commit 7fb90815a0a29238c12e53b53e14fc55109f02b7
author John Marriott <basilisk@internode.on.net> Wed Apr 02 20:32:35 2025 +0200
committer Christian Brabandt <cb@256bit.org> Wed Apr 02 20:32:35 2025 +0200
tree 6b7c9f07e5497c54fa6d399227acfe772fb340f8
parent 8293574c8b116382ed6e0c3c709a04406f07cfd5

patch 9.1.1270: missing out-of-memory checks in buffer.c

Problem:  missing out-of-memory checks in buffer.c
Solution: handle out-of-memory situations during allocation
          (John Marriott)

closes: #17031

Signed-off-by: John Marriott <basilisk@internode.on.net>
Signed-off-by: Christian Brabandt <cb@256bit.org>

src/buffer.c

diff --git a/src/buffer.c b/src/buffer.c
index 68388db..8277b72 100644
--- a/src/buffer.c
+++ b/src/buffer.c
@@ -2926,6 +2926,8 @@
 		p = home_replace_save(buf, p);
 	    else
 		p = vim_strsave(p);
+	    if (p == NULL)
+		return FAIL;
 
 	    if (!fuzzy)
 	    {
@@ -4030,8 +4032,11 @@
 	    else
 	    {
 		p = transstr(gettail(curbuf->b_fname));
-		vim_strncpy(buf, p, SPACE_FOR_FNAME);
-		vim_free(p);
+		if (p != NULL)
+		{
+		    vim_strncpy(buf, p, SPACE_FOR_FNAME);
+		    vim_free(p);
+		}
 	    }
 
 #ifdef FEAT_TERMINAL
@@ -4084,8 +4089,11 @@
 		if (off < SPACE_FOR_DIR)
 		{
 		    p = transstr(buf + off);
-		    vim_strncpy(buf + off, p, (size_t)(SPACE_FOR_DIR - off));
-		    vim_free(p);
+		    if (p != NULL)
+		    {
+			vim_strncpy(buf + off, p, (size_t)(SPACE_FOR_DIR - off));
+			vim_free(p);
+		    }
 		}
 		else
 		{
@@ -4767,25 +4775,29 @@
 		size_t new_fmt_len = parsed_usefmt
 						 + str_length + fmt_length + 3;
 		char_u *new_fmt = (char_u *)alloc(new_fmt_len * sizeof(char_u));
-		char_u *new_fmt_p = new_fmt;
 
-		new_fmt_p = (char_u *)memcpy(new_fmt_p, usefmt, parsed_usefmt)
-							       + parsed_usefmt;
-		new_fmt_p = (char_u *)memcpy(new_fmt_p , str, str_length)
-								  + str_length;
-		new_fmt_p = (char_u *)memcpy(new_fmt_p, "%}", 2) + 2;
-		new_fmt_p = (char_u *)memcpy(new_fmt_p , s, fmt_length)
-								  + fmt_length;
-		*new_fmt_p = 0;
-		new_fmt_p = NULL;
+		if (new_fmt != NULL)
+		{
+		    char_u *new_fmt_p = new_fmt;
 
-		if (usefmt != fmt)
-		    vim_free(usefmt);
-		VIM_CLEAR(str);
-		usefmt = new_fmt;
-		s = usefmt + parsed_usefmt;
-		evaldepth++;
-		continue;
+		    new_fmt_p = (char_u *)memcpy(new_fmt_p, usefmt, parsed_usefmt)
+								   + parsed_usefmt;
+		    new_fmt_p = (char_u *)memcpy(new_fmt_p , str, str_length)
+								      + str_length;
+		    new_fmt_p = (char_u *)memcpy(new_fmt_p, "%}", 2) + 2;
+		    new_fmt_p = (char_u *)memcpy(new_fmt_p , s, fmt_length)
+								      + fmt_length;
+		    *new_fmt_p = 0;
+		    new_fmt_p = NULL;
+
+		    if (usefmt != fmt)
+			vim_free(usefmt);
+		    VIM_CLEAR(str);
+		    usefmt = new_fmt;
+		    s = usefmt + parsed_usefmt;
+		    evaldepth++;
+		    continue;
+		}
 	    }
 #endif
 	    break;