From 409b2711fe788bc550be214ef5e99ea9e6ac97f8 Mon Sep 17 00:00:00 2001
From: Dylan Armstrong <dylan@dylan.is>
Date: Fri, 26 Feb 2021 19:38:07 -0600
Subject: [PATCH 1/5] fix: segfault when pasting in term with empty buffer

---
 src/nvim/ops.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/nvim/ops.c b/src/nvim/ops.c
index 3038fad894..32498b7f97 100644
--- a/src/nvim/ops.c
+++ b/src/nvim/ops.c
@@ -2971,7 +2971,7 @@ void do_put(int regname, yankreg_T *reg, int dir, long count, int flags)
     y_array = reg->y_array;
   }
 
-  if (curbuf->terminal) {
+  if (y_size > 0 && curbuf->terminal) {
     terminal_paste(count, y_array, y_size);
     return;
   }

From a9eeeec5d5a64a8f3a11f38319d70537f929e667 Mon Sep 17 00:00:00 2001
From: Dylan Armstrong <dylan@dylan.is>
Date: Fri, 26 Feb 2021 19:55:32 -0600
Subject: [PATCH 2/5] test: segfault test for empty buffer paste on term

---
 test/functional/terminal/buffer_spec.lua | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/test/functional/terminal/buffer_spec.lua b/test/functional/terminal/buffer_spec.lua
index 209537831f..5d1e2618c1 100644
--- a/test/functional/terminal/buffer_spec.lua
+++ b/test/functional/terminal/buffer_spec.lua
@@ -258,6 +258,13 @@ describe(':terminal buffer', function()
   it('handles wqall', function()
     eq('Vim(wqall):E948: Job still running', exc_exec('wqall'))
   end)
+
+  it('does not segfault when pasting empty buffer #13955', function()
+    feed_command('terminal')
+    feed('<c-\\><c-n>')
+    feed_command('put a') -- buffer a is empty
+    eq(2, eval('1+1')) -- check nvim still running
+  end)
 end)
 
 describe('No heap-buffer-overflow when using', function()

From 1d4a7c60391de69af21502b09e4f00ecb01b4bf9 Mon Sep 17 00:00:00 2001
From: Dylan Armstrong <dylan@dylan.is>
Date: Sat, 27 Feb 2021 09:38:38 -0600
Subject: [PATCH 3/5] test: use assert_alive helper rather than eq

---
 test/functional/terminal/buffer_spec.lua | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/test/functional/terminal/buffer_spec.lua b/test/functional/terminal/buffer_spec.lua
index 5d1e2618c1..297678a531 100644
--- a/test/functional/terminal/buffer_spec.lua
+++ b/test/functional/terminal/buffer_spec.lua
@@ -263,7 +263,7 @@ describe(':terminal buffer', function()
     feed_command('terminal')
     feed('<c-\\><c-n>')
     feed_command('put a') -- buffer a is empty
-    eq(2, eval('1+1')) -- check nvim still running
+    helpers.assert_alive()
   end)
 end)
 
@@ -284,7 +284,7 @@ describe('No heap-buffer-overflow when using', function()
     feed('$')
     -- Let termopen() modify the buffer
     feed_command('call termopen("echo")')
-    eq(2, eval('1+1')) -- check nvim still running
+    helpers.assert_alive()
     feed_command('bdelete!')
   end)
 end)
@@ -294,6 +294,6 @@ describe('No heap-buffer-overflow when', function()
     feed_command('set nowrap')
     feed_command('autocmd TermOpen * startinsert')
     feed_command('call feedkeys("4000ai\\<esc>:terminal!\\<cr>")')
-    eq(2, eval('1+1'))
+    helpers.assert_alive()
   end)
 end)

From 6646280d1a7a110cdc41edbc944ccdd05326fa6c Mon Sep 17 00:00:00 2001
From: Dylan Armstrong <dylan@dylan.is>
Date: Sat, 27 Feb 2021 10:02:56 -0600
Subject: [PATCH 4/5] chore: revert unrelated changes in test

---
 test/functional/terminal/buffer_spec.lua | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/test/functional/terminal/buffer_spec.lua b/test/functional/terminal/buffer_spec.lua
index 297678a531..c61bf108cb 100644
--- a/test/functional/terminal/buffer_spec.lua
+++ b/test/functional/terminal/buffer_spec.lua
@@ -284,7 +284,7 @@ describe('No heap-buffer-overflow when using', function()
     feed('$')
     -- Let termopen() modify the buffer
     feed_command('call termopen("echo")')
-    helpers.assert_alive()
+    eq(2, eval('1+1')) -- check nvim still running
     feed_command('bdelete!')
   end)
 end)
@@ -294,6 +294,6 @@ describe('No heap-buffer-overflow when', function()
     feed_command('set nowrap')
     feed_command('autocmd TermOpen * startinsert')
     feed_command('call feedkeys("4000ai\\<esc>:terminal!\\<cr>")')
-    helpers.assert_alive()
+    eq(2, eval('1+1'))
   end)
 end)

From 42d2bbe7d0df0354972d2d6a2896a795c1eeb936 Mon Sep 17 00:00:00 2001
From: Dylan Armstrong <dylan@dylan.is>
Date: Fri, 2 Apr 2021 12:49:36 -0500
Subject: [PATCH 5/5] chore: move check for paste size

---
 src/nvim/ops.c      | 2 +-
 src/nvim/terminal.c | 3 +++
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/nvim/ops.c b/src/nvim/ops.c
index 32498b7f97..3038fad894 100644
--- a/src/nvim/ops.c
+++ b/src/nvim/ops.c
@@ -2971,7 +2971,7 @@ void do_put(int regname, yankreg_T *reg, int dir, long count, int flags)
     y_array = reg->y_array;
   }
 
-  if (y_size > 0 && curbuf->terminal) {
+  if (curbuf->terminal) {
     terminal_paste(count, y_array, y_size);
     return;
   }
diff --git a/src/nvim/terminal.c b/src/nvim/terminal.c
index 642c443318..034de56f9c 100644
--- a/src/nvim/terminal.c
+++ b/src/nvim/terminal.c
@@ -569,6 +569,9 @@ static bool is_filter_char(int c)
 
 void terminal_paste(long count, char_u **y_array, size_t y_size)
 {
+  if (y_size == 0) {
+    return;
+  }
   vterm_keyboard_start_paste(curbuf->terminal->vt);
   terminal_flush_output(curbuf->terminal);
   size_t buff_len = STRLEN(y_array[0]);