From d6c67629ed05aae436164eec474832daf8ba7420 Mon Sep 17 00:00:00 2001
From: Bram Moolenaar <Bram@vim.org>
Date: Wed, 24 Aug 2022 20:07:22 +0100
Subject: [PATCH] patch 9.0.0260: using freed memory when using
 'quickfixtextfunc' recursively

Problem:    Using freed memory when using 'quickfixtextfunc' recursively.
Solution:   Do not allow for recursion.
---
 src/quickfix.c                |  9 +++++++++
 src/testdir/test_quickfix.vim | 13 +++++++++++++
 src/version.c                 |  2 ++
 3 files changed, 24 insertions(+)

diff --git a/src/quickfix.c b/src/quickfix.c
index 54ae07df53d4f..6af62e8dfe56d 100644
--- a/src/quickfix.c
+++ b/src/quickfix.c
@@ -4674,6 +4674,11 @@ call_qftf_func(qf_list_T *qfl, int qf_winid, long start_idx, long end_idx)
 {
     callback_T	*cb = &qftf_cb;
     list_T	*qftf_list = NULL;
+    static int	recursive = FALSE;
+
+    if (recursive)
+	return NULL;  // this doesn't work properly recursively
+    recursive = TRUE;
 
     // If 'quickfixtextfunc' is set, then use the user-supplied function to get
     // the text to display. Use the local value of 'quickfixtextfunc' if it is
@@ -4688,7 +4693,10 @@ call_qftf_func(qf_list_T *qfl, int qf_winid, long start_idx, long end_idx)
 
 	// create the dict argument
 	if ((d = dict_alloc_lock(VAR_FIXED)) == NULL)
+	{
+	    recursive = FALSE;
 	    return NULL;
+	}
 	dict_add_number(d, "quickfix", (long)IS_QF_LIST(qfl));
 	dict_add_number(d, "winid", (long)qf_winid);
 	dict_add_number(d, "id", (long)qfl->qf_id);
@@ -4711,6 +4719,7 @@ call_qftf_func(qf_list_T *qfl, int qf_winid, long start_idx, long end_idx)
 	dict_unref(d);
     }
 
+    recursive = FALSE;
     return qftf_list;
 }
 
diff --git a/src/testdir/test_quickfix.vim b/src/testdir/test_quickfix.vim
index 94651af819423..762fa8d8d0e3c 100644
--- a/src/testdir/test_quickfix.vim
+++ b/src/testdir/test_quickfix.vim
@@ -6351,4 +6351,17 @@ func Test_qflist_statusmsg()
   %bw!
 endfunc
 
+func Test_quickfixtextfunc_recursive()
+  func s:QFTfunc(o)
+    cgete '0'
+  endfunc
+  copen
+  let &quickfixtextfunc = 's:QFTfunc'
+  cex ""
+
+  let &quickfixtextfunc = ''
+  cclose
+endfunc
+
+
 " vim: shiftwidth=2 sts=2 expandtab
diff --git a/src/version.c b/src/version.c
index b1943bb161571..02c20f03f6026 100644
--- a/src/version.c
+++ b/src/version.c
@@ -731,6 +731,8 @@ static char *(features[]) =
 
 static int included_patches[] =
 {   /* Add new patch number below this line */
+/**/
+    260,
 /**/
     259,
 /**/