patch 9.0.1740: segfault when reading invalid viminfo file
Problem: segfault when reading invalid viminfo file
Solution: Check the expected type in the viminfo file
Thanks to @yegappan for the included test.
closes: #12652
closes: #12845
Signed-off-by: Christian Brabandt <cb@256bit.org>
Co-authored-by: Pierre Colin <48397990+Pierre-Colin@users.noreply.github.com>
Co-authored-by: Yegappan Lakshmanan <yegappan@yahoo.com>
Co-authored-by: Christian Brabandt <cb@256bit.org>
diff --git a/src/testdir/test_viminfo.vim b/src/testdir/test_viminfo.vim
index 0551ea1..1f4a72d 100644
--- a/src/testdir/test_viminfo.vim
+++ b/src/testdir/test_viminfo.vim
@@ -614,6 +614,26 @@
rviminfo Xviminfo
endfunc
+" This used to crash Vim (GitHub issue #12652)
+func Test_viminfo_bad_syntax3()
+ let lines =<< trim END
+ call writefile([], 'Xvbs3.result')
+ qall!
+ END
+ call writefile(lines, 'Xvbs3script', 'D')
+
+ let lines = []
+ call add(lines, '|1,4')
+ " bad viminfo syntax for register barline
+ call add(lines, '|3,1,1,1,1,0,71489,,125') " empty line1
+ call writefile(lines, 'Xviminfo', 'D')
+
+ call RunVim([], [], '--clean -i Xviminfo -S Xvbs3script')
+ call assert_true(filereadable('Xvbs3.result'))
+
+ call delete('Xvbs3.result')
+endfunc
+
func Test_viminfo_file_marks()
silent! bwipe test_viminfo.vim
silent! bwipe Xviminfo
diff --git a/src/version.c b/src/version.c
index 52d128a..fbf4c68 100644
--- a/src/version.c
+++ b/src/version.c
@@ -696,6 +696,8 @@
static int included_patches[] =
{ /* Add new patch number below this line */
/**/
+ 1740,
+/**/
1739,
/**/
1738,
diff --git a/src/viminfo.c b/src/viminfo.c
index b772fc8..fbab05e 100644
--- a/src/viminfo.c
+++ b/src/viminfo.c
@@ -1804,6 +1804,11 @@
y_ptr->y_array[i] = vp[i + 6].bv_string;
vp[i + 6].bv_string = NULL;
}
+ else if (vp[i + 6].bv_type != BVAL_STRING)
+ {
+ free(y_ptr->y_array);
+ y_ptr->y_array = NULL;
+ }
else
y_ptr->y_array[i] = vim_strsave(vp[i + 6].bv_string);
}