From fb44a233a5be72d8d1cfd02e300db7de2b4bf428 Mon Sep 17 00:00:00 2001 From: Eliseo Martínez Date: Fri, 20 Feb 2015 16:32:58 +0100 Subject: coverity/13777: String not null terminated: RI. Problem : String not null terminated @ 1543. Diagnostic : Real issue. Rationale : We are reading a struct block0, which contains some string fields, from a file, without checking for string fields to be correctly terminated. That could cause a buffer overrun if file has somehow been garbled. Resolution : Add string fields check for nul termination. Mark issue as intentional (there seems to be no way of teaching coverity about read_eintr being ok that way). Helped-by: oni-link --- src/nvim/fileio.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src/nvim/fileio.c') diff --git a/src/nvim/fileio.c b/src/nvim/fileio.c index 9d4c990f3a..799a6a2a50 100644 --- a/src/nvim/fileio.c +++ b/src/nvim/fileio.c @@ -7416,7 +7416,7 @@ long read_eintr(int fd, void *buf, size_t bufsize) long ret; for (;; ) { - ret = vim_read(fd, buf, bufsize); + ret = read(fd, buf, bufsize); if (ret >= 0 || errno != EINTR) break; } @@ -7435,7 +7435,7 @@ long write_eintr(int fd, void *buf, size_t bufsize) /* Repeat the write() so long it didn't fail, other than being interrupted * by a signal. */ while (ret < (long)bufsize) { - wlen = vim_write(fd, (char *)buf + ret, bufsize - ret); + wlen = write(fd, (char *)buf + ret, bufsize - ret); if (wlen < 0) { if (errno != EINTR) break; -- cgit