patch 9.2.0773: Memory leak in evalfunc.c on alloc failure
Commit:
https://github.com/vim/vim/commit/9dc4e0cbddb91009927bab762eb629a137c74632
Author: Christian Brabandt <
c...@256bit.org>
Date: Thu Jul 2 19:38:26 2026 +0000
patch 9.2.0773: Memory leak in evalfunc.c on alloc failure
Problem: Memory leak in evalfunc.c on alloc failure
Solution: Call dict_unref() when list_append_dict() fails before
returning.
related: #20668
Supported by AI.
Signed-off-by: Christian Brabandt <
c...@256bit.org>
diff --git a/src/evalfunc.c b/src/evalfunc.c
index 3aeda7e11..15b1eee87 100644
--- a/src/evalfunc.c
+++ b/src/evalfunc.c
@@ -5840,7 +5840,10 @@ f_getchangelist(typval_T *argvars, typval_T *rettv)
if ((d = dict_alloc()) == NULL)
return;
if (list_append_dict(l, d) == FAIL)
+ {
+ dict_unref(d);
return;
+ }
dict_add_number(d, "lnum", (long)buf->b_changelist[i].lnum);
dict_add_number(d, "col", (long)buf->b_changelist[i].col);
dict_add_number(d, "coladd", (long)buf->b_changelist[i].coladd);
@@ -6058,7 +6061,10 @@ f_getjumplist(typval_T *argvars, typval_T *rettv)
if ((d = dict_alloc()) == NULL)
return;
if (list_append_dict(l, d) == FAIL)
+ {
+ dict_unref(d);
return;
+ }
dict_add_number(d, "lnum", (long)wp->w_jumplist[i].fmark.mark.lnum);
dict_add_number(d, "col", (long)wp->w_jumplist[i].fmark.mark.col);
dict_add_number(d, "coladd", (long)wp->w_jumplist[i].fmark.mark.coladd);
@@ -9498,7 +9504,10 @@ get_matches_in_str(
if (d == NULL)
return FAIL;
if (list_append_dict(mlist, d) == FAIL)
+ {
+ dict_unref(d);
return FAIL;
+ }
if (dict_add_number(d, matchbuf ? "lnum" : "idx", idx) == FAIL)
return FAIL;
@@ -9518,7 +9527,10 @@ get_matches_in_str(
return FAIL;
if (dict_add_list(d, "submatches", sml) == FAIL)
+ {
+ list_unref(sml);
return FAIL;
+ }
// return a list with the submatches
for (int i = 1; i < NSUBEXP; ++i)
diff --git a/src/version.c b/src/version.c
index 2c4e9cf24..7e0fe9136 100644
--- a/src/version.c
+++ b/src/version.c
@@ -759,6 +759,8 @@ static char *(features[]) =
static int included_patches[] =
{ /* Add new patch number below this line */
+/**/
+ 773,
/**/
772,
/**/