From 0019886a84c7dfdaf452c8a715f26eb87c697b1b Mon Sep 17 00:00:00 2001
From: zeertzjq <zeertzjq@outlook.com>
Date: Wed, 11 May 2022 19:07:31 +0800
Subject: [PATCH] vim-patch:8.2.4901: NULL pointer access when using invalid
 pattern

Problem:    NULL pointer access when using invalid pattern.
Solution:   Check for failed regexp program.
https://github.com/vim/vim/commit/8e4b76da1d7e987d43ca960dfbc372d1c617466f
---
 src/nvim/buffer.c                | 2 +-
 src/nvim/testdir/test_buffer.vim | 7 +++++++
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/src/nvim/buffer.c b/src/nvim/buffer.c
index ab804cc42f..f9ad16e357 100644
--- a/src/nvim/buffer.c
+++ b/src/nvim/buffer.c
@@ -2387,7 +2387,7 @@ static char_u *fname_match(regmatch_T *rmp, char_u *name, bool ignore_case)
     rmp->rm_ic = p_fic || ignore_case;
     if (vim_regexec(rmp, name, (colnr_T)0)) {
       match = name;
-    } else {
+    } else if (rmp->regprog != NULL) {
       // Replace $(HOME) with '~' and try matching again.
       p = home_replace_save(NULL, name);
       if (vim_regexec(rmp, p, (colnr_T)0)) {
diff --git a/src/nvim/testdir/test_buffer.vim b/src/nvim/testdir/test_buffer.vim
index a31cdbb49a..7734094584 100644
--- a/src/nvim/testdir/test_buffer.vim
+++ b/src/nvim/testdir/test_buffer.vim
@@ -61,4 +61,11 @@ func Test_buffer_scheme()
   set shellslash&
 endfunc
 
+" this was using a NULL pointer after failing to use the pattern
+func Test_buf_pattern_invalid()
+  vsplit 0000000
+  silent! buf [0--]\&\zs*\zs*e
+  bwipe!
+endfunc
+
 " vim: shiftwidth=2 sts=2 expandtab