vim: src/evalfunc.c comparison

comparison src/evalfunc.c @ 32321:b9a8d1c453e1 v9.0.1492

patch 9.0.1492: using uninitialized memory when argument is missing Commit: https://github.com/vim/vim/commit/b7f2270bab102d68f83a6300699b7f98efad81f2 Author: Bram Moolenaar <Bram@vim.org> Date: Thu Apr 27 16:24:07 2023 +0100 patch 9.0.1492: using uninitialized memory when argument is missing Problem: Using uninitialized memory when argument is missing. Solution: Check there are sufficient arguments before the base. (closes #12302)

author	Bram Moolenaar <Bram@vim.org>
date	Thu, 27 Apr 2023 17:30:05 +0200
parents	8d6f53a07ffd
children	3c2c1cb61004

comparison

equal deleted inserted replaced

-:45c1a530fa76
+:b9a8d1c453e1
 if (argcount + 1 > global_functions[fi].f_max_argc)
 	return FCERR_TOOMANY;
 if (global_functions[fi].f_argtype == FEARG_2)
 {
+	if (argcount < 1)
+	    return FCERR_TOOFEW;
 	// base value goes second
 	argv[0] = argvars[0];
 	argv[1] = *basetv;
 	for (int i = 1; i < argcount; ++i)
 	    argv[i + 1] = argvars[i];
 }
 else if (global_functions[fi].f_argtype == FEARG_3)
 {
+	if (argcount < 2)
+	    return FCERR_TOOFEW;
 	// base value goes third
 	argv[0] = argvars[0];
 	argv[1] = argvars[1];
 	argv[2] = *basetv;
 	for (int i = 2; i < argcount; ++i)
 	    argv[i + 1] = argvars[i];
 }
 else if (global_functions[fi].f_argtype == FEARG_4)
 {
+	if (argcount < 3)
+	    return FCERR_TOOFEW;
 	// base value goes fourth
 	argv[0] = argvars[0];
 	argv[1] = argvars[1];
 	argv[2] = argvars[2];
 	argv[3] = *basetv;

Mercurial > vim

comparison src/evalfunc.c @ 32321:b9a8d1c453e1 v9.0.1492