On Sat, Nov 07, 2015 at 09:07:43PM -0800, Serguey Parkhomovsky wrote:
> Hi Gerrit,
>
> Looks like a use after free when freeing the window list. The following
> patch fixes it for me:
>
> Index: FvwmRearrange.c
> ===================================================================
> RCS file: /cvs/xenocara/app/fvwm/modules/FvwmRearrange/FvwmRearrange.c,v
> retrieving revision 1.1.1.1
> diff -u -p -u -r1.1.1.1 FvwmRearrange.c
> --- FvwmRearrange.c 26 Nov 2006 10:53:53 -0000 1.1.1.1
> +++ FvwmRearrange.c 8 Nov 2015 04:55:46 -0000
> @@ -100,8 +100,8 @@ void free_window_list(window_list *wl)
> window_item *q;
> while (*wl) {
> q = *wl;
> - free(*wl);
> *wl = (*wl)->next;
> + free(q);
> }
> }Yes that looks correct to me. Committed. Thanks to both. -- Matthieu Herrb
signature.asc
Description: PGP signature
