diff --git a/7.3.1280 b/7.3.1280
new file mode 100644
index 0000000..f3be56a
--- /dev/null
+++ b/7.3.1280
@@ -0,0 +1,231 @@
+To: vim_dev@googlegroups.com
+Subject: Patch 7.3.1280
+Fcc: outbox
+From: Bram Moolenaar <Bram@moolenaar.net>
+Mime-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+------------
+
+Patch 7.3.1280
+Problem:    Reading memory already freed since patch 7.3.1247. (Simon
+	    Ruderich, Dominique Pelle)
+Solution:   Copy submatches before reallocating the state list.
+Files:	    src/regexp_nfa.c
+
+
+*** ../vim-7.3.1279/src/regexp_nfa.c	2013-06-30 13:17:18.000000000 +0200
+--- src/regexp_nfa.c	2013-06-30 23:17:46.000000000 +0200
+***************
+*** 3538,3544 ****
+  static int match_backref __ARGS((regsub_T *sub, int subidx, int *bytelen));
+  static int has_state_with_pos __ARGS((nfa_list_T *l, nfa_state_T *state, regsubs_T *subs));
+  static int state_in_list __ARGS((nfa_list_T *l, nfa_state_T *state, regsubs_T *subs));
+! static void addstate __ARGS((nfa_list_T *l, nfa_state_T *state, regsubs_T *subs, nfa_pim_T *pim, int off));
+  static void addstate_here __ARGS((nfa_list_T *l, nfa_state_T *state, regsubs_T *subs, nfa_pim_T *pim, int *ip));
+  
+  /*
+--- 3538,3544 ----
+  static int match_backref __ARGS((regsub_T *sub, int subidx, int *bytelen));
+  static int has_state_with_pos __ARGS((nfa_list_T *l, nfa_state_T *state, regsubs_T *subs));
+  static int state_in_list __ARGS((nfa_list_T *l, nfa_state_T *state, regsubs_T *subs));
+! static regsubs_T *addstate __ARGS((nfa_list_T *l, nfa_state_T *state, regsubs_T *subs_arg, nfa_pim_T *pim, int off));
+  static void addstate_here __ARGS((nfa_list_T *l, nfa_state_T *state, regsubs_T *subs, nfa_pim_T *pim, int *ip));
+  
+  /*
+***************
+*** 3832,3844 ****
+      return FALSE;
+  }
+  
+!     static void
+! addstate(l, state, subs, pim, off)
+!     nfa_list_T		*l;	/* runtime state list */
+!     nfa_state_T		*state;	/* state to update */
+!     regsubs_T		*subs;	/* pointers to subexpressions */
+!     nfa_pim_T		*pim;   /* postponed look-behind match */
+!     int			off;	/* byte offset, when -1 go to next line */
+  {
+      int			subidx;
+      nfa_thread_T	*thread;
+--- 3832,3849 ----
+      return FALSE;
+  }
+  
+! /*
+!  * Add "state" and possibly what follows to state list ".".
+!  * Returns "subs_arg", possibly copied into temp_subs.
+!  */
+! 
+!     static regsubs_T *
+! addstate(l, state, subs_arg, pim, off)
+!     nfa_list_T		*l;	    /* runtime state list */
+!     nfa_state_T		*state;	    /* state to update */
+!     regsubs_T		*subs_arg;  /* pointers to subexpressions */
+!     nfa_pim_T		*pim;	    /* postponed look-behind match */
+!     int			off;	    /* byte offset, when -1 go to next line */
+  {
+      int			subidx;
+      nfa_thread_T	*thread;
+***************
+*** 3847,3852 ****
+--- 3852,3859 ----
+      char_u		*save_ptr;
+      int			i;
+      regsub_T		*sub;
++     regsubs_T		*subs = subs_arg;
++     static regsubs_T	temp_subs;
+  #ifdef ENABLE_LOG
+      int			did_print = FALSE;
+  #endif
+***************
+*** 3941,3947 ****
+  		    fprintf(log_fd, "> Not adding state %d to list %d. char %d: %s\n",
+  			    abs(state->id), l->id, state->c, code);
+  #endif
+! 		    return;
+  		}
+  
+  		/* Do not add the state again when it exists with the same
+--- 3948,3954 ----
+  		    fprintf(log_fd, "> Not adding state %d to list %d. char %d: %s\n",
+  			    abs(state->id), l->id, state->c, code);
+  #endif
+! 		    return subs;
+  		}
+  
+  		/* Do not add the state again when it exists with the same
+***************
+*** 3956,3961 ****
+--- 3963,3980 ----
+  	    {
+  		int newlen = l->len * 3 / 2 + 50;
+  
++ 		if (subs != &temp_subs)
++ 		{
++ 		    /* "subs" may point into the current array, need to make a
++ 		     * copy before it becomes invalid. */
++ 		    copy_sub(&temp_subs.norm, &subs->norm);
++ #ifdef FEAT_SYN_HL
++ 		    if (nfa_has_zsubexpr)
++ 			copy_sub(&temp_subs.synt, &subs->synt);
++ #endif
++ 		    subs = &temp_subs;
++ 		}
++ 
+  		l->t = vim_realloc(l->t, newlen * sizeof(nfa_thread_T));
+  		l->len = newlen;
+  	    }
+***************
+*** 3991,4004 ****
+  
+  	case NFA_SPLIT:
+  	    /* order matters here */
+! 	    addstate(l, state->out, subs, pim, off);
+! 	    addstate(l, state->out1, subs, pim, off);
+  	    break;
+  
+  	case NFA_SKIP_CHAR:
+  	case NFA_NOPEN:
+  	case NFA_NCLOSE:
+! 	    addstate(l, state->out, subs, pim, off);
+  	    break;
+  
+  	case NFA_MOPEN:
+--- 4010,4023 ----
+  
+  	case NFA_SPLIT:
+  	    /* order matters here */
+! 	    subs = addstate(l, state->out, subs, pim, off);
+! 	    subs = addstate(l, state->out1, subs, pim, off);
+  	    break;
+  
+  	case NFA_SKIP_CHAR:
+  	case NFA_NOPEN:
+  	case NFA_NCLOSE:
+! 	    subs = addstate(l, state->out, subs, pim, off);
+  	    break;
+  
+  	case NFA_MOPEN:
+***************
+*** 4094,4100 ****
+  		sub->list.line[subidx].start = reginput + off;
+  	    }
+  
+! 	    addstate(l, state->out, subs, pim, off);
+  
+  	    if (save_in_use == -1)
+  	    {
+--- 4113,4119 ----
+  		sub->list.line[subidx].start = reginput + off;
+  	    }
+  
+! 	    subs = addstate(l, state->out, subs, pim, off);
+  
+  	    if (save_in_use == -1)
+  	    {
+***************
+*** 4112,4118 ****
+  	    {
+  		/* Do not overwrite the position set by \ze. If no \ze
+  		 * encountered end will be set in nfa_regtry(). */
+! 		addstate(l, state->out, subs, pim, off);
+  		break;
+  	    }
+  	case NFA_MCLOSE1:
+--- 4131,4137 ----
+  	    {
+  		/* Do not overwrite the position set by \ze. If no \ze
+  		 * encountered end will be set in nfa_regtry(). */
+! 		subs = addstate(l, state->out, subs, pim, off);
+  		break;
+  	    }
+  	case NFA_MCLOSE1:
+***************
+*** 4181,4187 ****
+  		sub->list.line[subidx].end = reginput + off;
+  	    }
+  
+! 	    addstate(l, state->out, subs, pim, off);
+  
+  	    if (REG_MULTI)
+  		sub->list.multi[subidx].end = save_lpos;
+--- 4200,4206 ----
+  		sub->list.line[subidx].end = reginput + off;
+  	    }
+  
+! 	    subs = addstate(l, state->out, subs, pim, off);
+  
+  	    if (REG_MULTI)
+  		sub->list.multi[subidx].end = save_lpos;
+***************
+*** 4190,4195 ****
+--- 4209,4215 ----
+  	    sub->in_use = save_in_use;
+  	    break;
+      }
++     return subs;
+  }
+  
+  /*
+*** ../vim-7.3.1279/src/version.c	2013-06-30 22:43:22.000000000 +0200
+--- src/version.c	2013-06-30 23:23:02.000000000 +0200
+***************
+*** 730,731 ****
+--- 730,733 ----
+  {   /* Add new patch number below this line */
++ /**/
++     1280,
+  /**/
+
+-- 
+DENNIS:  Listen -- strange women lying in ponds distributing swords is no
+         basis for a system of government.  Supreme executive power derives
+         from a mandate from the masses, not from some farcical aquatic
+         ceremony.
+                                  The Quest for the Holy Grail (Monty Python)
+
+ /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net   \\\
+///        sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\
+\\\  an exciting new programming language -- http://www.Zimbu.org        ///
+ \\\            help me help AIDS victims -- http://ICCF-Holland.org    ///