From 18d244eded434e6bc47b351ef00088378883bf1d Mon Sep 17 00:00:00 2001
From: "Justin M. Keyes" <justinkz@gmail.com>
Date: Thu, 11 Jan 2018 01:32:41 +0100
Subject: coverity/169163: decode_string: Null pointer deref

    *** CID 169163:  Null pointer dereferences  (FORWARD_NULL)
    /src/nvim/eval/decode.c: 290 in decode_string()
    284         if (elw_ret == -1) {
    285           tv_clear(&tv);
    286           return (typval_T) { .v_type = VAR_UNKNOWN, .v_lock = VAR_UNLOCKED };
    287         }
    288         return tv;
    289       } else {
    >>>     CID 169163:  Null pointer dereferences  (FORWARD_NULL)
    >>>     Passing null pointer "s" to "xmemdupz", which dereferences it. (The dereference is assumed on the basis of the 'nonnull' parameter attribute.)
    290         return (typval_T) {
    291           .v_type = VAR_STRING,
    292           .v_lock = VAR_UNLOCKED,
    293           .vval = { .v_string = (char_u *)(
    294               s_allocated ? (char *)s : xmemdupz(s, len)) },
    295         };
---
 src/nvim/eval/decode.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/nvim/eval/decode.c b/src/nvim/eval/decode.c
index af4e055d23..cd967ed5c5 100644
--- a/src/nvim/eval/decode.c
+++ b/src/nvim/eval/decode.c
@@ -285,7 +285,7 @@ typval_T decode_string(const char *const s, const size_t len,
       .v_type = VAR_STRING,
       .v_lock = VAR_UNLOCKED,
       .vval = { .v_string = (char_u *)(
-          s_allocated ? (char *)s : xmemdupz(s, len)) },
+          (s == NULL || s_allocated) ? (char *)s : xmemdupz(s, len)) },
     };
   }
 }
-- 
cgit