Mercurial > vim

--- a/src/getchar.c
+++ b/src/getchar.c
@@ -446,9 +446,18 @@ flush_buffers(flush_buffers_T flush_type

     if (flush_typeahead == FLUSH_MINIMAL)
     {
-	// remove mapped characters at the start only
-	typebuf.tb_off += typebuf.tb_maplen;
-	typebuf.tb_len -= typebuf.tb_maplen;
+	// remove mapped characters at the start only,
+	// but only when enough space left in typebuf
+	if (typebuf.tb_off + typebuf.tb_maplen >= typebuf.tb_buflen)
+	{
+	    typebuf.tb_off = MAXMAPLEN;
+	    typebuf.tb_len = 0;
+	}
+	else
+	{
+	    typebuf.tb_off += typebuf.tb_maplen;
+	    typebuf.tb_len -= typebuf.tb_maplen;
+	}
 #if defined(FEAT_CLIENTSERVER) || defined(FEAT_EVAL)
 	if (typebuf.tb_len == 0)
 	    typebuf_was_filled = FALSE;
new file mode 100644
index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..c40adbec4d07a66bcc9aa51e40dbbb90fdc36623
GIT binary patch
literal 700
zc${^R&ubGw6vro34?Zs*WGUn_LcAp8mlic`NE8jF#rPvslx9pjo0%j_HnVkS5^S<-
z0yTK7(3?;x=&cuzJqi8=f*yM7KOs5Rb&{q~6+aBa<IQ{XzVB;Z_I$W8`@mtAh!L-x
zj%Qw+53Sw?;kYeYnP&~(Fm47$I1@Gu;t|$MS2@Qf!E={FI?+4mO$i7n>eqE6yn!DP
zpl(*yESu-NYvaF8%X;bMdFJ>=xP1NA!rVe8^V-ma2SE@N9j2_uE|(Ik2FIns%G1(A
z+~k{BIk@TwWr;R#@jqnT*D@xcf$(8Nb-UnwAnO=^og%ryYE6_1i%XBF8;d2Ai^(KF
z)I`YX|3gmV9Bf`eGYIV$BNG$+mg$e9tn?#OSDt&TDeaTi(d2xiMTI@KE@hcE70qS!
z{tm{7ApT0OQ>jR7fSPI&=!R5q4m#GcULYp{PR4o6dRrSu5+@R7Ic1WtmqCcRdf?a%
zsV^NQBtyV1wpZ?kkVap{{^w$322C_|5C2ci?oj0hXz<f*9S1?5+7%oRhM@{U3;>>q
zJovK#aHu}1HmJKsJJhmkoYYU4xLW@U;YLjY($VLr?-5V10_$nP`F!34ko4ER3jjks
zDccs-%Qnv~L0nN&ZyeQw?5eJDuIhTZyS?@4+i*DS56_VN{&BRk8$vtpwzmdnvqyXT
MUk>*4+h}z78%`AoZvX%Q
--- a/src/testdir/test_crash.vim
+++ b/src/testdir/test_crash.vim
@@ -216,6 +216,13 @@ func Test_crash1_3()
   call term_sendkeys(buf, args)
   call TermWait(buf, 50)

+  let file = 'crash/heap_overflow3'
+  let cmn_args = "%s -u NONE -i NONE -n -X -m -n -e -s -S %s -c ':qa!'"
+  let args = printf(cmn_args, vim, file)
+  call term_sendkeys(buf, args)
+  call TermWait(buf, 150)
+
+
   " clean up
   exe buf .. "bw!"
   bw!
--- a/src/version.c
+++ b/src/version.c
@@ -705,6 +705,8 @@ static char *(features[]) =
 static int included_patches[] =
 {   /* Add new patch number below this line */
 /**/
+    697,
+/**/
     696,
 /**/
     695,