To: vim_dev@googlegroups.com Subject: Patch 8.2.0087 Fcc: outbox From: Bram Moolenaar Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ------------ Patch 8.2.0087 Problem: Crash in command line expansion when out of memory. Solution: Check for NULL pointer. Also make ExpandGeneric() static. (Dominique Pelle, closes #5437) Files: src/cmdexpand.c, src/proto/cmdexpand.pro *** ../vim-8.2.0086/src/cmdexpand.c 2019-12-29 13:56:28.692861883 +0100 --- src/cmdexpand.c 2020-01-05 14:33:14.587845144 +0100 *************** *** 16,21 **** --- 16,24 ---- static int cmd_showtail; // Only show path tail in lists ? static void set_expand_context(expand_T *xp); + static int ExpandGeneric(expand_T *xp, regmatch_T *regmatch, + int *num_file, char_u ***file, + char_u *((*func)(expand_T *, int)), int escaped); static int ExpandFromContext(expand_T *xp, char_u *, int *, char_u ***, int); static int expand_showtail(expand_T *xp); static int expand_shellcmd(char_u *filepat, int *num_file, char_u ***file, int flagsarg); *************** *** 2214,2220 **** * * Returns OK when no problems encountered, FAIL for error (out of memory). */ ! int ExpandGeneric( expand_T *xp, regmatch_T *regmatch, --- 2217,2223 ---- * * Returns OK when no problems encountered, FAIL for error (out of memory). */ ! static int ExpandGeneric( expand_T *xp, regmatch_T *regmatch, *************** *** 2250,2255 **** --- 2253,2265 ---- str = vim_strsave_escaped(str, (char_u *)" \t\\."); else str = vim_strsave(str); + if (str == NULL) + { + FreeWild(count, *file); + *num_file = 0; + *file = NULL; + return FAIL; + } (*file)[count] = str; # ifdef FEAT_MENU if (func == get_menu_names && str != NULL) *************** *** 2268,2280 **** { if (count == 0) return OK; - *num_file = count; *file = ALLOC_MULT(char_u *, count); if (*file == NULL) { ! *file = (char_u **)""; return FAIL; } count = 0; } } --- 2278,2291 ---- { if (count == 0) return OK; *file = ALLOC_MULT(char_u *, count); if (*file == NULL) { ! *num_file = 0; ! *file = NULL; return FAIL; } + *num_file = count; count = 0; } } *************** *** 2297,2303 **** // they don't show up when getting normal highlight names by ID. reset_expand_highlight(); #endif - return OK; } --- 2308,2313 ---- *** ../vim-8.2.0086/src/proto/cmdexpand.pro 2019-12-12 12:55:16.000000000 +0100 --- src/proto/cmdexpand.pro 2020-01-05 14:33:34.119769957 +0100 *************** *** 8,14 **** char_u *addstar(char_u *fname, int len, int context); void set_cmd_context(expand_T *xp, char_u *str, int len, int col, int use_ccline); int expand_cmdline(expand_T *xp, char_u *str, int col, int *matchcount, char_u ***matches); - int ExpandGeneric(expand_T *xp, regmatch_T *regmatch, int *num_file, char_u ***file, char_u *((*func)(expand_T *, int)), int escaped); void globpath(char_u *path, char_u *file, garray_T *ga, int expand_options); void f_getcompletion(typval_T *argvars, typval_T *rettv); /* vim: set ft=c : */ --- 8,13 ---- *** ../vim-8.2.0086/src/version.c 2020-01-04 19:00:07.573654631 +0100 --- src/version.c 2020-01-05 14:35:25.047342281 +0100 *************** *** 744,745 **** --- 744,747 ---- { /* Add new patch number below this line */ + /**/ + 87, /**/ -- VOICE OVER: As the horrendous Black Beast lunged forward, escape for Arthur and his knights seemed hopeless, when, suddenly ... the animator suffered a fatal heart attack. ANIMATOR: Aaaaagh! VOICE OVER: The cartoon peril was no more ... The Quest for Holy Grail could continue. "Monty Python and the Holy Grail" PYTHON (MONTY) PICTURES LTD /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net \\\ /// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\ \\\ an exciting new programming language -- http://www.Zimbu.org /// \\\ help me help AIDS victims -- http://ICCF-Holland.org ///