patch 8.0.0079
Problem: Accessing freed memory in quickfix. (Domenique Pelle)
Solution: Do not free the current list when adding to it.
diff --git a/src/quickfix.c b/src/quickfix.c
index 631aaea..58c4227 100644
--- a/src/quickfix.c
+++ b/src/quickfix.c
@@ -1112,6 +1112,7 @@
qffields_T fields = {NULL, NULL, 0, 0L, 0, FALSE, NULL, 0, 0, 0};
#ifdef FEAT_WINDOWS
qfline_T *old_last = NULL;
+ int adding = FALSE;
#endif
static efm_T *fmt_first = NULL;
char_u *efm;
@@ -1140,6 +1141,7 @@
else if (qi->qf_lists[qi->qf_curlist].qf_count > 0)
{
/* Adding to existing list, use last entry. */
+ adding = TRUE;
old_last = qi->qf_lists[qi->qf_curlist].qf_last;
}
#endif
@@ -1266,10 +1268,13 @@
}
EMSG(_(e_readerrf));
error2:
- qf_free(qi, qi->qf_curlist);
- qi->qf_listcount--;
- if (qi->qf_curlist > 0)
- --qi->qf_curlist;
+ if (!adding)
+ {
+ qf_free(qi, qi->qf_curlist);
+ qi->qf_listcount--;
+ if (qi->qf_curlist > 0)
+ --qi->qf_curlist;
+ }
qf_init_end:
if (state.fd != NULL)
fclose(state.fd);