commit 312f1b65c86c81511ec9f7784bd6b3cff8d52cb8
parent 2b04aaad945a5bf1d5feb419d0b53c421d83f394
Author: zeertzjq <zeertzjq@outlook.com>
Date: Sun, 3 Jul 2022 05:56:01 +0800
vim-patch:9.0.0024: may access part of typeahead buf that isn't filled
Problem: May access part of typeahead buf that isn't filled.
Solution: Check length of typeahead.
https://github.com/vim/vim/commit/af043e12d9e5869c597de40b9a2517ae97ac72e7
Diffstat:
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/nvim/getchar.c b/src/nvim/getchar.c
@@ -1804,7 +1804,8 @@ static int handle_mapping(int *keylenp, bool *timedout, int *mapdepth)
bool is_plug_map = false;
// If typehead starts with <Plug> then remap, even for a "noremap" mapping.
- if (typebuf.tb_buf[typebuf.tb_off] == K_SPECIAL
+ if (typebuf.tb_len >= 3
+ && typebuf.tb_buf[typebuf.tb_off] == K_SPECIAL
&& typebuf.tb_buf[typebuf.tb_off + 1] == KS_EXTRA
&& typebuf.tb_buf[typebuf.tb_off + 2] == KE_PLUG) {
is_plug_map = true;
