From 7fb90815a0a29238c12e53b53e14fc55109f02b7 Mon Sep 17 00:00:00 2001
From: John Marriott <basilisk@internode.on.net>
Date: Wed, 2 Apr 2025 20:32:35 +0200
Subject: [PATCH] patch 9.1.1270: missing out-of-memory checks in buffer.c

Problem:  missing out-of-memory checks in buffer.c
Solution: handle out-of-memory situations during allocation
          (John Marriott)

closes: #17031

Signed-off-by: John Marriott <basilisk@internode.on.net>
Signed-off-by: Christian Brabandt <cb@256bit.org>
---
 src/buffer.c  | 58 +++++++++++++++++++++++++++++++--------------------
 src/version.c |  2 ++
 2 files changed, 37 insertions(+), 23 deletions(-)

diff --git a/src/buffer.c b/src/buffer.c
index 68388db088..8277b726c2 100644
--- a/src/buffer.c
+++ b/src/buffer.c
@@ -2926,6 +2926,8 @@ ExpandBufnames(
 		p = home_replace_save(buf, p);
 	    else
 		p = vim_strsave(p);
+	    if (p == NULL)
+		return FAIL;
 
 	    if (!fuzzy)
 	    {
@@ -4030,8 +4032,11 @@ maketitle(void)
 	    else
 	    {
 		p = transstr(gettail(curbuf->b_fname));
-		vim_strncpy(buf, p, SPACE_FOR_FNAME);
-		vim_free(p);
+		if (p != NULL)
+		{
+		    vim_strncpy(buf, p, SPACE_FOR_FNAME);
+		    vim_free(p);
+		}
 	    }
 
 #ifdef FEAT_TERMINAL
@@ -4084,8 +4089,11 @@ maketitle(void)
 		if (off < SPACE_FOR_DIR)
 		{
 		    p = transstr(buf + off);
-		    vim_strncpy(buf + off, p, (size_t)(SPACE_FOR_DIR - off));
-		    vim_free(p);
+		    if (p != NULL)
+		    {
+			vim_strncpy(buf + off, p, (size_t)(SPACE_FOR_DIR - off));
+			vim_free(p);
+		    }
 		}
 		else
 		{
@@ -4767,25 +4775,29 @@ build_stl_str_hl(
 		size_t new_fmt_len = parsed_usefmt
 						 + str_length + fmt_length + 3;
 		char_u *new_fmt = (char_u *)alloc(new_fmt_len * sizeof(char_u));
-		char_u *new_fmt_p = new_fmt;
-
-		new_fmt_p = (char_u *)memcpy(new_fmt_p, usefmt, parsed_usefmt)
-							       + parsed_usefmt;
-		new_fmt_p = (char_u *)memcpy(new_fmt_p , str, str_length)
-								  + str_length;
-		new_fmt_p = (char_u *)memcpy(new_fmt_p, "%}", 2) + 2;
-		new_fmt_p = (char_u *)memcpy(new_fmt_p , s, fmt_length)
-								  + fmt_length;
-		*new_fmt_p = 0;
-		new_fmt_p = NULL;
-
-		if (usefmt != fmt)
-		    vim_free(usefmt);
-		VIM_CLEAR(str);
-		usefmt = new_fmt;
-		s = usefmt + parsed_usefmt;
-		evaldepth++;
-		continue;
+
+		if (new_fmt != NULL)
+		{
+		    char_u *new_fmt_p = new_fmt;
+
+		    new_fmt_p = (char_u *)memcpy(new_fmt_p, usefmt, parsed_usefmt)
+								   + parsed_usefmt;
+		    new_fmt_p = (char_u *)memcpy(new_fmt_p , str, str_length)
+								      + str_length;
+		    new_fmt_p = (char_u *)memcpy(new_fmt_p, "%}", 2) + 2;
+		    new_fmt_p = (char_u *)memcpy(new_fmt_p , s, fmt_length)
+								      + fmt_length;
+		    *new_fmt_p = 0;
+		    new_fmt_p = NULL;
+
+		    if (usefmt != fmt)
+			vim_free(usefmt);
+		    VIM_CLEAR(str);
+		    usefmt = new_fmt;
+		    s = usefmt + parsed_usefmt;
+		    evaldepth++;
+		    continue;
+		}
 	    }
 #endif
 	    break;
diff --git a/src/version.c b/src/version.c
index 7882f5eb76..6f54a94f50 100644
--- a/src/version.c
+++ b/src/version.c
@@ -704,6 +704,8 @@ static char *(features[]) =
 
 static int included_patches[] =
 {   /* Add new patch number below this line */
+/**/
+    1270,
 /**/
     1269,
 /**/
-- 
2.47.2