From 2a325892c22fa7709590245eb33590bc7315a1a3 Mon Sep 17 00:00:00 2001 From: "Justin M. Keyes" Date: Sat, 5 Jan 2019 00:52:31 +0100 Subject: [PATCH] PVS/V1026: normal.c: signed integer overflow > V1026 The 'curwin->w_curswant' variable is incremented in the loop. > Undefined behavior will occur in case of signed integer overflow. --- src/nvim/normal.c | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/src/nvim/normal.c b/src/nvim/normal.c index 462b476a35..705dea4e88 100644 --- a/src/nvim/normal.c +++ b/src/nvim/normal.c @@ -1,11 +1,11 @@ // This is an open source non-commercial project. Dear PVS-Studio, please check // it. PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com -/* - * normal.c: Contains the main routine for processing characters in command - * mode. Communicates closely with the code in ops.c to handle - * the operators. - */ +// +// normal.c: Contains the main routine for processing characters in command +// mode. Communicates closely with the code in ops.c to handle +// the operators. +// #include #include @@ -3939,9 +3939,11 @@ static bool nv_screengo(oparg_T *oap, int dir, long dist) (void)hasFolding(curwin->w_cursor.lnum, &curwin->w_cursor.lnum, NULL); linelen = linetabsize(get_cursor_line_ptr()); - if (linelen > width1) - curwin->w_curswant += (((linelen - width1 - 1) / width2) - + 1) * width2; + if (linelen > width1) { + int w = (((linelen - width1 - 1) / width2) + 1) * width2; + assert(curwin->w_curswant <= INT_MAX - w); + curwin->w_curswant += w; + } } } else { /* dir == FORWARD */ if (linelen > width1)