patch 8.0.0078

Problem:    Accessing freed memory in quickfix.
Solution:   Reset pointer when freeing 'errorformat'. (Domenique Pelle)

Author: brammool

src/quickfix.c

@@ -114,6 +114,8 @@ struct efm_S
     int		    conthere;	/* %> used */
 };
 
+static efm_T	*fmt_start = NULL; /* cached across qf_parse_line() calls */
+
 static int	qf_init_ext(qf_info_T *qi, char_u *efile, buf_T *buf, typval_T *tv, char_u *errorformat, int newlist, linenr_T lnumfirst, linenr_T lnumlast, char_u *qf_title);
 static void	qf_store_title(qf_info_T *qi, char_u *title);
 static void	qf_new_list(qf_info_T *qi, char_u *qf_title);
@@ -389,6 +391,7 @@ free_efm_list(efm_T **efm_first)
 	vim_regfree(efm_ptr->prog);
 	vim_free(efm_ptr);
     }
+    fmt_start = NULL;
 }
 
 /* Parse 'errorformat' option */
@@ -786,7 +789,6 @@ qf_parse_line(
 	qffields_T	*fields)
 {
     efm_T		*fmt_ptr;
-    static efm_T	*fmt_start = NULL; /* cached across calls */
     char_u		*ptr;
     int			len;
     int			i;

src/testdir/test_quickfix.vim

@@ -1648,3 +1648,13 @@ function! Test_Autocmd_Exception()
 
   set efm&vim
 endfunction
+
+function Test_caddbuffer()
+  " This used to cause a memory access in freed memory
+  let save_efm = &efm
+  set efm=%EEEE%m,%WWWW,%+CCCC%>%#,%GGGG%.#
+  cgetexpr ['WWWW', 'EEEE', 'CCCC']
+  let &efm = save_efm
+  cad
+  bwipe!
+endfunc

src/version.c

@@ -764,6 +764,8 @@ static char *(features[]) =
 
 static int included_patches[] =
 {   /* Add new patch number below this line */
+/**/
+    78,
 /**/
     77,
 /**/