mirrors/labwc
1
0
Fork 0
mirror of https://github.com/labwc/labwc.git synced 2025-11-03 09:01:51 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

menu: fix unexpected behavior when a menu is opened from another menu

Browse source 
server->menu_current should be cleared before calling actions_run() as
it may internally call menu_open_root(). Clearing it after actions_run()
leads to an inconsistent state where a menu is opened but
server->menu_current is NULL. It even lead to a segfault when the item
opening another menu is contained in a pipemenu, because
menu_open_root() calls destroy_pipemenu() when server->menu_current is
set, which makes accessing item->actions a UAF.
This commit is contained in:
tokyo4j 2025-01-24 09:57:17 +09:00 committed by Consolatis
parent 465488110d
commit 4072a80eba
1 changed files with 1 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

7
src/menu/menu.c
View file

@ -1720,13 +1720,9 @@ menu_execute_item(struct menuitem *item)
return false;
}
/*
* We close the menu here to provide a faster feedback to the user.
* We do that without resetting the input state so src/cursor.c
* can do its own clean up on the following RELEASE event.
*/
struct server *server = item->parent->server;
menu_close(server->menu_current);
server->menu_current = NULL;
seat_focus_override_end(&server->seat);
/*
@ -1746,7 +1742,6 @@ menu_execute_item(struct menuitem *item)
&item->actions, NULL);
}
server->menu_current = NULL;
destroy_pipemenus(server);
return true;
}