coverity/13777: String not null terminated: RI.

Problem    : String not null terminated @ 1543.
Diagnostic : Real issue.
Rationale  : We are reading a struct block0, which contains some string
             fields, from a file, without checking for string fields to
             be correctly terminated. That could cause a buffer overrun
             if file has somehow been garbled.
Resolution : Add string fields check for nul termination.
             Mark issue as intentional (there seems to be no way of
             teaching coverity about read_eintr being ok that way).

Helped-by: oni-link <knil.ino@gmail.com>

1 files changed, 12 insertions, 0 deletions

diff --git a/src/nvim/memline.c b/src/nvim/memline.c
index 5a577c6378..d6d7d3db1a 100644
--- a/src/nvim/memline.c
+++ b/src/nvim/memline.c
@@ -54,6 +54,7 @@
 #include "nvim/cursor.h"
 #include "nvim/eval.h"
 #include "nvim/fileio.h"
+#include "nvim/func_attr.h"
 #include "nvim/main.h"
 #include "nvim/mark.h"
 #include "nvim/mbyte.h"
@@ -630,6 +631,15 @@ static int ml_check_b0_id(ZERO_BL *b0p)
   return OK;
 }
 
+/// Return true if all strings in b0 are correct (nul-terminated).
+static bool ml_check_b0_strings(ZERO_BL *b0p) FUNC_ATTR_NONNULL_ALL
+{
+  return (memchr(b0p->b0_version, NUL, 10)
+          && memchr(b0p->b0_uname, NUL, B0_UNAME_SIZE)
+          && memchr(b0p->b0_hname, NUL, B0_HNAME_SIZE)
+          && memchr(b0p->b0_fname, NUL, B0_FNAME_SIZE_CRYPT));
+}
+
 /*
  * Update the timestamp or the B0_SAME_DIR flag of the .swp file.
  */
@@ -1522,6 +1532,8 @@ static time_t swapfile_info(char_u *fname)
         MSG_PUTS(_("         [from Vim version 3.0]"));
       } else if (ml_check_b0_id(&b0) == FAIL) {
         MSG_PUTS(_("         [does not look like a Vim swap file]"));
+      } else if (!ml_check_b0_strings(&b0)) {
+        MSG_PUTS(_("         [garbled strings (not nul terminated)]"));
       } else {
         MSG_PUTS(_("         file name: "));
         if (b0.b0_fname[0] == NUL)