patch 7.4.1647

Problem:    Using freed memory after setqflist() and ":caddbuffer".  (Dominique)
Solution:   Set qf_ptr when adding the first item to the quickfix list.

diff --git a/src/quickfix.c b/src/quickfix.c
index a2506e1a32ebb8b2a9bf02b626d6132dcd103a76..c2ff55a8c0e9ec79a7e735ee44271b95ccf69939 100644 (file)
--- a/src/quickfix.c
+++ b/src/quickfix.c
@@ -1027,6 +1027,8 @@ qf_add_entry(
                                /* first element in the list */
     {
        qi->qf_lists[qi->qf_curlist].qf_start = qfp;
+       qi->qf_lists[qi->qf_curlist].qf_ptr = qfp;
+       qi->qf_lists[qi->qf_curlist].qf_index = 0;
        qfp->qf_prev = qfp;     /* first element points to itself */
     }
     else
@@ -4113,7 +4115,8 @@ set_errorlist(
     else
        qi->qf_lists[qi->qf_curlist].qf_nonevalid = FALSE;
     qi->qf_lists[qi->qf_curlist].qf_ptr = qi->qf_lists[qi->qf_curlist].qf_start;
-    qi->qf_lists[qi->qf_curlist].qf_index = 1;
+    if (qi->qf_lists[qi->qf_curlist].qf_count > 0)
+       qi->qf_lists[qi->qf_curlist].qf_index = 1;
 
 #ifdef FEAT_WINDOWS
     qf_update_buffer(qi);

diff --git a/src/testdir/test_quickfix.vim b/src/testdir/test_quickfix.vim
index 667ece4e677bbe0a234d88047990ae90363467d6..e56c8a2391ba0d237d06538eab7bde50a7e61a14 100644 (file)
--- a/src/testdir/test_quickfix.vim
+++ b/src/testdir/test_quickfix.vim
@@ -679,3 +679,11 @@ function Test_quickfix_was_changed_by_autocmd()
   call XquickfixChangedByAutocmd('c')
   call XquickfixChangedByAutocmd('l')
 endfunction
+
+func Test_caddbuffer_to_empty()
+  helpgr quickfix
+  call setqflist([], 'r')
+  cad
+  call assert_fails('cn', 'E553:')
+  quit!
+endfunc

diff --git a/src/version.c b/src/version.c
index 4ab8eed71fdaa7e36dfc68f04cf3f3db3f904f9f..95e2cba565b5ae31eda8ca132c50c27b30ee476f 100644 (file)
--- a/src/version.c
+++ b/src/version.c
@@ -748,6 +748,8 @@ static char *(features[]) =
 
 static int included_patches[] =
 {   /* Add new patch number below this line */
+/**/
+    1647,
 /**/
     1646,
 /**/