Problems : Dereference of null pointer @ 6251.
Dereference of null pointer @ 6267.
Dereference of null pointer @ 6351.
Diagnostic : False positive.
Rationale : Problems occur if varp is null after
`varp = get_varp_scope(p, opt_flags);`.
That can only happen if option is hidden. Those are options
that can be set (for backwards compatibility reasons) but
that do nothing (see `:h hidden-options`,
`:h missing-options`). In particular, even if setting them
is allowed, value is not stored, so these options have no
real value.
So, suggested error paths should not occur, as checks
comparing option value and default value should discard
them.
Resolution : We could just `assert(varp)` before line 6235
`varp_local = varp;`. That was tried and worked.
But we prefer modifying the code to explicitly skip hidden
options.
A redundant `!istermoption(p)` is removed too (it's already
checked by for loop condition).
Problem : Exlicit null dereferenced (FORWARD NULL) @ 2859.
Diagnostic : Real issue.
Rationale : Code within `if (!p_bk)` seems to assume `backup` not null
at that point, which may not be true.
Resolution : Don't enter conditional on null `backup`.
FALSE was being used instead of FAIL.
They happen to have the same value, so it works the same.
But from function comment it's clear it uses the OK/FAIL convention.
Problem : Unchecked return value (CHECKED_RETURN) @ 2644.
Diagnostic : Real issue.
Rationale : Other `u_save` invocations are checked, and there's no
reason to think this invocation could not fail.
Resolution : Check and return if failed (other previous checks in the
same function just return, without reporting error, so
we just do the same).
Problem : Unchecked return value (CHECKED_RETURN) @ 8554.
Diagnostic : Real issue.
Rationale : Other invocations of `do_source` are checked and generate
an error message if fail. There seems to be no reason why
this particular instance could not fail the same.
Resolution : Check invocation and generate error message on failure.
Problem : Array access (via field 'y_array') results in a null pointer
dereference @ 4487.
Diagnostic : Real issue.
Rationale : If the array was previously freed and the size of the array
(y_current->y_size) was not updated to zero, the loop @4486
could be entered and a NULL pointer would be dereferenced.
Resolution : Use free_yank_all() to take care of the NULL check and
to free the current yank register.
Adapt #1533 and #1596 to conform to upstream patch
(https://groups.google.com/forum/#!topic/vim_dev/vp0Lwo9f56s).
Problem: Since patch 7.4.232 "1,3s/\n//" joins two lines instead of
three.
(Eliseo Martínez) Issue 287
Solution: Correct the line count. (Christian Brabandt)
Also set the last used search pattern.
- Update the doxygen comments.
- Use more descriptive types.
- Localize variables.
- Find the '\n' with memchr instead of a for loop.
- Remove `if (size)` checks before memmove
since memmove(dst,src,0) is a noop.
- Use memcpy instead since the pointers don't alias.
- Use xmemdupz instead of vim_strnsave.
- xrealloc instead of xmalloc/memcpy.
- Use memcnt/xmemscan/memchrsub.
Problem: getreg() does not distinguish between a NL used for a line
break and a NL used for a NUL character.
Solution: Add another argument to return a list. (ZyX)
https://code.google.com/p/vim/source/detail?r=v7-4-242
