patch 9.1.1734: Memory leak when allocating match fails

Problem:  Memory leak when allocating match fails
Solution: Initialize m to NULL and centralize cleanup via goto fail to
          avoid leaks on early returns (Damien Lejay)

closes: #18204

Signed-off-by: Damien Lejay <damien@lejay.be>
Signed-off-by: Hirohito Higashi <h.east.727@gmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>

diff --git a/src/match.c b/src/match.c
index ef2587947dcb5a0ef9d17ad3d24c7c382c680003..3b664bdb8685f5305da3c3571bbca3a7e44c2e86 100644 (file)
--- a/src/match.c
+++ b/src/match.c
@@ -21,7 +21,7 @@
  * Add match to the match list of window "wp".
  * If "pat" is not NULL the pattern will be highlighted with the group "grp"
  * with priority "prio".
- * If "pos_list" is not NULL the list of posisions defines the highlights.
+ * If "pos_list" is not NULL the list of positions defines the highlights.
  * Optionally, a desired ID "id" can be specified (greater than or equal to 1).
  * If no particular ID is desired, -1 must be specified for "id".
  * Return ID of added match, -1 on failure.
@@ -38,7 +38,7 @@ match_add(
 {
     matchitem_T        *cur;
     matchitem_T        *prev;
-    matchitem_T        *m;
+    matchitem_T        *m = NULL;
     int                hlg_id;
     regprog_T  *regprog = NULL;
     int                rtype = UPD_SOME_VALID;
@@ -86,15 +86,12 @@ match_add(
     // Build new match.
     m = ALLOC_CLEAR_ONE(matchitem_T);
     if (m == NULL)
-       return -1;
+       goto fail;
     if (pos_list != NULL && pos_list->lv_len > 0)
     {
        m->mit_pos_array = ALLOC_CLEAR_MULT(llpos_T, pos_list->lv_len);
        if (m->mit_pos_array == NULL)
-       {
-           vim_free(m);
-           return -1;
-       }
+           goto fail;
        m->mit_pos_count = pos_list->lv_len;
     }
     m->mit_id = id;
@@ -213,9 +210,13 @@ match_add(
     return id;
 
 fail:
-    vim_free(m->mit_pattern);
-    vim_free(m->mit_pos_array);
-    vim_free(m);
+    vim_regfree(regprog);
+    if (m != NULL)
+    {
+       vim_free(m->mit_pattern);
+       vim_free(m->mit_pos_array);
+       vim_free(m);
+    }
     return -1;
 }
 

diff --git a/src/version.c b/src/version.c
index aea569a25537f0b66a0607ebdcd00da3435c2692..8cddb1271222a5e107dd10bf636ab02be20ade37 100644 (file)
--- a/src/version.c
+++ b/src/version.c
@@ -724,6 +724,8 @@ static char *(features[]) =
 
 static int included_patches[] =
 {   /* Add new patch number below this line */
+/**/
+    1734,
 /**/
     1733,
 /**/