From b7f2270bab102d68f83a6300699b7f98efad81f2 Mon Sep 17 00:00:00 2001
From: Bram Moolenaar <Bram@vim.org>
Date: Thu, 27 Apr 2023 16:24:07 +0100
Subject: patch 9.0.1492: using uninitialized memory when argument is missing

Problem:    Using uninitialized memory when argument is missing.
Solution:   Check there are sufficient arguments before the base.
            (closes #12302)
---
 src/evalfunc.c | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'src/evalfunc.c')

diff --git a/src/evalfunc.c b/src/evalfunc.c
index 10d00d5a17..05734d25ac 100644
--- a/src/evalfunc.c
+++ b/src/evalfunc.c
@@ -3134,6 +3134,9 @@ call_internal_method(
 
     if (global_functions[fi].f_argtype == FEARG_2)
     {
+	if (argcount < 1)
+	    return FCERR_TOOFEW;
+
 	// base value goes second
 	argv[0] = argvars[0];
 	argv[1] = *basetv;
@@ -3142,6 +3145,9 @@ call_internal_method(
     }
     else if (global_functions[fi].f_argtype == FEARG_3)
     {
+	if (argcount < 2)
+	    return FCERR_TOOFEW;
+
 	// base value goes third
 	argv[0] = argvars[0];
 	argv[1] = argvars[1];
@@ -3151,6 +3157,9 @@ call_internal_method(
     }
     else if (global_functions[fi].f_argtype == FEARG_4)
     {
+	if (argcount < 3)
+	    return FCERR_TOOFEW;
+
 	// base value goes fourth
 	argv[0] = argvars[0];
 	argv[1] = argvars[1];
-- 
cgit v1.2.3