From 8ee6f90bf810a3f0286513308e6cccff7d185666 Mon Sep 17 00:00:00 2001
From: oni-link <knil.ino@gmail.com>
Date: Tue, 24 Mar 2015 19:46:39 +0100
Subject: Fix problem with coverity/105568 fix.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The original fix 3db0a40d691c103a26ef3df74528f12d89b0fa61
does not work for more than one loop iteration, because memory allocated
in the previous iteration could be reused in the current iteration.

Because expand_wildcards() never reads the variables *num_file
and *file before the first assignment to them, the initial
values for these variables can be anything. So instead of
calling expand_shellcmd() with *file = "" we set *file = NULL.
That should help coverity see, that not a array-typed value
is freed.

Helped-by: Eliseo Martínez <eliseomarmol@gmail.com>
---
 src/nvim/ex_getln.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/src/nvim/ex_getln.c b/src/nvim/ex_getln.c
index cd63b4fa90..f0beef87e7 100644
--- a/src/nvim/ex_getln.c
+++ b/src/nvim/ex_getln.c
@@ -10,7 +10,6 @@
  * ex_getln.c: Functions for entering and editing an Ex command line.
  */
 
-#include <assert.h>
 #include <errno.h>
 #include <stdbool.h>
 #include <string.h>
@@ -3629,6 +3628,7 @@ ExpandFromContext (
   }
 
   if (xp->xp_context == EXPAND_SHELLCMD) {
+    *file = NULL;
     expand_shellcmd(pat, num_file, file, flags);
     return OK;
   }
@@ -3876,10 +3876,8 @@ static void expand_shellcmd(char_u *filepat, int *num_file, char_u ***file,
     STRLCPY(buf + l, pat, MAXPATHL - l);
 
     /* Expand matches in one directory of $PATH. */
-    char_u **prev_file = *file;
     ret = expand_wildcards(1, &buf, num_file, file, flags);
     if (ret == OK) {
-      assert(*file != prev_file);
       ga_grow(&ga, *num_file);
       {
         for (i = 0; i < *num_file; ++i) {
-- 
cgit