aniani/vim
0
0
Fork 1
mirror of https://github.com/vim/vim.git synced 2025-07-24 10:45:12 -04:00
Code

patch 9.1.0395: getregionpos() may leak memory on error

Browse Source 
Problem:  regionpos may leak memory on error, coverity
          complains about dereferencing Null pointer
Solution: free all list pointers (after v9.1.394),
          return early if buflist_findnr() returns NULL

closes: #14731

Signed-off-by: Christian Brabandt <cb@256bit.org>
This commit is contained in:
Christian Brabandt 2024-05-08 19:50:26 +02:00
parent 3ac83c7141
commit b8ecedce79
No known key found for this signature in database
GPG Key ID: F3F92DA383FDDE09
2 changed files with 16 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
src/evalfunc.c
View File

@ -5727,6 +5727,10 @@ add_regionpos_range(
buf_T *findbuf;
int max_col1, max_col2;
findbuf = bufnr != 0 ? buflist_findnr(bufnr) : curbuf;
if (findbuf == NULL || findbuf->b_ml.ml_mfp == NULL)
return;
l1 = list_alloc();
if (l1 == NULL)
return;
@ -5739,25 +5743,34 @@ add_regionpos_range(
l2 = list_alloc();
if (l2 == NULL)
{
vim_free(l1);
return;
}
if (list_append_list(l1, l2) == FAIL)
{
vim_free(l1);
vim_free(l2);
return;
}
l3 = list_alloc();
if (l3 == NULL)
{
vim_free(l1);
vim_free(l2);
return;
}
if (list_append_list(l1, l3) == FAIL)
{
vim_free(l1);
vim_free(l2);
vim_free(l3);
return;
}
findbuf = bufnr != 0 ? buflist_findnr(bufnr) : curbuf;
max_col1 = ml_get_buf_len(findbuf, lnum1);
list_append_number(l2, bufnr);

2
src/version.c
View File

@ -704,6 +704,8 @@ static char *(features[]) =
static int included_patches[] =
{ /* Add new patch number below this line */
/**/
395,
/**/
394,
/**/