From ef7ae66eef4e36e15b5248b926b4b020387d8101 Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Fri, 21 Apr 2023 10:55:36 +0200 Subject: fix(api): avoid integer truncation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit gsrc/nvim/api/vim.c: In function ‘nvim_eval_statusline’: gsrc/nvim/api/vim.c:2268:55: warning: ‘%d’ directive output may be truncated writing between 1 and 10 bytes into a region of size 2 [-Wformat-tru ncation=] 2268 | snprintf(user_group, sizeof(user_group), "User%d", sp->userhl); | ^~ gsrc/nvim/api/vim.c:2268:50: note: directive argument in the range [1, 2147483647] 2268 | snprintf(user_group, sizeof(user_group), "User%d", sp->userhl); | ^~~~~~~~ In file included from /usr/include/stdio.h:906, from gsrc/nvim/api/vim.c:9: In function ‘snprintf’, inlined from ‘nvim_eval_statusline’ at gsrc/nvim/api/vim.c:2268:9: /usr/include/bits/stdio2.h:54:10: note: ‘__builtin___snprintf_chk’ output between 6 and 15 bytes into a destination of size 6 54 | return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1, | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 55 | __glibc_objsize (__s), __fmt, | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 56 | __va_arg_pack ()); | ~~~~~~~~~~~~~~~~~ --- src/nvim/api/vim.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/nvim/api/vim.c b/src/nvim/api/vim.c index c8bb22b33c..d47f47e638 100644 --- a/src/nvim/api/vim.c +++ b/src/nvim/api/vim.c @@ -2241,7 +2241,7 @@ Dictionary nvim_eval_statusline(String str, Dict(eval_statusline) *opts, Error * if (highlights) { Array hl_values = ARRAY_DICT_INIT; const char *grpname; - char user_group[6]; + char user_group[15]; // strlen("User") + strlen("2147483647") + NUL // If first character doesn't have a defined highlight, // add the default highlight at the beginning of the highlight list -- cgit From e9280a68f7ead83c572bb4c792bc743df9da7149 Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Fri, 21 Apr 2023 10:58:46 +0200 Subject: fix(drawline): initialize variable MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit src/nvim/drawline.c: In function ‘draw_virt_text’: src/nvim/drawline.c:298:28: warning: ‘col’ may be used uninitialized [-Wmaybe-uninitialized] 298 | state->eol_col = col + 1; | ~~~~^~~ --- src/nvim/drawline.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/nvim/drawline.c b/src/nvim/drawline.c index 604af21899..5aa61d8a22 100644 --- a/src/nvim/drawline.c +++ b/src/nvim/drawline.c @@ -282,7 +282,7 @@ static void draw_virt_text(win_T *wp, buf_T *buf, int col_off, int *end_col, int if (item->win_col < 0) { continue; } - int col; + int col = 0; if (item->decor.ui_watched) { // send mark position to UI col = item->win_col; -- cgit From 2819718873a38c68cca0295f59186444d8534e06 Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Fri, 21 Apr 2023 11:00:46 +0200 Subject: fix(drawline): initialize variable MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit src/nvim/drawline.c: In function ‘win_line’: src/nvim/drawline.c:1418:16: warning: ‘charsize’ may be used uninitialized [-Wmaybe-uninitialized] 1418 | wlv.vcol -= charsize; | ^~ --- src/nvim/drawline.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/nvim/drawline.c b/src/nvim/drawline.c index 5aa61d8a22..93549d1fb0 100644 --- a/src/nvim/drawline.c +++ b/src/nvim/drawline.c @@ -1386,7 +1386,7 @@ int win_line(win_T *wp, linenr_T lnum, int startrow, int endrow, bool nochange, if (v > 0 && !number_only) { char *prev_ptr = ptr; chartabsize_T cts; - int charsize; + int charsize = 0; init_chartabsize_arg(&cts, wp, lnum, wlv.vcol, line, ptr); while (cts.cts_vcol < v && *cts.cts_ptr != NUL) { -- cgit From 9802de933484cc0a69ee328f3e4e6efbb83c308e Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Fri, 21 Apr 2023 11:07:56 +0200 Subject: fix(userfunc): fix possible out of bound access MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit In file included from /usr/include/string.h:535, from gsrc/nvim/eval/userfunc.c:11: In function ‘strcpy’, inlined from ‘cat_func_name’ at gsrc/nvim/eval/userfunc.c:662:5, inlined from ‘get_user_func_name’ at gsrc/nvim/eval/userfunc.c:2854:5: /usr/include/bits/string_fortified.h:79:10: warning: ‘__builtin___strcpy_chk’ offset 0 from the object at ‘’ is out of the bounds of referenced subobject ‘uf_name’ with ty pe ‘char[]’ at offset 0 [-Warray-bounds=] 79 | return __builtin___strcpy_chk (__dest, __src, __glibc_objsize (__dest)); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ In file included from gsrc/nvim/eval/typval.h:10, from gsrc/nvim/buffer_defs.h:20, from gsrc/nvim/autocmd.h:8, from gsrc/nvim/eval/userfunc.c:15: gsrc/nvim/eval/typval_defs.h: In function ‘get_user_func_name’: gsrc/nvim/eval/typval_defs.h:342:8: note: subobject ‘uf_name’ declared here 342 | char uf_name[]; ///< Name of function (actual size equals name); | ^~~~~~~ --- src/nvim/eval/userfunc.c | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/src/nvim/eval/userfunc.c b/src/nvim/eval/userfunc.c index 51e109fdfb..b71e6c9cff 100644 --- a/src/nvim/eval/userfunc.c +++ b/src/nvim/eval/userfunc.c @@ -653,14 +653,20 @@ ufunc_T *find_func(const char *name) /// Copy the function name of "fp" to buffer "buf". /// "buf" must be able to hold the function name plus three bytes. /// Takes care of script-local function names. -static void cat_func_name(char *buf, ufunc_T *fp) +static void cat_func_name(char *buf, size_t buflen, ufunc_T *fp) { - if ((uint8_t)fp->uf_name[0] == K_SPECIAL) { - STRCPY(buf, ""); - STRCAT(buf, fp->uf_name + 3); + int len = -1; + size_t uflen = strlen(fp->uf_name); + assert(uflen > 0); + + if ((uint8_t)fp->uf_name[0] == K_SPECIAL && uflen > 3) { + len = snprintf(buf, buflen, "%s", fp->uf_name + 3); } else { - STRCPY(buf, fp->uf_name); + len = snprintf(buf, buflen, "%s", fp->uf_name); } + + (void)len; // Avoid unused warning on release builds + assert(len > 0); } /// Add a number variable "name" to dict "dp" with value "nr". @@ -2851,7 +2857,7 @@ char *get_user_func_name(expand_T *xp, int idx) return fp->uf_name; // Prevent overflow. } - cat_func_name(IObuff, fp); + cat_func_name(IObuff, IOSIZE, fp); if (xp->xp_context != EXPAND_USER_FUNC) { STRCAT(IObuff, "("); if (!fp->uf_varargs && GA_EMPTY(&fp->uf_args)) { -- cgit From a114a21eff58492046645b052fa3f703cddc9ce8 Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Fri, 21 Apr 2023 11:13:23 +0200 Subject: fix(ex_getln): initialize pointer with NULL MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit In function ‘cmdpreview_open_win’, inlined from ‘cmdpreview_may_show’ at gsrc/nvim/ex_getln.c:2487:28: gsrc/nvim/ex_getln.c:2251:16: warning: ‘cmdpreview_buf’ may be used uninitialized [-Wmaybe-uninitialized] 2251 | int result = do_buffer(DOBUF_GOTO, DOBUF_FIRST, FORWARD, cmdpreview_buf->handle, 0); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ --- src/nvim/ex_getln.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/nvim/ex_getln.c b/src/nvim/ex_getln.c index 97343e468b..a8ac6ab439 100644 --- a/src/nvim/ex_getln.c +++ b/src/nvim/ex_getln.c @@ -2446,7 +2446,7 @@ static bool cmdpreview_may_show(CommandLineState *s) CpInfo cpinfo; bool icm_split = *p_icm == 's'; // inccommand=split - buf_T *cmdpreview_buf; + buf_T *cmdpreview_buf = NULL; win_T *cmdpreview_win = NULL; emsg_silent++; // Block error reporting as the command may be incomplete, -- cgit From f5530bf566f6617565b5c1f5d1a9acc964199c93 Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Fri, 21 Apr 2023 11:15:20 +0200 Subject: fix(linematch): initialize array MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit gsrc/nvim/linematch.c: In function ‘try_possible_paths’: gsrc/nvim/linematch.c:204:35: warning: ‘from_vals’ may be used uninitialized [-Wmaybe-uninitialized] 204 | size_t unwrapped_idx_from = unwrap_indexes(from_vals, diff_len, ndiffs); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ --- src/nvim/linematch.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/nvim/linematch.c b/src/nvim/linematch.c index a15f41d9a8..7bde6bb121 100644 --- a/src/nvim/linematch.c +++ b/src/nvim/linematch.c @@ -186,7 +186,7 @@ static void try_possible_paths(const int *df_iters, const size_t *paths, const i { if (path_idx == npaths) { if ((*choice) > 0) { - int from_vals[LN_MAX_BUFS]; + int from_vals[LN_MAX_BUFS] = { 0 }; const int *to_vals = df_iters; const char *current_lines[LN_MAX_BUFS]; for (size_t k = 0; k < ndiffs; k++) { -- cgit From 54f5602038975b28570f4ab183b3388842347f57 Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Fri, 21 Apr 2023 11:22:14 +0200 Subject: fix(statusline): fix uninitialized variable and possible overflow MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit In file included from /usr/include/string.h:535, from gsrc/nvim/statusline.c:10: In function ‘strcat’, inlined from ‘build_stl_str_hl’ at gsrc/nvim/statusline.c:1688:9: /usr/include/bits/string_fortified.h:130:10: warning: ‘p’ may be used uninitialized [-Wmaybe-uninitialized] 130 | return __builtin___strcat_chk (__dest, __src, __glibc_objsize (__dest)); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ --- src/nvim/statusline.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/src/nvim/statusline.c b/src/nvim/statusline.c index e809922be3..db99bae03c 100644 --- a/src/nvim/statusline.c +++ b/src/nvim/statusline.c @@ -1656,7 +1656,7 @@ int build_stl_str_hl(win_T *wp, char *out, size_t outlen, char *fmt, char *opt_n break; } - char *p; + char *p = NULL; if (fold) { size_t n = fill_foldcolumn(out_p, wp, stcp->foldinfo, (linenr_T)get_vim_var_nr(VV_LNUM)); stl_items[curitem].minwid = -((stcp->use_cul ? HLF_CLF : HLF_FC) + 1); @@ -1678,14 +1678,17 @@ int build_stl_str_hl(win_T *wp, char *out, size_t outlen, char *fmt, char *opt_n stl_items[curitem].minwid = -(sattr ? stcp->sign_cul_id ? stcp->sign_cul_id : sattr->hl_id : (stcp->use_cul ? HLF_CLS : HLF_SC) + 1); } + size_t buflen = strlen(buf_tmp); stl_items[curitem].type = Highlight; - stl_items[curitem].start = out_p + strlen(buf_tmp); + stl_items[curitem].start = out_p + buflen; curitem++; if (i == width) { str = buf_tmp; break; } - STRCAT(buf_tmp, p); + int rc = snprintf(buf_tmp + buflen, sizeof(buf_tmp) - buflen, "%s", p); + (void)rc; // Avoid unused warning on release build + assert(rc > 0); } break; } -- cgit From 4d654472e65ed28b7cd9e66c91d98b9991452266 Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Fri, 21 Apr 2023 11:30:31 +0200 Subject: fix(ui_client): check return code of dup() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit gsrc/nvim/ui_client.c: In function ‘ui_client_start_server’: gsrc/nvim/ui_client.c:68:5: warning: ignoring return value of ‘dup’ declared with attribute ‘warn_unused_result’ [-Wunused-result] 68 | dup(stderr_isatty ? STDERR_FILENO : STDOUT_FILENO); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ --- src/nvim/ui_client.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/nvim/ui_client.c b/src/nvim/ui_client.c index b93b31f7dc..e177c0a60d 100644 --- a/src/nvim/ui_client.c +++ b/src/nvim/ui_client.c @@ -65,7 +65,11 @@ uint64_t ui_client_start_server(int argc, char **argv) #ifdef MSWIN os_open_conin_fd(); #else - dup(stderr_isatty ? STDERR_FILENO : STDOUT_FILENO); + int fd = dup(stderr_isatty ? STDERR_FILENO : STDOUT_FILENO); + if (fd < 0) { + return 0; + } + // FIXME: resource leak of fd #endif } -- cgit