From 9abd5c6507154eabdfe8256940a24f090db0f533 Mon Sep 17 00:00:00 2001
From: Bram Moolenaar <Bram@vim.org>
Date: Tue, 10 Feb 2015 18:34:01 +0100
Subject: updated for version 7.4.624 Problem:    May leak memory or crash when
 vim_realloc() returns NULL. Solution:   Handle a NULL value properly. (Mike
 Williams)

---
 src/if_cscope.c | 16 ++++++++++++++++
 src/memline.c   |  3 +++
 src/misc1.c     |  4 ++++
 src/netbeans.c  | 22 ++++++++++++++++++++++
 src/version.c   |  2 ++
 5 files changed, 47 insertions(+)

diff --git a/src/if_cscope.c b/src/if_cscope.c
index ab31a0351..f72a96b9c 100644
--- a/src/if_cscope.c
+++ b/src/if_cscope.c
@@ -1507,9 +1507,16 @@ cs_insert_filelist(fname, ppath, flags, sb)
 	}
 	else
 	{
+	    csinfo_T *t_csinfo = csinfo;
+
 	    /* Reallocate space for more connections. */
 	    csinfo_size *= 2;
 	    csinfo = vim_realloc(csinfo, sizeof(csinfo_T)*csinfo_size);
+	    if (csinfo == NULL)
+	    {
+		vim_free(t_csinfo);
+		csinfo_size = 0;
+	    }
 	}
 	if (csinfo == NULL)
 	    return -1;
@@ -2059,6 +2066,7 @@ cs_print_tags_priv(matches, cntxts, num_matches)
     int num_matches;
 {
     char	*buf = NULL;
+    char	*t_buf;
     int		bufsize = 0; /* Track available bufsize */
     int		newsize = 0;
     char	*ptag;
@@ -2120,9 +2128,13 @@ cs_print_tags_priv(matches, cntxts, num_matches)
 	newsize = (int)(strlen(csfmt_str) + 16 + strlen(lno));
 	if (bufsize < newsize)
 	{
+	    t_buf = buf;
 	    buf = (char *)vim_realloc(buf, newsize);
 	    if (buf == NULL)
+	    {
 		bufsize = 0;
+		vim_free(t_buf);
+	    }
 	    else
 		bufsize = newsize;
 	}
@@ -2143,9 +2155,13 @@ cs_print_tags_priv(matches, cntxts, num_matches)
 
 	if (bufsize < newsize)
 	{
+	    t_buf = buf;
 	    buf = (char *)vim_realloc(buf, newsize);
 	    if (buf == NULL)
+	    {
 		bufsize = 0;
+		vim_free(t_buf);
+	    }
 	    else
 		bufsize = newsize;
 	}
diff --git a/src/memline.c b/src/memline.c
index 7adb2dc99..d62697d6b 100644
--- a/src/memline.c
+++ b/src/memline.c
@@ -5057,6 +5057,8 @@ ml_updatechunk(buf, line, len, updtype)
 	/* May resize here so we don't have to do it in both cases below */
 	if (buf->b_ml.ml_usedchunks + 1 >= buf->b_ml.ml_numchunks)
 	{
+	    chunksize_T *t_chunksize = buf->b_ml.ml_chunksize;
+
 	    buf->b_ml.ml_numchunks = buf->b_ml.ml_numchunks * 3 / 2;
 	    buf->b_ml.ml_chunksize = (chunksize_T *)
 		vim_realloc(buf->b_ml.ml_chunksize,
@@ -5064,6 +5066,7 @@ ml_updatechunk(buf, line, len, updtype)
 	    if (buf->b_ml.ml_chunksize == NULL)
 	    {
 		/* Hmmmm, Give up on offset for this buffer */
+		vim_free(t_chunksize);
 		buf->b_ml.ml_usedchunks = -1;
 		return;
 	    }
diff --git a/src/misc1.c b/src/misc1.c
index e3e7da824..707abf8d5 100644
--- a/src/misc1.c
+++ b/src/misc1.c
@@ -3431,10 +3431,14 @@ get_keystroke()
 	    buf = alloc(buflen);
 	else if (maxlen < 10)
 	{
+	    char_u  *t_buf = buf;
+
 	    /* Need some more space. This might happen when receiving a long
 	     * escape sequence. */
 	    buflen += 100;
 	    buf = vim_realloc(buf, buflen);
+	    if (buf == NULL)
+		vim_free(t_buf);
 	    maxlen = (buflen - 6 - len) / 3;
 	}
 	if (buf == NULL)
diff --git a/src/netbeans.c b/src/netbeans.c
index c3345447a..4f6cf2f47 100644
--- a/src/netbeans.c
+++ b/src/netbeans.c
@@ -1080,10 +1080,18 @@ nb_get_buf(int bufno)
     {
 	if (bufno >= buf_list_size) /* grow list */
 	{
+	    nbbuf_T *t_buf_list = buf_list;
+
 	    incr = bufno - buf_list_size + 90;
 	    buf_list_size += incr;
 	    buf_list = (nbbuf_T *)vim_realloc(
 				   buf_list, buf_list_size * sizeof(nbbuf_T));
+	    if (buf_list == NULL)
+	    {
+		vim_free(t_buf_list);
+		buf_list_size = 0;
+		return NULL;
+	    }
 	    vim_memset(buf_list + buf_list_size - incr, 0,
 						      incr * sizeof(nbbuf_T));
 	}
@@ -3678,11 +3686,18 @@ addsigntype(
 	    {
 		int incr;
 		int oldlen = globalsignmaplen;
+		char **t_globalsignmap = globalsignmap;
 
 		globalsignmaplen *= 2;
 		incr = globalsignmaplen - oldlen;
 		globalsignmap = (char **)vim_realloc(globalsignmap,
 					   globalsignmaplen * sizeof(char *));
+		if (globalsignmap == NULL)
+		{
+		    vim_free(t_globalsignmap);
+		    globalsignmaplen = 0;
+		    return;
+		}
 		vim_memset(globalsignmap + oldlen, 0, incr * sizeof(char *));
 	    }
 	}
@@ -3708,11 +3723,18 @@ addsigntype(
 	{
 	    int incr;
 	    int oldlen = buf->signmaplen;
+	    int *t_signmap = buf->signmap;
 
 	    buf->signmaplen *= 2;
 	    incr = buf->signmaplen - oldlen;
 	    buf->signmap = (int *)vim_realloc(buf->signmap,
 					       buf->signmaplen * sizeof(int));
+	    if (buf->signmap == NULL)
+	    {
+		vim_free(t_signmap);
+		buf->signmaplen = 0;
+		return;
+	    }
 	    vim_memset(buf->signmap + oldlen, 0, incr * sizeof(int));
 	}
     }
diff --git a/src/version.c b/src/version.c
index b52926a36..70a8633d0 100644
--- a/src/version.c
+++ b/src/version.c
@@ -741,6 +741,8 @@ static char *(features[]) =
 
 static int included_patches[] =
 {   /* Add new patch number below this line */
+/**/
+    624,
 /**/
     623,
 /**/
-- 
cgit v1.2.1