From 0f029454ad086c670e674e6a610f3cf91fe27ecf Mon Sep 17 00:00:00 2001
From: Eliseo Martínez <eliseomarmol@gmail.com>
Date: Wed, 31 Dec 2014 20:08:18 +0100
Subject: coverity/13758: Out-of-bounds read: FP.

Problem    : Out-of-bounds read from a buffer.
Diagnostic : False positive.
Rationale  : Suggested error path implies isupper(*str) being true,
             which makes error vanish. Coverity just fails to take into
             account isupper() postcondition.
Resolution : Assert isupper() postcondition.
---
 src/nvim/mark.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/nvim/mark.c b/src/nvim/mark.c
index 4ded438f52..47c0c1be80 100644
--- a/src/nvim/mark.c
+++ b/src/nvim/mark.c
@@ -1219,8 +1219,10 @@ int read_viminfo_filemark(vir_T *virp, int force)
       }
     } else if (VIM_ISDIGIT(*str))
       fm = &namedfm[*str - '0' + NMARKS];
-    else
+    else {  // is uppercase
+      assert(*str >= 'A' && *str <= 'Z');
       fm = &namedfm[*str - 'A'];
+    }
     if (fm != NULL && (fm->fmark.mark.lnum == 0 || force)) {
       str = skipwhite(str + 1);
       fm->fmark.mark.lnum = getdigits(&str);
-- 
cgit 


From d96e1c1ec34cd57f860c677b7dd16ec92862225a Mon Sep 17 00:00:00 2001
From: Eliseo Martínez <eliseomarmol@gmail.com>
Date: Thu, 8 Jan 2015 20:14:22 +0100
Subject: coverity/13761: Out-of-bounds-write: FP.

Problem    : Out-of-bounds-write to a buffer.
Diagnostic : False positive.
Diagnostic : Suggested error location is under isupper(c) condition,
             which makes suggested error impossible. Coverity just fails
             to take isupper() postcondition into account.
Resolution : Assert isupper() postcondition.
---
 src/nvim/mark.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/nvim/mark.c b/src/nvim/mark.c
index 47c0c1be80..ef9f0ca408 100644
--- a/src/nvim/mark.c
+++ b/src/nvim/mark.c
@@ -127,6 +127,7 @@ int setmark_pos(int c, pos_T *pos, int fnum)
     return OK;
   }
   if (isupper(c)) {
+    assert(c >= 'A' && c <= 'Z');
     i = c - 'A';
     namedfm[i].fmark.mark = *pos;
     namedfm[i].fmark.fnum = fnum;
-- 
cgit 


From aeb68bbb074ec20b51908f50f876d340d2dca020 Mon Sep 17 00:00:00 2001
From: Eliseo Martínez <eliseomarmol@gmail.com>
Date: Thu, 8 Jan 2015 20:43:00 +0100
Subject: coverity/13763: Out-of-bounds read: FP.

Problem    : Out-of-bound read from a buffer.
Diagnostic : False positive.
Rationale  : nv_max_linear should always be less than nv_cmd_idx size
             (NV_CMDS_SIZE).
Resolution : Assert rationale.
---
 src/nvim/normal.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/nvim/normal.c b/src/nvim/normal.c
index e1dc2b93d9..e1aed23e8c 100644
--- a/src/nvim/normal.c
+++ b/src/nvim/normal.c
@@ -11,6 +11,7 @@
  *		the operators.
  */
 
+#include <assert.h>
 #include <errno.h>
 #include <inttypes.h>
 #include <string.h>
@@ -388,6 +389,7 @@ static int find_command(int cmdchar)
 
   /* If the character is in the first part: The character is the index into
    * nv_cmd_idx[]. */
+  assert(nv_max_linear < (int)NV_CMDS_SIZE);
   if (cmdchar <= nv_max_linear)
     return nv_cmd_idx[cmdchar];
 
-- 
cgit