Commit: patch 9.2.0746: NULL pointer dereference in gui_photon
0 views
Skip to first unread message
Christian Brabandt
3:00 PM (6 hours ago) 3:00 PM
to vim...@googlegroups.com
patch 9.2.0746: NULL pointer dereference in gui_photon
Commit: https://github.com/vim/vim/commit/38210a5c79b2104b52a8c0e7241f8f346ab6e693
Author: Christian Brabandt <c...@256bit.org>
Date: Sun Jun 28 18:53:06 2026 +0000
patch 9.2.0746: NULL pointer dereference in gui_photon
Problem: NULL pointer dereference in gui_photon (Ao Xijie)
Solution: after realloc() validate the buffer is not NULL.
closes: #20661
Signed-off-by: Christian Brabandt <c...@256bit.org>
diff --git a/src/gui_photon.c b/src/gui_photon.c
index 8cc31d59a..096f6ac54 100644
--- a/src/gui_photon.c
+++ b/src/gui_photon.c
@@ -2173,7 +2173,11 @@ gui_mch_draw_string(int row, int col, char_u *s, int len, int flags)
// Use a static buffer to avoid large amounts of de/allocations
if (utf8_len < len)
{
- utf8_buffer = realloc(utf8_buffer, len * MB_LEN_MAX);
+ char *new_buffer = realloc(utf8_buffer, len * MB_LEN_MAX);
+
+ if (new_buffer == NULL)
+ return;
+ utf8_buffer = new_buffer;
utf8_len = len;
}
diff --git a/src/version.c b/src/version.c
index c75668400..bb33fb77c 100644
--- a/src/version.c
+++ b/src/version.c
@@ -759,6 +759,8 @@ static char *(features[]) =
static int included_patches[] =
{ /* Add new patch number below this line */
+/**/
+ 746,
/**/
745,
/**/
Commit: https://github.com/vim/vim/commit/38210a5c79b2104b52a8c0e7241f8f346ab6e693
Author: Christian Brabandt <c...@256bit.org>
Date: Sun Jun 28 18:53:06 2026 +0000
patch 9.2.0746: NULL pointer dereference in gui_photon
Problem: NULL pointer dereference in gui_photon (Ao Xijie)
Solution: after realloc() validate the buffer is not NULL.
closes: #20661
Signed-off-by: Christian Brabandt <c...@256bit.org>
diff --git a/src/gui_photon.c b/src/gui_photon.c
index 8cc31d59a..096f6ac54 100644
--- a/src/gui_photon.c
+++ b/src/gui_photon.c
@@ -2173,7 +2173,11 @@ gui_mch_draw_string(int row, int col, char_u *s, int len, int flags)
// Use a static buffer to avoid large amounts of de/allocations
if (utf8_len < len)
{
- utf8_buffer = realloc(utf8_buffer, len * MB_LEN_MAX);
+ char *new_buffer = realloc(utf8_buffer, len * MB_LEN_MAX);
+
+ if (new_buffer == NULL)
+ return;
+ utf8_buffer = new_buffer;
utf8_len = len;
}
diff --git a/src/version.c b/src/version.c
index c75668400..bb33fb77c 100644
--- a/src/version.c
+++ b/src/version.c
@@ -759,6 +759,8 @@ static char *(features[]) =
static int included_patches[] =
{ /* Add new patch number below this line */
+/**/
+ 746,
/**/
745,
/**/
Reply all
Reply to author
Forward
0 new messages