Merge #9472 from justinmk/pvs-warnings2

author: Justin M. Keyes <justinkz@gmail.com> 2019-01-10 08:56:38 +0100
committer: GitHub <noreply@github.com> 2019-01-10 08:56:38 +0100
commit: 6d8b5989bc84c0b54cb6804af0851cb3322234b2 (patch)
tree: 60e0d4b164ae981c1ed71a333c3fd0df8bee8e54 /src
parent: 57c7e1d4a0d7285d9de5b9035e91f546654268da (diff)
parent: fc4ca5bdd8c5a2b37b6efe34a9b32a1bd75c57af (diff)
download: rneovim-6d8b5989bc84c0b54cb6804af0851cb3322234b2.tar.gz
rneovim-6d8b5989bc84c0b54cb6804af0851cb3322234b2.tar.bz2
rneovim-6d8b5989bc84c0b54cb6804af0851cb3322234b2.zip
3 files changed, 53 insertions, 7 deletions
diff --git a/src/nvim/assert.h b/src/nvim/assert.h
index 761636305e..29195a49dc 100644
--- a/src/nvim/assert.h
+++ b/src/nvim/assert.h
@@ -121,4 +121,34 @@
     ((enum { ASSERT_CONCAT(assert_line_, __LINE__) = 1/(!!(e)) }) 0)
 #endif
 
+/// @def STRICT_ADD
+/// @brief Adds (a + b) and stores result in `c`.  Aborts on overflow.
+///
+/// Requires GCC 5+ and Clang 3.8+
+///   https://clang.llvm.org/docs/LanguageExtensions.html
+///   https://gcc.gnu.org/onlinedocs/gcc/Integer-Overflow-Builtins.html
+///
+/// Alternative for compilers without __builtin_xx_overflow ?
+///   https://stackoverflow.com/a/44830670/152142
+///
+/// @param MAX Maximum value of the narrowest type of operand.
+///            Not used if compiler supports __builtin_add_overflow.
+#if HAVE_BUILTIN_ADD_OVERFLOW
+# define STRICT_ADD(a, b, c, t) \
+  do { if (__builtin_add_overflow(a, b, c)) { abort(); } } while (0)
+#else
+# define STRICT_ADD(a, b, c, t) \
+  do { *(c) = (t)(a + b); } while (0)
+#endif
+
+/// @def STRICT_SUB
+/// @brief Subtracts (a - b) and stores result in `c`.  Aborts on overflow.
+#if HAVE_BUILTIN_ADD_OVERFLOW
+# define STRICT_SUB(a, b, c, t) \
+  do { if (__builtin_sub_overflow(a, b, c)) { abort(); } } while (0)
+#else
+# define STRICT_SUB(a, b, c, t) \
+  do { *(c) = (t)(a - b); } while (0)
+#endif
+
 #endif  // NVIM_ASSERT_H
diff --git a/src/nvim/cursor.c b/src/nvim/cursor.c
index ee1bc6cf31..409eb653a0 100644
--- a/src/nvim/cursor.c
+++ b/src/nvim/cursor.c
@@ -4,6 +4,7 @@
 #include <stdbool.h>
 #include <inttypes.h>
 
+#include "nvim/assert.h"
 #include "nvim/cursor.h"
 #include "nvim/charset.h"
 #include "nvim/fold.h"
@@ -170,7 +171,9 @@ static int coladvance2(
       if (line[idx] == NUL) {
         /* Append spaces */
         int correct = wcol - col;
-        char_u *newline = xmallocz((size_t)(idx + correct));
+        size_t newline_size;
+        STRICT_ADD(idx, correct, &newline_size, size_t);
+        char_u *newline = xmallocz(newline_size);
         memcpy(newline, line, (size_t)idx);
         memset(newline + idx, ' ', (size_t)correct);
 
@@ -187,14 +190,17 @@ static int coladvance2(
         if (-correct > csize)
           return FAIL;
 
-        newline = xmallocz((size_t)(linelen - 1 + csize));
+        size_t n;
+        STRICT_ADD(linelen - 1, csize, &n, size_t);
+        newline = xmallocz(n);
         // Copy first idx chars
         memcpy(newline, line, (size_t)idx);
         // Replace idx'th char with csize spaces
         memset(newline + idx, ' ', (size_t)csize);
         // Copy the rest of the line
-        memcpy(newline + idx + csize, line + idx + 1,
-               (size_t)(linelen - idx - 1));
+        STRICT_SUB(linelen, idx, &n, size_t);
+        STRICT_SUB(n, 1, &n, size_t);
+        memcpy(newline + idx + csize, line + idx + 1, n);
 
         ml_replace(pos->lnum, newline, false);
         changed_bytes(pos->lnum, idx);
diff --git a/src/nvim/indent.c b/src/nvim/indent.c
index 7c3f354c13..13534ac1a9 100644
--- a/src/nvim/indent.c
+++ b/src/nvim/indent.c
@@ -6,6 +6,7 @@
 #include <stdbool.h>
 
 #include "nvim/ascii.h"
+#include "nvim/assert.h"
 #include "nvim/indent.h"
 #include "nvim/eval.h"
 #include "nvim/charset.h"
@@ -204,7 +205,12 @@ int set_indent(int size, int flags)
   // after the if (!curbuf->b_p_et) below.
   if (orig_char_len != -1) {
     assert(orig_char_len + size - ind_done + line_len >= 0);
-    newline = xmalloc((size_t)(orig_char_len + size - ind_done + line_len));
+    size_t n;  // = orig_char_len + size - ind_done + line_len
+    size_t n2;
+    STRICT_ADD(orig_char_len, size, &n, size_t);
+    STRICT_ADD(ind_done, line_len, &n2, size_t);
+    STRICT_SUB(n, n2, &n, size_t);
+    newline = xmalloc(n);
     todo = size - ind_done;
 
     // Set total length of indent in characters, which may have been
@@ -226,7 +232,9 @@ int set_indent(int size, int flags)
   } else {
     todo = size;
     assert(ind_len + line_len >= 0);
-    newline = xmalloc((size_t)(ind_len + line_len));
+    size_t newline_size;
+    STRICT_ADD(ind_len, line_len, &newline_size, size_t);
+    newline = xmalloc(newline_size);
     s = newline;
   }
 
@@ -392,7 +400,9 @@ int copy_indent(int size, char_u *src)
       // and the rest of the line.
       line_len = (int)STRLEN(get_cursor_line_ptr()) + 1;
       assert(ind_len + line_len >= 0);
-      line = xmalloc((size_t)(ind_len + line_len));
+      size_t line_size;
+      STRICT_ADD(ind_len, line_len, &line_size, size_t);
+      line = xmalloc(line_size);
       p = line;
     }
   }
author	Justin M. Keyes <justinkz@gmail.com>	2019-01-10 08:56:38 +0100
committer	GitHub <noreply@github.com>	2019-01-10 08:56:38 +0100
commit	6d8b5989bc84c0b54cb6804af0851cb3322234b2 (patch)
tree	60e0d4b164ae981c1ed71a333c3fd0df8bee8e54 /src
parent	57c7e1d4a0d7285d9de5b9035e91f546654268da (diff)
parent	fc4ca5bdd8c5a2b37b6efe34a9b32a1bd75c57af (diff)
download	rneovim-6d8b5989bc84c0b54cb6804af0851cb3322234b2.tar.gz rneovim-6d8b5989bc84c0b54cb6804af0851cb3322234b2.tar.bz2 rneovim-6d8b5989bc84c0b54cb6804af0851cb3322234b2.zip