
 
     /* Use first encoding matched if no charset matched */
-    if (p_mbchar == NULL && p_mbenc_first != NULL)
+    if (p_mbchar == NULL && p_mbenc_first != NULL) {
       p_mbenc = p_mbenc_first;
+      cmap = effective_cmap;
+    }
+
+    assert(p_mbenc == NULL || cmap < (int)ARRAY_SIZE(prt_ps_mbfonts));
   }
 
   prt_out_mbyte = (p_mbenc != NULL);