From ab86da74c4f81f492d493a42a1c3c26a273016a9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Eliseo=20Marti=CC=81nez?= Date: Tue, 27 Jan 2015 15:22:36 +0100 Subject: [PATCH] coverity/68610: Out-of-bounds access: FP. Diagnostic : False positive. Rationale : Coverity thinks we are forgetting to add more char to hold NULL, but it's not taking into account that two chars from cntxformat will no be present in the result. In fact, we can even allocate one byte less than currently done. Resolution : Add explanatory comment and allocate one less byte. Marked as "Intentional" at coverity's database. --- src/nvim/if_cscope.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/nvim/if_cscope.c b/src/nvim/if_cscope.c index 843cbcf6f9..09f4ecf519 100644 --- a/src/nvim/if_cscope.c +++ b/src/nvim/if_cscope.c @@ -1646,7 +1646,6 @@ static void cs_print_tags_priv(char **matches, char **cntxts, int num_matches) char *fname, *lno, *extra, *tbuf; int i, idx, num; char *globalcntx = "GLOBAL"; - char *cntxformat = " <<%s>>"; char *context; char *cstag_msg = _("Cscope tag: %s"); @@ -1706,7 +1705,11 @@ static void cs_print_tags_priv(char **matches, char **cntxts, int num_matches) context = cntxts[idx]; else context = globalcntx; - newsize = strlen(context) + strlen(cntxformat); + + const char *cntxformat = " <<%s>>"; + // '%s' won't appear in result string, so: + // newsize = len(cntxformat) - 2 + len(context) + 1 (for NUL). + newsize = strlen(context) + strlen(cntxformat) - 1; if (bufsize < newsize) { buf = xrealloc(buf, newsize);