From 6b84e6e1b9bedefb6b526978df460a5054b05c44 Mon Sep 17 00:00:00 2001
From: Vadim Zeitlin <vadim@wxwidgets.org>
Date: Fri, 13 Mar 2015 16:58:37 +0100
Subject: [PATCH] Slightly improve out of memory handling in wxMemoryBuffer.

Reset not only m_data but also m_size and m_len to 0 if we run out of memory.

Closes #4500.
---
 include/wx/buffer.h | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/include/wx/buffer.h b/include/wx/buffer.h
index 68611010e1..ca6b340084 100644
--- a/include/wx/buffer.h
+++ b/include/wx/buffer.h
@@ -458,13 +458,17 @@ private:
     {
         if (newSize > m_size)
         {
-            void *dataOld = m_data;
-            m_data = realloc(m_data, newSize + wxMemoryBufferData::DefBufSize);
-            if ( !m_data )
+            void* const data = realloc(m_data, newSize + wxMemoryBufferData::DefBufSize);
+            if ( !data )
             {
-                free(dataOld);
+                // It's better to crash immediately dereferencing a null
+                // pointer in the function calling us than overflowing the
+                // buffer which couldn't be made big enough.
+                free(release());
+                return;
             }
 
+            m_data = data;
             m_size = newSize + wxMemoryBufferData::DefBufSize;
         }
     }