# HG changeset patch # User Christian Brabandt # Date 1478961904 -3600 # Node ID 4e4e116e368953be30e55e02c561a7c2b4c07c22 # Parent cedf99a9a1b116cd1f00542c6ca0f2bcf87bf5e7 commit https://github.com/vim/vim/commit/63bed3d319b5d90765dbdae93a3579b6322d79fb Author: Bram Moolenaar Date: Sat Nov 12 15:36:54 2016 +0100 patch 8.0.0078 Problem: Accessing freed memory in quickfix. Solution: Reset pointer when freeing 'errorformat'. (Domenique Pelle) diff --git a/src/quickfix.c b/src/quickfix.c --- a/src/quickfix.c +++ b/src/quickfix.c @@ -114,6 +114,8 @@ struct efm_S int conthere; /* %> used */ }; +static efm_T *fmt_start = NULL; /* cached across qf_parse_line() calls */ + static int qf_init_ext(qf_info_T *qi, char_u *efile, buf_T *buf, typval_T *tv, char_u *errorformat, int newlist, linenr_T lnumfirst, linenr_T lnumlast, char_u *qf_title); static void qf_store_title(qf_info_T *qi, char_u *title); static void qf_new_list(qf_info_T *qi, char_u *qf_title); @@ -389,6 +391,7 @@ free_efm_list(efm_T **efm_first) vim_regfree(efm_ptr->prog); vim_free(efm_ptr); } + fmt_start = NULL; } /* Parse 'errorformat' option */ @@ -786,7 +789,6 @@ qf_parse_line( qffields_T *fields) { efm_T *fmt_ptr; - static efm_T *fmt_start = NULL; /* cached across calls */ char_u *ptr; int len; int i; diff --git a/src/testdir/test_quickfix.vim b/src/testdir/test_quickfix.vim --- a/src/testdir/test_quickfix.vim +++ b/src/testdir/test_quickfix.vim @@ -1648,3 +1648,13 @@ function! Test_Autocmd_Exception() set efm&vim endfunction + +function Test_caddbuffer() + " This used to cause a memory access in freed memory + let save_efm = &efm + set efm=%EEEE%m,%WWWW,%+CCCC%>%#,%GGGG%.# + cgetexpr ['WWWW', 'EEEE', 'CCCC'] + let &efm = save_efm + cad + bwipe! +endfunc diff --git a/src/version.c b/src/version.c --- a/src/version.c +++ b/src/version.c @@ -765,6 +765,8 @@ static char *(features[]) = static int included_patches[] = { /* Add new patch number below this line */ /**/ + 78, +/**/ 77, /**/ 76,