From 8e4b76da1d7e987d43ca960dfbc372d1c617466f Mon Sep 17 00:00:00 2001
From: Bram Moolenaar <Bram@vim.org>
Date: Sat, 7 May 2022 11:28:06 +0100
Subject: [PATCH] patch 8.2.4901: NULL pointer access when using invalid
 pattern

Problem:    NULL pointer access when using invalid pattern.
Solution:   Check for failed regexp program.
---
 src/buffer.c                | 2 +-
 src/testdir/test_buffer.vim | 7 +++++++
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/src/buffer.c b/src/buffer.c
index 5801bce..758d920 100644
--- a/src/buffer.c
+++ b/src/buffer.c
@@ -2830,7 +2830,7 @@ fname_match(
 	rmp->rm_ic = p_fic || ignore_case;
 	if (vim_regexec(rmp, name, (colnr_T)0))
 	    match = name;
-	else
+	else if (rmp->regprog != NULL)
 	{
 	    // Replace $(HOME) with '~' and try matching again.
 	    p = home_replace_save(NULL, name);
diff --git a/src/testdir/test_buffer.vim b/src/testdir/test_buffer.vim
index dc35bb4..8300f3d 100644
--- a/src/testdir/test_buffer.vim
+++ b/src/testdir/test_buffer.vim
@@ -63,4 +63,11 @@ func Test_bunload_with_offset()
   call delete('b4')
 endfunc
 
+" this was using a NULL pointer after failing to use the pattern
+func Test_buf_pattern_invalid()
+  vsplit 0000000
+  silent! buf [0--]\&\zs*\zs*e
+  bwipe!
+endfunc
+
 " vim: shiftwidth=2 sts=2 expandtab
-- 
1.8.3.1