patch 9.0.0024: may access part of typeahead buf that isn't filled

Problem:    May access part of typeahead buf that isn't filled.
Solution:   Check length of typeahead.

diff --git a/src/getchar.c b/src/getchar.c
index 210a67acad597f1f7aab63a66aa5474c529e392a..12fd1c9146b3a0b52d4042c2a0c33de4a4834e8e 100644 (file)
--- a/src/getchar.c
+++ b/src/getchar.c
@@ -2437,7 +2437,8 @@ handle_mapping(
     int                is_plug_map = FALSE;
 
     // If typehead starts with <Plug> then remap, even for a "noremap" mapping.
-    if (typebuf.tb_buf[typebuf.tb_off] == K_SPECIAL
+    if (typebuf.tb_len >= 3
+           && typebuf.tb_buf[typebuf.tb_off] == K_SPECIAL
            && typebuf.tb_buf[typebuf.tb_off + 1] == KS_EXTRA
            && typebuf.tb_buf[typebuf.tb_off + 2] == KE_PLUG)
        is_plug_map = TRUE;

diff --git a/src/version.c b/src/version.c
index fe683f4dd00168ae75e1dc2fd0bedc9cf4293461..e8d506c905a026435b700f0556839b94f91cf758 100644 (file)
--- a/src/version.c
+++ b/src/version.c
@@ -735,6 +735,8 @@ static char *(features[]) =
 
 static int included_patches[] =
 {   /* Add new patch number below this line */
+/**/
+    24,
 /**/
     23,
 /**/