Problem : Branch condition evaluates to a garbage value @ 2868.
Diagnostic : False positive.
Rationale : Array has_hotkey, declared at 2812, is initialized by
console_dialog_alloc (only the needed number of elements).
That same number of elements is used by
copy_hotkeys_and_msg.
Suggested path error is impossible, because it involves a
different number of elements in those functions.
Resolution : Above condition is cumbersome to prove through assertions.
Thus, we prefer to just initialize the array to all-false
at declaration point before calling console_dialog_alloc.
- process spawning was decoupled from the rest of the job control logic. The
goal is reusing it for spawning processes connected to pseudo terminal file
descriptors.
- job_start now receives a JobOptions structure containing all the startup
options.
Problem : Use after free @ 1795.
Diagnostic : Real issue.
Rationale : prev_curtab can in fact be freed as a result of call
`win_close_othertab(win, free_buf, prev_curtab);`, but it's
later used at
`sprintf(..., tabpage_index(prev_curtab));`.
This was introduced at
3ffc5d81c3.
Resolution : Move prev_idx calculation before the call freeing
prev_curtab.
Problems : Assigned value is garbage or undefined @ 5363.
Result of operation is garbage or undefined @ 5356.
Result of operation is garbage or undefined @ 5320.
Result of operation is garbage or undefined @ 5192.
Diagnostic : False positives / Multithreading issues.
Rationale : Suggested error paths contain incoherent values for
has_mbyte, enc_utf8, and enc_dbcs, which should always hold
the relationship has_mbyte = enc_utf8 || enc_dbcs, with
enc_utf8 and enc_dbcs being mutually exclusive.
Asserting on the globals, though, fails, because checker
believes they could be modified by other threads in
between.
Resolution : Make local copy of globals and assert relationship on them.
The current will segfault for large chunks of output because the output buffer
will be overrun.
Using unibi_format is simple because we can simply flush the buffer when its
full.
Many common terminals that set TERM=xterm and $COLORTERM support 256 colors. If
this is detected, use force the hardcoded xterm's setaf/setab capabilities.
- Removed term.c, term.h and term_defs.h
- Tests for T_* values were removed. screen.c was simplified as a
consequence(the best strategy for drawing is implemented in the UI layer)
- Redraw functions now call ui.c functions directly. Updates are flushed with
`ui_flush()`
- Removed all termcap options(they now return empty strings for compatibility)
- &term/&ttybuiltin options return a constant value(nvim)
- &t_Co is still available, but it mirrors t_colors directly
- Remove cursor tracking from screen.c and the `screen_start` function. Now the
UI is expected to maintain cursor state across any call, and reset it when
resized.
- Remove unused code
Problem : Out-of-bounds access @ 3730.
Diagnostic : Real issue.
Rationale : str is constructed step by step, str_l growing each time.
str_m is the maximum length of str. So, at every step,
avail is computed to see if the piece to be added fits in.
If not, piece is truncated to a max of `avail`, so that str
stays in bounds. Such blocks where pieces are added are of
the form `if (str_l < str_m)`. It then follows that once
one of those pieces exhausts available space on str, no
other such block should be entered. Formally:
str_l < strl_m && avail = str_m - str_l && x >= avail
-->
str_l + x >= str_m
Now, suggested error path successively enters blocks where
str is exhausted. We're not sure if coverity just fails to
follow above implications, or, on the contrary, it's aware
of them, but it's signaling the more complex possibility of
implications not being fulfilled because of possible
arithmetic overflows. We opt then to assume this last case,
as the possibility is in fact there.
Resolution : Refactor code so that tracked condition doesn't depend on
arithmetic implications. Check for overflow.
Problem : Negative array index read @ 5674.
Diagnostic : False positive.
Rationale : Problem occurs if for loop does not find any match, which
implies shl->lnum == 0, and then we enter the
`if (shl->lnum == lnum)` branch, which implies lnum == 0 as
well. That's not possible, as function should not be called
with lnum == 0.
Resolution : Change conditions `shl->lnum == lnum` into `bot != -1`.
For unibilium extension indexes, use signed integer type initialized with -1 to
distinguish from the first extension string which will always have index 0.
Note: Clint was failing because of recommending not to use long. But
converting to long is the proper refactoring here, in as far as other
longs exist. We could, then, disable clint rule, or remove this file
from checking. We choose the former, as it's being discussed what to do
with longs, but a decision has not been taken. So, it seems most
reasonable to allow longs for now, to enable proper refactorings, and
then, when a decision is taken, refactor all longs to some other thing.
