# HG changeset patch
# User Bram Moolenaar <Bram@vim.org>
# Date 1566334804 -7200
# Node ID ec1717981acf5f3ec241d52974207f0a263c6e34
# Parent  9ebba5c49827592c594ab080b3d9a3fe8e4990cc
patch 8.1.1895: using NULL pointer when out of memory

commit https://github.com/vim/vim/commit/6f10c70b59fa4e56aa479345fb0caeaac7429bfb
Author: Bram Moolenaar <Bram@vim.org>
Date:   Tue Aug 20 22:58:37 2019 +0200

    patch 8.1.1895: using NULL pointer when out of memory

    Problem:    Using NULL pointer when out of memory.
    Solution:   Bail out or skip the code using the pointer. (Zu-Ming Jiang,
                closes #4805, closes #4843, closes #4939, closes #4844)

diff --git a/src/buffer.c b/src/buffer.c
--- a/src/buffer.c
+++ b/src/buffer.c
@@ -181,14 +181,19 @@ open_buffer(
 	    if (curbuf->b_ml.ml_mfp != NULL)
 		break;
 	/*
-	 * if there is no memfile at all, exit
+	 * If there is no memfile at all, exit.
 	 * This is OK, since there are no changes to lose.
 	 */
 	if (curbuf == NULL)
 	{
 	    emsg(_("E82: Cannot allocate any buffer, exiting..."));
+
+	    // Don't try to do any saving, with "curbuf" NULL almost nothing
+	    // will work.
+	    v_dying = 2;
 	    getout(2);
 	}
+
 	emsg(_("E83: Cannot allocate buffer, using other one..."));
 	enter_buffer(curbuf);
 #ifdef FEAT_SYN_HL
diff --git a/src/highlight.c b/src/highlight.c
--- a/src/highlight.c
+++ b/src/highlight.c
@@ -3016,6 +3016,7 @@ syn_check_group(char_u *pp, int len)
 syn_add_group(char_u *name)
 {
     char_u	*p;
+    char_u	*name_up;
 
     // Check that the name is ASCII letters, digits and underscore.
     for (p = name; *p != NUL; ++p)
@@ -3061,9 +3062,16 @@ syn_add_group(char_u *name)
 	return 0;
     }
 
+    name_up = vim_strsave_up(name);
+    if (name_up == NULL)
+    {
+	vim_free(name);
+	return 0;
+    }
+
     vim_memset(&(HL_TABLE()[highlight_ga.ga_len]), 0, sizeof(hl_group_T));
     HL_TABLE()[highlight_ga.ga_len].sg_name = name;
-    HL_TABLE()[highlight_ga.ga_len].sg_name_u = vim_strsave_up(name);
+    HL_TABLE()[highlight_ga.ga_len].sg_name_u = name_up;
 #if defined(FEAT_GUI) || defined(FEAT_TERMGUICOLORS)
     HL_TABLE()[highlight_ga.ga_len].sg_gui_bg = INVALCOLOR;
     HL_TABLE()[highlight_ga.ga_len].sg_gui_fg = INVALCOLOR;
diff --git a/src/message.c b/src/message.c
--- a/src/message.c
+++ b/src/message.c
@@ -2588,16 +2588,19 @@ msg_puts_printf(char_u *str, int maxlen)
 		int n = (int)(s - p);
 
 		buf = alloc(n + 3);
-		memcpy(buf, p, n);
-		if (!info_message)
-		    buf[n++] = CAR;
-		buf[n++] = NL;
-		buf[n++] = NUL;
-		if (info_message)   // informative message, not an error
-		    mch_msg((char *)buf);
-		else
-		    mch_errmsg((char *)buf);
-		vim_free(buf);
+		if (buf != NULL)
+		{
+		    memcpy(buf, p, n);
+		    if (!info_message)
+			buf[n++] = CAR;
+		    buf[n++] = NL;
+		    buf[n++] = NUL;
+		    if (info_message)   // informative message, not an error
+			mch_msg((char *)buf);
+		    else
+			mch_errmsg((char *)buf);
+		    vim_free(buf);
+		}
 		p = s + 1;
 	    }
 	}
diff --git a/src/ops.c b/src/ops.c
--- a/src/ops.c
+++ b/src/ops.c
@@ -4556,6 +4556,11 @@ do_join(
 
     /* allocate the space for the new line */
     newp = alloc(sumsize + 1);
+    if (newp == NULL)
+    {
+	ret = FAIL;
+	goto theend;
+    }
     cend = newp + sumsize;
     *cend = 0;
 
diff --git a/src/version.c b/src/version.c
--- a/src/version.c
+++ b/src/version.c
@@ -766,6 +766,8 @@ static char *(features[]) =
 static int included_patches[] =
 {   /* Add new patch number below this line */
 /**/
+    1895,
+/**/
     1894,
 /**/
     1893,