From 312f1b65c86c81511ec9f7784bd6b3cff8d52cb8 Mon Sep 17 00:00:00 2001 From: zeertzjq Date: Sun, 3 Jul 2022 05:56:01 +0800 Subject: vim-patch:9.0.0024: may access part of typeahead buf that isn't filled Problem: May access part of typeahead buf that isn't filled. Solution: Check length of typeahead. https://github.com/vim/vim/commit/af043e12d9e5869c597de40b9a2517ae97ac72e7 --- src/nvim/getchar.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'src') diff --git a/src/nvim/getchar.c b/src/nvim/getchar.c index 6fdc10ae0b..c3dbb02dce 100644 --- a/src/nvim/getchar.c +++ b/src/nvim/getchar.c @@ -1804,7 +1804,8 @@ static int handle_mapping(int *keylenp, bool *timedout, int *mapdepth) bool is_plug_map = false; // If typehead starts with then remap, even for a "noremap" mapping. - if (typebuf.tb_buf[typebuf.tb_off] == K_SPECIAL + if (typebuf.tb_len >= 3 + && typebuf.tb_buf[typebuf.tb_off] == K_SPECIAL && typebuf.tb_buf[typebuf.tb_off + 1] == KS_EXTRA && typebuf.tb_buf[typebuf.tb_off + 2] == KE_PLUG) { is_plug_map = true; -- cgit