Mercurial > vim

changeset 19053:cec4da73951a v8.2.0087

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
patch 8.2.0087: crash in command line expansion when out of memory Commit: https://github.com/vim/vim/commit/61d7c0d52ca40ab8488c36e619d1e46503affd0b Author: Bram Moolenaar <Bram@vim.org> Date: Sun Jan 5 14:38:40 2020 +0100 patch 8.2.0087: crash in command line expansion when out of memory Problem: Crash in command line expansion when out of memory. Solution: Check for NULL pointer. Also make ExpandGeneric() static. (Dominique Pelle, closes #5437)
author Bram Moolenaar <Bram@vim.org>
date Sun, 05 Jan 2020 14:45:04 +0100
parents c7102f0d810a
children ebee9e4dac40
files src/cmdexpand.c src/proto/cmdexpand.pro src/version.c
diffstat 3 files changed, 16 insertions(+), 5 deletions(-) [+]
line wrap: on
line diff
--- a/src/cmdexpand.c
+++ b/src/cmdexpand.c
@@ -16,6 +16,9 @@
 static int	cmd_showtail;	// Only show path tail in lists ?
 
 static void	set_expand_context(expand_T *xp);
+static int      ExpandGeneric(expand_T *xp, regmatch_T *regmatch,
+			      int *num_file, char_u ***file,
+			      char_u *((*func)(expand_T *, int)), int escaped);
 static int	ExpandFromContext(expand_T *xp, char_u *, int *, char_u ***, int);
 static int	expand_showtail(expand_T *xp);
 static int	expand_shellcmd(char_u *filepat, int *num_file, char_u ***file, int flagsarg);
@@ -2214,7 +2217,7 @@ ExpandFromContext(
  *
  * Returns OK when no problems encountered, FAIL for error (out of memory).
  */
-    int
+    static int
 ExpandGeneric(
     expand_T	*xp,
     regmatch_T	*regmatch,
@@ -2250,6 +2253,13 @@ ExpandGeneric(
 			str = vim_strsave_escaped(str, (char_u *)" \t\\.");
 		    else
 			str = vim_strsave(str);
+		    if (str == NULL)
+		    {
+			FreeWild(count, *file);
+			*num_file = 0;
+			*file = NULL;
+			return FAIL;
+		    }
 		    (*file)[count] = str;
 # ifdef FEAT_MENU
 		    if (func == get_menu_names && str != NULL)
@@ -2268,13 +2278,14 @@ ExpandGeneric(
 	{
 	    if (count == 0)
 		return OK;
-	    *num_file = count;
 	    *file = ALLOC_MULT(char_u *, count);
 	    if (*file == NULL)
 	    {
-		*file = (char_u **)"";
+		*num_file = 0;
+		*file = NULL;
 		return FAIL;
 	    }
+	    *num_file = count;
 	    count = 0;
 	}
     }
@@ -2297,7 +2308,6 @@ ExpandGeneric(
     // they don't show up when getting normal highlight names by ID.
     reset_expand_highlight();
 #endif
-
     return OK;
 }
 
--- a/src/proto/cmdexpand.pro
+++ b/src/proto/cmdexpand.pro
@@ -8,7 +8,6 @@ char_u *sm_gettail(char_u *s);
 char_u *addstar(char_u *fname, int len, int context);
 void set_cmd_context(expand_T *xp, char_u *str, int len, int col, int use_ccline);
 int expand_cmdline(expand_T *xp, char_u *str, int col, int *matchcount, char_u ***matches);
-int ExpandGeneric(expand_T *xp, regmatch_T *regmatch, int *num_file, char_u ***file, char_u *((*func)(expand_T *, int)), int escaped);
 void globpath(char_u *path, char_u *file, garray_T *ga, int expand_options);
 void f_getcompletion(typval_T *argvars, typval_T *rettv);
 /* vim: set ft=c : */
--- a/src/version.c
+++ b/src/version.c
@@ -743,6 +743,8 @@ static char *(features[]) =
 static int included_patches[] =
 {   /* Add new patch number below this line */
 /**/
+    87,
+/**/
     86,
 /**/
     85,