Patch 8.1.1219
Problem: Not checking for NULL return from alloc().
Solution: Add checks. (Martin Kunev, closes #4303, closes #4174)
Files: src/beval.c, src/blowfish.c, src/crypt.c, src/crypt_zip.c,
src/ops.c, src/option.c, src/popupmnu.c, src/proto/blowfish.pro,
src/proto/crypt_zip.pro, src/gui_gtk_f.c, src/gui_gtk_x11.c,
src/libvterm/src/state.c, src/libvterm/src/termscreen.c
*** ../vim-8.1.1218/src/beval.c 2019-01-17 15:43:21.753878419 +0100
--- src/beval.c 2019-04-27 21:44:39.226975332 +0200
***************
*** 127,132 ****
--- 127,134 ----
#ifdef FEAT_VARTABS
vim_free(beval->vts);
beval->vts = tabstop_copy(wp->w_buffer->b_p_vts_array);
+ if (wp->w_buffer->b_p_vts_array != NULL && beval->vts == NULL)
+ return FAIL;
#endif
beval->ts = wp->w_buffer->b_p_ts;
return OK;
*** ../vim-8.1.1218/src/blowfish.c 2019-02-17 17:44:36.199875566 +0100
--- src/blowfish.c 2019-04-27 21:36:48.073670930 +0200
***************
*** 636,642 ****
}
}
! void
crypt_blowfish_init(
cryptstate_T *state,
char_u* key,
--- 636,642 ----
}
}
! int
crypt_blowfish_init(
cryptstate_T *state,
char_u* key,
***************
*** 647,652 ****
--- 647,654 ----
{
bf_state_T *bfs = (bf_state_T *)alloc_clear(sizeof(bf_state_T));
+ if (bfs == NULL)
+ return FAIL;
state->method_state = bfs;
/* "blowfish" uses a 64 byte buffer, causing it to repeat 8 byte groups 8
***************
*** 654,663 ****
bfs->cfb_len = state->method_nr == CRYPT_M_BF ? BF_MAX_CFB_LEN : BF_BLOCK;
if (blowfish_self_test() == FAIL)
! return;
bf_key_init(bfs, key, salt, salt_len);
bf_cfb_init(bfs, seed, seed_len);
}
/*
--- 656,667 ----
bfs->cfb_len = state->method_nr == CRYPT_M_BF ? BF_MAX_CFB_LEN : BF_BLOCK;
if (blowfish_self_test() == FAIL)
! return FAIL;
bf_key_init(bfs, key, salt, salt_len);
bf_cfb_init(bfs, seed, seed_len);
+
+ return OK;
}
/*
*** ../vim-8.1.1218/src/crypt.c 2019-04-21 00:00:07.942354840 +0200
--- src/crypt.c 2019-04-27 21:38:11.065263015 +0200
***************
*** 43,49 ****
int (* self_test_fn)();
// Function pointer for initializing encryption/decryption.
! void (* init_fn)(cryptstate_T *state, char_u *key,
char_u *salt, int salt_len, char_u *seed, int seed_len);
/* Function pointers for encoding/decoding from one buffer into another.
--- 43,49 ----
int (* self_test_fn)();
// Function pointer for initializing encryption/decryption.
! int (* init_fn)(cryptstate_T *state, char_u *key,
char_u *salt, int salt_len, char_u *seed, int seed_len);
/* Function pointers for encoding/decoding from one buffer into another.
***************
*** 243,248 ****
--- 243,249 ----
/*
* Allocate a crypt state and initialize it.
+ * Return NULL for failure.
*/
cryptstate_T *
crypt_create(
***************
*** 255,262 ****
{
cryptstate_T *state = (cryptstate_T *)alloc((int)sizeof(cryptstate_T));
state->method_nr = method_nr;
! cryptmethods[method_nr].init_fn(state, key, salt, salt_len, seed,
seed_len);
return state;
}
--- 256,271 ----
{
cryptstate_T *state = (cryptstate_T *)alloc((int)sizeof(cryptstate_T));
+ if (state == NULL)
+ return state;
+
state->method_nr = method_nr;
! if (cryptmethods[method_nr].init_fn(
! state, key, salt, salt_len, seed, seed_len) == FAIL)
! {
! vim_free(state);
! return NULL;
! }
return state;
}
*** ../vim-8.1.1218/src/crypt_zip.c 2019-03-30 18:46:57.340077448 +0100
--- src/crypt_zip.c 2019-04-27 21:39:16.576855289 +0200
***************
*** 78,84 ****
/*
* Initialize for encryption/decryption.
*/
! void
crypt_zip_init(
cryptstate_T *state,
char_u *key,
--- 78,84 ----
/*
* Initialize for encryption/decryption.
*/
! int
crypt_zip_init(
cryptstate_T *state,
char_u *key,
***************
*** 91,96 ****
--- 91,98 ----
zip_state_T *zs;
zs = (zip_state_T *)alloc(sizeof(zip_state_T));
+ if (zs == NULL)
+ return FAIL;
state->method_state = zs;
make_crc_tab();
***************
*** 99,104 ****
--- 101,108 ----
zs->keys[2] = 878082192L;
for (p = key; *p != NUL; ++p)
UPDATE_KEYS_ZIP(zs->keys, (int)*p);
+
+ return OK;
}
/*
*** ../vim-8.1.1218/src/ops.c 2019-03-30 18:46:57.356077354 +0100
--- src/ops.c 2019-04-27 21:43:12.119465720 +0200
***************
*** 6170,6190 ****
y_ptr->y_size = linecount;
y_ptr->y_time_set = timestamp;
if (linecount == 0)
y_ptr->y_array = NULL;
! else
{
! y_ptr->y_array =
! (char_u **)alloc((unsigned)(linecount * sizeof(char_u *)));
! for (i = 0; i < linecount; i++)
{
! if (vp[i + 6].bv_allocated)
! {
! y_ptr->y_array[i] = vp[i + 6].bv_string;
! vp[i + 6].bv_string = NULL;
! }
! else
! y_ptr->y_array[i] = vim_strsave(vp[i + 6].bv_string);
}
}
}
--- 6170,6194 ----
y_ptr->y_size = linecount;
y_ptr->y_time_set = timestamp;
if (linecount == 0)
+ {
y_ptr->y_array = NULL;
! return;
! }
! y_ptr->y_array = (char_u **)alloc((unsigned)(linecount * sizeof(char_u
*)));
! if (y_ptr->y_array == NULL)
! {
! y_ptr->y_size = 0; // ensure object state is consistent
! return;
! }
! for (i = 0; i < linecount; i++)
{
! if (vp[i + 6].bv_allocated)
{
! y_ptr->y_array[i] = vp[i + 6].bv_string;
! vp[i + 6].bv_string = NULL;
}
+ else
+ y_ptr->y_array[i] = vim_strsave(vp[i + 6].bv_string);
}
}
*** ../vim-8.1.1218/src/option.c 2019-04-11 11:19:21.549778651 +0200
--- src/option.c 2019-04-27 21:44:17.207098326 +0200
***************
*** 13011,13023 ****
int *newts;
int t;
! if (oldts == 0)
! return 0;
!
! newts = (int *) alloc((unsigned) ((oldts[0] + 1) * sizeof(int)));
! for (t = 0; t <= oldts[0]; ++t)
! newts[t] = oldts[t];
!
return newts;
}
#endif
--- 13011,13022 ----
int *newts;
int t;
! if (oldts == NULL)
! return NULL;
! newts = (int *)alloc((unsigned)((oldts[0] + 1) * sizeof(int)));
! if (newts != NULL)
! for (t = 0; t <= oldts[0]; ++t)
! newts[t] = oldts[t];
return newts;
}
#endif
*** ../vim-8.1.1218/src/popupmnu.c 2019-04-08 18:15:36.468223210 +0200
--- src/popupmnu.c 2019-04-27 21:45:50.918579053 +0200
***************
*** 1102,1113 ****
else
thislen = item->bytelen;
! /* put indent at the start */
p = alloc(thislen + item->indent * 2 + 1);
for (ind = 0; ind < item->indent * 2; ++ind)
p[ind] = ' ';
! /* exclude spaces at the end of the string */
for (copylen = thislen; copylen > 0; --copylen)
if (item->start[skip + copylen - 1] != ' ')
break;
--- 1102,1120 ----
else
thislen = item->bytelen;
! // put indent at the start
p = alloc(thislen + item->indent * 2 + 1);
+ if (p == NULL)
+ {
+ for (line = 0; line <= height - 1; ++line)
+ vim_free((*array)[line].pum_text);
+ vim_free(*array);
+ goto failed;
+ }
for (ind = 0; ind < item->indent * 2; ++ind)
p[ind] = ' ';
! // exclude spaces at the end of the string
for (copylen = thislen; copylen > 0; --copylen)
if (item->start[skip + copylen - 1] != ' ')
break;
*** ../vim-8.1.1218/src/proto/blowfish.pro 2018-05-17 13:52:28.000000000
+0200
--- src/proto/blowfish.pro 2019-04-27 21:32:10.894967886 +0200
***************
*** 1,6 ****
/* blowfish.c */
void crypt_blowfish_encode(cryptstate_T *state, char_u *from, size_t len,
char_u *to);
void crypt_blowfish_decode(cryptstate_T *state, char_u *from, size_t len,
char_u *to);
! void crypt_blowfish_init(cryptstate_T *state, char_u *key, char_u *salt, int
salt_len, char_u *seed, int seed_len);
int blowfish_self_test(void);
/* vim: set ft=c : */
--- 1,6 ----
/* blowfish.c */
void crypt_blowfish_encode(cryptstate_T *state, char_u *from, size_t len,
char_u *to);
void crypt_blowfish_decode(cryptstate_T *state, char_u *from, size_t len,
char_u *to);
! int crypt_blowfish_init(cryptstate_T *state, char_u *key, char_u *salt, int
salt_len, char_u *seed, int seed_len);
int blowfish_self_test(void);
/* vim: set ft=c : */
*** ../vim-8.1.1218/src/proto/crypt_zip.pro 2018-05-17 13:52:30.000000000
+0200
--- src/proto/crypt_zip.pro 2019-04-27 21:32:10.894967886 +0200
***************
*** 1,5 ****
/* crypt_zip.c */
! void crypt_zip_init(cryptstate_T *state, char_u *key, char_u *salt, int
salt_len, char_u *seed, int seed_len);
void crypt_zip_encode(cryptstate_T *state, char_u *from, size_t len, char_u
*to);
void crypt_zip_decode(cryptstate_T *state, char_u *from, size_t len, char_u
*to);
/* vim: set ft=c : */
--- 1,5 ----
/* crypt_zip.c */
! int crypt_zip_init(cryptstate_T *state, char_u *key, char_u *salt, int
salt_len, char_u *seed, int seed_len);
void crypt_zip_encode(cryptstate_T *state, char_u *from, size_t len, char_u
*to);
void crypt_zip_decode(cryptstate_T *state, char_u *from, size_t len, char_u
*to);
/* vim: set ft=c : */
*** ../vim-8.1.1218/src/gui_gtk_f.c 2019-03-02 10:13:36.792974862 +0100
--- src/gui_gtk_f.c 2019-04-27 21:48:42.633651485 +0200
***************
*** 130,135 ****
--- 130,137 ----
/* LINTED: avoid warning: conversion to 'unsigned long' */
child = g_new(GtkFormChild, 1);
+ if (child == NULL)
+ return;
child->widget = child_widget;
child->window = NULL;
*** ../vim-8.1.1218/src/gui_gtk_x11.c 2019-03-02 10:13:36.792974862 +0100
--- src/gui_gtk_x11.c 2019-04-27 21:51:52.784651485 +0200
***************
*** 1576,1587 ****
if (string != NULL)
{
tmpbuf = alloc(length + 2);
! tmpbuf[0] = 0xff;
! tmpbuf[1] = 0xfe;
! mch_memmove(tmpbuf + 2, string, (size_t)length);
! vim_free(string);
! string = tmpbuf;
! length += 2;
#if !GTK_CHECK_VERSION(3,0,0)
/* Looks redundant even for GTK2 because these values are
--- 1576,1590 ----
if (string != NULL)
{
tmpbuf = alloc(length + 2);
! if (tmpbuf != NULL)
! {
! tmpbuf[0] = 0xff;
! tmpbuf[1] = 0xfe;
! mch_memmove(tmpbuf + 2, string, (size_t)length);
! vim_free(string);
! string = tmpbuf;
! length += 2;
! }
#if !GTK_CHECK_VERSION(3,0,0)
/* Looks redundant even for GTK2 because these values are
***************
*** 1606,1615 ****
tmpbuf[0] = motion_type;
STRCPY(tmpbuf + 1, p_enc);
mch_memmove(tmpbuf + l + 2, string, (size_t)length);
}
- length += l + 2;
- vim_free(string);
- string = tmpbuf;
type = vimenc_atom;
}
--- 1609,1618 ----
tmpbuf[0] = motion_type;
STRCPY(tmpbuf + 1, p_enc);
mch_memmove(tmpbuf + l + 2, string, (size_t)length);
+ length += l + 2;
+ vim_free(string);
+ string = tmpbuf;
}
type = vimenc_atom;
}
*** ../vim-8.1.1218/src/libvterm/src/state.c 2019-04-06 17:33:20.651486473
+0200
--- src/libvterm/src/state.c 2019-04-27 21:57:43.626854093 +0200
***************
*** 253,258 ****
--- 253,260 ----
// We'll have at most len codepoints, plus one from a previous incomplete
// sequence.
codepoints = vterm_allocator_malloc(state->vt, (len + 1) *
sizeof(uint32_t));
+ if (codepoints == NULL)
+ return 0;
encoding =
state->gsingle_set ? &state->encoding[state->gsingle_set] :
***************
*** 330,335 ****
--- 332,339 ----
break;
chars = vterm_allocator_malloc(state->vt, (glyph_ends - glyph_starts + 1)
* sizeof(uint32_t));
+ if (chars == NULL)
+ break;
for( ; i < glyph_ends; i++) {
int this_width;
***************
*** 1626,1631 ****
--- 1630,1637 ----
if(cols != state->cols) {
unsigned char *newtabstops = vterm_allocator_malloc(state->vt, (cols + 7)
/ 8);
+ if (newtabstops == NULL)
+ return 0;
/* TODO: This can all be done much more efficiently bytewise */
int col;
***************
*** 1651,1656 ****
--- 1657,1664 ----
if(rows != state->rows) {
VTermLineInfo *newlineinfo = vterm_allocator_malloc(state->vt, rows *
sizeof(VTermLineInfo));
+ if (newlineinfo == NULL)
+ return 0;
int row;
for(row = 0; row < state->rows && row < rows; row++) {
*** ../vim-8.1.1218/src/libvterm/src/termscreen.c 2018-12-24
21:38:40.814173687 +0100
--- src/libvterm/src/termscreen.c 2019-04-27 21:58:10.334718969 +0200
***************
*** 83,88 ****
--- 83,90 ----
ScreenCell *new_buffer = vterm_allocator_malloc(screen->vt,
sizeof(ScreenCell) * new_rows * new_cols);
int row, col;
+ if (new_buffer == NULL)
+ return NULL;
for(row = 0; row < new_rows; row++) {
for(col = 0; col < new_cols; col++) {
ScreenCell *new_cell = new_buffer + row*new_cols + col;
*** ../vim-8.1.1218/src/version.c 2019-04-27 20:36:52.534303564 +0200
--- src/version.c 2019-04-27 21:33:25.082620378 +0200
***************
*** 769,770 ****
--- 769,772 ----
{ /* Add new patch number below this line */
+ /**/
+ 1219,
/**/
--
WOMAN: King of the who?
ARTHUR: The Britons.
WOMAN: Who are the Britons?
ARTHUR: Well, we all are. we're all Britons and I am your king.
The Quest for the Holy Grail (Monty Python)
/// Bram Moolenaar -- b...@moolenaar.net -- http://www.Moolenaar.net \\\
/// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
\\\ an exciting new programming language -- http://www.Zimbu.org ///
\\\ help me help AIDS victims -- http://ICCF-Holland.org ///
--
--
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php
---
You received this message because you are subscribed to the Google Groups
"vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to vim_dev+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
