From 09f3475ad19753c5ca9dc8693b6937a7f75f7c5c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Ekl=C3=B6f?= Date: Sun, 15 Jan 2023 10:24:01 +0100 Subject: [PATCH] =?UTF-8?q?config:=20don=E2=80=99t=20double-free=20key=20b?= =?UTF-8?q?inding=20auxiliary=20data?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Key bindings with multiple key mappings share auxiliary data (e.g. the command to execute in pipe-* bindings, or the escape sequence in text-bindings). The first one is the designated “master” copy. Only that one should be freed. This fixed a double-free on exit, with e.g. [text-bindings] \x1b\x23=Mod4+space Mod4+equal Closes #1259 --- CHANGELOG.md | 3 +++ config.c | 3 +++ 2 files changed, 6 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index ac18a97e..593d0692 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -116,12 +116,15 @@ config values (e.g. letter offsets, line height etc). * Selection being stuck visually when `IL` and `DL`.` * URL underlines sometimes still being visible after exiting URL mode. +* Text-bindings, and pipe-* bindings, with multiple key mappings + causing a crash (double-free) on exit ([#1259][1259]). [1173]: https://codeberg.org/dnkl/foot/issues/1173 [1190]: https://codeberg.org/dnkl/foot/issues/1190 [1205]: https://codeberg.org/dnkl/foot/issues/1205 [1209]: https://codeberg.org/dnkl/foot/issues/1209 [1218]: https://codeberg.org/dnkl/foot/issues/1218 +[1259]: https://codeberg.org/dnkl/foot/issues/1259 ### Security diff --git a/config.c b/config.c index ea8d062f..d77b50b8 100644 --- a/config.c +++ b/config.c @@ -1477,6 +1477,9 @@ parse_section_csd(struct context *ctx) static void free_binding_aux(struct binding_aux *aux) { + if (!aux->master_copy) + return; + switch (aux->type) { case BINDING_AUX_NONE: break; case BINDING_AUX_PIPE: free_argv(&aux->pipe); break;