mirrors/neovim
1
0
Fork 0
mirror of https://github.com/neovim/neovim.git synced 2025-09-28 22:18:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

coverity/13753: Dereference null return value

Browse Source 
Dereferencing a pointer that might be null(ptag) when calling strlen().

False positive. A match always contains a tab, so ptag is never null.
Because matches are always in ctags style, we can rewrite the code to
not use strtok().
This commit is contained in:
oni-link
2016-01-21 16:07:13 +01:00
parent bcbcf235f6
commit 7a8e41e8ee
1 changed files with 23 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
src/nvim/if_cscope.c
View File

@@ -1632,35 +1632,43 @@ static char *cs_pathcomponents(char *path)
return s; return s;
} }
/* /// Print cscope output that was converted into ctags style entries.
* PRIVATE: cs_print_tags_priv ///
* /// Only called from cs_manage_matches().
* called from cs_manage_matches() ///
*/ /// @param matches Array of cscope lines in ctags style. Every entry was
// produced with a format string of the form
// "%s\t%s\t%s;\"\t%s" or
// "%s\t%s\t%s;\""
// by cs_make_vim_style_matches().
/// @param cntxts Context for matches.
/// @param num_matches Number of entries in matches/cntxts, always greater 0.
static void cs_print_tags_priv(char **matches, char **cntxts, static void cs_print_tags_priv(char **matches, char **cntxts,
size_t num_matches) size_t num_matches) FUNC_ATTR_NONNULL_ALL
{ {
char *ptag;
char *fname, *lno, *extra, *tbuf; char *fname, *lno, *extra, *tbuf;
size_t num; size_t num;
char *globalcntx = "GLOBAL"; char *globalcntx = "GLOBAL";
char *context; char *context;
char *cstag_msg = _("Cscope tag: %s"); char *cstag_msg = _("Cscope tag: %s");
assert (num_matches > 0); assert(num_matches > 0);
assert(strcnt(matches[0], '\t') >= 2);
tbuf = xmalloc(strlen(matches[0]) + 1); char *ptag = matches[0];
char *ptag_end = strchr(ptag, '\t');
assert(ptag_end >= ptag);
// NUL terminate tag string in matches[0].
*ptag_end = NUL;
strcpy(tbuf, matches[0]); size_t newsize = strlen(cstag_msg) + (size_t)(ptag_end - ptag);
ptag = strtok(tbuf, "\t");
size_t newsize = strlen(cstag_msg) + strlen(ptag);
char *buf = xmalloc(newsize); char *buf = xmalloc(newsize);
size_t bufsize = newsize; // Track available bufsize size_t bufsize = newsize; // Track available bufsize
(void)sprintf(buf, cstag_msg, ptag); (void)sprintf(buf, cstag_msg, ptag);
MSG_PUTS_ATTR(buf, hl_attr(HLF_T)); MSG_PUTS_ATTR(buf, hl_attr(HLF_T));
xfree(tbuf); // restore matches[0]
*ptag_end = '\t';
MSG_PUTS_ATTR(_("\n # line"), hl_attr(HLF_T)); /* strlen is 7 */ MSG_PUTS_ATTR(_("\n # line"), hl_attr(HLF_T)); /* strlen is 7 */
msg_advance(msg_col + 2); msg_advance(msg_col + 2);
@@ -1668,6 +1676,7 @@ static void cs_print_tags_priv(char **matches, char **cntxts,
num = 1; num = 1;
for (size_t i = 0; i < num_matches; i++) { for (size_t i = 0; i < num_matches; i++) {
assert(strcnt(matches[i], '\t') >= 2);
size_t idx = i; size_t idx = i;
/* if we really wanted to, we could avoid this malloc and strcpy /* if we really wanted to, we could avoid this malloc and strcpy