From 0320d86d3bc3967c05677e34a81027ce7fb48551 Mon Sep 17 00:00:00 2001 From: oni-link Date: Wed, 30 Sep 2015 18:50:20 +0200 Subject: garray.c: Prevent ga_concat() using memcpy(NULL,...) Calling ga_grow(gap, 0) does not reallocate memory for garray gap. Because of this, gap->ga_data can be NULL after such a call, if gap does not have memory allocated. --- src/nvim/garray.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'src') diff --git a/src/nvim/garray.c b/src/nvim/garray.c index 953eb58841..75c3fb9a73 100644 --- a/src/nvim/garray.c +++ b/src/nvim/garray.c @@ -184,10 +184,12 @@ char_u* ga_concat_strings(const garray_T *gap) FUNC_ATTR_NONNULL_RET void ga_concat(garray_T *gap, const char_u *restrict s) { int len = (int)strlen((char *) s); - ga_grow(gap, len); - char *data = gap->ga_data; - memcpy(data + gap->ga_len, s, (size_t) len); - gap->ga_len += len; + if (len) { + ga_grow(gap, len); + char *data = gap->ga_data; + memcpy(data + gap->ga_len, s, (size_t)len); + gap->ga_len += len; + } } /// Append one byte to a growarray which contains bytes. -- cgit