Report some potentail security bugs.

[lyl...@mail.ustc.edu.cn]

  Our research team recently have found four potential double free vulnerabilities,please check them and tell us the result as soon as possible.

  Hope your project will get better and better.

[Bram Moolenaar]

> Our research team recently have found four potential double free
> vulnerabilities,please check them and tell us the result as soon as
> possible. Hope your project will get better and better.

Thanks for reporting the potential problems. They are mostly corner
cases, very unlikely to actually happen.

The first one uses a number passed in by a netbeans command, thus it's
worth checking that. I made patch 8.2.1843.

The vim_realloc() for buf->signmap and globalsignmap does not use user
input, it just doubles the size when needed. I don't think it will ever
reach a size where it becomes a problem.

the vim_realloc() in normal.c is also very unlikely to end up with zero
size, since it uses strlen() of two strings.

It's very annoying that realloc() returns NULL both when the buffer was
freed (zero size) and when the call failed. It'a very error prone.
The manual page even mentions that it might return NULL or not.

--
hundred-and-one symptoms of being an internet addict:
86. E-mail Deficiency Depression (EDD) forces you to e-mail yourself.

/// Bram Moolenaar -- Br...@Moolenaar.net -- http://www.Moolenaar.net \\\
/// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
\\\ an exciting new programming language -- http://www.Zimbu.org ///
\\\ help me help AIDS victims -- http://ICCF-Holland.org ///