Mercurial > vim

diff src/if_cscope.c @ 6596:f8f2a61e538d v7.4.624

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
updated for version 7.4.624 Problem: May leak memory or crash when vim_realloc() returns NULL. Solution: Handle a NULL value properly. (Mike Williams)
author Bram Moolenaar <bram@vim.org>
date Tue, 10 Feb 2015 18:34:01 +0100
parents 89143424f604
children 7347229a646a
line wrap: on
line diff
--- a/src/if_cscope.c
+++ b/src/if_cscope.c
@@ -1507,9 +1507,16 @@ cs_insert_filelist(fname, ppath, flags, 
 	}
 	else
 	{
+	    csinfo_T *t_csinfo = csinfo;
+
 	    /* Reallocate space for more connections. */
 	    csinfo_size *= 2;
 	    csinfo = vim_realloc(csinfo, sizeof(csinfo_T)*csinfo_size);
+	    if (csinfo == NULL)
+	    {
+		vim_free(t_csinfo);
+		csinfo_size = 0;
+	    }
 	}
 	if (csinfo == NULL)
 	    return -1;
@@ -2059,6 +2066,7 @@ cs_print_tags_priv(matches, cntxts, num_
     int num_matches;
 {
     char	*buf = NULL;
+    char	*t_buf;
     int		bufsize = 0; /* Track available bufsize */
     int		newsize = 0;
     char	*ptag;
@@ -2120,9 +2128,13 @@ cs_print_tags_priv(matches, cntxts, num_
 	newsize = (int)(strlen(csfmt_str) + 16 + strlen(lno));
 	if (bufsize < newsize)
 	{
+	    t_buf = buf;
 	    buf = (char *)vim_realloc(buf, newsize);
 	    if (buf == NULL)
+	    {
 		bufsize = 0;
+		vim_free(t_buf);
+	    }
 	    else
 		bufsize = newsize;
 	}
@@ -2143,9 +2155,13 @@ cs_print_tags_priv(matches, cntxts, num_
 
 	if (bufsize < newsize)
 	{
+	    t_buf = buf;
 	    buf = (char *)vim_realloc(buf, newsize);
 	    if (buf == NULL)
+	    {
 		bufsize = 0;
+		vim_free(t_buf);
+	    }
 	    else
 		bufsize = newsize;
 	}