1938895 - review of important potential issues detected by static analyzers in vim-8.2.2488-1.el9

Resolves: rhbz#1938895
2021-08-05 14:23:39 +02:00 · 2021-08-05 14:23:39 +02:00 · a3f288b5a9
parent 7c59ec87fe
commit a3f288b5a9
3 changed files with 140 additions and 1 deletions
--- a/0001-patch-8.2.3115-Coverity-complains-about-free_wininfo.patch
+++ b/0001-patch-8.2.3115-Coverity-complains-about-free_wininfo.patch
@ -0,0 +1,30 @@
+From b5098060f4acae4dac3203130278c948d670a3d5 Mon Sep 17 00:00:00 2001
+From: Bram Moolenaar <Bram@vim.org>
+Date: Wed, 7 Jul 2021 19:26:19 +0200
+Subject: [PATCH] patch 8.2.3115: Coverity complains about free_wininfo() use
+
+Problem:    Coverity complains about free_wininfo() use.
+Solution:   Add a condition that "wip2" is not equal to "wip". (Neovim #14996)
+---
+ src/version.c | 2 ++
+ src/window.c  | 3 ++-
+ 2 files changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/src/window.c b/src/window.c
+index 09067b081..cc9c217b4 100644
+--- a/src/window.c
+++ b/src/window.c
+@@ -5057,8 +5057,9 @@ win_free(
+ 
+ 		// If there already is an entry with "wi_win" set to NULL it
+ 		// must be removed, it would never be used.
+		// Skip "wip" itself, otherwise Coverity complains.
+ 		for (wip2 = buf->b_wininfo; wip2 != NULL; wip2 = wip2->wi_next)
+-		    if (wip2->wi_win == NULL)
+		    if (wip2 != wip && wip2->wi_win == NULL)
+ 		    {
+ 			if (wip2->wi_next != NULL)
+ 			    wip2->wi_next->wi_prev = wip2->wi_prev;
+-- 
+2.31.1
+
--- a/0001-patch-8.2.3290-Vim9-compiling-dict-may-use-pointer-a.patch
+++ b/0001-patch-8.2.3290-Vim9-compiling-dict-may-use-pointer-a.patch
@ -0,0 +1,102 @@
+diff --git a/src/vim9compile.c b/src/vim9compile.c
+index 535de05..ae7b253 100644
+--- a/src/vim9compile.c
+++ b/src/vim9compile.c
+@@ -1073,21 +1073,26 @@ generate_PUSHF(cctx_T *cctx, float_T fnumber)
+ 
+ /*
+  * Generate an ISN_PUSHS instruction.
+- * Consumes "str".
+ * Consumes "*str".  When freed *str is set to NULL, unless "str" is NULL.
+  */
+     static int
+-generate_PUSHS(cctx_T *cctx, char_u *str)
+generate_PUSHS(cctx_T *cctx, char_u **str)
+ {
+     isn_T	*isn;
+ 
+     if (cctx->ctx_skip == SKIP_YES)
+     {
+-	vim_free(str);
+	if (str != NULL)
+	    VIM_CLEAR(*str);
+ 	return OK;
+     }
+     if ((isn = generate_instr_type(cctx, ISN_PUSHS, &t_string)) == NULL)
+    {
+	if (str != NULL)
+	    VIM_CLEAR(*str);
+ 	return FAIL;
+-    isn->isn_arg.string = str;
+    }
+    isn->isn_arg.string = str == NULL ? NULL : *str;
+ 
+     return OK;
+ }
+@@ -2547,7 +2552,7 @@ generate_tv_PUSH(cctx_T *cctx, typval_T *tv)
+ 		tv->vval.v_blob = NULL;
+ 		break;
+ 	    case VAR_STRING:
+-		generate_PUSHS(cctx, tv->vval.v_string);
+		generate_PUSHS(cctx, &tv->vval.v_string);
+ 		tv->vval.v_string = NULL;
+ 		break;
+ 	    default:
+@@ -3301,7 +3306,7 @@ compile_dict(char_u **arg, cctx_T *cctx, ppconst_T *ppconst)
+ 	    key = get_literal_key(arg);
+ 	    if (key == NULL)
+ 		return FAIL;
+-	    if (generate_PUSHS(cctx, key) == FAIL)
+	    if (generate_PUSHS(cctx, &key) == FAIL)
+ 		return FAIL;
+ 	}
+ 
+@@ -5978,7 +5983,7 @@ compile_assign_unlet(
+ 	char_u *key_end = to_name_end(p + 1, TRUE);
+ 	char_u *key = vim_strnsave(p + 1, key_end - p - 1);
+ 
+-	r = generate_PUSHS(cctx, key);
+	r = generate_PUSHS(cctx, &key);
+     }
+     if (r == FAIL)
+ 	return FAIL;
+@@ -6149,7 +6154,7 @@ compile_assignment(char_u *arg, exarg_T *eap, cmdidx_T cmdidx, cctx_T *cctx)
+ 	    // Push each line and the create the list.
+ 	    FOR_ALL_LIST_ITEMS(l, li)
+ 	    {
+-		generate_PUSHS(cctx, li->li_tv.vval.v_string);
+		generate_PUSHS(cctx, &li->li_tv.vval.v_string);
+ 		li->li_tv.vval.v_string = NULL;
+ 	    }
+ 	    generate_NEWLIST(cctx, l->lv_len);
+@@ -7709,7 +7714,7 @@ compile_catch(char_u *arg, cctx_T *cctx UNUSED)
+ 	p += len + 2 + dropped;
+ 	if (pat == NULL)
+ 	    return FAIL;
+-	if (generate_PUSHS(cctx, pat) == FAIL)
+	if (generate_PUSHS(cctx, &pat) == FAIL)
+ 	    return FAIL;
+ 
+ 	if (generate_COMPARE(cctx, EXPR_MATCH, FALSE) == FAIL)
+@@ -8080,7 +8085,9 @@ compile_exec(char_u *line, exarg_T *eap, cctx_T *cctx)
+ 	{
+ 	    if (p > start)
+ 	    {
+-		generate_PUSHS(cctx, vim_strnsave(start, p - start));
+		char_u *val = vim_strnsave(start, p - start);
+
+		generate_PUSHS(cctx, &val);
+ 		++count;
+ 	    }
+ 	    p += 2;
+@@ -8101,7 +8108,9 @@ compile_exec(char_u *line, exarg_T *eap, cctx_T *cctx)
+ 	    {
+ 		if (*skipwhite(start) != NUL)
+ 		{
+-		    generate_PUSHS(cctx, vim_strsave(start));
+		    char_u *val = vim_strsave(start);
+
+		    generate_PUSHS(cctx, &val);
+ 		    ++count;
+ 		}
+ 		break;
--- a/vim.spec
+++ b/vim.spec
@ -27,7 +27,7 @@ Summary: The VIM editor
 URL:     http://www.vim.org/
 Name: vim
 Version: %{baseversion}.%{patchlevel}
-Release: 3%{?dist}
+Release: 4%{?dist}
 License: Vim and MIT
 Source0: ftp://ftp.vim.org/pub/vim/unix/vim-%{baseversion}-%{patchlevel}.tar.bz2
 Source1: virc
@ -70,6 +70,8 @@ Patch3016: vim-8.0-copy-paste.patch
 Patch3017: vim-python3-tests.patch
 # fips warning
 Patch3018: vim-crypto-warning.patch
+Patch3019: 0001-patch-8.2.3115-Coverity-complains-about-free_wininfo.patch
+Patch3020: 0001-patch-8.2.3290-Vim9-compiling-dict-may-use-pointer-a.patch

 # gcc is no longer in buildroot by default
 BuildRequires: gcc
@ -277,6 +279,8 @@ perl -pi -e "s,bin/nawk,bin/awk,g" runtime/tools/mve.awk
 %patch3016 -p1 -b .copypaste
 %patch3017 -p1 -b .python-tests
 %patch3018 -p1 -b .fips-warning
+%patch3019 -p1 -b .covscan-free-wininfo
+%patch3020 -p1 -b .covscan-key-freed

 %build
 cd src
@ -834,6 +838,9 @@ touch %{buildroot}/%{_datadir}/%{name}/vimfiles/doc/tags
 %endif

 %changelog
+* Thu Aug 05 2021 Zdenek Dohnal <zdohnal@redhat.com> - 2:8.2.2637-4
+- 1938895 - review of important potential issues detected by static analyzers in vim-8.2.2488-1.el9
+
 * Thu May 06 2021 Zdenek Dohnal <zdohnal@redhat.com> - 2.8.2.2637-3
 - 1957209 - remove vim-default-editor from el9