changeset 8716:4ce26276caeb v7.4.1647

commit https://github.com/vim/vim/commit/8b20179c657b4266dff115486ca68c6a50324071 Author: Bram Moolenaar <Bram@vim.org> Date: Fri Mar 25 15:01:10 2016 +0100 patch 7.4.1647 Problem: Using freed memory after setqflist() and ":caddbuffer". (Dominique) Solution: Set qf_ptr when adding the first item to the quickfix list.
author Christian Brabandt <cb@256bit.org>
date Fri, 25 Mar 2016 15:15:04 +0100
parents 6e90b9cba0ee
children bcdd00b1c280
files src/quickfix.c src/testdir/test_quickfix.vim src/version.c
diffstat 3 files changed, 14 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/src/quickfix.c
+++ b/src/quickfix.c
@@ -1027,6 +1027,8 @@ qf_add_entry(
 				/* first element in the list */
     {
 	qi->qf_lists[qi->qf_curlist].qf_start = qfp;
+	qi->qf_lists[qi->qf_curlist].qf_ptr = qfp;
+	qi->qf_lists[qi->qf_curlist].qf_index = 0;
 	qfp->qf_prev = qfp;	/* first element points to itself */
     }
     else
@@ -4113,7 +4115,8 @@ set_errorlist(
     else
 	qi->qf_lists[qi->qf_curlist].qf_nonevalid = FALSE;
     qi->qf_lists[qi->qf_curlist].qf_ptr = qi->qf_lists[qi->qf_curlist].qf_start;
-    qi->qf_lists[qi->qf_curlist].qf_index = 1;
+    if (qi->qf_lists[qi->qf_curlist].qf_count > 0)
+	qi->qf_lists[qi->qf_curlist].qf_index = 1;
 
 #ifdef FEAT_WINDOWS
     qf_update_buffer(qi);
--- a/src/testdir/test_quickfix.vim
+++ b/src/testdir/test_quickfix.vim
@@ -679,3 +679,11 @@ function Test_quickfix_was_changed_by_au
   call XquickfixChangedByAutocmd('c')
   call XquickfixChangedByAutocmd('l')
 endfunction
+
+func Test_caddbuffer_to_empty()
+  helpgr quickfix
+  call setqflist([], 'r')
+  cad
+  call assert_fails('cn', 'E553:')
+  quit!
+endfunc
--- a/src/version.c
+++ b/src/version.c
@@ -749,6 +749,8 @@ static char *(features[]) =
 static int included_patches[] =
 {   /* Add new patch number below this line */
 /**/
+    1647,
+/**/
     1646,
 /**/
     1645,