27 lines
953 B
Diff
27 lines
953 B
Diff
From af043e12d9e5869c597de40b9a2517ae97ac72e7 Mon Sep 17 00:00:00 2001
|
|
From: Bram Moolenaar <Bram@vim.org>
|
|
Date: Sat, 2 Jul 2022 12:08:16 +0100
|
|
Subject: [PATCH] patch 9.0.0024: may access part of typeahead buf that isn't
|
|
filled
|
|
|
|
Problem: May access part of typeahead buf that isn't filled.
|
|
Solution: Check length of typeahead.
|
|
---
|
|
src/getchar.c | 3 ++-
|
|
files changed, 2 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/src/getchar.c b/src/getchar.c
|
|
index 210a67acad59..12fd1c9146b3 100644
|
|
--- a/src/getchar.c
|
|
+++ b/src/getchar.c
|
|
@@ -2437,7 +2437,8 @@ handle_mapping(
|
|
int is_plug_map = FALSE;
|
|
|
|
// If typehead starts with <Plug> then remap, even for a "noremap" mapping.
|
|
- if (typebuf.tb_buf[typebuf.tb_off] == K_SPECIAL
|
|
+ if (typebuf.tb_len >= 3
|
|
+ && typebuf.tb_buf[typebuf.tb_off] == K_SPECIAL
|
|
&& typebuf.tb_buf[typebuf.tb_off + 1] == KS_EXTRA
|
|
&& typebuf.tb_buf[typebuf.tb_off + 2] == KE_PLUG)
|
|
is_plug_map = TRUE;
|