From e53dda90bdb66c78978f75a1eb209f7b601a74f0 Mon Sep 17 00:00:00 2001
From: oni-link <knil.ino@gmail.com>
Date: Sun, 7 Jun 2015 12:04:13 +0200
Subject: memline: Don't call memmove() with a NULL argument in ml_add_stack().
 #2802

When ml_add_stack() needs to increase the size of the empty stack,
buf->b_ml.ml_stack is NULL and is used as argument in memmove().
This is undefined behaviour. Declaration of memmove() in string.h:

extern void *memmove (void *__dest, const void *__src, size_t __n)
     __THROW __nonnull ((1, 2));
---
 src/nvim/memline.c | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

(limited to 'src/nvim/memline.c')

diff --git a/src/nvim/memline.c b/src/nvim/memline.c
index 62d1944c46..0e415b6e8c 100644
--- a/src/nvim/memline.c
+++ b/src/nvim/memline.c
@@ -2936,12 +2936,9 @@ static int ml_add_stack(buf_T *buf)
   if (top == buf->b_ml.ml_stack_size) {
     CHECK(top > 0, _("Stack size increases"));     /* more than 5 levels??? */
 
-    infoptr_T *newstack = xmalloc(sizeof(infoptr_T) *
-                                    (buf->b_ml.ml_stack_size + STACK_INCR));
-    memmove(newstack, buf->b_ml.ml_stack, (size_t)top * sizeof(infoptr_T));
-    xfree(buf->b_ml.ml_stack);
-    buf->b_ml.ml_stack = newstack;
     buf->b_ml.ml_stack_size += STACK_INCR;
+    size_t new_size = sizeof(infoptr_T) * buf->b_ml.ml_stack_size;
+    buf->b_ml.ml_stack = xrealloc(buf->b_ml.ml_stack, new_size);
   }
 
   buf->b_ml.ml_stack_top++;
-- 
cgit