rneovim.git - Neovim fork with Rahm's personal hacks.

	Commit message (Collapse)	Author	Age
...
* \|	legacy tests: migrate test26	Rainer Borene	2014-11-20
\| \|
* \|	legacy tests: migrate test101	Rainer Borene	2014-11-20
\| \|
* \|	legacy tests: migrate test75	Rainer Borene	2014-11-20
\| \|
* \|	legacy tests: migrate test51	Rainer Borene	2014-11-20
\| \|
* \|	legacy tests: migrate test43	Rainer Borene	2014-11-20
\| \|
* \|	legacy tests: migrate test33	Rainer Borene	2014-11-20
\| \|
* \|	legacy tests: migrate test67	Rainer Borene	2014-11-20
\| \|
* \|	legacy tests: migrate test66	Rainer Borene	2014-11-20
\| \|
* \|	legacy tests: migrate test25	Rainer Borene	2014-11-20
\| \|
* \|	legacy tests: migrate test104	Rainer Borene	2014-11-20
\| \|
* \|	legacy tests: remove test21 files	Rainer Borene	2014-11-20
\| \|
* \|	legacy tests: migrate test5	Rainer Borene	2014-11-20
\| \|
* \|	Wconversion: Fix warnings in digraph.c.	Florian Walch	2014-11-19
\| \|
* \|	Wconversion: Fix warnings in cursor_shape.c.	Florian Walch	2014-11-19
\| \|
* \|	CMake: Set -Wconversion by default.	Florian Walch	2014-11-19
\| \|
* \|	Fix warnings: eval.c: f_rpcrequest(): Garbage value: MI.	Eliseo Martínez	2014-11-18
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Problem : Assigned value is garbage or undefined @ 12578. Diagnostic : Multithreading issue. Rationale : Error can only occur if global `provider_call_nesting` is changed while function is executing. Resolution : Use local copy of global.
* \|	Fix warnings: screen.c: screenalloc(): Np arg (2): MI.	Eliseo Martínez	2014-11-18
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Problems : Null pointer argument in call to memory copy function @ 6465. Null pointer argument in call to memory copy function @ 6475. Diagnostic : Multithreading issues. Rationale : Problem occurs if globals `enc_utf8` and `enc_dbcs` are modified while function is executing. Resolution : Use local copy of globals.
* \|	Fix warnings: eval.c: do_return(): Np dereference: FP.	Eliseo Martínez	2014-11-18
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Problem : Dereference of null pointer @ 18841. Diagnostic : False positive. Rationale : Suggested error path takes `reanimate` branch at 18827, assigning `rettv = current_funccal->rettv`. Then, inmediately after, it supposes rettv is null, which cannot happen, since current_funccal->rettv should always be non null. Resolution : Assert current_funccal->rettv non null.
* \|	Fix warnings: eval.c: add_nr_var(): Out of bounds: FP.	Eliseo Martínez	2014-11-18
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Problem : Out-of-bound array access @ 18737. Diagnostic : False positive. Rationale : Situation is intentional. `dictitem_T` is a prefix all dict items whill share, but actual size of each item will be different depending on its key length. `di_key` array field is declared of size 1 just to have a field name, but real size will vary for each item. Resolution : Make analyzer ignore it. This could be refactored to use C99-allowed variable length arrays, but eval.c is bound to dissappear, so no effort is done in that sense.
* \|	Fix warnings: eval.c: call_user_func(): Out of bounds: FP.	Eliseo Martínez	2014-11-18
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Problem : Out-of-bound array access @ 18429. Diagnostic : False positive. Rationale : Situation is intentional. `dictitem_T` is a prefix all dict items whill share, but actual size of each item will be different depending on its key length. `di_key` array field is declared of size 1 just to have a field name, but real size will vary for each item. Resolution : Make analyzer ignore it. This could be refactored to use C99-allowed variable length arrays, but eval.c is bound to dissappear, so no effort is done in that sense.
* \|	Fix warnings: eval.c: get_user_func_name(): Np dereference: FP.	Eliseo Martínez	2014-11-18
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Problem : Dereference of null pointer @ 18216. Diagnostic : False positive. Rationale : `hi` and `done` are static. Intended usage is for the first call to have idx == 0, so that they are initialized. Resolution : Assert hi after (optional) initialization.
* \|	Fix warnings: eval.c: clear_tv(): Bad free: RI.	Eliseo Martínez	2014-11-18
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Problem : Bad free @ 16076. Diagnostic : Real issue. Rationale : A non-allocated string is set at 4127, which later on can be tried to be freed if aborting. Resolution : Detect particular case (func with empty name) and don't free in that case. Another solution (use allocated string) was tried before, but it produced a leak difficult to solve. Finally applied solution works, but it produces a new false positive warning (Np dereference at 13763), deactivated by `assert(ptrs[i].item->li_next)`.
* \|	Fix warnings: eval.c: item_compare(): Garbage value: MI.	Eliseo Martínez	2014-11-18
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Problem : Result of operation is garbage or undefined @ 13565. Diagnostic : Multithreading issue. Rationale : Problem occurs only if global (static) variable `item_compare_keep_zero` changes after being used by `do_sort_uniq` but before being used by `item_compare` or `item_compare2`. Resolution : This is not an intra-function problem, as other MI's before, but rather an inter-function one. Thus, it can't be solved by using local copy of global. Therefore, we are forced to do a bit refactoring. We can't simply add a bool param to item_compare/item_compare2, as they couldn't be passed to qsort() that way. So, item_compare/item_compare2 are added a bool param and curried versions of them are added and used in their place.
* \|	Fix warnings: eval.c: dictitem_alloc(): Out-of-bounds access: FP.	Eliseo Martínez	2014-11-18
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Problem : Out-of-bound array access @ 5737. Diagnostic : False positive. Rationale : Situation is intentional. `dictitem_T` is a prefix all dict items whill share, but actual size of each item will be different depending on its key length. `di_key` array field is declared of size 1 just to have a field name, but real size will vary for each item. Resolution : Make analyzer ignore it. This could be refactored to use C99-allowed variable length arrays, but eval.c is bound to dissappear, so no effort is done in that sense.
* \|	Fix warnings: eval.c: set_var_lval(): Np dereference: FP.	Eliseo Martínez	2014-11-18
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Problem : Dereference of null pointer @ 2273. Diagnostic : False positive. Rationale : Suggested error would happen when assigning an rvalue with more items than the lvalue. Then we would enter conditional at: ``` if (lp->ll_li->li_next == NULL) { /* Need to add an empty item. */ list_append_number(lp->ll_list, 0); } lp->ll_li = lp->ll_li->li_next; ``` Analyzer thinks the value assigned to lp->ll_li is still NULL and is hit on the next iteration. Resolution : Assert lp->ll_li->li_next is not null anymore after list_append_number().
* \|	Fix warnings: window.c: tabline_height(): Np dereference: FP.	Eliseo Martínez	2014-11-18
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Problem : Dereference of null pointer @ 4978. Diagnostic : False positive. Rationale : tabline_height() shouldn't be called when a tab doesn't exist yet (this is, before initialization). Resolution : Assert function precondition.
* \|	Fix warnings: window.c: win_drag_vsep_line(): Np dereference: FP.	Eliseo Martínez	2014-11-18
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Problem : Dereference of null pointer @ 4512. Diagnostic : False positive. Rationale : Suggested error path implies `fr == NULL` after 4504. That's not possible, because: - curfr and curfr->next must be both nonnull, as we are dragging the divider between the two. - after conditional, fr is one of those two (the one that grows). Resolution : Assert fr.
* \|	Fix warnings: window.c: winframe_remove(): Np dereference: FP.	Eliseo Martínez	2014-11-18
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Problem : Dereference of null pointer @ 2196. Diagnostic : False positive. Rationale : Suggested error path implies `frp->child == NULL` while being under condition `frp2->fr_layout == frp->fr_layout`, which is impossible: - If frp2 is frp's parent, then frp2's layout is FR_COL or FR_ROW; - if frp->child is NULL, the frp's layout is FR_LEAF. - Therefore, they can't be equal. Resolution : Assert frp->child not null.
* \|	Fix warnings: window.c: win_rotate(): Np dereference: FP.	Eliseo Martínez	2014-11-18
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Problem : Dereference of null pointer @ 1268. Diagnostic : False positive. Rationale : Suggested error path implies current window's frame to be the only child of its parent, which is ruled out by `if (firstwin == lastwin) {` check at the beginning. Resolution : Assert another child remains after removing current frame. Strictly, assert is only needed in false branch of conditional, but we add it the same in the true branch to reduce reader surprise. Several forms of a single assert after `if (firstwin == lastwin) {` were tried, but analyzer cannot follow implications that way.
* \|	Fix warnings: tag.c: get_tags(): Uninitialized arg: RI.	Eliseo Martínez	2014-11-18
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Problem : Uninitialized argument value @ 2798. Diagnostic : Real issue. Rationale : Tags doesn't have to have a kind. When they have one, both `tp.tagkind` and `tp.tagkind_end` are nonnull. But when they don't, `tp.tagkind` will we null (but defined), while `tp.tagkind_end` will be undefined. Therefore, reported invocation is indeed using a garbage value for a tag with no kind. Problem doesn't have consequences because `add_tag_field()` doesn't use `end` param if `start` param is null. Resolution : Don't use `tp.tagkind_end` if `tp.tagkind` is null.
* \|	Fix warnings: tag.c: jumpto_tag(): Np dereference: MI.	Eliseo Martínez	2014-11-18
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Problem : Dereference of null pointer @ 2399. Diagnostic : Multithreading issue. Rationale : Error can only occur if global `g_do_tagpreview` changes while the function is executing. Resolution : Use local copy of global var.
* \|	Fix warnings: tag.c: test_for_static()/get_tags(): Various (2): FP.	Eliseo Martínez	2014-11-18
\|/ \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Problems : Assigned value is garbage or undefined @ 2191. Uninitialized argument value @ 2796. Diagnostic : False positives. Rationale : Both problems share the same cause. Error happens in get_tags(), if parse_match() fails because of parse_tag_line() failing before. Then, `tp` is not correctly initialized and subsequent code accesses garbage values. This is not really possible, as parse_tag_line() should not fail after find_tags() has been successful. That is because find_tags() already does tag line parsing, using parse_tag_line() itself for it (or a quicker alternative that should produce same result). That's why return value of parse_match() is ignored, and subsequent code assumes it is successful. Resolution : Assert parse_match() always successful.
*	channel: Improve error reporting for invalid responses	Thiago de Arruda	2014-11-18
\|
*	channel: Remove invalid free_channel call	Thiago de Arruda	2014-11-18
\| \| \| \| \|	When a job fails to start, it will already call the exit_cb which takes care of freeing the channel.
*	Remove os/provider.{c,h} and all of its references	Thiago de Arruda	2014-11-18
\|
*	eval/ex_cmds2/ops: Implement providers with eval_call_provider	Thiago de Arruda	2014-11-18
\| \| \| \| \|	Replace references to provider_call/provider_has with the new functions eval_call_provider/eval_has_provider.
*	eval: Add eval_call_provider/eval_has_provider functions	Thiago de Arruda	2014-11-18
\| \| \| \| \| \| \| \| \| \| \|	These use autoloaded vimscript to replace the provider_call/provider_has functions, moving the implementation of providers to pure vimscript(we lose nothing since vimscript can also call msgpack-rpc functions). When calling the rpcrequest function from a provider, temporarily switch to the caller scope. This is required for compatibility with legacy plugins, because they may depend on scope information that changes when "leaving" the C stack to enter the vimscript stack.
*	doc: Remove MS-DOS specific options bioskey and conskey #1353	Fredrik Fornwall	2014-11-17
\|
*	Merge pull request #1483 from ↵	Justin M. Keyes	2014-11-16
\|\ \| \| \| \| \| \| \| \|	oni-link/fix.mch_print_begin.memory.leak.stackversion coverity/13765,13766,13767,13768: Fix memory leaks in hardcopy.c
\| *	coverity/13765,13766,13767,13768: Fix memory leaks in hardcopy.c	oni-link	2014-11-16
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	The function mch_print_begin() returns early in case of an error, but without freeing allocated memory. To fix this, use stack allocation instead of heap allocation for the variables res_prolog, res_encoding, res_cidfont and res_cmap.
* \|	arabic.c: Comment fixes	Michael Reed	2014-11-15
\| \| \| \| \| \| \| \| \| \|	- Use C99 style comments everywhere - Fix incorrect references to return values
* \|	farsi.c: Misc. fixes	Michael Reed	2014-11-15
\|/ \| \| \| \| \|	- Converted some functions to return bools, and changed their respective comments to reflect that. - Minor fixes to a few comments
*	Merge pull request #1471 from splinterofchaos/fix-jobstart	Justin M. Keyes	2014-11-15
\|\ \| \| \| \|	jobstart: Check prg arguments for NULL.
\| *	jobstart: Check prg arguments for NULL.	Scott Prager	2014-11-13
\| \|
* \|	Fix warnings: charset.c: win_lbr_chartabsize(): Dead assignment: HI.	Eliseo Martínez	2014-11-15
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Problem : Dead assignment @ 1037. Diagnostic : Harmless issue. Rationale : `tab_corr` is in effect unused after signaled point. Previous code using it after that point was removed at 24ebb018e28187c61900b1616e4f79fec9d70878. Resolution : Remove dead assignment. As only one usage remains, remove variable and inline the only usage.
* \|	Fix warnings: undo.c: u_blockfree(): Use after free: FP.	Eliseo Martínez	2014-11-15
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Problem : Use-after-free @ 2686. Diagnostic : False positive. Rationale : Suggested error path is taking false branch `uhp->uh_next.ptr != NULL` @ 2506, which cannot happen when `uhp == buf->b_u_oldhead`. Resolution : Assert `buf->b_u_oldhead` is changed after freeing old one.
* \|	Fix warnings: syntax.c: get_id_list(): Double free: FP.	Eliseo Martínez	2014-11-15
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Problem : Double free @ 5213. Diagnostic : False positive. Rationale : Suggested error path contains two consecutive invocations of `ends_excmd(*p)` having different results, which is not possible. First invocation is before the while loop. Second invocation is the while loop condition itsef. Resolution : Refactor while loop into do-while loop. That removes the impossible path from analysis, and, in addition, is a bit more efficient.
* \|	Fix warnings: syntax.c: syn_regexec(): Uninitialized arg: MI.	Eliseo Martínez	2014-11-15
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Problem : Uninitialized argument value @ 2863. Diagnostic : Multithreading issue. Rationale : Error can only occur if global `syn_time_on` is changed while the function is executing. Resolution : Use local copy of gloval var.
* \|	Fix warnings: spell.c: spell_edit_score(): Garbage value: MI.	Eliseo Martínez	2014-11-15
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Problem : Assigned value is garbage or undefined @ 12526. Diagnostic : Multithreading issue. Rationale : Error only occurs if global has_mbyte is modified while function is executing. Resolution : Use local copy of global.
* \|	Fix warnings: spell.c: getroom(): Np dereference: FP/RI.	Eliseo Martínez	2014-11-15
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Problem : Dereference of null pointer @ 6089. Diagnostic : False positive / Real issue. Rationale : From the code, it seems the intent is that len parameter should never exceed SBLOCKSIZE. But the code checking for that does in fact cause a null pointer dereference just immediately after. Resolution : State precondition in doc and assert it at entry.