From cf8e175cf54281bcad5e704308e92ebb3e6381d3 Mon Sep 17 00:00:00 2001 From: Eliseo Martínez Date: Sat, 31 Jan 2015 14:44:18 +0100 Subject: coverity/13762: Out-of-bounds read: RI. Problem : Out-of-bounds read @ 2213. Diagnostic : Real issue. Rationale : Error occurs if cmap == ARRAY_SIZE(prt_ps_mbfonts), but code takes the `if (prt_out_mbyte)` branch. That's it, if a matching encoding is found but not a matching charset. In that case, the first matching encoding is used. Resolution : Remember the value of cmap for the first matching encoding. Reset cmap to that value if first matching encoding is going to be used. --- src/nvim/hardcopy.c | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) (limited to 'src') diff --git a/src/nvim/hardcopy.c b/src/nvim/hardcopy.c index fb04f4407c..c01f763d20 100644 --- a/src/nvim/hardcopy.c +++ b/src/nvim/hardcopy.c @@ -2122,19 +2122,25 @@ int mch_print_init(prt_settings_T *psettings, char_u *jobname, int forceit) props = enc_canon_props(p_encoding); if (!(props & ENC_8BIT) && ((*p_pmcs != NUL) || !(props & ENC_UNICODE))) { p_mbenc_first = NULL; + int effective_cmap; for (cmap = 0; cmap < (int)ARRAY_SIZE(prt_ps_mbfonts); cmap++) if (prt_match_encoding((char *)p_encoding, &prt_ps_mbfonts[cmap], - &p_mbenc)) { - if (p_mbenc_first == NULL) + &p_mbenc)) { + if (p_mbenc_first == NULL) { p_mbenc_first = p_mbenc; - if (prt_match_charset((char *)p_pmcs, &prt_ps_mbfonts[cmap], - &p_mbchar)) + effective_cmap = cmap; + } + if (prt_match_charset((char *)p_pmcs, &prt_ps_mbfonts[cmap], &p_mbchar)) break; } /* Use first encoding matched if no charset matched */ - if (p_mbchar == NULL && p_mbenc_first != NULL) + if (p_mbchar == NULL && p_mbenc_first != NULL) { p_mbenc = p_mbenc_first; + cmap = effective_cmap; + } + + assert(p_mbenc == NULL || cmap < (int)ARRAY_SIZE(prt_ps_mbfonts)); } prt_out_mbyte = (p_mbenc != NULL); -- cgit