patch 8.1.1895: using NULL pointer when out of memory

Problem:    Using NULL pointer when out of memory.
Solution:   Bail out or skip the code using the pointer. (Zu-Ming Jiang,
            closes #4805, closes #4843, closes #4939, closes #4844)

diff --git a/src/buffer.c b/src/buffer.c
index 78801a8121d4dfedb0deb5792d1da20ca666fee5..f9686a7bd8cc3c8b46d66b25029d71f001265b39 100644 (file)
--- a/src/buffer.c
+++ b/src/buffer.c
@@ -181,14 +181,19 @@ open_buffer(
            if (curbuf->b_ml.ml_mfp != NULL)
                break;
        /*
-        * if there is no memfile at all, exit
+        * If there is no memfile at all, exit.
         * This is OK, since there are no changes to lose.
         */
        if (curbuf == NULL)
        {
            emsg(_("E82: Cannot allocate any buffer, exiting..."));
+
+           // Don't try to do any saving, with "curbuf" NULL almost nothing
+           // will work.
+           v_dying = 2;
            getout(2);
        }
+
        emsg(_("E83: Cannot allocate buffer, using other one..."));
        enter_buffer(curbuf);
 #ifdef FEAT_SYN_HL

diff --git a/src/highlight.c b/src/highlight.c
index db65ffca71f0e74d87ad409fd3850d6533d26d10..f32081d8ab2e8f7c844332894adf417619d7689b 100644 (file)
--- a/src/highlight.c
+++ b/src/highlight.c
@@ -3016,6 +3016,7 @@ syn_check_group(char_u *pp, int len)
 syn_add_group(char_u *name)
 {
     char_u     *p;
+    char_u     *name_up;
 
     // Check that the name is ASCII letters, digits and underscore.
     for (p = name; *p != NUL; ++p)
@@ -3061,9 +3062,16 @@ syn_add_group(char_u *name)
        return 0;
     }
 
+    name_up = vim_strsave_up(name);
+    if (name_up == NULL)
+    {
+       vim_free(name);
+       return 0;
+    }
+
     vim_memset(&(HL_TABLE()[highlight_ga.ga_len]), 0, sizeof(hl_group_T));
     HL_TABLE()[highlight_ga.ga_len].sg_name = name;
-    HL_TABLE()[highlight_ga.ga_len].sg_name_u = vim_strsave_up(name);
+    HL_TABLE()[highlight_ga.ga_len].sg_name_u = name_up;
 #if defined(FEAT_GUI) || defined(FEAT_TERMGUICOLORS)
     HL_TABLE()[highlight_ga.ga_len].sg_gui_bg = INVALCOLOR;
     HL_TABLE()[highlight_ga.ga_len].sg_gui_fg = INVALCOLOR;

diff --git a/src/message.c b/src/message.c
index da81fa01577ec4db68c00326b738da77e0c8303c..387a142a22e14897f2634d6a5bd5b4092ea72193 100644 (file)
--- a/src/message.c
+++ b/src/message.c
@@ -2588,16 +2588,19 @@ msg_puts_printf(char_u *str, int maxlen)
                int n = (int)(s - p);
 
                buf = alloc(n + 3);
-               memcpy(buf, p, n);
-               if (!info_message)
-                   buf[n++] = CAR;
-               buf[n++] = NL;
-               buf[n++] = NUL;
-               if (info_message)   // informative message, not an error
-                   mch_msg((char *)buf);
-               else
-                   mch_errmsg((char *)buf);
-               vim_free(buf);
+               if (buf != NULL)
+               {
+                   memcpy(buf, p, n);
+                   if (!info_message)
+                       buf[n++] = CAR;
+                   buf[n++] = NL;
+                   buf[n++] = NUL;
+                   if (info_message)   // informative message, not an error
+                       mch_msg((char *)buf);
+                   else
+                       mch_errmsg((char *)buf);
+                   vim_free(buf);
+               }
                p = s + 1;
            }
        }

diff --git a/src/ops.c b/src/ops.c
index 7ede1f73a2adc0ce7ab4b7a621e7179cae274267..7b1d9ede7aa32ac80934feaef7093012df83c3e4 100644 (file)
--- a/src/ops.c
+++ b/src/ops.c
@@ -4556,6 +4556,11 @@ do_join(
 
     /* allocate the space for the new line */
     newp = alloc(sumsize + 1);
+    if (newp == NULL)
+    {
+       ret = FAIL;
+       goto theend;
+    }
     cend = newp + sumsize;
     *cend = 0;
 

diff --git a/src/version.c b/src/version.c
index 019ce2524b46df1ab9d7bd353d55e4a275349027..2b9a0c6374bcfe9a39ca5b152b04be9f05fe5532 100644 (file)
--- a/src/version.c
+++ b/src/version.c
@@ -765,6 +765,8 @@ static char *(features[]) =
 
 static int included_patches[] =
 {   /* Add new patch number below this line */
+/**/
+    1895,
 /**/
     1894,
 /**/