patch 9.1.1491: missing out-of-memory checks in cmdexpand.c
Commit:
https://github.com/vim/vim/commit/3b03b435a29391ded301fa2f377141db3c8093b7
Author: John Marriott <basil...@internode.on.net>
Date: Sat Jun 28 20:41:54 2025 +0200
patch 9.1.1491: missing out-of-memory checks in cmdexpand.c
Problem: missing out-of-memory checks in cmdexpand.c
Solution: add out-of-memory checks for expand_files_and_dirs(),
ExpandUserDefined() and ExpandUserList()
(John Marriott)
closes: #17570
Signed-off-by: John Marriott <basil...@internode.on.net>
Signed-off-by: Christian Brabandt <c...@256bit.org>
diff --git a/src/cmdexpand.c b/src/cmdexpand.c
index 2a2360722..4615aafac 100644
--- a/src/cmdexpand.c
+++ b/src/cmdexpand.c
@@ -2991,6 +2991,9 @@ expand_files_and_dirs(
{
free_pat = TRUE;
pat = vim_strsave(pat);
+ if (pat == NULL)
+ return ret;
+
for (i = 0; pat[i]; ++i)
if (pat[i] == '\')
{
@@ -3902,16 +3905,24 @@ ExpandUserDefined(
if (match)
{
+ char_u *p = vim_strnsave(s, (size_t)(e - s));
+ if (p == NULL)
+ break;
+
if (ga_grow(&ga, 1) == FAIL)
+ {
+ vim_free(p);
break;
+ }
+
if (!fuzzy)
- ((char_u **)ga.ga_data)[ga.ga_len] = vim_strnsave(s, e - s);
+ ((char_u **)ga.ga_data)[ga.ga_len] = p;
else
{
fuzmatch_str_T *fuzmatch =
&((fuzmatch_str_T *)ga.ga_data)[ga.ga_len];
fuzmatch->idx = ga.ga_len;
- fuzmatch->str = vim_strnsave(s, e - s);
+ fuzmatch->str = p;
fuzmatch->score = score;
}
++ga.ga_len;
@@ -3963,14 +3974,22 @@ ExpandUserList(
// Loop over the items in the list.
FOR_ALL_LIST_ITEMS(retlist, li)
{
+ char_u *p;
+
if (li->li_tv.v_type != VAR_STRING || li->li_tv.vval.v_string == NULL)
continue; // Skip non-string items and empty strings
+ p = vim_strsave(li->li_tv.vval.v_string);
+ if (p == NULL)
+ break;
+
if (ga_grow(&ga, 1) == FAIL)
+ {
+ vim_free(p);
break;
+ }
- ((char_u **)ga.ga_data)[ga.ga_len] =
- vim_strsave(li->li_tv.vval.v_string);
+ ((char_u **)ga.ga_data)[ga.ga_len] = p;
++ga.ga_len;
}
list_unref(retlist);
diff --git a/src/version.c b/src/version.c
index ff3c34856..42a345032 100644
--- a/src/version.c
+++ b/src/version.c
@@ -719,6 +719,8 @@ static char *(features[]) =
static int included_patches[] =
{ /* Add new patch number below this line */
+/**/
+ 1491,
/**/
1490,
/**/
--
--
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php
---
You received this message because you are subscribed to the Google Groups
"vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to vim_dev+unsubscr...@googlegroups.com.
To view this discussion visit
https://groups.google.com/d/msgid/vim_dev/E1uVamR-008uyo-9u%40256bit.org.
