| Group |
Location |
Level |
Code |
Message |
| General Analysis |
conv.c:330 |
Medium |
V1048 |
The 'rv.lo' variable was assigned the same value. |
| General Analysis |
lmpack.c:247 |
Medium |
V560 |
A part of conditional expression is always true: (size_t) - 1 > (mpack_uint32_t) - 1. |
| General Analysis |
mpack_core.c:238 |
High |
V610 |
Undefined behavior. Check the shift operator '<<'. The right operand is negative ('(t - 0xdb)' = [-27..4]). |
| General Analysis |
mpack_core.c:33 |
Medium |
V1071 |
Consider inspecting the 'mpack_w1' function. The return value is not always used. Total calls: 48, discarded results: 5. |
| General Analysis |
object.c:137 |
High |
V512 |
A call of the 'memcpy' function will lead to underflow of the buffer 'dst'. |
| General Analysis |
object.c:137 |
High |
V512 |
A call of the 'memcpy' function will lead to underflow of the buffer 'src'. |
| General Analysis |
rpc.c:248 |
High |
V512 |
A call of the 'memcpy' function will lead to underflow of the buffer 'dst'. |
| General Analysis |
rpc.c:248 |
High |
V512 |
A call of the 'memcpy' function will lead to underflow of the buffer 'src'. |
| General Analysis |
typval_encode.c.h:394 |
Medium |
V785 |
Constant expression in switch statement. |
| General Analysis |
autocmd.c:383 |
Medium |
V547 |
Expression 'i != - 2' is always true. |
| General Analysis |
eval.c:6194 |
High |
V576 |
Incorrect format. Consider checking the fourth actual argument of the 'vim_snprintf' function. The memsize type argument is expected. |
| General Analysis |
eval.c:6194 |
High |
V576 |
Incorrect format. Consider checking the fifth actual argument of the 'vim_snprintf' function. The memsize type argument is expected. |
| General Analysis |
typval_encode.c.h:288 |
High |
V1063 |
The modulo by 1 operation is meaningless. The result will always be zero. |
| General Analysis |
typval_encode.c.h:328 |
High |
V1063 |
The modulo by 1 operation is meaningless. The result will always be zero. |
| General Analysis |
typval_encode.c.h:328 |
High |
V576 |
Incorrect format. Consider checking the fourth actual argument of the 'vim_snprintf' function. The memsize type argument is expected. |
| General Analysis |
typval_encode.c.h:331 |
High |
V1063 |
The modulo by 1 operation is meaningless. The result will always be zero. |
| General Analysis |
typval_encode.c.h:334 |
High |
V1063 |
The modulo by 1 operation is meaningless. The result will always be zero. |
| General Analysis |
typval_encode.c.h:486 |
High |
V1063 |
The modulo by 1 operation is meaningless. The result will always be zero. |
| General Analysis |
typval_encode.c.h:486 |
High |
V576 |
Incorrect format. Consider checking the fourth actual argument of the 'vim_snprintf' function. The memsize type argument is expected. |
| General Analysis |
typval_encode.c.h:494 |
High |
V1063 |
The modulo by 1 operation is meaningless. The result will always be zero. |
| General Analysis |
typval_encode.c.h:484 |
High |
V1063 |
The modulo by 1 operation is meaningless. The result will always be zero. |
| General Analysis |
typval_encode.c.h:484 |
High |
V576 |
Incorrect format. Consider checking the fourth actual argument of the 'vim_snprintf' function. The memsize type argument is expected. |
| General Analysis |
funcs.c:1901 |
High |
V547 |
Expression is always true. |
| General Analysis |
funcs.c:7293 |
Medium |
V547 |
Expression 'strregname == NULL' is always false. |
| General Analysis |
funcs.c:8864 |
Medium |
V560 |
A part of conditional expression is always true. |
| General Analysis |
typval.c:2869 |
High |
V547 |
Expression is always true. |
| General Analysis |
fileio.c:1132 |
Medium |
V614 |
Potentially uninitialized variable 'blen' used. |
| General Analysis |
fold.c:2870 |
Medium |
V560 |
A part of conditional expression is always true: (gap)->ga_len > 0. |
| General Analysis |
fold.c:2874 |
Medium |
V560 |
A part of conditional expression is always true: (gap)->ga_len > 0. |
| General Analysis |
fold.c:2893 |
Medium |
V560 |
A part of conditional expression is always true: (gap)->ga_len > 0. |
| General Analysis |
marktree.c:166 |
High |
V512 |
A call of the 'memcpy' function will lead to underflow of the buffer 'z->key'. |
| General Analysis |
marktree.c:470 |
High |
V1028 |
Possible overflow. Consider casting operands of the 'y->n + 1' operator to the 'size_t' type, not the result. |
| General Analysis |
marktree.c:492 |
High |
V1028 |
Possible overflow. Consider casting operands of the 'y->n + 1' operator to the 'size_t' type, not the result. |
| General Analysis |
memline.c:1035 |
Medium |
V1048 |
The 'buf->b_ml.ml_stack_top' variable was assigned the same value. |
| General Analysis |
memline.c:1037 |
Medium |
V1048 |
The 'buf->b_ml.ml_stack_size' variable was assigned the same value. |
| General Analysis |
normal.c:3241 |
High |
V781 |
The value of the 'col' index is checked after it was used. Perhaps there is a mistake in program logic. |
| General Analysis |
option.c:3513 |
High |
V1028 |
Possible overflow. Consider casting operands of the 'multispace_len + 1' operator to the 'size_t' type, not the result. |
| General Analysis |
input.c:443 |
Medium |
V1044 |
Loop break conditions do not depend on the number of iterations. |
| General Analysis |
quickfix.c:2735 |
Medium |
V560 |
A part of conditional expression is always false: old_qf_curlist != qi->qf_curlist. |
| General Analysis |
quickfix.c:2736 |
Medium |
V560 |
A part of conditional expression is always false: old_changetick != qfl->qf_changedtick. |
| General Analysis |
quickfix.c:2837 |
Medium |
V560 |
A part of conditional expression is always false: old_changetick != qfl->qf_changedtick. |
| General Analysis |
quickfix.c:4047 |
Medium |
V560 |
A part of conditional expression is always true: cb != NULL. |
| General Analysis |
screen.c:3025 |
High |
V512 |
A call of the 'memset' function will lead to underflow of the buffer 'buf_fold'. |
| General Analysis |
screen.c:3988 |
Medium |
V560 |
A part of conditional expression is always true: eol_hl_off == 0. |
| General Analysis |
screen.c:5266 |
Medium |
V512 |
A call of the 'strcpy' function will lead to overflow of the buffer '(char *)(p + len)'. |
| General Analysis |
spell.c:448 |
Medium |
V557 |
Array underrun is possible. The value of 'mi.mi_fwordlen - 1' index could reach -1. |
| General Analysis |
spell.c:6163 |
High |
V781 |
The value of the 'i' index is checked after it was used. Perhaps there is a mistake in program logic. |
| General Analysis |
strings.c:619 |
High |
V568 |
It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'tvs[0].vval.v_list' class object. |
| General Analysis |
strings.c:619 |
High |
V568 |
It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'tvs[0].vval.v_dict' class object. |
| General Analysis |
strings.c:619 |
High |
V568 |
It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'tvs[0].vval.v_partial' class object. |
| General Analysis |
tag.c:1195 |
Medium |
V560 |
A part of conditional expression is always true: rettv.vval.v_special == kSpecialVarNull. |
| General Analysis |
input.c:592 |
Medium |
V1044 |
Loop break conditions do not depend on the number of iterations. |
| General Analysis |
input.c:604 |
Medium |
V1044 |
Loop break conditions do not depend on the number of iterations. |
| General Analysis |
rbuffer.c:10 |
Medium |
V1044 |
Loop break conditions do not depend on the number of iterations. |
| General Analysis |
rbuffer.c:18 |
Medium |
V1044 |
Loop break conditions do not depend on the number of iterations. |
