commit 3383603c134944d374eb0814a2f707a7e3e89b43
parent d89144626e7429d9c499875ed426a6223f9013be
Author: zeertzjq <zeertzjq@outlook.com>
Date: Mon, 20 May 2024 06:44:19 +0800
vim-patch:9.1.0395: getregionpos() may leak memory on error
Problem: regionpos may leak memory on error, coverity
complains about dereferencing Null pointer
Solution: free all list pointers (after v9.1.394),
return early if buflist_findnr() returns NULL
closes: vim/vim#14731
https://github.com/vim/vim/commit/b8ecedce79149ac6b994177e9a68979f86065cb1
Co-authored-by: Christian Brabandt <cb@256bit.org>
Diffstat:
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/src/nvim/eval/funcs.c b/src/nvim/eval/funcs.c
@@ -3008,6 +3008,11 @@ static void f_getregion(typval_T *argvars, typval_T *rettv, EvalFuncData fptr)
static void add_regionpos_range(typval_T *rettv, int bufnr, int lnum1, int col1, int coladd1,
int lnum2, int col2, int coladd2)
{
+ buf_T *findbuf = bufnr != 0 ? buflist_findnr(bufnr) : curbuf;
+ if (findbuf == NULL || findbuf->b_ml.ml_mfp == NULL) {
+ return;
+ }
+
list_T *l1 = tv_list_alloc(2);
tv_list_append_list(rettv->vval.v_list, l1);
@@ -3017,8 +3022,6 @@ static void add_regionpos_range(typval_T *rettv, int bufnr, int lnum1, int col1,
list_T *l3 = tv_list_alloc(4);
tv_list_append_list(l1, l3);
- buf_T *findbuf = bufnr != 0 ? buflist_findnr(bufnr) : curbuf;
-
int max_col1 = ml_get_buf_len(findbuf, lnum1);
tv_list_append_number(l2, bufnr);
tv_list_append_number(l2, lnum1);
