updated for version 7.4.624
Problem: May leak memory or crash when vim_realloc() returns NULL.
Solution: Handle a NULL value properly. (Mike Williams)
diff --git a/src/netbeans.c b/src/netbeans.c
index c334544..4f6cf2f 100644
--- a/src/netbeans.c
+++ b/src/netbeans.c
@@ -1080,10 +1080,18 @@
{
if (bufno >= buf_list_size) /* grow list */
{
+ nbbuf_T *t_buf_list = buf_list;
+
incr = bufno - buf_list_size + 90;
buf_list_size += incr;
buf_list = (nbbuf_T *)vim_realloc(
buf_list, buf_list_size * sizeof(nbbuf_T));
+ if (buf_list == NULL)
+ {
+ vim_free(t_buf_list);
+ buf_list_size = 0;
+ return NULL;
+ }
vim_memset(buf_list + buf_list_size - incr, 0,
incr * sizeof(nbbuf_T));
}
@@ -3678,11 +3686,18 @@
{
int incr;
int oldlen = globalsignmaplen;
+ char **t_globalsignmap = globalsignmap;
globalsignmaplen *= 2;
incr = globalsignmaplen - oldlen;
globalsignmap = (char **)vim_realloc(globalsignmap,
globalsignmaplen * sizeof(char *));
+ if (globalsignmap == NULL)
+ {
+ vim_free(t_globalsignmap);
+ globalsignmaplen = 0;
+ return;
+ }
vim_memset(globalsignmap + oldlen, 0, incr * sizeof(char *));
}
}
@@ -3708,11 +3723,18 @@
{
int incr;
int oldlen = buf->signmaplen;
+ int *t_signmap = buf->signmap;
buf->signmaplen *= 2;
incr = buf->signmaplen - oldlen;
buf->signmap = (int *)vim_realloc(buf->signmap,
buf->signmaplen * sizeof(int));
+ if (buf->signmap == NULL)
+ {
+ vim_free(t_signmap);
+ buf->signmaplen = 0;
+ return;
+ }
vim_memset(buf->signmap + oldlen, 0, incr * sizeof(int));
}
}