From 9658e9cc18cd671d6016479280796510e42b23a4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20Ekl=C3=B6f?= <daniel@ekloef.se>
Date: Wed, 14 Jul 2021 20:14:10 +0200
Subject: [PATCH] =?UTF-8?q?render:=20tiocswinsz:=20don=E2=80=99t=20remove/?=
 =?UTF-8?q?close=20the=20fd=20passed=20as=20argument?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

There’s a chance the resize timeout FD was closed, and *reused*, after
epoll() told us the FD is readable, but before our callback runs.

Thus, closing the FD provided as an argument is dangerous, as it may
refer to something completely different.
---
 render.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/render.c b/render.c
index 80d5efb5..c50988fd 100644
--- a/render.c
+++ b/render.c
@@ -3119,8 +3119,10 @@ fdm_tiocswinsz(struct fdm *fdm, int fd, int events, void *data)
     if (events & EPOLLIN)
         tiocswinsz(term);
 
-    fdm_del(fdm, fd);
-    term->window->resize_timeout_fd = -1;
+    if (term->window->resize_timeout_fd >= 0) {
+        fdm_del(fdm, term->window->resize_timeout_fd);
+        term->window->resize_timeout_fd = -1;
+    }
     return true;
 }