From eeee61ec9e2b1836398a9534bcc9df8f68e1d87e Mon Sep 17 00:00:00 2001 From: "Justin M. Keyes" Date: Tue, 14 Apr 2026 14:46:36 +0200 Subject: [PATCH] build(clang-analyzer): suppress clang-analyzer-security.ArrayBound Problem: clang 21 promoted alpha.security.ArrayBoundV2 to security.ArrayBound (stable). This new check reports false-positive "out of bound access" errors in drawline.c and vimscript.c, where the analyzer constructs impossible paths (e.g. concealed line with draw_text=false yet ptr advanced past the NUL terminator, or root AST node with a "next" sibling). Per-line NOLINT suppression doesn't work because the analyzer finds multiple paths to the same false positive. Solution: Disable clang-analyzer-security.ArrayBound globally in the clang-analyzer cmake target until the check matures. Co-Authored-By: Claude --- src/nvim/CMakeLists.txt | 1 + src/nvim/api/vimscript.c | 3 +++ 2 files changed, 4 insertions(+) diff --git a/src/nvim/CMakeLists.txt b/src/nvim/CMakeLists.txt index b8160fea4b..6be32af21a 100644 --- a/src/nvim/CMakeLists.txt +++ b/src/nvim/CMakeLists.txt @@ -913,6 +913,7 @@ add_glob_target( -clang-analyzer-core.uninitialized.Assign, -clang-analyzer-optin.core.EnumCastOutOfRange, -clang-analyzer-optin.performance.Padding, + -clang-analyzer-security.ArrayBound, -clang-analyzer-security.insecureAPI.strcpy, -clang-analyzer-unix.StdCLibraryFunctions, -clang-analyzer-unix.Stream, diff --git a/src/nvim/api/vimscript.c b/src/nvim/api/vimscript.c index b4f5efec23..a874a75cac 100644 --- a/src/nvim/api/vimscript.c +++ b/src/nvim/api/vimscript.c @@ -545,6 +545,9 @@ Dict nvim_parse_expression(String expr, String flags, Boolean highlight, Arena * .ret_node_p = &children_array.items[0], })); } else if (node->next != NULL) { + // ret_node_p + 1 is valid: we're in a children_array (root node never + // has "next"). kv_size > 1 confirms we're not at root. + assert(kv_size(ast_conv_stack) > 1); kvi_push(ast_conv_stack, ((ExprASTConvStackItem) { .node_p = &node->next, .ret_node_p = cur_item.ret_node_p + 1,