Diff - 82a96e3dc0ee8f45bb0c1fe17a0cec1db7582e8f^! - android_external_vim

commit	82a96e3dc0ee8f45bb0c1fe17a0cec1db7582e8f	[log] [tgz]
author	jinyaoguo <guo846@purdue.edu>	Mon Jun 09 20:31:17 2025 +0200
committer	Christian Brabandt <cb@256bit.org>	Mon Jun 09 20:31:17 2025 +0200
tree	abd53c028a2b00371fe009439682441e8ae8e460
parent	69565e3618209001eeeb6a35f14a19d47aaaa8f8 [diff] [blame]

patch 9.1.1443: potential buffer underflow in insertchar()

Problem:  potential buffer underflow in insertchar()
Solution: verify that end_len is larger than zero
          (jinyaoguo)

When parsing the end-comment leader, end_len can be zero if
copy_option_part() writes no characters. The existing check
unconditionally accessed lead_end[end_len-1], causing potential
underflow when end_len == 0.

This change adds an end_len > 0 guard to ensure we only index lead_end
if there is at least one character.

closes: #17476

Signed-off-by: jinyaoguo <guo846@purdue.edu>
Signed-off-by: Christian Brabandt <cb@256bit.org>

diff --git a/src/version.c b/src/version.c
index 6e0081e..491b516 100644
--- a/src/version.c
+++ b/src/version.c

@@ -710,6 +710,8 @@
 static int included_patches[] =
 {   /* Add new patch number below this line */
 /**/
+    1443,
+/**/
     1442,
 /**/
     1441,