From abbdf74c2eab67007e09fd8f1f3af73c47ef3027 Mon Sep 17 00:00:00 2001
From: Eric Roshan-Eisner <edre@google.com>
Date: Sat, 25 May 2024 18:17:29 -0700
Subject: [PATCH] vi: check for out of bounds read on empty `p` buffer

---
 toys/pending/vi.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/toys/pending/vi.c b/toys/pending/vi.c
index 44a22a5e..eedf6c76 100644
--- a/toys/pending/vi.c
+++ b/toys/pending/vi.c
@@ -1099,6 +1099,7 @@ static int vi_push(char reg, int count0, int count1)
   //if yank ends with \n push is linemode else push in place+1
   size_t history = TT.cursor;
   char *start = TT.yank.data, *eol = strchr(start, '\n');
+  if (strlen(start) == 0) return 1;
 
   if (start[strlen(start)-1] == '\n') {
     if ((TT.cursor = text_strchr(TT.cursor, '\n')) == SIZE_MAX)
-- 
2.39.2