Mercurial > vim

changeset 6596:f8f2a61e538d v7.4.624

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
updated for version 7.4.624 Problem: May leak memory or crash when vim_realloc() returns NULL. Solution: Handle a NULL value properly. (Mike Williams)
author Bram Moolenaar <bram@vim.org>
date Tue, 10 Feb 2015 18:34:01 +0100
parents 09b0a3c8af26
children 6bb932add4f4
files src/if_cscope.c src/memline.c src/misc1.c src/netbeans.c src/version.c
diffstat 5 files changed, 47 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/src/if_cscope.c
+++ b/src/if_cscope.c
@@ -1507,9 +1507,16 @@ cs_insert_filelist(fname, ppath, flags, 
 	}
 	else
 	{
+	    csinfo_T *t_csinfo = csinfo;
+
 	    /* Reallocate space for more connections. */
 	    csinfo_size *= 2;
 	    csinfo = vim_realloc(csinfo, sizeof(csinfo_T)*csinfo_size);
+	    if (csinfo == NULL)
+	    {
+		vim_free(t_csinfo);
+		csinfo_size = 0;
+	    }
 	}
 	if (csinfo == NULL)
 	    return -1;
@@ -2059,6 +2066,7 @@ cs_print_tags_priv(matches, cntxts, num_
     int num_matches;
 {
     char	*buf = NULL;
+    char	*t_buf;
     int		bufsize = 0; /* Track available bufsize */
     int		newsize = 0;
     char	*ptag;
@@ -2120,9 +2128,13 @@ cs_print_tags_priv(matches, cntxts, num_
 	newsize = (int)(strlen(csfmt_str) + 16 + strlen(lno));
 	if (bufsize < newsize)
 	{
+	    t_buf = buf;
 	    buf = (char *)vim_realloc(buf, newsize);
 	    if (buf == NULL)
+	    {
 		bufsize = 0;
+		vim_free(t_buf);
+	    }
 	    else
 		bufsize = newsize;
 	}
@@ -2143,9 +2155,13 @@ cs_print_tags_priv(matches, cntxts, num_
 
 	if (bufsize < newsize)
 	{
+	    t_buf = buf;
 	    buf = (char *)vim_realloc(buf, newsize);
 	    if (buf == NULL)
+	    {
 		bufsize = 0;
+		vim_free(t_buf);
+	    }
 	    else
 		bufsize = newsize;
 	}
--- a/src/memline.c
+++ b/src/memline.c
@@ -5057,6 +5057,8 @@ ml_updatechunk(buf, line, len, updtype)
 	/* May resize here so we don't have to do it in both cases below */
 	if (buf->b_ml.ml_usedchunks + 1 >= buf->b_ml.ml_numchunks)
 	{
+	    chunksize_T *t_chunksize = buf->b_ml.ml_chunksize;
+
 	    buf->b_ml.ml_numchunks = buf->b_ml.ml_numchunks * 3 / 2;
 	    buf->b_ml.ml_chunksize = (chunksize_T *)
 		vim_realloc(buf->b_ml.ml_chunksize,
@@ -5064,6 +5066,7 @@ ml_updatechunk(buf, line, len, updtype)
 	    if (buf->b_ml.ml_chunksize == NULL)
 	    {
 		/* Hmmmm, Give up on offset for this buffer */
+		vim_free(t_chunksize);
 		buf->b_ml.ml_usedchunks = -1;
 		return;
 	    }
--- a/src/misc1.c
+++ b/src/misc1.c
@@ -3431,10 +3431,14 @@ get_keystroke()
 	    buf = alloc(buflen);
 	else if (maxlen < 10)
 	{
+	    char_u  *t_buf = buf;
+
 	    /* Need some more space. This might happen when receiving a long
 	     * escape sequence. */
 	    buflen += 100;
 	    buf = vim_realloc(buf, buflen);
+	    if (buf == NULL)
+		vim_free(t_buf);
 	    maxlen = (buflen - 6 - len) / 3;
 	}
 	if (buf == NULL)
--- a/src/netbeans.c
+++ b/src/netbeans.c
@@ -1080,10 +1080,18 @@ nb_get_buf(int bufno)
     {
 	if (bufno >= buf_list_size) /* grow list */
 	{
+	    nbbuf_T *t_buf_list = buf_list;
+
 	    incr = bufno - buf_list_size + 90;
 	    buf_list_size += incr;
 	    buf_list = (nbbuf_T *)vim_realloc(
 				   buf_list, buf_list_size * sizeof(nbbuf_T));
+	    if (buf_list == NULL)
+	    {
+		vim_free(t_buf_list);
+		buf_list_size = 0;
+		return NULL;
+	    }
 	    vim_memset(buf_list + buf_list_size - incr, 0,
 						      incr * sizeof(nbbuf_T));
 	}
@@ -3678,11 +3686,18 @@ addsigntype(
 	    {
 		int incr;
 		int oldlen = globalsignmaplen;
+		char **t_globalsignmap = globalsignmap;
 
 		globalsignmaplen *= 2;
 		incr = globalsignmaplen - oldlen;
 		globalsignmap = (char **)vim_realloc(globalsignmap,
 					   globalsignmaplen * sizeof(char *));
+		if (globalsignmap == NULL)
+		{
+		    vim_free(t_globalsignmap);
+		    globalsignmaplen = 0;
+		    return;
+		}
 		vim_memset(globalsignmap + oldlen, 0, incr * sizeof(char *));
 	    }
 	}
@@ -3708,11 +3723,18 @@ addsigntype(
 	{
 	    int incr;
 	    int oldlen = buf->signmaplen;
+	    int *t_signmap = buf->signmap;
 
 	    buf->signmaplen *= 2;
 	    incr = buf->signmaplen - oldlen;
 	    buf->signmap = (int *)vim_realloc(buf->signmap,
 					       buf->signmaplen * sizeof(int));
+	    if (buf->signmap == NULL)
+	    {
+		vim_free(t_signmap);
+		buf->signmaplen = 0;
+		return;
+	    }
 	    vim_memset(buf->signmap + oldlen, 0, incr * sizeof(int));
 	}
     }
--- a/src/version.c
+++ b/src/version.c
@@ -742,6 +742,8 @@ static char *(features[]) =
 static int included_patches[] =
 {   /* Add new patch number below this line */
 /**/
+    624,
+/**/
     623,
 /**/
     622,