From d41128e5a1002af41c976c8860f8299cfcd3cd72 Mon Sep 17 00:00:00 2001 From: pldubouilh Date: Fri, 17 Mar 2023 18:23:47 +0100 Subject: [PATCH] Fix list traversal issue in client_calc_layer The calls to client_calc_layer_internal can modify stacking_list, which can cause us to follow dangling ->next pointers (either by the pointer itself already being freed, or it pointing to a freed area). Avoid this by copying the list first, the goal is to visit every client in the list once so this should be fine. Upstream-Status: Backport [http://git.openbox.org/?p=mikachu/openbox.git;a=commit;h=d41128e5a1002af41c976c8860f8299cfcd3cd72] Signed-off-by: Alexandre Videgrain --- openbox/client.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/openbox/client.c b/openbox/client.c index 7168b240..b8264587 100644 --- a/openbox/client.c +++ b/openbox/client.c @@ -2742,9 +2742,12 @@ static void client_calc_layer_internal(ObClient *self) void client_calc_layer(ObClient *self) { GList *it; + /* the client_calc_layer_internal calls below modify stacking_list, + so we have to make a copy to iterate over */ + GList *list = g_list_copy(stacking_list); /* skip over stuff above fullscreen layer */ - for (it = stacking_list; it; it = g_list_next(it)) + for (it = list; it; it = g_list_next(it)) if (window_layer(it->data) <= OB_STACKING_LAYER_FULLSCREEN) break; /* find the windows in the fullscreen layer, and mark them not-visited */ @@ -2757,7 +2760,7 @@ void client_calc_layer(ObClient *self) client_calc_layer_internal(self); /* skip over stuff above fullscreen layer */ - for (it = stacking_list; it; it = g_list_next(it)) + for (it = list; it; it = g_list_next(it)) if (window_layer(it->data) <= OB_STACKING_LAYER_FULLSCREEN) break; /* now recalc any windows in the fullscreen layer which have not @@ -2768,6 +2771,8 @@ void client_calc_layer(ObClient *self) !WINDOW_AS_CLIENT(it->data)->visited) client_calc_layer_internal(it->data); } + + g_list_free(it); } gboolean client_should_show(ObClient *self) -- 2.34.1