| Group |
Location |
Level |
Code |
Message |
| General Analysis |
object.c:137 |
Medium |
V1086 |
A call of the 'memcpy' function will lead to underflow of the buffer 'dst'. |
| General Analysis |
object.c:137 |
Medium |
V1086 |
A call of the 'memcpy' function will lead to underflow of the buffer 'src'. |
| General Analysis |
mpack_core.c:241 |
High |
V610 |
Undefined behavior. Check the shift operator '<<'. The right operand is negative ('(t - 0xdb)' = [-27..4]). |
| General Analysis |
mpack_core.c:31 |
Medium |
V1071 |
Consider inspecting the 'mpack_w1' function. The return value is not always used. Total calls: 48, discarded results: 5. |
| General Analysis |
rpc.c:248 |
Medium |
V1086 |
A call of the 'memcpy' function will lead to underflow of the buffer 'dst'. |
| General Analysis |
rpc.c:248 |
Medium |
V1086 |
A call of the 'memcpy' function will lead to underflow of the buffer 'src'. |
| General Analysis |
helpers.c:782 |
Medium |
V601 |
Pointer is implicitly cast to an integer type. Inspect the second argument. |
| General Analysis |
change.c:984 |
High |
V614 |
Uninitialized variable 'line_size' used. Consider checking the third actual argument of the '__builtin_add_overflow' function. |
| General Analysis |
cursor.c:180 |
High |
V614 |
Uninitialized variable 'newline_size' used. Consider checking the third actual argument of the '__builtin_add_overflow' function. |
| General Analysis |
cursor.c:200 |
High |
V614 |
Uninitialized variable 'n' used. Consider checking the third actual argument of the '__builtin_add_overflow' function. |
| General Analysis |
drawline.c:2378 |
Medium |
V560 |
A part of conditional expression is always true: eol_hl_off == 0. |
| General Analysis |
userfunc.c:2161 |
High |
V595 |
The 'name' pointer was utilized before it was verified against nullptr. Check lines: 2161, 2187. |
| General Analysis |
typval.c:1243 |
Medium |
V547 |
Expression 'info.item_compare_func_err' is always false. |
| General Analysis |
typval.c:1266 |
Medium |
V547 |
Expression 'info.item_compare_func_err' is always false. |
| General Analysis |
funcs.c:7346 |
Medium |
V1048 |
The 'action' variable was assigned the same value. |
| General Analysis |
ex_getln.c:3032 |
High |
V595 |
The 'colored_ccline->cmdbuff' pointer was utilized before it was verified against nullptr. Check lines: 3032, 3038. |
| General Analysis |
fileio.c:5133 |
Medium |
V557 |
Array overrun is possible. The value of 'strlen(tmp) - strlen(user)' index could reach 18446744073709551615. |
| General Analysis |
help.c:1013 |
High |
V781 |
The value of the 'len' index is checked after it was used. Perhaps there is a mistake in program logic. |
| General Analysis |
highlight.c:337 |
Medium |
V547 |
Expression '!wp->w_ns_hl_attr' is always false. |
| General Analysis |
indent.c:579 |
High |
V614 |
Uninitialized variable 'newline_size' used. Consider checking the third actual argument of the '__builtin_add_overflow' function. |
| General Analysis |
indent.c:607 |
High |
V614 |
Uninitialized variable 'newline_size' used. Consider checking the third actual argument of the '__builtin_add_overflow' function. |
| General Analysis |
insexpand.c:2894 |
Medium |
V1048 |
The 'compl_type' variable was assigned the same value. |
| General Analysis |
insexpand.c:2917 |
Medium |
V1048 |
The 'compl_type' variable was assigned the same value. |
| General Analysis |
log.c:169 |
Medium |
V601 |
Pointer is implicitly cast to an integer type. Inspect the second argument. |
| General Analysis |
log.c:272 |
Medium |
V601 |
Pointer is implicitly cast to an integer type. Inspect the second argument. |
| General Analysis |
executor.c:346 |
Medium |
V560 |
A part of conditional expression is always true: lua_arg0 >= 0. |
| General Analysis |
stdlib.c:605 |
Medium |
V601 |
Pointer is implicitly cast to an integer type. Inspect the second argument. |
| General Analysis |
marktree.c:165 |
Medium |
V1086 |
A call of the 'memcpy' function will lead to underflow of the buffer 'z->key'. |
| General Analysis |
message.c:493 |
Medium |
V601 |
Pointer is implicitly cast to an integer type. Inspect the second argument. |
| General Analysis |
message.c:505 |
Medium |
V601 |
Pointer is implicitly cast to an integer type. Inspect the second argument. |
| General Analysis |
message.c:516 |
Medium |
V601 |
Pointer is implicitly cast to an integer type. Inspect the second argument. |
| General Analysis |
message.c:787 |
Medium |
V601 |
Pointer is implicitly cast to an integer type. Inspect the second argument. |
| General Analysis |
message.c:806 |
Medium |
V601 |
Pointer is implicitly cast to an integer type. Inspect the second argument. |
| General Analysis |
message.c:856 |
Medium |
V601 |
Pointer is implicitly cast to an integer type. Inspect the second argument. |
| General Analysis |
message.c:883 |
Medium |
V601 |
Pointer is implicitly cast to an integer type. Inspect the second argument. |
| General Analysis |
message.c:2111 |
Medium |
V601 |
Pointer is implicitly cast to an integer type. Inspect the second argument. |
| General Analysis |
ops.c:4130 |
Medium |
V601 |
The value of 'char' type is implicitly cast to a char pointer. |
| General Analysis |
ops.c:5470 |
High |
V614 |
Uninitialized variable 'cols' used. Consider checking the third actual argument of the '__builtin_sub_overflow' function. |
| General Analysis |
option.c:3230 |
Medium |
V560 |
A part of conditional expression is always true: all == 0. |
| General Analysis |
path.c:2378 |
Medium |
V1048 |
The 'end_of_path' variable was assigned the same value. |
| General Analysis |
quickfix.c:1504 |
Medium |
V1048 |
The 'status' variable was assigned the same value. |
| General Analysis |
quickfix.c:6228 |
Medium |
V1048 |
The 'status' variable was assigned the same value. |
| General Analysis |
shada.c:3605 |
Medium |
V1048 |
The 'ret' variable was assigned the same value. |
| General Analysis |
spell.c:2939 |
High |
V781 |
The value of the 'i' index is checked after it was used. Perhaps there is a mistake in program logic. |
| General Analysis |
regexp_nfa.c:2241 |
Medium |
V1048 |
The 'startc' variable was assigned the same value. |
| General Analysis |
spellsuggest.c:1200 |
Medium |
V1086 |
A call of the 'memset' function will lead to underflow of the buffer 'sp'. |
| General Analysis |
strings.c:677 |
Medium |
V601 |
Pointer is implicitly cast to an integer type. Inspect the second argument. |
| General Analysis |
strings.c:695 |
Medium |
V601 |
Pointer is implicitly cast to an integer type. Inspect the second argument. |
| General Analysis |
strings.c:1416 |
Medium |
V601 |
Pointer is implicitly cast to an integer type. Inspect the second argument. |
| General Analysis |
strings.c:1428 |
Medium |
V601 |
Pointer is implicitly cast to an integer type. Inspect the second argument. |
| General Analysis |
tag.c:470 |
Medium |
V1048 |
The 'prevtagstackidx' variable was assigned the same value. |
