From 37e77282949786bb178c8fb8d6717afcaa40688e Mon Sep 17 00:00:00 2001
From: Damien Lejay <damien@lejay.be>
Date: Fri, 5 Sep 2025 17:29:31 +0200
Subject: [PATCH] patch 9.1.1734: Memory leak when allocating match fails

Problem:  Memory leak when allocating match fails
Solution: Initialize m to NULL and centralize cleanup via goto fail to
          avoid leaks on early returns (Damien Lejay)

closes: #18204

Signed-off-by: Damien Lejay <damien@lejay.be>
Signed-off-by: Hirohito Higashi <h.east.727@gmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>
---
 src/match.c   | 21 +++++++++++----------
 src/version.c |  2 ++
 2 files changed, 13 insertions(+), 10 deletions(-)

diff --git a/src/match.c b/src/match.c
index ef2587947d..3b664bdb86 100644
--- a/src/match.c
+++ b/src/match.c
@@ -21,7 +21,7 @@
  * Add match to the match list of window "wp".
  * If "pat" is not NULL the pattern will be highlighted with the group "grp"
  * with priority "prio".
- * If "pos_list" is not NULL the list of posisions defines the highlights.
+ * If "pos_list" is not NULL the list of positions defines the highlights.
  * Optionally, a desired ID "id" can be specified (greater than or equal to 1).
  * If no particular ID is desired, -1 must be specified for "id".
  * Return ID of added match, -1 on failure.
@@ -38,7 +38,7 @@ match_add(
 {
     matchitem_T	*cur;
     matchitem_T	*prev;
-    matchitem_T	*m;
+    matchitem_T	*m = NULL;
     int		hlg_id;
     regprog_T	*regprog = NULL;
     int		rtype = UPD_SOME_VALID;
@@ -86,15 +86,12 @@ match_add(
     // Build new match.
     m = ALLOC_CLEAR_ONE(matchitem_T);
     if (m == NULL)
-	return -1;
+	goto fail;
     if (pos_list != NULL && pos_list->lv_len > 0)
     {
 	m->mit_pos_array = ALLOC_CLEAR_MULT(llpos_T, pos_list->lv_len);
 	if (m->mit_pos_array == NULL)
-	{
-	    vim_free(m);
-	    return -1;
-	}
+	    goto fail;
 	m->mit_pos_count = pos_list->lv_len;
     }
     m->mit_id = id;
@@ -213,9 +210,13 @@ match_add(
     return id;
 
 fail:
-    vim_free(m->mit_pattern);
-    vim_free(m->mit_pos_array);
-    vim_free(m);
+    vim_regfree(regprog);
+    if (m != NULL)
+    {
+	vim_free(m->mit_pattern);
+	vim_free(m->mit_pos_array);
+	vim_free(m);
+    }
     return -1;
 }
 
diff --git a/src/version.c b/src/version.c
index aea569a255..8cddb12712 100644
--- a/src/version.c
+++ b/src/version.c
@@ -724,6 +724,8 @@ static char *(features[]) =
 
 static int included_patches[] =
 {   /* Add new patch number below this line */
+/**/
+    1734,
 /**/
     1733,
 /**/