commit 63bed3d319b5d90765dbdae93a3579b6322d79fb
author Bram Moolenaar <Bram@vim.org> Sat Nov 12 15:36:54 2016 +0100
committer Bram Moolenaar <Bram@vim.org> Sat Nov 12 15:36:54 2016 +0100
tree 001e1f98871cd66bfc6fe5a93036dffae71fe63d
parent e3505dfc858260a21f2bbc6056f5769dea2f273d

patch 8.0.0078
Problem:    Accessing freed memory in quickfix.
Solution:   Reset pointer when freeing 'errorformat'. (Domenique Pelle)

src/quickfix.c

diff --git a/src/quickfix.c b/src/quickfix.c
index a563fa9..631aaea 100644
--- a/src/quickfix.c
+++ b/src/quickfix.c
@@ -114,6 +114,8 @@
     int		    conthere;	/* %> used */
 };
 
+static efm_T	*fmt_start = NULL; /* cached across qf_parse_line() calls */
+
 static int	qf_init_ext(qf_info_T *qi, char_u *efile, buf_T *buf, typval_T *tv, char_u *errorformat, int newlist, linenr_T lnumfirst, linenr_T lnumlast, char_u *qf_title);
 static void	qf_store_title(qf_info_T *qi, char_u *title);
 static void	qf_new_list(qf_info_T *qi, char_u *qf_title);
@@ -389,6 +391,7 @@
 	vim_regfree(efm_ptr->prog);
 	vim_free(efm_ptr);
     }
+    fmt_start = NULL;
 }
 
 /* Parse 'errorformat' option */
@@ -786,7 +789,6 @@
 	qffields_T	*fields)
 {
     efm_T		*fmt_ptr;
-    static efm_T	*fmt_start = NULL; /* cached across calls */
     char_u		*ptr;
     int			len;
     int			i;