build(clang-analyzer): suppress clang-analyzer-security.ArrayBound

Problem: clang 21 promoted alpha.security.ArrayBoundV2 to security.ArrayBound (stable). This new check reports false-positive "out of bound access" errors in drawline.c and vimscript.c, where the analyzer constructs impossible paths (e.g. concealed line with draw_text=false yet ptr advanced past the NUL terminator, or root AST node with a "next" sibling). Per-line NOLINT suppression doesn't work because the analyzer finds multiple paths to the same false positive. Solution: Disable clang-analyzer-security.ArrayBound globally in the clang-analyzer cmake target until the check matures. Co-Authored-By: Claude
2026-05-25 14:28:28 +00:00 · 2026-04-14 14:46:36 +02:00
parent 8a4bee3ed0
commit eeee61ec9e
2 changed files with 4 additions and 0 deletions
--- a/src/nvim/api/vimscript.c
+++ b/src/nvim/api/vimscript.c
@@ -545,6 +545,9 @@ Dict nvim_parse_expression(String expr, String flags, Boolean highlight, Arena *
          .ret_node_p = &children_array.items[0],
        }));
      } else if (node->next != NULL) {
+        // ret_node_p + 1 is valid: we're in a children_array (root node never
+        // has "next"). kv_size > 1 confirms we're not at root.
+        assert(kv_size(ast_conv_stack) > 1);
        kvi_push(ast_conv_stack, ((ExprASTConvStackItem) {
          .node_p = &node->next,
          .ret_node_p = cur_item.ret_node_p + 1,