CVE-2018-6952: GNU patch double-free in another_hunk via ptrn_missing+repl_missing

GNU patch v2.7.5 has a double-free vulnerability in the another_hunk() function in src/pch.c. It is triggered when processing a malformed context-diff patch where a single hunk has BOTH ptrn_missing=true (the pattern section provides fewer lines than the header claims) AND repl_missing=true (the replacement section is absent). The ptrn_missing path at line 1334 artificially advances p_end to p_ptrn_lines+1, leaving p_line[2..p_ptrn_lines] holding dangling pointers from the previous hunk's cleanup. The repl_missing handler at line 1533 then overrides the fill plan that was supposed to initialize those positions. On the next call to another_hunk, the cleanup loop at lines 1179-1185 iterates over those dangling pointer positions and calls free() on them again, causing a double-free heap corruption.