Merge Coverity fixes from 'pre-0.77'.

cmdline.c

@@ -585,6 +585,11 @@ int cmdline_process_param(const char *p, char *value,
             cmdline_error("the -pw option can only be used with the "
                           "SSH protocol");
         else {
+            if (cmdline_password) {
+                smemclr(cmdline_password, strlen(cmdline_password));
+                sfree(cmdline_password);
+            }
+
             cmdline_password = dupstr(value);
             /* Assuming that `value' is directly from argv, make a good faith
              * attempt to trample it, to stop it showing up in `ps' output
@@ -608,6 +613,11 @@ int cmdline_process_param(const char *p, char *value,
             if (!fp) {
                 cmdline_error("unable to open password file '%s'", value);
             } else {
+                if (cmdline_password) {
+                    smemclr(cmdline_password, strlen(cmdline_password));
+                    sfree(cmdline_password);
+                }
+
                 cmdline_password = chomp(fgetline(fp));
                 if (!cmdline_password) {
                     cmdline_error("unable to read a password from file '%s'",

proxy/http.c

@@ -479,7 +479,7 @@ static void proxy_http_process_queue(ProxyNegotiator *pn)
                 crStopV;
             }
 
-            if (maj_ver < 1 && (maj_ver == 1 && min_ver < 1)) {
+            if (maj_ver < 1 || (maj_ver == 1 && min_ver < 1)) {
                 /* Before HTTP/1.1, connections close by default */
                 s->connection_close = true;
             }

proxy/socks5.c

@@ -70,7 +70,7 @@ static void proxy_socks5_free(ProxyNegotiator *pn)
     strbuf_free(s->password);
     if (s->prompts)
         free_prompts(s->prompts);
-    smemclr(s, sizeof(s));
+    smemclr(s, sizeof(*s));
     sfree(s);
 }
 

proxy/sshproxy.c

@@ -592,7 +592,7 @@ Socket *sshproxy_new_connection(SockAddr *addr, const char *hostname,
      * our check is for whether the backend sets the flag promising
      * that it does.
      */
-    if (!(backvt->flags & BACKEND_SUPPORTS_NC_HOST)) {
+    if (!backvt || !(backvt->flags & BACKEND_SUPPORTS_NC_HOST)) {
         sp->errmsg = dupprintf("saved session '%s' is not an SSH session",
                                proxy_hostname);
         return &sp->sock;

terminal/bidi.c

@@ -3602,7 +3602,6 @@ void do_bidi(BidiContext *ctx, bidi_char *text, size_t textlen)
 #ifdef REMOVE_FORMATTING_CHARACTERS
     abort(); /* can't use the standard algorithm in a live terminal */
 #else
-    assert(textlen >= 0);
     do_bidi_new(ctx, text, textlen);
 #endif
 }

terminal/bidi_test.c

@@ -44,7 +44,8 @@ static void run_test(const char *filename, unsigned lineno,
 {
     size_t bcs_orig_len = bcs_len;
     bidi_char *bcs_orig = snewn(bcs_orig_len, bidi_char);
-    memcpy(bcs_orig, bcs, bcs_orig_len * sizeof(bidi_char));
+    if (bcs_orig_len)
+        memcpy(bcs_orig, bcs, bcs_orig_len * sizeof(bidi_char));
 
     bcs_len = do_bidi_test(ctx, bcs, bcs_len, override);
 
@@ -335,6 +336,12 @@ int main(int argc, char **argv)
         } else {
             const char *filename = arg;
 
+            if (!testfn) {
+                fprintf(stderr, "no mode argument provided before filename "
+                        "'%s'\n", filename);
+                return 1;
+            }
+
             if (!strcmp(filename, "-")) {
                 testfn("<standard input>", stdin);
             } else {

terminal/terminal.c

@@ -7677,7 +7677,8 @@ static inline SeatPromptResult signal_prompts_t(Terminal *term, prompts_t *p,
 {
     assert(p->callback && "Asynchronous userpass input requires a callback");
     queue_toplevel_callback(p->callback, p->callback_ctx);
-    ldisc_enable_prompt_callback(term->ldisc, NULL);
+    if (term->ldisc)
+        ldisc_enable_prompt_callback(term->ldisc, NULL);
     p->spr = spr;
     return spr;
 }