Mercurial > vim
changeset 32860:38e797adc24d v9.0.1740
patch 9.0.1740: segfault when reading invalid viminfo file
Commit: https://github.com/vim/vim/commit/0a0764684591c7c6a5d722b628f11dc96208e853
Author: Pierre Colin <48397990+Pierre-Colin@users.noreply.github.com>
Date: Sat Aug 19 11:56:57 2023 +0200
patch 9.0.1740: segfault when reading invalid viminfo file
Problem: segfault when reading invalid viminfo file
Solution: Check the expected type in the viminfo file
Thanks to @yegappan for the included test.
closes: #12652
closes: #12845
Signed-off-by: Christian Brabandt <cb@256bit.org>
Co-authored-by: Pierre Colin <48397990+Pierre-Colin@users.noreply.github.com>
Co-authored-by: Yegappan Lakshmanan <yegappan@yahoo.com>
Co-authored-by: Christian Brabandt <cb@256bit.org>
author | Christian Brabandt <cb@256bit.org> |
---|---|
date | Sat, 19 Aug 2023 12:15:03 +0200 |
parents | 0b90c5764f94 |
children | b6b4ac60b91f |
files | src/testdir/test_viminfo.vim src/version.c src/viminfo.c |
diffstat | 3 files changed, 27 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/src/testdir/test_viminfo.vim +++ b/src/testdir/test_viminfo.vim @@ -614,6 +614,26 @@ func Test_viminfo_bad_syntax2() rviminfo Xviminfo endfunc +" This used to crash Vim (GitHub issue #12652) +func Test_viminfo_bad_syntax3() + let lines =<< trim END + call writefile([], 'Xvbs3.result') + qall! + END + call writefile(lines, 'Xvbs3script', 'D') + + let lines = [] + call add(lines, '|1,4') + " bad viminfo syntax for register barline + call add(lines, '|3,1,1,1,1,0,71489,,125') " empty line1 + call writefile(lines, 'Xviminfo', 'D') + + call RunVim([], [], '--clean -i Xviminfo -S Xvbs3script') + call assert_true(filereadable('Xvbs3.result')) + + call delete('Xvbs3.result') +endfunc + func Test_viminfo_file_marks() silent! bwipe test_viminfo.vim silent! bwipe Xviminfo
--- a/src/version.c +++ b/src/version.c @@ -696,6 +696,8 @@ static char *(features[]) = static int included_patches[] = { /* Add new patch number below this line */ /**/ + 1740, +/**/ 1739, /**/ 1738,
--- a/src/viminfo.c +++ b/src/viminfo.c @@ -1804,6 +1804,11 @@ handle_viminfo_register(garray_T *values y_ptr->y_array[i] = vp[i + 6].bv_string; vp[i + 6].bv_string = NULL; } + else if (vp[i + 6].bv_type != BVAL_STRING) + { + free(y_ptr->y_array); + y_ptr->y_array = NULL; + } else y_ptr->y_array[i] = vim_strsave(vp[i + 6].bv_string); }