Skip to content

Commit 126d564

Browse files
brammoolbrammool
committed
updated for version 7.4.624
Problem: May leak memory or crash when vim_realloc() returns NULL. Solution: Handle a NULL value properly. (Mike Williams)
1 parent fe82c9c commit 126d564

File tree

5 files changed

+47
-0
lines changed

5 files changed

+47
-0
lines changed

src/if_cscope.c

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1507,9 +1507,16 @@ cs_insert_filelist(fname, ppath, flags, sb)
15071507
}
15081508
else
15091509
{
1510+
csinfo_T *t_csinfo = csinfo;
1511+
15101512
/* Reallocate space for more connections. */
15111513
csinfo_size *= 2;
15121514
csinfo = vim_realloc(csinfo, sizeof(csinfo_T)*csinfo_size);
1515+
if (csinfo == NULL)
1516+
{
1517+
vim_free(t_csinfo);
1518+
csinfo_size = 0;
1519+
}
15131520
}
15141521
if (csinfo == NULL)
15151522
return -1;
@@ -2059,6 +2066,7 @@ cs_print_tags_priv(matches, cntxts, num_matches)
20592066
int num_matches;
20602067
{
20612068
char *buf = NULL;
2069+
char *t_buf;
20622070
int bufsize = 0; /* Track available bufsize */
20632071
int newsize = 0;
20642072
char *ptag;
@@ -2120,9 +2128,13 @@ cs_print_tags_priv(matches, cntxts, num_matches)
21202128
newsize = (int)(strlen(csfmt_str) + 16 + strlen(lno));
21212129
if (bufsize < newsize)
21222130
{
2131+
t_buf = buf;
21232132
buf = (char *)vim_realloc(buf, newsize);
21242133
if (buf == NULL)
2134+
{
21252135
bufsize = 0;
2136+
vim_free(t_buf);
2137+
}
21262138
else
21272139
bufsize = newsize;
21282140
}
@@ -2143,9 +2155,13 @@ cs_print_tags_priv(matches, cntxts, num_matches)
21432155

21442156
if (bufsize < newsize)
21452157
{
2158+
t_buf = buf;
21462159
buf = (char *)vim_realloc(buf, newsize);
21472160
if (buf == NULL)
2161+
{
21482162
bufsize = 0;
2163+
vim_free(t_buf);
2164+
}
21492165
else
21502166
bufsize = newsize;
21512167
}

src/memline.c

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5057,13 +5057,16 @@ ml_updatechunk(buf, line, len, updtype)
50575057
/* May resize here so we don't have to do it in both cases below */
50585058
if (buf->b_ml.ml_usedchunks + 1 >= buf->b_ml.ml_numchunks)
50595059
{
5060+
chunksize_T *t_chunksize = buf->b_ml.ml_chunksize;
5061+
50605062
buf->b_ml.ml_numchunks = buf->b_ml.ml_numchunks * 3 / 2;
50615063
buf->b_ml.ml_chunksize = (chunksize_T *)
50625064
vim_realloc(buf->b_ml.ml_chunksize,
50635065
sizeof(chunksize_T) * buf->b_ml.ml_numchunks);
50645066
if (buf->b_ml.ml_chunksize == NULL)
50655067
{
50665068
/* Hmmmm, Give up on offset for this buffer */
5069+
vim_free(t_chunksize);
50675070
buf->b_ml.ml_usedchunks = -1;
50685071
return;
50695072
}

src/misc1.c

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3431,10 +3431,14 @@ get_keystroke()
34313431
buf = alloc(buflen);
34323432
else if (maxlen < 10)
34333433
{
3434+
char_u *t_buf = buf;
3435+
34343436
/* Need some more space. This might happen when receiving a long
34353437
* escape sequence. */
34363438
buflen += 100;
34373439
buf = vim_realloc(buf, buflen);
3440+
if (buf == NULL)
3441+
vim_free(t_buf);
34383442
maxlen = (buflen - 6 - len) / 3;
34393443
}
34403444
if (buf == NULL)

src/netbeans.c

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1080,10 +1080,18 @@ nb_get_buf(int bufno)
10801080
{
10811081
if (bufno >= buf_list_size) /* grow list */
10821082
{
1083+
nbbuf_T *t_buf_list = buf_list;
1084+
10831085
incr = bufno - buf_list_size + 90;
10841086
buf_list_size += incr;
10851087
buf_list = (nbbuf_T *)vim_realloc(
10861088
buf_list, buf_list_size * sizeof(nbbuf_T));
1089+
if (buf_list == NULL)
1090+
{
1091+
vim_free(t_buf_list);
1092+
buf_list_size = 0;
1093+
return NULL;
1094+
}
10871095
vim_memset(buf_list + buf_list_size - incr, 0,
10881096
incr * sizeof(nbbuf_T));
10891097
}
@@ -3678,11 +3686,18 @@ addsigntype(
36783686
{
36793687
int incr;
36803688
int oldlen = globalsignmaplen;
3689+
char **t_globalsignmap = globalsignmap;
36813690

36823691
globalsignmaplen *= 2;
36833692
incr = globalsignmaplen - oldlen;
36843693
globalsignmap = (char **)vim_realloc(globalsignmap,
36853694
globalsignmaplen * sizeof(char *));
3695+
if (globalsignmap == NULL)
3696+
{
3697+
vim_free(t_globalsignmap);
3698+
globalsignmaplen = 0;
3699+
return;
3700+
}
36863701
vim_memset(globalsignmap + oldlen, 0, incr * sizeof(char *));
36873702
}
36883703
}
@@ -3708,11 +3723,18 @@ addsigntype(
37083723
{
37093724
int incr;
37103725
int oldlen = buf->signmaplen;
3726+
int *t_signmap = buf->signmap;
37113727

37123728
buf->signmaplen *= 2;
37133729
incr = buf->signmaplen - oldlen;
37143730
buf->signmap = (int *)vim_realloc(buf->signmap,
37153731
buf->signmaplen * sizeof(int));
3732+
if (buf->signmap == NULL)
3733+
{
3734+
vim_free(t_signmap);
3735+
buf->signmaplen = 0;
3736+
return;
3737+
}
37163738
vim_memset(buf->signmap + oldlen, 0, incr * sizeof(int));
37173739
}
37183740
}

src/version.c

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -741,6 +741,8 @@ static char *(features[]) =
741741

742742
static int included_patches[] =
743743
{ /* Add new patch number below this line */
744+
/**/
745+
624,
744746
/**/
745747
623,
746748
/**/

0 commit comments

Comments
 (0)