Mercurial > vim

diff src/memfile.c @ 32290:9b0c304500cc v9.0.1477

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
patch 9.0.1477: crash when recovering from corrupted swap file Commit: https://github.com/vim/vim/commit/b67ba03d3ef2e6c5f207d508e85fc6906f938028 Author: Bram Moolenaar <Bram@vim.org> Date: Sat Apr 22 21:14:26 2023 +0100 patch 9.0.1477: crash when recovering from corrupted swap file Problem: Crash when recovering from corrupted swap file. Solution: Check for a valid page count. (closes https://github.com/vim/vim/issues/12275)
author Bram Moolenaar <Bram@vim.org>
date Sat, 22 Apr 2023 22:15:04 +0200
parents 238ca27dbfd2
children 5d07e7e9580f
line wrap: on
line diff
--- a/src/memfile.c
+++ b/src/memfile.c
@@ -431,7 +431,9 @@ mf_get(memfile_T *mfp, blocknr_T nr, int
 	 * If not, allocate a new block.
 	 */
 	hp = mf_release(mfp, page_count);
-	if (hp == NULL && (hp = mf_alloc_bhdr(mfp, page_count)) == NULL)
+	if (hp == NULL && page_count > 0)
+	    hp = mf_alloc_bhdr(mfp, page_count);
+	if (hp == NULL)
 	    return NULL;
 
 	hp->bh_bnum = nr;
@@ -812,9 +814,10 @@ mf_release(memfile_T *mfp, int page_coun
      */
     if (hp->bh_page_count != page_count)
     {
-	vim_free(hp->bh_data);
-	if ((hp->bh_data = alloc((size_t)mfp->mf_page_size * page_count))
-								       == NULL)
+	VIM_CLEAR(hp->bh_data);
+	if (page_count > 0)
+	    hp->bh_data = alloc((size_t)mfp->mf_page_size * page_count);
+	if (hp->bh_data == NULL)
 	{
 	    vim_free(hp);
 	    return NULL;
@@ -872,7 +875,7 @@ mf_release_all(void)
 }
 
 /*
- * Allocate a block header and a block of memory for it
+ * Allocate a block header and a block of memory for it.
  */
     static bhdr_T *
 mf_alloc_bhdr(memfile_T *mfp, int page_count)
@@ -882,8 +885,7 @@ mf_alloc_bhdr(memfile_T *mfp, int page_c
     if ((hp = ALLOC_ONE(bhdr_T)) == NULL)
 	return NULL;
 
-    if ((hp->bh_data = alloc((size_t)mfp->mf_page_size * page_count))
-	    == NULL)
+    if ((hp->bh_data = alloc((size_t)mfp->mf_page_size * page_count)) == NULL)
     {
 	vim_free(hp);	    // not enough memory
 	return NULL;
@@ -893,7 +895,7 @@ mf_alloc_bhdr(memfile_T *mfp, int page_c
 }
 
 /*
- * Free a block header and the block of memory for it
+ * Free a block header and the block of memory for it.
  */
     static void
 mf_free_bhdr(bhdr_T *hp)
@@ -903,7 +905,7 @@ mf_free_bhdr(bhdr_T *hp)
 }
 
 /*
- * insert entry *hp in the free list
+ * Insert entry *hp in the free list.
  */
     static void
 mf_ins_free(memfile_T *mfp, bhdr_T *hp)