vim-patch:9.0.0024: may access part of typeahead buf that isn't filled

Problem: May access part of typeahead buf that isn't filled. Solution: Check length of typeahead. https://github.com/vim/vim/commit/af043e12d9e5869c597de40b9a2517ae97ac72e7
author: zeertzjq <zeertzjq@outlook.com> 2022-07-03 05:56:01 +0800
committer: zeertzjq <zeertzjq@outlook.com> 2022-07-03 06:21:05 +0800
commit: 312f1b65c86c81511ec9f7784bd6b3cff8d52cb8 (patch)
tree: a9bd37bbc9ecaf7edec671fd4b7c23cd5cd1b302 /src
parent: 2b04aaad945a5bf1d5feb419d0b53c421d83f394 (diff)
download: rneovim-312f1b65c86c81511ec9f7784bd6b3cff8d52cb8.tar.gz
rneovim-312f1b65c86c81511ec9f7784bd6b3cff8d52cb8.tar.bz2
rneovim-312f1b65c86c81511ec9f7784bd6b3cff8d52cb8.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/src/nvim/getchar.c b/src/nvim/getchar.c
index 6fdc10ae0b..c3dbb02dce 100644
--- a/src/nvim/getchar.c
+++ b/src/nvim/getchar.c
@@ -1804,7 +1804,8 @@ static int handle_mapping(int *keylenp, bool *timedout, int *mapdepth)
   bool is_plug_map = false;
 
   // If typehead starts with <Plug> then remap, even for a "noremap" mapping.
-  if (typebuf.tb_buf[typebuf.tb_off] == K_SPECIAL
+  if (typebuf.tb_len >= 3
+      && typebuf.tb_buf[typebuf.tb_off] == K_SPECIAL
       && typebuf.tb_buf[typebuf.tb_off + 1] == KS_EXTRA
       && typebuf.tb_buf[typebuf.tb_off + 2] == KE_PLUG) {
     is_plug_map = true;
author	zeertzjq <zeertzjq@outlook.com>	2022-07-03 05:56:01 +0800
committer	zeertzjq <zeertzjq@outlook.com>	2022-07-03 06:21:05 +0800
commit	312f1b65c86c81511ec9f7784bd6b3cff8d52cb8 (patch)
tree	a9bd37bbc9ecaf7edec671fd4b7c23cd5cd1b302 /src
parent	2b04aaad945a5bf1d5feb419d0b53c421d83f394 (diff)
download	rneovim-312f1b65c86c81511ec9f7784bd6b3cff8d52cb8.tar.gz rneovim-312f1b65c86c81511ec9f7784bd6b3cff8d52cb8.tar.bz2 rneovim-312f1b65c86c81511ec9f7784bd6b3cff8d52cb8.zip