From 0c541ab1f661f17aef317232483d1464ad13ef36 Mon Sep 17 00:00:00 2001 From: James McCoy Date: Wed, 19 Jan 2022 21:42:10 -0500 Subject: refactor(coverity/345582): assert fp is non-NULL Since we already have a typval, we know the lookup will succeed. --- src/nvim/api/private/converter.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/nvim/api/private/converter.c b/src/nvim/api/private/converter.c index e370c0d4d4..3d4ff202fe 100644 --- a/src/nvim/api/private/converter.c +++ b/src/nvim/api/private/converter.c @@ -233,6 +233,7 @@ Object vim_to_object(typval_T *obj) { if (obj->v_type == VAR_FUNC) { ufunc_T *fp = find_func(obj->vval.v_string); + assert(fp != NULL); if (fp->uf_cb == nlua_CFunction_func_call) { LuaRef ref = api_new_luaref(((LuaCFunctionState *)fp->uf_cb_state)->lua_callable.func_ref); return LUAREF_OBJ(ref); -- cgit From 8f241e535fe845814a195bc5811dac4869a26998 Mon Sep 17 00:00:00 2001 From: James McCoy Date: Wed, 19 Jan 2022 21:43:06 -0500 Subject: refactor(coverity/345583): assert fp is non-NULL Since we already have a typval, we know the lookup will succeed. --- src/nvim/lua/converter.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/nvim/lua/converter.c b/src/nvim/lua/converter.c index f9a2533d4e..0fbd56ed53 100644 --- a/src/nvim/lua/converter.c +++ b/src/nvim/lua/converter.c @@ -619,6 +619,7 @@ bool nlua_push_typval(lua_State *lstate, typval_T *const tv, bool special) } if (tv->v_type == VAR_FUNC) { ufunc_T *fp = find_func(tv->vval.v_string); + assert(fp != NULL); if (fp->uf_cb == nlua_CFunction_func_call) { nlua_pushref(lstate, ((LuaCFunctionState *)fp->uf_cb_state)->lua_callable.func_ref); return true; -- cgit From e850a929864508864ee52abcbac9579a6a2d2f28 Mon Sep 17 00:00:00 2001 From: James McCoy Date: Wed, 19 Jan 2022 21:53:49 -0500 Subject: fix(coverity/340720): error if nvim_eval_statusline given invalid winid --- src/nvim/api/vim.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/nvim/api/vim.c b/src/nvim/api/vim.c index 59db12f2c0..88a3577de3 100644 --- a/src/nvim/api/vim.c +++ b/src/nvim/api/vim.c @@ -2281,6 +2281,11 @@ Dictionary nvim_eval_statusline(String str, Dict(eval_statusline) *opts, Error * fillchar = ' '; } else { wp = find_window_by_handle(window, err); + + if (wp == NULL) { + api_set_error(err, kErrorTypeException, "unknown winid %d", window); + return result; + } ewp = wp; if (fillchar == 0) { -- cgit From d224957d30654dfa7fac7732b81f6a1b495a418b Mon Sep 17 00:00:00 2001 From: James McCoy Date: Wed, 19 Jan 2022 22:07:37 -0500 Subject: fix(coverity/188749): nullify pointer to fix use-after-free --- src/nvim/buffer.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/nvim/buffer.c b/src/nvim/buffer.c index abd22fba26..0248d42f58 100644 --- a/src/nvim/buffer.c +++ b/src/nvim/buffer.c @@ -4351,7 +4351,7 @@ int build_stl_str_hl(win_T *wp, char_u *out, size_t outlen, char_u *fmt, int use // Only free the string buffer if we allocated it. // Note: This is not needed if `str` is pointing at `tmp` if (opt == STL_VIM_EXPR) { - xfree(str); + XFREE_CLEAR(str); } if (num >= 0 || (!itemisflag && str && *str)) { -- cgit