Gitiles
Code Review Sign In
gerrit.omnirom.org / android_external_vim / b8ecedce79149ac6b994177e9a68979f86065cb1^! / . / src
commitb8ecedce79149ac6b994177e9a68979f86065cb1[log] [tgz]
authorChristian Brabandt <cb@256bit.org>Wed May 08 19:50:26 2024 +0200
committerChristian Brabandt <cb@256bit.org>Wed May 08 19:50:26 2024 +0200
tree2bddd40195ea6339883ef3eae8f04d6c0447a6d7
parent3ac83c7141dd60ae45c0346b7c0f4539587391aa [diff]
patch 9.1.0395: getregionpos() may leak memory on error

Problem:  regionpos may leak memory on error, coverity
          complains about dereferencing Null pointer
Solution: free all list pointers (after v9.1.394),
          return early if buflist_findnr() returns NULL

closes: #14731

Signed-off-by: Christian Brabandt <cb@256bit.org>

diff --git a/src/evalfunc.c b/src/evalfunc.c
index cca7e2c..44c7d06 100644
--- a/src/evalfunc.c
+++ b/src/evalfunc.c

@@ -5727,6 +5727,10 @@
     buf_T	*findbuf;
     int		max_col1, max_col2;
 
+    findbuf = bufnr != 0 ? buflist_findnr(bufnr) : curbuf;
+    if (findbuf == NULL || findbuf->b_ml.ml_mfp == NULL)
+	return;
+
     l1 = list_alloc();
     if (l1 == NULL)
 	return;
@@ -5739,25 +5743,34 @@
 
     l2 = list_alloc();
     if (l2 == NULL)
+    {
+	vim_free(l1);
 	return;
+    }
 
     if (list_append_list(l1, l2) == FAIL)
     {
+	vim_free(l1);
 	vim_free(l2);
 	return;
     }
 
     l3 = list_alloc();
     if (l3 == NULL)
+    {
+	vim_free(l1);
+	vim_free(l2);
 	return;
+    }
 
     if (list_append_list(l1, l3) == FAIL)
     {
+	vim_free(l1);
+	vim_free(l2);
 	vim_free(l3);
 	return;
     }
 
-    findbuf = bufnr != 0 ? buflist_findnr(bufnr) : curbuf;
 
     max_col1 = ml_get_buf_len(findbuf, lnum1);
     list_append_number(l2, bufnr);

diff --git a/src/version.c b/src/version.c
index 1281970..0e6ac31 100644
--- a/src/version.c
+++ b/src/version.c

@@ -705,6 +705,8 @@
 static int included_patches[] =
 {   /* Add new patch number below this line */
 /**/
+    395,
+/**/
     394,
 /**/
     393,