diff options
| author | Eliseo Martínez <eliseomarmol@gmail.com> | 2014-11-13 20:27:33 +0100 |
|---|---|---|
| committer | Eliseo Martínez <eliseomarmol@gmail.com> | 2014-11-15 12:49:18 +0100 |
| commit | 1adfb558f52f0d8b24140a992ec8e3368e481229 (patch) | |
| tree | ce3607ce504d26c7f5bb024b1da431670dea1d09 /src | |
| parent | 5f9cacbf326cacb8162f2a5b5fd7ca839f09ae52 (diff) | |
| download | rneovim-1adfb558f52f0d8b24140a992ec8e3368e481229.tar.gz rneovim-1adfb558f52f0d8b24140a992ec8e3368e481229.tar.bz2 rneovim-1adfb558f52f0d8b24140a992ec8e3368e481229.zip | |
Fix warnings: spell.c: getroom(): Np dereference: FP/RI.
Problem : Dereference of null pointer @ 6089.
Diagnostic : False positive / Real issue.
Rationale : From the code, it seems the intent is that len parameter
should never exceed SBLOCKSIZE. But the code checking for
that does in fact cause a null pointer dereference just
immediately after.
Resolution : State precondition in doc and assert it at entry.
Diffstat (limited to 'src')
| -rw-r--r-- | src/nvim/spell.c | 15 |
1 files changed, 8 insertions, 7 deletions
diff --git a/src/nvim/spell.c b/src/nvim/spell.c index c3059d6b0b..0e76fc4b92 100644 --- a/src/nvim/spell.c +++ b/src/nvim/spell.c @@ -304,6 +304,7 @@ #include "nvim/ex_cmds2.h" #include "nvim/ex_docmd.h" #include "nvim/fileio.h" +#include "nvim/func_attr.h" #include "nvim/getchar.h" #include "nvim/hashtab.h" #include "nvim/mbyte.h" @@ -6072,14 +6073,17 @@ static int spell_read_wordfile(spellinfo_T *spin, char_u *fname) /// track of them). /// The memory is cleared to all zeros. /// -/// @param len Length needed. +/// @param len Length needed (<= SBLOCKSIZE). /// @param align Align for pointer. -/// @return NULL when out of memory. +/// @return Pointer into block data. static void *getroom(spellinfo_T *spin, size_t len, bool align) + FUNC_ATTR_NONNULL_RET { char_u *p; sblock_T *bl = spin->si_blocks; + assert(len <= SBLOCKSIZE); + if (align && bl != NULL) // Round size up for alignment. On some systems structures need to be // aligned to the size of a pointer (e.g., SPARC). @@ -6087,11 +6091,8 @@ static void *getroom(spellinfo_T *spin, size_t len, bool align) & ~(sizeof(char *) - 1); if (bl == NULL || bl->sb_used + len > SBLOCKSIZE) { - if (len >= SBLOCKSIZE) - bl = NULL; - else - // Allocate a block of memory. It is not freed until much later. - bl = xcalloc(1, (sizeof(sblock_T) + SBLOCKSIZE)); + // Allocate a block of memory. It is not freed until much later. + bl = xcalloc(1, (sizeof(sblock_T) + SBLOCKSIZE)); bl->sb_next = spin->si_blocks; spin->si_blocks = bl; bl->sb_used = 0; |