From 205dd7609695f3808f2cff0167ec836a7d66ec17 Mon Sep 17 00:00:00 2001
From: Orestis Floros <orestisf1993@gmail.com>
Date: Sat, 16 Sep 2017 23:53:31 +0300
Subject: [PATCH 1/3] Prevent freeing of uninitialized pointer

> variable 'buf' is used uninitialized whenever 'if' condition is true

Note: freeing a NULL pointer is fine.
---
 src/tree.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/tree.c b/src/tree.c
index b3d2ce93..7f466583 100644
--- a/src/tree.c
+++ b/src/tree.c
@@ -66,13 +66,13 @@ static Con *_create___i3(void) {
 bool tree_restore(const char *path, xcb_get_geometry_reply_t *geometry) {
     bool result = false;
     char *globbed = resolve_tilde(path);
+    char *buf = NULL;
 
     if (!path_exists(globbed)) {
         LOG("%s does not exist, not restoring tree\n", globbed);
         goto out;
     }
 
-    char *buf = NULL;
     ssize_t len;
     if ((len = slurp(globbed, &buf)) < 0) {
         /* slurp already logged an error. */

From f7a7c7778ba987c30276d2c30bd99b5e2a495909 Mon Sep 17 00:00:00 2001
From: Orestis Floros <orestisf1993@gmail.com>
Date: Sun, 17 Sep 2017 00:24:15 +0300
Subject: [PATCH 2/3] Fix wrong call to free

To confirm, assign n to a constant value and try to use the
append_layout command.

Without the change i3 crashes.
---
 src/util.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/util.c b/src/util.c
index cd5ee03e..ba0969c7 100644
--- a/src/util.c
+++ b/src/util.c
@@ -501,7 +501,7 @@ ssize_t slurp(const char *path, char **buf) {
     fclose(f);
     if ((ssize_t)n != stbuf.st_size) {
         ELOG("File \"%s\" could not be read entirely: got %zd, want %zd\n", path, n, stbuf.st_size);
-        free(buf);
+        free(*buf);
         *buf = NULL;
         return -1;
     }

From 91c8c00afc146130c513233fd098707b7f4a2d94 Mon Sep 17 00:00:00 2001
From: Orestis Floros <orestisf1993@gmail.com>
Date: Sun, 17 Sep 2017 01:14:47 +0300
Subject: [PATCH 3/3] Fix use of err after it is freed

---
 src/randr.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/randr.c b/src/randr.c
index bc791696..88cad7c5 100644
--- a/src/randr.c
+++ b/src/randr.c
@@ -1048,8 +1048,8 @@ void randr_init(int *event_base, const bool disable_randr15) {
         xcb_randr_query_version_reply(
             conn, xcb_randr_query_version(conn, XCB_RANDR_MAJOR_VERSION, XCB_RANDR_MINOR_VERSION), &err);
     if (err != NULL) {
-        free(err);
         ELOG("Could not query RandR version: X11 error code %d\n", err->error_code);
+        free(err);
         fallback_to_root_output();
         return;
     }