patch 9.0.1492: using uninitialized memory when argument is missing Problem: Using uninitialized memory when argument is missing. Solution: Check there are sufficient arguments before the base. (closes #12302)

commit: b7f2270bab102d68f83a6300699b7f98efad81f2 [log] [tgz]
author: Bram Moolenaar <Bram@vim.org> Thu Apr 27 16:24:07 2023 +0100
committer: Bram Moolenaar <Bram@vim.org> Thu Apr 27 16:24:07 2023 +0100
tree: 937fbee712a1149b6b5fede0f77bf0b51110121a
parent: fbf2071ac9ef08302a1df86c15f3d4ddbe871243 [diff] [blame]
diff --git a/src/evalfunc.c b/src/evalfunc.c
index 10d00d5..05734d2 100644
--- a/src/evalfunc.c
+++ b/src/evalfunc.c

@@ -3134,6 +3134,9 @@
 
     if (global_functions[fi].f_argtype == FEARG_2)
     {
+	if (argcount < 1)
+	    return FCERR_TOOFEW;
+
 	// base value goes second
 	argv[0] = argvars[0];
 	argv[1] = *basetv;
@@ -3142,6 +3145,9 @@
     }
     else if (global_functions[fi].f_argtype == FEARG_3)
     {
+	if (argcount < 2)
+	    return FCERR_TOOFEW;
+
 	// base value goes third
 	argv[0] = argvars[0];
 	argv[1] = argvars[1];
@@ -3151,6 +3157,9 @@
     }
     else if (global_functions[fi].f_argtype == FEARG_4)
     {
+	if (argcount < 3)
+	    return FCERR_TOOFEW;
+
 	// base value goes fourth
 	argv[0] = argvars[0];
 	argv[1] = argvars[1];
commit	b7f2270bab102d68f83a6300699b7f98efad81f2	[log] [tgz]
author	Bram Moolenaar <Bram@vim.org>	Thu Apr 27 16:24:07 2023 +0100
committer	Bram Moolenaar <Bram@vim.org>	Thu Apr 27 16:24:07 2023 +0100
tree	937fbee712a1149b6b5fede0f77bf0b51110121a
parent	fbf2071ac9ef08302a1df86c15f3d4ddbe871243 [diff] [blame]