mirrors/neovim
1
0
Fork 0
mirror of https://github.com/neovim/neovim.git synced 2025-11-11 04:55:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix warnings: ex_getln.c: init_history(): Double free: FP.

Browse Source 
Problem    : Double free @ 4249.
Diagnostic : False positive.
Rationale  : Codepath leading to error contains two consecutive
             iterations in which `if (--j < 0)` is true.
             That executes `free` two consecutive times with the same
             value (hislen - 1) for j, with leads to double free.
             Now, that can only happen with j == 0 && hislen == 1.
             And that would imply j == hisidx[type] too, which would
             take the following break.
             So, the error codepath cannot really happen, but the
             compiler cannot deduce the last implication.
Resolution : We have two possible solutions for this:
             1.- Comparing value of j before and after updating it,
                 and breaking out of iteration if equal.
                 That changes nothing in functionality, but teaches the
                 compiler his proposed error codepath is impossible.
             2.- Nullify pointer after freeing.
                 This way, the compiler still thinks his error codepath
                 is possible, but it's not an error anymore, as
                 free(NULL) is a no-op.
             We opt for solution 2, as solution 1 requires adding
             logic that adds nothing (and having to explain that clearly
             in aside comments) just for the purpose of silencing
             warning. On the other hand, solution 2 improves the code,
             adding something considered good practice in any case,
             and therefore doesn't require further explanation.
This commit is contained in:
Eliseo Martínez
2014-11-08 21:14:33 +01:00
parent ea1f883b19
commit d6472f459b
1 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/nvim/ex_getln.c
View File

@@ -4245,8 +4245,10 @@ void init_history(void)
for (i = newlen - 1;; --i) { for (i = newlen - 1;; --i) {
if (i >= 0) /* copy newest entries */ if (i >= 0) /* copy newest entries */
temp[i] = history[type][j]; temp[i] = history[type][j];
else /* remove older entries */ else { /* remove older entries */
free(history[type][j].hisstr); free(history[type][j].hisstr);
history[type][j].hisstr = NULL;
}
if (--j < 0) if (--j < 0)
j = hislen - 1; j = hislen - 1;
if (j == hisidx[type]) if (j == hisidx[type])