If a conversion for a container fails in object_to_vim(), the memory for
the container in the returned/converted value is freed, but the returned
value keeps a pointer to the freed memory. Calling later clear_tv() on
this value leads to an invalid memory access.
Set v_type to VAR_UNKNOWN in the converted value on failure, so that
clear_tv() has no effect.
Also adds one exception to linter rules:
typedef struct {
kvec_t(Object) stack;
} EncodedData;
is completely valid (from the style guide point of view) code.
This ought to prevent stack overflow, but I do not see this actually working:
*lua* code crashes with stack overflow when trying to deserialize msgpack from
Neovim, Neovim is fine even if nesting level is increased 100x (though test
becomes very slow); not sure how recursive function may survive this. So it
looks like there are currently only two positive effects:
1. NULL lists are returned as empty (#4596).
2. Functional tests are slightly more fast. Very slightly. Checked for Release
build for test/functional/eval tests because benchmarking of debug mode is
not very useful.
Arguments passed to xmemdupz() are sometimes NULL, but xmemdupz() has
FUNC_ATTR_NONNULL_ALL. Check pointers for NULL before calling
xmemdupz().
Resolves#2533.
We already use wrappers for allocation, the new `xfree` function is the
equivalent for deallocation and provides a way to fully replace the malloc
implementation used by Neovim.
- Expose more logging control from the log.c module(get log stream and omit
newlines)
- Remove logging from the generated functions in msgpack-gen.lua
- Refactor channel.c/helpers.c to log every msgpack-rpc payload using
msgpack_object_print(a helper function from msgpack.h)
- Remove the api_stringify function, it was only useful for logging msgpack-rpc
which is now handled by msgpack_object_print.
- Add error type information to `Error`
- Rename `set_api_error` to `api_set_error` for consistency with other api_*
functions/macros.
- Refactor the api_set_error macro to accept formatted strings and error types
- Improve error messages
- Wrap error messages with gettext macro
- Refactor msgpack-rpc serialization to transform Error instances into [type,
message] arrays
- Add error type information to API metadata
- Normalize nvim->client and client->nvim error handling(change
channel_send_call to accept an Error pointer instead of the `errored` boolean
pointer)
- Use macro to initialize Error structures
Instead of building all metadata from msgpack-gen.lua, we now merge the
generated part with manual information(such as types and features). The metadata
is accessible through the api method `vim_get_api_info`.
This was done to simplify the generator while also increasing flexibility(by
being able to add more metadata)
`-Wstrict-prototypes` warn if a function is declared or defined without
specifying the argument types.
This warning disallow function prototypes with empty parameter list.
In C, a function declared with an empty parameter list accepts an
arbitrary number of arguments when being called. This is for historic
reasons; originally, C functions didn't have prototypes, as C evolved
from B, a typeless language. When prototypes were added, the original
typeless declarations were left in the language for backwards
compatibility.
Instead we should provide `void` in argument list to state
that function doesn't have arguments.
Also this warning disallow declaring type of the parameters after the
parentheses because Neovim header generator produce no declarations for
old-stlyle prototypes: it expects to find `{` after prototype.
This is how API dispatching worked before this commit:
- The generated `msgpack_rpc_dispatch` function receives a the `msgpack_packer`
argument.
- The response is incrementally built while validating/calling the API.
- Return values/errors are also packed into the `msgpack_packer` while the
final response is being calculated.
Now the `msgpack_packer` argument is no longer provided, and the
`msgpack_rpc_dispatch` function returns `Object`/`Error` values to
`msgpack_rpc_call`, which will use those values to build the response in a
single pass.
This was done because the new `channel_send_call` function created the
possibility of having recursive API invocations, and this wasn't possible when
sharing a single `msgpack_sbuffer` across call frames(it was shared implicitly
through the `msgpack_packer` instance).
Since we only start to build the response when the necessary information has
been computed, it's now safe to share a single `msgpack_sbuffer` instance
across all channels and API invocations.
Some other changes also had to be performed:
- Handling of the metadata discover was moved to `msgpack_rpc_call`
- Expose more types as subtypes of `Object`, this was required to forward the
return value from `msgpack_rpc_dispatch` to `msgpack_rpc_call`
- Added more helper macros for casting API types to `Object`
any
This function is used to send RPC calls to clients. In contrast to
`channel_send_event`, this function will block until the client sends a
response(But it will continue processing requests from that client).
The RPC call stack has a maximum depth of 20.
- The data member of String's can now be passed directly to functions
expecting C strings, as we now guarantee that they are NUL-terminated.
This obviates the need to use xstrndup and free, simplifying code and
enhancing performance.
- Use xmemdupz instead of xstrndup for converting String's into C strings.
It's faster because it doesn't calculate strlen(string.data) (which is
unnecesary as that information is already provided in string.size anyway).
- Use cstr_to_string to convert from C strings to String, it is both shorter
and faster than the usual strlen/xstrndup combo, which calls strlen twice.
cstr_to_string internally calls strlen and then xmemdupz.
I believe we can now mostly assume that all encountered String's data
members are safe to pass into functions that accept C strings. That should
simplify interop with C string code.
- The 'stripdecls.py' script replaces declarations in all headers by includes to
generated headers.
`ag '#\s*if(?!ndef NEOVIM_).*((?!#\s*endif).*\n)*#ifdef INCLUDE_GENERATED'`
was used for this.
- Add and integrate gendeclarations.lua into the build system to generate the
required includes.
- Add -Wno-unused-function
- Made a bunch of old-style definitions ANSI
This adds a requirement: all type and structure definitions must be present
before INCLUDE_GENERATED_DECLARATIONS-protected include.
Warning: mch_expandpath (path.h.generated.h) was moved manually. So far it is
the only exception.
When receiving strings *from* msgpack, we don't need to duplicate/free since
the data only lives in the msgpack parse buffer until the end of the call.
But in order to reuse `msgpack_rpc_free_object` when sending event data(which is
sent *to* msgpack), Strings must be freed, which means they must also be
allocated separately.
Relates to issue #760
These coverity warnings are of the form:
>>> CID 62602: Buffer not null terminated (BUFFER_SIZE_WARNING)
>>> Calling strncpy with a maximum size argument of 256 bytes...
This is caused by strncpy not alway NULL-terminated the destination buffer
(for example in the case where strlen(src) >= size(dst)). It's better to
replace that with (x)strlcpy, which always NULL-terminates.
Most of these are related to the set_api_error macro, which uses strncpy.
The error struct is used (for example) in msgpack_rpc_error, where strlen is
executed on it, so it needs to be NULL-terminated. (x)strlcpy, unlike
strncpy, always NULL-terminates the destination buffer.
Relevant parts of the coverity report:
*** CID 62602: Buffer not null terminated (BUFFER_SIZE_WARNING)
/src/nvim/api/vim.c: 236 in vim_set_current_buffer()
230 if (try_end(err)) {
231 return;
232 }
233
234 char msg[256];
235 snprintf(msg, sizeof(msg),
"failed to switch to buffer %d", (int)buffer);
>>> CID 62602: Buffer not null terminated (BUFFER_SIZE_WARNING)
>>> Calling strncpy with a maximum size argument of 256 bytes on
>>> destination array "err->msg" of size 256 bytes might leave the
>>> destination string unterminated.
236 set_api_error(msg, err);
237 return;
238 }
239
240 try_end(err);
241 }
*** CID 62603: Buffer not null terminated (BUFFER_SIZE_WARNING)
/src/nvim/api/private/helpers.c: 70 in try_end()
64 } else if (msg_list != NULL && *msg_list != NULL) {
65 int should_free;
66 char *msg = (char *)get_exception_string(*msg_list,
67 ET_ERROR,
68 NULL,
69 &should_free);
>>> CID 62603: Buffer not null terminated (BUFFER_SIZE_WARNING)
>>> Calling strncpy with a maximum size argument of 256 bytes on
>>> destination array "err->msg" of size 256 bytes might leave the
>>> destination string unterminated.
70 strncpy(err->msg, msg, sizeof(err->msg));
71 err->set = true;
72 free_global_msglist();
73
74 if (should_free) {
75 free(msg);
/src/nvim/api/private/helpers.c: 78 in try_end()
72 free_global_msglist();
73
74 if (should_free) {
75 free(msg);
76 }
77 } else if (did_throw) {
>>> CID 62603: Buffer not null terminated (BUFFER_SIZE_WARNING)
>>> Calling strncpy with a maximum size argument of 256 bytes on
>>> destination array "err->msg" of size 256 bytes might leave the
>>> destination string unterminated.
78 set_api_error((char *)current_exception->value, err);
79 }
80
81 return err->set;
82 }
83
*** CID 62604: Buffer not null terminated (BUFFER_SIZE_WARNING)
/src/nvim/api/private/helpers.c: 592 in set_option_value_err()
586 opt_flags)))
587 {
588 if (try_end(err)) {
589 return;
590 }
591
>>> CID 62604: Buffer not null terminated (BUFFER_SIZE_WARNING)
>>> Calling strncpy with a maximum size argument of 256 bytes on
>>> destination array "err->msg" of size 256 bytes might leave the
>>> destination string unterminated.
592 set_api_error(errmsg, err);
593 }
*** CID 62605: Buffer not null terminated (BUFFER_SIZE_WARNING)
/src/nvim/os/server.c: 114 in server_start()
108 if (addr_len > sizeof(ip) - 1) {
109 // Maximum length of a ip address buffer is 15(eg: 255.255.255.255)
110 addr_len = sizeof(ip);
111 }
112
113 // Extract the address part
>>> CID 62605: Buffer not null terminated (BUFFER_SIZE_WARNING)
>>> Calling strncpy with a maximum size argument of 16 bytes on
>>> destination array "ip" of size 16 bytes might leave the destination
>>> string unterminated.
114 strncpy(ip, addr, addr_len);
115
116 int port = NEOVIM_DEFAULT_TCP_PORT;
117
118 if (*ip_end == ':') {
119 char *port_end;
/src/nvim/os/server.c: 88 in server_start()
82
83 void server_start(char *endpoint, ChannelProtocol prot)
84 {
85 char addr[ADDRESS_MAX_SIZE];
86
87 // Trim to `ADDRESS_MAX_SIZE`
>>> CID 62605: Buffer not null terminated (BUFFER_SIZE_WARNING)
>>> Calling strncpy with a maximum size argument of 256 bytes on
>>> destination array "addr" of size 256 bytes might leave the
>>> destination string unterminated.
88 strncpy(addr, endpoint, sizeof(addr));
89
90 // Check if the server already exists
91 if (map_has(cstr_t)(servers, addr)) {
92 EMSG2("Already listening on %s", addr);
93 return;
*** CID 62606: Buffer not null terminated (BUFFER_SIZE_WARNING)
/src/nvim/os/server.c: 186 in server_stop()
180 void server_stop(char *endpoint)
181 {
182 Server *server;
183 char addr[ADDRESS_MAX_SIZE];
184
185 // Trim to `ADDRESS_MAX_SIZE`
>>> CID 62606: Buffer not null terminated (BUFFER_SIZE_WARNING)
>>> Calling strncpy with a maximum size argument of 256 bytes on
>>> destination array "addr" of size 256 bytes might leave the
>>> destination string unterminated.
187
188 if ((server = map_get(cstr_t)(servers, addr)) == NULL) {
189 EMSG2("Not listening on %s", addr);
190 return;
191 }
- Define specialized arrays for each remote object type
- Implement msgpack_rpc functions for dealing with the new types
- Refactor all functions dealing with buffers, windows and tabpages to
return/accept handles instead of list indexes.
