From: Markus Koschany <apo@debian.org>
Date: Mon, 7 Nov 2022 01:01:37 +0100
Subject: CVE-2022-3705

Origin: https://github.com/vim/vim/commit/d0fab10ed2a86698937e3c3fed2f10bd9bb5e731
---
 src/quickfix.c                |  6 ++++++
 src/testdir/test_quickfix.vim | 15 +++++++++++++++
 src/version.c                 |  2 ++
 3 files changed, 23 insertions(+)

--- a/src/quickfix.c
+++ b/src/quickfix.c
@@ -4274,6 +4274,9 @@ qf_update_buffer(qf_info_T *qi, qfline_T
 	// when the added lines are not visible.
 	if ((win = qf_find_win(qi)) != NULL && old_line_count < win->w_botline)
 	    redraw_buf_later(buf, NOT_VALID);
+
+	// always called after incr_quickfix_busy()
+	decr_quickfix_busy();
     }
 }
 
@@ -4408,6 +4411,9 @@ qf_fill_buffer(qf_info_T *qi, buf_T *buf
 		break;
 	}
 
+	// autocommands may cause trouble
+	incr_quickfix_busy();
+
 	if (old_last == NULL)
 	    // Delete the empty line which is now at the end
 	    (void)ml_delete(lnum + 1, FALSE);
--- a/src/testdir/test_quickfix.vim
+++ b/src/testdir/test_quickfix.vim
@@ -3915,3 +3915,18 @@ func Test_lopen_bwipe()
   delfunc R
 endfunc
 
+func Test_filetype_autocmd()
+  " this changes the location list while it is in use to fill a buffer
+  lexpr ''
+  lopen
+  augroup FT_loclist
+    au FileType * call setloclist(0, [], 'f')
+  augroup END
+  silent! lolder
+  lexpr ''
+
+  augroup FT_loclist
+    au! FileType
+  augroup END
+endfunc
+
--- a/src/version.c
+++ b/src/version.c
@@ -792,6 +792,8 @@ static char *(features[]) =
 static int included_patches[] =
 {   /* Add new patch number below this line */
 /**/
+    805,
+/**/
     5024,
 /**/
     4214,