vim-patch:9.0.1492: using uninitialized memory when argument is missing (#23351)

Problem: Using uninitialized memory when argument is missing. Solution: Check there are sufficient arguments before the base. (closes vim/vim#12302) b7f2270bab Co-authored-by: Bram Moolenaar <Bram@vim.org>
2025-10-08 02:46:31 +00:00 · 2023-04-28 00:01:22 +08:00
parent a3dfe1bc89
commit 9f29176033
2 changed files with 6 additions and 0 deletions
--- a/src/nvim/eval/funcs.c
+++ b/src/nvim/eval/funcs.c
@@ -287,6 +287,9 @@ int call_internal_method(const char *const fname, const int argcount, typval_T *

  typval_T argv[MAX_FUNC_ARGS + 1];
  const ptrdiff_t base_index = fdef->base_arg == BASE_LAST ? argcount : fdef->base_arg - 1;
+  if (argcount < base_index) {
+    return FCERR_TOOFEW;
+  }
  memcpy(argv, argvars, (size_t)base_index * sizeof(typval_T));
  argv[base_index] = *basetv;
  memcpy(argv + base_index + 1, argvars + base_index,