Skip to content

Commit

Permalink
Fix list traversal issue in client_calc_layer
Browse files Browse the repository at this point in the history
The calls to client_calc_layer_internal can modify stacking_list, which
can cause us to follow dangling ->next pointers (either by the pointer
itself already being freed, or it pointing to a freed area). Avoid this
by copying the list first, the goal is to visit every client in the list
once so this should be fine.
  • Loading branch information
pldubouilh authored and Mikachu committed Mar 17, 2023
1 parent b0bbaca commit 9ed6fdd
Showing 1 changed file with 7 additions and 2 deletions.
9 changes: 7 additions & 2 deletions openbox/client.c
Original file line number Diff line number Diff line change
Expand Up @@ -2742,9 +2742,12 @@ static void client_calc_layer_internal(ObClient *self)
void client_calc_layer(ObClient *self)
{
GList *it;
/* the client_calc_layer_internal calls below modify stacking_list,
so we have to make a copy to iterate over */
GList *list = g_list_copy(stacking_list);

/* skip over stuff above fullscreen layer */
for (it = stacking_list; it; it = g_list_next(it))
for (it = list; it; it = g_list_next(it))
if (window_layer(it->data) <= OB_STACKING_LAYER_FULLSCREEN) break;

/* find the windows in the fullscreen layer, and mark them not-visited */
Expand All @@ -2757,7 +2760,7 @@ void client_calc_layer(ObClient *self)
client_calc_layer_internal(self);

/* skip over stuff above fullscreen layer */
for (it = stacking_list; it; it = g_list_next(it))
for (it = list; it; it = g_list_next(it))
if (window_layer(it->data) <= OB_STACKING_LAYER_FULLSCREEN) break;

/* now recalc any windows in the fullscreen layer which have not
Expand All @@ -2768,6 +2771,8 @@ void client_calc_layer(ObClient *self)
!WINDOW_AS_CLIENT(it->data)->visited)
client_calc_layer_internal(it->data);
}

g_list_free(it);
}

gboolean client_should_show(ObClient *self)
Expand Down

0 comments on commit 9ed6fdd

Please sign in to comment.