Hi,
I found out these issues with covscan:
Error: FORWARD_NULL (CWE-476): [#def1]
vim74/src/fileio.c:1164: assign_zero: Assigning: "curbuf->b_cryptstate" =
"NULL".
vim74/src/fileio.c:1345: var_deref_model: Passing null pointer
"curbuf->b_cryptstate" to "crypt_works_inplace", which dereferences it.
vim74/src/crypt.c:177:5: deref_parm: Directly dereferencing parameter "state".
# 175| cryptstate_T *state;
# 176| {
# 177|-> return cryptmethods[state->method_nr].works_inplace;
# 178| }
# 179|
Error: FORWARD_NULL (CWE-476): [#def2]
vim74/src/undo.c:949: var_compare_op: Comparing "bi->bi_state" to null implies
that "bi->bi_state" might be null.
vim74/src/undo.c:967: var_deref_model: Passing "bi" to "undo_write", which
dereferences null "bi->bi_state".
vim74/src/undo.c:902:6: deref_parm_in_call: Function "undo_flush" dereferences
"bi->bi_state".
vim74/src/undo.c:925:2: deref_parm_in_call: Function "crypt_encode_inplace"
dereferences "bi->bi_state".
vim74/src/crypt.c:473:5: deref_parm: Directly dereferencing parameter "state".
# 471| size_t len;
# 472| {
# 473|-> cryptmethods[state->method_nr].encode_inplace_fn(state, buf, len,
buf);
# 474| }
# 475|
and created attached patch which checks problematic pointers against NULL.
Would you mind merging it into project?
--
--
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php
---
You received this message because you are subscribed to the Google Groups
"vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
diff -up ./src/fileio.c.patch ./src/fileio.c
--- ./src/fileio.c.patch 2017-08-23 17:16:00.157927863 +0200
+++ ./src/fileio.c 2017-08-23 17:20:55.389175250 +0200
@@ -1370,7 +1370,7 @@ retry:
* Decrypt the read bytes. This is done before checking for
* EOF because the crypt layer may be buffering.
*/
- if (cryptkey != NULL && size > 0)
+ if (cryptkey != NULL && curbuf->b_cryptstate != NULL && size > 0)
{
if (crypt_works_inplace(curbuf->b_cryptstate))
{
diff -up ./src/undo.c.patch ./src/undo.c
--- ./src/undo.c.patch 2017-08-23 17:21:13.043007721 +0200
+++ ./src/undo.c 2017-08-23 17:24:17.753254885 +0200
@@ -921,7 +921,7 @@ undo_write(bufinfo_T *bi, char_u *ptr, s
static int
undo_flush(bufinfo_T *bi)
{
- if (bi->bi_buffer != NULL && bi->bi_used > 0)
+ if (bi->bi_buffer != NULL && bi->bi_state != NULL && bi->bi_used > 0)
{
crypt_encode_inplace(bi->bi_state, bi->bi_buffer, bi->bi_used);
if (fwrite(bi->bi_buffer, bi->bi_used, (size_t)1, bi->bi_fp) != 1)
