patch 9.1.0608: Coverity warns about a few potential issues

Problem:  Coverity warns about a few potential issues
Solution: Fix those issues (see details below)

1) Fix overflow warning in highlight.c
   This happens because we are comparing int with long
   and assign a potential long value to an int, which
   could cause an overflow. So add some casts to ensure
   the value fits into an int.

2) Fix Overflow warning in shift_line().
   This happens because we are performing a division/modulo
   operation of a long type by an int type and assign the result
   to an int, which could then overflow. So before performing
   the operation, trim the long to value to at most max int value,
   so that it can't overflow.

3) Fix overflow warning in syn_list_cluster in syntax.c
   This is essential the same issue as 1)

4) not checking the return value of vim_mkdir() in spellfile.c
   Creating the spell directory could fail. Handle this case
   and return early in this case.

5) qsort() may deref a NULL pointer when fuzzy match does not
   return a result. Fix this by checking that the accessed growarray
   fuzzy_indices actually contains  data. If not we can silently skip
   the qsort() and related logic.

closes: #15284

Signed-off-by: Christian Brabandt <[email protected]>

Author: chrisbra

src/highlight.c

@@ -3351,8 +3351,8 @@ syn_list_header(
 
     if (msg_col >= endcol)	// output at least one space
 	endcol = msg_col + 1;
-    if (Columns <= endcol)	// avoid hang for tiny window
-	endcol = Columns - 1;
+    if (Columns <= (long)endcol)	// avoid hang for tiny window
+	endcol = (int)(Columns - 1);
 
     msg_advance(endcol);
 

src/insexpand.c

@@ -3618,16 +3618,21 @@ get_next_filename_completion(void)
 	    }
 	}
 
-	fuzzy_indices_data = (int *)fuzzy_indices.ga_data;
-	qsort(fuzzy_indices_data, fuzzy_indices.ga_len, sizeof(int), compare_scores);
+	// prevent qsort from deref NULL pointer
+	if (fuzzy_indices.ga_len > 0)
+	{
+	    fuzzy_indices_data = (int *)fuzzy_indices.ga_data;
+	    qsort(fuzzy_indices_data, fuzzy_indices.ga_len, sizeof(int), compare_scores);
+
+	    sorted_matches = (char_u **)alloc(sizeof(char_u *) * fuzzy_indices.ga_len);
+	    for (i = 0; i < fuzzy_indices.ga_len; ++i)
+		sorted_matches[i] = vim_strsave(matches[fuzzy_indices_data[i]]);
 
-	sorted_matches = (char_u **)alloc(sizeof(char_u *) * fuzzy_indices.ga_len);
-	for (i = 0; i < fuzzy_indices.ga_len; ++i)
-	    sorted_matches[i] = vim_strsave(matches[fuzzy_indices_data[i]]);
+	    FreeWild(num_matches, matches);
+	    matches = sorted_matches;
+	    num_matches = fuzzy_indices.ga_len;
+	}
 
-	FreeWild(num_matches, matches);
-	matches = sorted_matches;
-	num_matches = fuzzy_indices.ga_len;
 	vim_free(compl_fuzzy_scores);
 	ga_clear(&fuzzy_indices);
     }

src/ops.c

@@ -240,8 +240,8 @@ shift_line(
 
     if (round)			// round off indent
     {
-	i = count / sw_val;	// number of 'shiftwidth' rounded down
-	j = count % sw_val;	// extra spaces
+	i = trim_to_int(count) / sw_val;	// number of 'shiftwidth' rounded down
+	j = trim_to_int(count) % sw_val;	// extra spaces
 	if (j && left)		// first remove extra spaces
 	    --amount;
 	if (left)

src/spellfile.c

@@ -6434,7 +6434,13 @@ init_spellfile(void)
 		l = (int)STRLEN(buf);
 		vim_snprintf((char *)buf + l, MAXPATHL - l, "/spell");
 		if (filewritable(buf) != 2)
-		    vim_mkdir(buf, 0755);
+		{
+		    if (vim_mkdir(buf, 0755) != 0)
+		    {
+			vim_free(buf);
+			return;
+		    }
+		}
 
 		l = (int)STRLEN(buf);
 		vim_snprintf((char *)buf + l, MAXPATHL - l,

src/syntax.c

@@ -4084,8 +4084,8 @@ syn_list_cluster(int id)
 
     if (msg_col >= endcol)	// output at least one space
 	endcol = msg_col + 1;
-    if (Columns <= endcol)	// avoid hang for tiny window
-	endcol = Columns - 1;
+    if (Columns <= (long)endcol)	// avoid hang for tiny window
+	endcol = (int)(Columns - 1);
 
     msg_advance(endcol);
     if (SYN_CLSTR(curwin->w_s)[id].scl_list != NULL)

src/version.c

@@ -704,6 +704,8 @@ static char *(features[]) =
 
 static int included_patches[] =
 {   /* Add new patch number below this line */
+/**/
+    608,
 /**/
     607,
 /**/