updated for version 7.4.624
Problem: May leak memory or crash when vim_realloc() returns NULL.
Solution: Handle a NULL value properly. (Mike Williams)
diff --git a/src/if_cscope.c b/src/if_cscope.c
index ab31a03..f72a96b 100644
--- a/src/if_cscope.c
+++ b/src/if_cscope.c
@@ -1507,9 +1507,16 @@
}
else
{
+ csinfo_T *t_csinfo = csinfo;
+
/* Reallocate space for more connections. */
csinfo_size *= 2;
csinfo = vim_realloc(csinfo, sizeof(csinfo_T)*csinfo_size);
+ if (csinfo == NULL)
+ {
+ vim_free(t_csinfo);
+ csinfo_size = 0;
+ }
}
if (csinfo == NULL)
return -1;
@@ -2059,6 +2066,7 @@
int num_matches;
{
char *buf = NULL;
+ char *t_buf;
int bufsize = 0; /* Track available bufsize */
int newsize = 0;
char *ptag;
@@ -2120,9 +2128,13 @@
newsize = (int)(strlen(csfmt_str) + 16 + strlen(lno));
if (bufsize < newsize)
{
+ t_buf = buf;
buf = (char *)vim_realloc(buf, newsize);
if (buf == NULL)
+ {
bufsize = 0;
+ vim_free(t_buf);
+ }
else
bufsize = newsize;
}
@@ -2143,9 +2155,13 @@
if (bufsize < newsize)
{
+ t_buf = buf;
buf = (char *)vim_realloc(buf, newsize);
if (buf == NULL)
+ {
bufsize = 0;
+ vim_free(t_buf);
+ }
else
bufsize = newsize;
}