From 5428c2890320da95503876bd04cbd523ddcd4447 Mon Sep 17 00:00:00 2001
From: John Darrington <john@darrington.wattle.id.au>
Date: Sat, 26 Mar 2016 16:34:20 +0100
Subject: [PATCH] Fix double heap deallocation when erroneous SET was
 specified.

Found by zzuf.
---
 src/language/utilities/set.q    |  1 -
 tests/language/utilities/set.at | 12 ++++++++++++
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/src/language/utilities/set.q b/src/language/utilities/set.q
index 126868dbdb..f640bcbd65 100644
--- a/src/language/utilities/set.q
+++ b/src/language/utilities/set.q
@@ -137,7 +137,6 @@ cmd_set (struct lexer *lexer, struct dataset *ds)
 
   if (!parse_set (lexer, ds, &cmd, NULL))
     {
-      free_set (&cmd);
       return CMD_FAILURE;
     }
 
diff --git a/tests/language/utilities/set.at b/tests/language/utilities/set.at
index b281ae4e1d..ef31c836c8 100644
--- a/tests/language/utilities/set.at
+++ b/tests/language/utilities/set.at
@@ -22,6 +22,16 @@ x,3,2.00,1.00,1.00,3.00
 AT_CLEANUP
 
 
+dnl This scenario was observed to erroneously free things twice
+AT_SETUP([SET crash on invalid cc])
+AT_DATA([set.pspp], [dnl
+SET CCA='xxxx'.SHGW CCA.
+])
+
+AT_CHECK([pspp -O format=csv set.pspp], [1], [ignore])
+AT_CLEANUP
+
+
 
 AT_SETUP([SET MXWARNS])
 dnl Make sure that syntax processing stops and that
@@ -92,7 +102,9 @@ x,y,z
 ])
 
 AT_CLEANUP
+
 
+
 AT_BANNER([PRESERVE and RESTORE])
 
 AT_SETUP([PRESERVE of SET FORMAT])
-- 
2.30.2