Mercurial > vim

changeset 32860:38e797adc24d v9.0.1740

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
patch 9.0.1740: segfault when reading invalid viminfo file Commit: https://github.com/vim/vim/commit/0a0764684591c7c6a5d722b628f11dc96208e853 Author: Pierre Colin <48397990+Pierre-Colin@users.noreply.github.com> Date: Sat Aug 19 11:56:57 2023 +0200 patch 9.0.1740: segfault when reading invalid viminfo file Problem: segfault when reading invalid viminfo file Solution: Check the expected type in the viminfo file Thanks to @yegappan for the included test. closes: #12652 closes: #12845 Signed-off-by: Christian Brabandt <cb@256bit.org> Co-authored-by: Pierre Colin <48397990+Pierre-Colin@users.noreply.github.com> Co-authored-by: Yegappan Lakshmanan <yegappan@yahoo.com> Co-authored-by: Christian Brabandt <cb@256bit.org>
author Christian Brabandt <cb@256bit.org>
date Sat, 19 Aug 2023 12:15:03 +0200
parents 0b90c5764f94
children b6b4ac60b91f
files src/testdir/test_viminfo.vim src/version.c src/viminfo.c
diffstat 3 files changed, 27 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/src/testdir/test_viminfo.vim
+++ b/src/testdir/test_viminfo.vim
@@ -614,6 +614,26 @@ func Test_viminfo_bad_syntax2()
   rviminfo Xviminfo
 endfunc
 
+" This used to crash Vim (GitHub issue #12652)
+func Test_viminfo_bad_syntax3()
+  let lines =<< trim END
+    call writefile([], 'Xvbs3.result')
+    qall!
+  END
+  call writefile(lines, 'Xvbs3script', 'D')
+
+  let lines = []
+  call add(lines, '|1,4')
+  " bad viminfo syntax for register barline
+  call add(lines, '|3,1,1,1,1,0,71489,,125') " empty line1
+  call writefile(lines, 'Xviminfo', 'D')
+
+  call RunVim([], [], '--clean -i Xviminfo -S Xvbs3script')
+  call assert_true(filereadable('Xvbs3.result'))
+
+  call delete('Xvbs3.result')
+endfunc
+
 func Test_viminfo_file_marks()
   silent! bwipe test_viminfo.vim
   silent! bwipe Xviminfo
--- a/src/version.c
+++ b/src/version.c
@@ -696,6 +696,8 @@ static char *(features[]) =
 static int included_patches[] =
 {   /* Add new patch number below this line */
 /**/
+    1740,
+/**/
     1739,
 /**/
     1738,
--- a/src/viminfo.c
+++ b/src/viminfo.c
@@ -1804,6 +1804,11 @@ handle_viminfo_register(garray_T *values
 	    y_ptr->y_array[i] = vp[i + 6].bv_string;
 	    vp[i + 6].bv_string = NULL;
 	}
+        else if (vp[i + 6].bv_type != BVAL_STRING)
+        {
+            free(y_ptr->y_array);
+            y_ptr->y_array = NULL;
+        }
 	else
 	    y_ptr->y_array[i] = vim_strsave(vp[i + 6].bv_string);
     }