From 021adc53e8e10adc252bec586bbd6ae3c1ae4f9b Mon Sep 17 00:00:00 2001
From: Shane Harvey <shnhrv@gmail.com>
Date: Tue, 7 Apr 2020 14:41:37 -0700
Subject: [PATCH] PYTHON-2191 Fix double free when realloc fails in buffer_grow

---
 bson/buffer.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/bson/buffer.c b/bson/buffer.c
index 0507eb238..1d428ddf7 100644
--- a/bson/buffer.c
+++ b/bson/buffer.c
@@ -53,7 +53,10 @@ int buffer_free(buffer_t buffer) {
     if (buffer == NULL) {
         return 1;
     }
-    free(buffer->buffer);
+    /* Buffer will be NULL when buffer_grow fails. */
+    if (buffer->buffer != NULL) {
+        free(buffer->buffer);
+    }
     free(buffer);
     return 0;
 }
@@ -79,7 +82,6 @@ static int buffer_grow(buffer_t buffer, int min_length) {
     buffer->buffer = (char*)realloc(buffer->buffer, sizeof(char) * size);
     if (buffer->buffer == NULL) {
         free(old_buffer);
-        free(buffer);
         return 1;
     }
     buffer->size = size;