patch 7.4.1647
Problem: Using freed memory after setqflist() and ":caddbuffer". (Dominique)
Solution: Set qf_ptr when adding the first item to the quickfix list.
diff --git a/src/quickfix.c b/src/quickfix.c
index a2506e1..c2ff55a 100644
--- a/src/quickfix.c
+++ b/src/quickfix.c
@@ -1027,6 +1027,8 @@
/* first element in the list */
{
qi->qf_lists[qi->qf_curlist].qf_start = qfp;
+ qi->qf_lists[qi->qf_curlist].qf_ptr = qfp;
+ qi->qf_lists[qi->qf_curlist].qf_index = 0;
qfp->qf_prev = qfp; /* first element points to itself */
}
else
@@ -4113,7 +4115,8 @@
else
qi->qf_lists[qi->qf_curlist].qf_nonevalid = FALSE;
qi->qf_lists[qi->qf_curlist].qf_ptr = qi->qf_lists[qi->qf_curlist].qf_start;
- qi->qf_lists[qi->qf_curlist].qf_index = 1;
+ if (qi->qf_lists[qi->qf_curlist].qf_count > 0)
+ qi->qf_lists[qi->qf_curlist].qf_index = 1;
#ifdef FEAT_WINDOWS
qf_update_buffer(qi);
diff --git a/src/testdir/test_quickfix.vim b/src/testdir/test_quickfix.vim
index 667ece4..e56c8a2 100644
--- a/src/testdir/test_quickfix.vim
+++ b/src/testdir/test_quickfix.vim
@@ -679,3 +679,11 @@
call XquickfixChangedByAutocmd('c')
call XquickfixChangedByAutocmd('l')
endfunction
+
+func Test_caddbuffer_to_empty()
+ helpgr quickfix
+ call setqflist([], 'r')
+ cad
+ call assert_fails('cn', 'E553:')
+ quit!
+endfunc
diff --git a/src/version.c b/src/version.c
index 4ab8eed..95e2cba 100644
--- a/src/version.c
+++ b/src/version.c
@@ -749,6 +749,8 @@
static int included_patches[] =
{ /* Add new patch number below this line */
/**/
+ 1647,
+/**/
1646,
/**/
1645,