| Commit message (Collapse) | Author | Age |
|---|
| ... | |
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Problem : Uninitialized argument value @ 2798.
Diagnostic : Real issue.
Rationale : Tags doesn't have to have a kind. When they have one, both
`tp.tagkind` and `tp.tagkind_end` are nonnull. But when
they don't, `tp.tagkind` will we null (but defined), while
`tp.tagkind_end` will be undefined.
Therefore, reported invocation is indeed using a garbage
value for a tag with no kind.
Problem doesn't have consequences because `add_tag_field()`
doesn't use `end` param if `start` param is null.
Resolution : Don't use `tp.tagkind_end` if `tp.tagkind` is null.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Problem : Dereference of null pointer @ 2399.
Diagnostic : Multithreading issue.
Rationale : Error can only occur if global `g_do_tagpreview` changes
while the function is executing.
Resolution : Use local copy of global var.
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Problems : Assigned value is garbage or undefined @ 2191.
Uninitialized argument value @ 2796.
Diagnostic : False positives.
Rationale : Both problems share the same cause.
Error happens in get_tags(), if parse_match() fails because
of parse_tag_line() failing before. Then, `tp` is not
correctly initialized and subsequent code accesses garbage
values.
This is not really possible, as parse_tag_line() should not
fail after find_tags() has been successful.
That is because find_tags() already does tag line parsing,
using parse_tag_line() itself for it (or a quicker
alternative that should produce same result). That's why
return value of parse_match() is ignored, and subsequent
code assumes it is successful.
Resolution : Assert parse_match() always successful.
|
| | |
|
| |
|
|
|
| |
When a job fails to start, it will already call the exit_cb which takes care of
freeing the channel.
|
| | |
|
| |
|
|
|
| |
Replace references to provider_call/provider_has with the new functions
eval_call_provider/eval_has_provider.
|
| |
|
|
|
|
|
|
|
|
|
| |
These use autoloaded vimscript to replace the provider_call/provider_has
functions, moving the implementation of providers to pure vimscript(we lose
nothing since vimscript can also call msgpack-rpc functions).
When calling the rpcrequest function from a provider, temporarily switch to the
caller scope. This is required for compatibility with legacy plugins, because
they may depend on scope information that changes when "leaving" the C stack to
enter the vimscript stack.
|
| | |
|
| |\
| |
| |
| |
| | |
oni-link/fix.mch_print_begin.memory.leak.stackversion
coverity/13765,13766,13767,13768: Fix memory leaks in hardcopy.c
|
| | |
| |
| |
| |
| |
| |
| |
| | |
The function mch_print_begin() returns early in case of an
error, but without freeing allocated memory.
To fix this, use stack allocation instead of heap allocation
for the variables res_prolog, res_encoding, res_cidfont and
res_cmap.
|
| | |
| |
| |
| |
| | |
- Use C99 style comments everywhere
- Fix incorrect references to return values
|
| |/
|
|
|
|
| |
- Converted some functions to return bools, and changed their respective
comments to reflect that.
- Minor fixes to a few comments
|
| |\
| |
| | |
jobstart: Check prg arguments for NULL.
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Problem : Dead assignment @ 1037.
Diagnostic : Harmless issue.
Rationale : `tab_corr` is in effect unused after signaled point.
Previous code using it after that point was removed at
24ebb018e28187c61900b1616e4f79fec9d70878.
Resolution : Remove dead assignment. As only one usage remains, remove
variable and inline the only usage.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Problem : Use-after-free @ 2686.
Diagnostic : False positive.
Rationale : Suggested error path is taking false branch
`uhp->uh_next.ptr != NULL` @ 2506, which cannot happen when
`uhp == buf->b_u_oldhead`.
Resolution : Assert `buf->b_u_oldhead` is changed after freeing old one.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Problem : Double free @ 5213.
Diagnostic : False positive.
Rationale : Suggested error path contains two consecutive invocations
of `ends_excmd(*p)` having different results, which is not
possible. First invocation is before the while loop. Second
invocation is the while loop condition itsef.
Resolution : Refactor while loop into do-while loop. That removes the
impossible path from analysis, and, in addition, is a bit
more efficient.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Problem : Uninitialized argument value @ 2863.
Diagnostic : Multithreading issue.
Rationale : Error can only occur if global `syn_time_on` is changed
while the function is executing.
Resolution : Use local copy of gloval var.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Problem : Assigned value is garbage or undefined @ 12526.
Diagnostic : Multithreading issue.
Rationale : Error only occurs if global has_mbyte is modified while
function is executing.
Resolution : Use local copy of global.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Problem : Dereference of null pointer @ 6089.
Diagnostic : False positive / Real issue.
Rationale : From the code, it seems the intent is that len parameter
should never exceed SBLOCKSIZE. But the code checking for
that does in fact cause a null pointer dereference just
immediately after.
Resolution : State precondition in doc and assert it at entry.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Problem : Result of operation is garbage or undefined @ 5809.
Diagnostic : Real issue.
Rationale : When copying flags, first access to
`use_pfxlist[use_pfxlen]` was garbage if
`spin->si_compflags` was null.
Resolution : Make sure `use_pfxlist[use_pfxlen]` always has a value (NUL
if `spin->si_compflags` is NULL).
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Problem : Uninitialized argument value @ 4469.
Diagnostic : Real issue.
Rationale : Happens when a line contains a spell info item (NAME, HOME,
VERSION, AUTHOR, EMAIL, COPYRIGHT), which expect a second
item, but then the second item is not present.
Resolution : Add guard (item count > 1) to failing branch.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Problem : Result of operation is garbage or undefined @ 2238.
Diagnostic : Real issue.
Rationale : Problem occurs when searching forward starting on an empty
line. This is, at 2127:
```
p = buf + skip;
endp = buf + len;
while (p < endp) {
```
when skip == 0, len == 0, implying p == endp and therefore
not entering the loop.
Under those conditions, comparison
```
if (attr == HLF_COUNT)
```
at line 2242 is really using a garbage value for `attr`.
Most of the time the error doesn't produce visible problems
as it only affects when dealing with wrapped words.
Resolution : Initialize `attr` at declaration to `HLF_COUNT`, which is
used in the code when no bad word found yet.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Problem : Argument with 'nonnull' attribute passed null @ 2118.
Diagnostic : False positive.
Rationale : Error happens when `if (buflen < len + MAXWLEN + 2) {` is
not entered on the first iteration, which cannot happen
because buflen is 0 on the first iteration, so the
condition should always hold.
Resolution : Assert existence of buffer with appropiate length after
conditional (which prevents previous error path).
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Problem : Dead assignment @ 1602.
Diagnostic : Harmless issue.
Rationale : Code using this assignment (line 1666) was disabled. Vim's
tip at Wed Nov 12 13:07:54 2014 +0100 (changeset
6352:2f7bf5f90f57) hasn't changed this yet.
Resolution : Disable assignment. Directive processors are used for that
in order to match the way the other code was disabled.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Problem : Dereference of null pointer @ 4395.
Diagnostic : Multithreading issue.
Rationale : Problem occurs only if global g_do_tagpreview changed while
funcion is executing.
Resolution : Use local copy of global var.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Problem : Dead assignment @ 1554.
Diagnostic : Harmless issue.
Rationale : `result` is used when analyzing if a bracketed expresion
`[<whatever>]` can be condensed into a character class. Not
used for anything else anywhere. So, it's safe to remove.
Resolution : Remove dead assingment and move declaration of `result` to
the scope where it's used.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Problem : Dereference of null pointer @ 921.
Diagnostic : False positive.
Rationale : If `qi->qf_lists[qi->qf_curlist].qf_count == 0` doesn't
hold, we should be calling function with nonnull `*prevp`.
Resolution : Assert nonnull.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Problem : Dead assignment @ 2566.
Diagnostic : Harmless issue.
Rationale : `nextchar` is used as a lookahead buffer for the character
next to the currently examined token. Sometimes it also
saves that char while original string is modified (original
position of nextchar is nullified for the string to
terminate there). In summary, it's an auxiliary variable
with no particular complex meaning. Safe to remove if not
used.
Resolution : Remove dead assignment.
|
| | |
| |
| |
| |
| |
| |
| | |
Problem: Title of quickfist list is not kept for setqflist(list, 'r').
Solution: Keep the title. Add a test. (Lcd)
https://code.google.com/p/vim/source/detail?r=v7-4-378
|
| | |
| |
| |
| |
| |
| |
| | |
Problem: New and old regexp engine are not consistent.
Solution: Also give an error for "\ze*" for the old regexp engine.
https://code.google.com/p/vim/source/detail?r=v7-4-437
|
| | |
| |
| |
| |
| |
| |
| | |
Problem: Crash when searching for "\ze*". (Urtica Dioica)
Solution: Disallow a multi after \ze and \zs.
https://code.google.com/p/vim/source/detail?r=v7-4-421
|
| |\ \
| | |
| | | |
vim-patch:7.4.416 + vim-patch:7.4.417
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Problem: After splitting a window and setting 'breakindent' the default
minimum with is not respected.
Solution: Call briopt_check() when copying options to a new window.
https://code.google.com/p/vim/source/detail?r=v7-4-417
|
| | |/
| |
| |
| |
| |
| |
| | |
Problem: Problem with breakindent/showbreak and tabs.
Solution: Handle tabs differently. (Christian Brabandt)
https://code.google.com/p/vim/source/detail?name=v7-4-416
|
| | | |
|
| |\ \
| |/
|/| |
vim-patch:7.4.419
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Problem: Whan part of a list is locked it's possible to make changes.
Solution: Check if any of the list items is locked before make a change.
(ZyX)
https://code.google.com/p/vim/source/detail?r=v7-4-419
|
| |\ \
| | |
| | | |
vim-patch:7.4.414 + vim-patch:7.4.415
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
Problem: Cannot build. Warning for shadowed variable. (John Little)
Solution: Add missing change. Remove declaration.
https://code.google.com/p/vim/source/detail?name=v7-4-414&r=20dbceb6f4713ccd01be45dc531abc269fbb7579
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Problem: Cannot define a command only when it's used.
Solution: Add the CmdUndefined autocommand event. (partly by Yasuhiro
Matsumoto)
https://code.google.com/p/vim/source/detail?r=v7-4-414
|
| | |/ |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Return bool from checkclearop, checkclearopq, add_to_showcmd,
find_decl, nv_screengo, get_visual_text, and unadjust_for_sel as these
functions all return either TRUE or FALSE or OK or FAIL, but not MAYBE.
Change to arguments toplevel of normal_cmd, check of
do_check_scrollbind, and locally and thisblock of finddecl, to bools as
they represent predicates.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
In do_pending_operator(), nv_zet(), nv_indent(), nv_g_cmd(), and more,
replace integer flags with bools when appropriate.
However, do keep the TRUEs and FALSEs of nv_cmds[].cmd_arg. It may store
values other than TRUE or FALSE, so it seems to make sense to use
integral constants.
|
| | |
| |
| |
| |
| | |
Change the signature of get_mouse_button() for consistency, and because
only do_mouse() uses it.
|
| | |
| |
| |
| | |
Change signature of set_vcount_ca for consistency.
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Several opart_T members like use_reg_one, end_adjusted, empty,
is_VIsual, and block_mode, only ever store TRUE or FALSE, so make this
constraint explicit by changing them to bools, and TRUE to true and
FALSE to false in the context of their uses.
The member, inclusive, has several other uses such as in arithmetic
equations and one inequality, but every single assignment (obtained with
'grep -r "inclusive \\="') sets it to either TRUE or FALSE.
This also implies that the inequality, "oap->end.coladd <
oap->inclusive", can only be true when coladd==0 and inclusive==true, so
test for that instead.
For consistency, change the first argument of findpar (which ends up
being inclusive) to bool.
Include stdbool.h for consistency with issue #918.
This commit shrinks the size of oparg_T from 128 bytes to 112 (-13%) on
my machine.
|
| |\
| |
| | |
Move many includes down to the EXITFREE block.
|
