> Serguey Parkhomovsky wrote:
>
> Looks like a use after free when freeing the window list. The
> following patch fixes it for me:
>
> Index: FvwmRearrange.c
> ===================================================================
> RCS file: /cvs/xenocara/app/fvwm/modules/FvwmRearrange/FvwmRearrange.c,v
> retrieving revision 1.1.1.1
> diff -u -p -u -r1.1.1.1 FvwmRearrange.c
> --- FvwmRearrange.c 26 Nov 2006 10:53:53 -0000 1.1.1.1
> +++ FvwmRearrange.c 8 Nov 2015 04:55:46 -0000
> @@ -100,8 +100,8 @@ void free_window_list(window_list *wl)
> window_item *q;
> while (*wl) {
> q = *wl;
> - free(*wl);
> *wl = (*wl)->next;
> + free(q);
> }
> }
Thanks for taking the time to look into this. Your patch fixes it for me
as well (thanks to matthieu@ for committing it).
Best
Gerrit
