diff options
| author | Bram Moolenaar <Bram@vim.org> | 2019-02-13 20:31:50 +0100 |
|---|---|---|
| committer | Bram Moolenaar <Bram@vim.org> | 2019-02-13 20:31:50 +0100 |
| commit | 15bbd6ec871a0efdd16256e1fccbaac0fd374cbd (patch) | |
| tree | ba3e29a16f4c4f152b5da32efc65d264c104fb86 /src | |
| parent | d9ef1b8d77f304c83241f807c17ffa26c9033778 (diff) | |
patch 8.1.0910: crash with tricky search patternv8.1.0910
Problem: Crash with tricky search pattern. (Kuang-che Wu)
Solution: Check for runnning out of memory. (closes #3950)
Diffstat (limited to 'src')
| -rw-r--r-- | src/regexp_nfa.c | 24 | ||||
| -rw-r--r-- | src/testdir/test_regexp_latin.vim | 7 | ||||
| -rw-r--r-- | src/version.c | 2 |
3 files changed, 25 insertions, 8 deletions
diff --git a/src/regexp_nfa.c b/src/regexp_nfa.c index 3e2ef93fa1..2a16fff94a 100644 --- a/src/regexp_nfa.c +++ b/src/regexp_nfa.c @@ -4449,7 +4449,8 @@ skip_add: * be (a lot) bigger than anticipated. */ if (l->n == l->len) { - int newlen = l->len * 3 / 2 + 50; + int newlen = l->len * 3 / 2 + 50; + nfa_thread_T *newt; if (subs != &temp_subs) { @@ -4463,8 +4464,14 @@ skip_add: subs = &temp_subs; } - /* TODO: check for vim_realloc() returning NULL. */ - l->t = vim_realloc(l->t, newlen * sizeof(nfa_thread_T)); + newt = vim_realloc(l->t, newlen * sizeof(nfa_thread_T)); + if (newt == NULL) + { + // out of memory + --depth; + return NULL; + } + l->t = newt; l->len = newlen; } @@ -4756,7 +4763,7 @@ addstate_here( * addstate(). */ r = addstate(l, state, subs, pim, -listidx - ADDSTATE_HERE_OFFSET); if (r == NULL) - return r; + return NULL; // when "*ip" was at the end of the list, nothing to do if (listidx + 1 == tlen) @@ -4777,12 +4784,13 @@ addstate_here( { /* not enough space to move the new states, reallocate the list * and move the states to the right position */ - nfa_thread_T *newl; + int newlen = l->len * 3 / 2 + 50; + nfa_thread_T *newl; - l->len = l->len * 3 / 2 + 50; - newl = (nfa_thread_T *)alloc(l->len * sizeof(nfa_thread_T)); + newl = (nfa_thread_T *)alloc(newlen * sizeof(nfa_thread_T)); if (newl == NULL) - return r; + return NULL; + l->len = newlen; mch_memmove(&(newl[0]), &(l->t[0]), sizeof(nfa_thread_T) * listidx); diff --git a/src/testdir/test_regexp_latin.vim b/src/testdir/test_regexp_latin.vim index 415a2764f1..bcac6c72c8 100644 --- a/src/testdir/test_regexp_latin.vim +++ b/src/testdir/test_regexp_latin.vim @@ -90,3 +90,10 @@ func Test_recursive_addstate() let lnum = search('\v((){328}){389}') call assert_equal(0, lnum) endfunc + +func Test_out_of_memory() + new + s/^/,n + " This will be slow... + call assert_fails('call search("\\v((n||<)+);")', 'E363:') +endfunc diff --git a/src/version.c b/src/version.c index bc4ae279bd..59f7b5dadd 100644 --- a/src/version.c +++ b/src/version.c @@ -784,6 +784,8 @@ static char *(features[]) = static int included_patches[] = { /* Add new patch number below this line */ /**/ + 910, +/**/ 909, /**/ 908, |