From 95dc4ac4b5221c06113137aeeeb366c69627cb8e Mon Sep 17 00:00:00 2001
From: tokyo4j <hrak1529@gmail.com>
Date: Sun, 5 May 2024 18:41:10 +0900
Subject: [PATCH] menu: reset parser state in `menu_finish()`

This fixes use-after-free in `fill_item()` on Reconfigure with
invalid `menu.xml` like below:

<openbox_menu>
  <menu id="root-menu">
    <item id="rofi-run" label="Run command">
      <action name="Execute" command="rofi-run" />
    </item>
  </menu>
</openbox_menu>
---
 src/menu/menu.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/menu/menu.c b/src/menu/menu.c
index 84b86793..064c803b 100644
--- a/src/menu/menu.c
+++ b/src/menu/menu.c
@@ -960,6 +960,11 @@ void
 menu_finish(struct server *server)
 {
 	menu_free_from(server, NULL);
+
+	/* Reset state vars for starting fresh when Reload is triggered */
+	current_item = NULL;
+	current_item_action = NULL;
+	current_menu = NULL;
 }
 
 /* Sets selection (or clears selection if passing NULL) */