From a14e6975478adeddcc2161edc1ec611016aa89f3 Mon Sep 17 00:00:00 2001
From: Bram Moolenaar <Bram@vim.org>
Date: Mon, 25 May 2020 23:29:28 +0200
Subject: patch 8.2.0825: def_function() may return pointer that was freed

Problem:    def_function() may return pointer that was freed.
Solution:   Set "fp" to NULL after freeing it.
---
 src/userfunc.c | 3 +++
 src/version.c  | 2 ++
 2 files changed, 5 insertions(+)

diff --git a/src/userfunc.c b/src/userfunc.c
index 87e06c61d..c50a871c2 100644
--- a/src/userfunc.c
+++ b/src/userfunc.c
@@ -3140,12 +3140,14 @@ def_function(exarg_T *eap, char_u *name_arg)
 		if (fudi.fd_di == NULL)
 		{
 		    vim_free(fp);
+		    fp = NULL;
 		    goto erret;
 		}
 		if (dict_add(fudi.fd_dict, fudi.fd_di) == FAIL)
 		{
 		    vim_free(fudi.fd_di);
 		    vim_free(fp);
+		    fp = NULL;
 		    goto erret;
 		}
 	    }
@@ -3169,6 +3171,7 @@ def_function(exarg_T *eap, char_u *name_arg)
 	else if (hash_add(&func_hashtab, UF2HIKEY(fp)) == FAIL)
 	{
 	    vim_free(fp);
+	    fp = NULL;
 	    goto erret;
 	}
 	fp->uf_refcount = 1;
diff --git a/src/version.c b/src/version.c
index ce5f627ca..5ccbfad01 100644
--- a/src/version.c
+++ b/src/version.c
@@ -746,6 +746,8 @@ static char *(features[]) =
 
 static int included_patches[] =
 {   /* Add new patch number below this line */
+/**/
+    825,
 /**/
     824,
 /**/
-- 
cgit v1.2.1