# HG changeset patch
# User Christian Brabandt <cb@256bit.org>
# Date 1692440103 -7200
# Node ID 38e797adc24d92d09c81f57a1cc728815a0948dd
# Parent  0b90c5764f94faa882d2ac3464a0f4fdf809dc58
patch 9.0.1740: segfault when reading invalid viminfo file

Commit: https://github.com/vim/vim/commit/0a0764684591c7c6a5d722b628f11dc96208e853
Author: Pierre Colin <48397990+Pierre-Colin@users.noreply.github.com>
Date:   Sat Aug 19 11:56:57 2023 +0200

    patch 9.0.1740: segfault when reading invalid viminfo file

    Problem: segfault when reading invalid viminfo file
    Solution: Check the expected type in the viminfo file

    Thanks to @yegappan for the included test.

    closes: #12652
    closes: #12845

    Signed-off-by: Christian Brabandt <cb@256bit.org>
    Co-authored-by: Pierre Colin <48397990+Pierre-Colin@users.noreply.github.com>
    Co-authored-by: Yegappan Lakshmanan <yegappan@yahoo.com>
    Co-authored-by: Christian Brabandt <cb@256bit.org>

diff --git a/src/testdir/test_viminfo.vim b/src/testdir/test_viminfo.vim
--- a/src/testdir/test_viminfo.vim
+++ b/src/testdir/test_viminfo.vim
@@ -614,6 +614,26 @@ func Test_viminfo_bad_syntax2()
   rviminfo Xviminfo
 endfunc
 
+" This used to crash Vim (GitHub issue #12652)
+func Test_viminfo_bad_syntax3()
+  let lines =<< trim END
+    call writefile([], 'Xvbs3.result')
+    qall!
+  END
+  call writefile(lines, 'Xvbs3script', 'D')
+
+  let lines = []
+  call add(lines, '|1,4')
+  " bad viminfo syntax for register barline
+  call add(lines, '|3,1,1,1,1,0,71489,,125') " empty line1
+  call writefile(lines, 'Xviminfo', 'D')
+
+  call RunVim([], [], '--clean -i Xviminfo -S Xvbs3script')
+  call assert_true(filereadable('Xvbs3.result'))
+
+  call delete('Xvbs3.result')
+endfunc
+
 func Test_viminfo_file_marks()
   silent! bwipe test_viminfo.vim
   silent! bwipe Xviminfo
diff --git a/src/version.c b/src/version.c
--- a/src/version.c
+++ b/src/version.c
@@ -696,6 +696,8 @@ static char *(features[]) =
 static int included_patches[] =
 {   /* Add new patch number below this line */
 /**/
+    1740,
+/**/
     1739,
 /**/
     1738,
diff --git a/src/viminfo.c b/src/viminfo.c
--- a/src/viminfo.c
+++ b/src/viminfo.c
@@ -1804,6 +1804,11 @@ handle_viminfo_register(garray_T *values
 	    y_ptr->y_array[i] = vp[i + 6].bv_string;
 	    vp[i + 6].bv_string = NULL;
 	}
+        else if (vp[i + 6].bv_type != BVAL_STRING)
+        {
+            free(y_ptr->y_array);
+            y_ptr->y_array = NULL;
+        }
 	else
 	    y_ptr->y_array[i] = vim_strsave(vp[i + 6].bv_string);
     }