Problem : Out-of-bounds access @ 5815.
Diagnostic : False positive.
Rationale : Error occurs when event_name2nr() returns NUM_EVENTS, which
means an event with that name was not found. That cannot
happen, as previous check using find_end_event() @ 5744
ensures event name exists.
Resolution : Assert event_name2nr() result is less thatn NUM_EVENTS.
Problem : Read from pointer after free @ {242, 391}.
Diagnostic : Real issues.
Rationale : Channel gets indeed freed on error case, producing
incorrect accesses to freed pointer later on.
Resolution : Implement reference counting mechanism to know when to free
channel.
Problem : Resource leak @ 3324.
Diagnostic : Real issue.
Rationale : Stack is not being freed on error cases.
Resolution : Free stack before invoking EMSG_RET_NULL.
Problem : Out-of-bounds read @ 9514.
Diagnostic : Real issue.
Rationale : PFD_NOTSPECIAL (253) is defined as the maximum not-special
value a prefix can have. But stack (and other) arrays are
defined as having MAXWLEN (250) items.
Resolution : Define MAXWLEN = 254.
Problem : Out-of-bounds read @ 2213.
Diagnostic : Real issue.
Rationale : Error occurs if cmap == ARRAY_SIZE(prt_ps_mbfonts),
but code takes the `if (prt_out_mbyte)` branch. That's it,
if a matching encoding is found but not a matching charset.
In that case, the first matching encoding is used.
Resolution : Remember the value of cmap for the first matching encoding.
Reset cmap to that value if first matching encoding is
going to be used.
refs #1045#1051
This was enabled by default a while ago (#1051), and has apparently not
created any issues. The amount of actual code related to it is tiny, so
it has been removed.
- Factor out main_msg() in favor of mch_msg() and manual indentation, as to
provide a much closer representation to the actual output of '--help'.
'gcc -E' reveals that main_msg() only consists of 3 printf calls
anyways.
- Factor out for loop used for printing top part of usage text; just
print the text normally.
usage() text:
- Don't print the version; that's what '--version' is for.
- Be consistent about nomenclature, e.g. '<arg>' denotes required
argument, '-h | --help' denotes '-h' and '--help' are equivalent, etc.
- Change some instances of vim{,rc,info} to nvim
Problem : Unitialized scalar variable @ 3239.
Diagnostic : Harmless issue.
Rationale : It's true pos.coladd is not initialized when calling
searchit(). But that's no problem, as coladd is only set in
that function.
Resolution : Initialize variable to 0.
Problem : Argument cannot be negative @ 1165.
Diagnostic : Real issue.
Rationale : len can be assigned a negative value @ 1162;
len is passed as an unsigned argument @ 1165.
Resolution : Refactor variable's types:
- Use ftello instead of ftell to avoid using long.
- Assert ftello result is safely convertible to size_t.
- Introduce variable read_size to avoid using i (int).
Diagnostic : False positive.
Rationale : Coverity thinks we are forgetting to add more char to hold
NULL, but it's not taking into account that two chars from
cntxformat will no be present in the result. In fact, we
can even allocate one byte less than currently done.
Resolution : Add explanatory comment and allocate one less byte.
Marked as "Intentional" at coverity's database.
Problem : Negative array index read @ 909.
Diagnostic : False positive.
Rationale : Suggested error path assigns a negative value to idx at
line 836 (`idx = find_command(ca.cmdchar);`). That's
impossible, as `ca.cmdchar` is set to Ctrl_BSL just two
lines above, so we know that value will be in the table.
Resolution : Assert idx >= 0.
