From 3383603c134944d374eb0814a2f707a7e3e89b43 Mon Sep 17 00:00:00 2001
From: zeertzjq <zeertzjq@outlook.com>
Date: Mon, 20 May 2024 06:44:19 +0800
Subject: vim-patch:9.1.0395: getregionpos() may leak memory on error

Problem:  regionpos may leak memory on error, coverity
          complains about dereferencing Null pointer
Solution: free all list pointers (after v9.1.394),
          return early if buflist_findnr() returns NULL

closes: vim/vim#14731

https://github.com/vim/vim/commit/b8ecedce79149ac6b994177e9a68979f86065cb1

Co-authored-by: Christian Brabandt <cb@256bit.org>
---
 src/nvim/eval/funcs.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'src/nvim/eval/funcs.c')

diff --git a/src/nvim/eval/funcs.c b/src/nvim/eval/funcs.c
index 2667f4a694..a5d6124eb3 100644
--- a/src/nvim/eval/funcs.c
+++ b/src/nvim/eval/funcs.c
@@ -3008,6 +3008,11 @@ static void f_getregion(typval_T *argvars, typval_T *rettv, EvalFuncData fptr)
 static void add_regionpos_range(typval_T *rettv, int bufnr, int lnum1, int col1, int coladd1,
                                 int lnum2, int col2, int coladd2)
 {
+  buf_T *findbuf = bufnr != 0 ? buflist_findnr(bufnr) : curbuf;
+  if (findbuf == NULL || findbuf->b_ml.ml_mfp == NULL) {
+    return;
+  }
+
   list_T *l1 = tv_list_alloc(2);
   tv_list_append_list(rettv->vval.v_list, l1);
 
@@ -3017,8 +3022,6 @@ static void add_regionpos_range(typval_T *rettv, int bufnr, int lnum1, int col1,
   list_T *l3 = tv_list_alloc(4);
   tv_list_append_list(l1, l3);
 
-  buf_T *findbuf = bufnr != 0 ? buflist_findnr(bufnr) : curbuf;
-
   int max_col1 = ml_get_buf_len(findbuf, lnum1);
   tv_list_append_number(l2, bufnr);
   tv_list_append_number(l2, lnum1);
-- 
cgit