changeset 29363:4e48651f2e48 v9.0.0024

patch 9.0.0024: may access part of typeahead buf that isn't filled Commit: https://github.com/vim/vim/commit/af043e12d9e5869c597de40b9a2517ae97ac72e7 Author: Bram Moolenaar <Bram@vim.org> Date: Sat Jul 2 12:08:16 2022 +0100 patch 9.0.0024: may access part of typeahead buf that isn't filled Problem: May access part of typeahead buf that isn't filled. Solution: Check length of typeahead.
author Bram Moolenaar <Bram@vim.org>
date Sat, 02 Jul 2022 13:15:02 +0200
parents cffb457247f4
children bf86439e9d05
files src/getchar.c src/version.c
diffstat 2 files changed, 4 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/src/getchar.c
+++ b/src/getchar.c
@@ -2437,7 +2437,8 @@ handle_mapping(
     int		is_plug_map = FALSE;
 
     // If typehead starts with <Plug> then remap, even for a "noremap" mapping.
-    if (typebuf.tb_buf[typebuf.tb_off] == K_SPECIAL
+    if (typebuf.tb_len >= 3
+	    && typebuf.tb_buf[typebuf.tb_off] == K_SPECIAL
 	    && typebuf.tb_buf[typebuf.tb_off + 1] == KS_EXTRA
 	    && typebuf.tb_buf[typebuf.tb_off + 2] == KE_PLUG)
 	is_plug_map = TRUE;
--- a/src/version.c
+++ b/src/version.c
@@ -736,6 +736,8 @@ static char *(features[]) =
 static int included_patches[] =
 {   /* Add new patch number below this line */
 /**/
+    24,
+/**/
     23,
 /**/
     22,