Hi
Comment at the top of function line_count_info(...) in src/ops.c says:
'The function will only examine the first "limit" characters in the line'
However, line ops.c:6314 can access beyond the first "limit" characters:
6314 if (line[i] == NUL && i < limit)
The 2 conditions should be swapped.
Bug was found by static analyzer cppcheck available with:
"git clone git://github.com/danmar/cppcheck.git".
$ cd vim/src
$ cppcheck -I . -I proto --enable=all ops.c
...
[src/ops.c:6314]: (style) Array index i is used before limits check
Regards
-- Dominique
--
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php
diff -r d53f6e5e57f3 src/ops.c
--- a/src/ops.c Thu Aug 04 22:59:28 2011 +0200
+++ b/src/ops.c Sun Aug 07 04:35:07 2011 +0200
@@ -6311,7 +6311,7 @@
*wc += words;
/* Add eol_size if the end of line was reached before hitting limit. */
- if (line[i] == NUL && i < limit)
+ if (i < limit && line[i] == NUL)
{
i += eol_size;
chars += eol_size;
