diff options
author | Christian Brabandt <cb@256bit.org> | 2024-05-08 19:50:26 +0200 |
---|---|---|
committer | Christian Brabandt <cb@256bit.org> | 2024-05-08 19:50:26 +0200 |
commit | b8ecedce79149ac6b994177e9a68979f86065cb1 (patch) | |
tree | 2bddd40195ea6339883ef3eae8f04d6c0447a6d7 /src | |
parent | 3ac83c7141dd60ae45c0346b7c0f4539587391aa (diff) |
patch 9.1.0395: getregionpos() may leak memory on errorv9.1.0395
Problem: regionpos may leak memory on error, coverity
complains about dereferencing Null pointer
Solution: free all list pointers (after v9.1.394),
return early if buflist_findnr() returns NULL
closes: #14731
Signed-off-by: Christian Brabandt <cb@256bit.org>
Diffstat (limited to 'src')
-rw-r--r-- | src/evalfunc.c | 15 | ||||
-rw-r--r-- | src/version.c | 2 |
2 files changed, 16 insertions, 1 deletions
diff --git a/src/evalfunc.c b/src/evalfunc.c index cca7e2ca4c..44c7d06761 100644 --- a/src/evalfunc.c +++ b/src/evalfunc.c @@ -5727,6 +5727,10 @@ add_regionpos_range( buf_T *findbuf; int max_col1, max_col2; + findbuf = bufnr != 0 ? buflist_findnr(bufnr) : curbuf; + if (findbuf == NULL || findbuf->b_ml.ml_mfp == NULL) + return; + l1 = list_alloc(); if (l1 == NULL) return; @@ -5739,25 +5743,34 @@ add_regionpos_range( l2 = list_alloc(); if (l2 == NULL) + { + vim_free(l1); return; + } if (list_append_list(l1, l2) == FAIL) { + vim_free(l1); vim_free(l2); return; } l3 = list_alloc(); if (l3 == NULL) + { + vim_free(l1); + vim_free(l2); return; + } if (list_append_list(l1, l3) == FAIL) { + vim_free(l1); + vim_free(l2); vim_free(l3); return; } - findbuf = bufnr != 0 ? buflist_findnr(bufnr) : curbuf; max_col1 = ml_get_buf_len(findbuf, lnum1); list_append_number(l2, bufnr); diff --git a/src/version.c b/src/version.c index 128197063f..0e6ac314ed 100644 --- a/src/version.c +++ b/src/version.c @@ -705,6 +705,8 @@ static char *(features[]) = static int included_patches[] = { /* Add new patch number below this line */ /**/ + 395, +/**/ 394, /**/ 393, |