nixo
/
gri3-wm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Guile Really-Improved 3 Window Manager Fork of i3-wm with guile configuration
5,591 Commits 1 Branch 0 Tags 14 MiB
C 56.2%
Perl 27%
Raku 9.2%
M4 3.3%
Ruby 1.1%
Other 3.1%
Go to file
Chih-Chyuan Hwang faa9915abc Fix an use-after-free bug (#2522) 
Fix the issue #2421 (https://github.com/i3/i3/issues/2421).

floating_enable() invokes tree_close_internal() to free con->parent.
After con->parent is freed in tree_close_internal() but before con->parent is reassigned by the caller, con->parent may be dereferenced and causes i3 crash.

The backtrace below is an example.
The already-freed pointer is dereferenced again through the pointer "focused" in x_push_changes().

Reassign con->parent before calling tree_close_internal() to fix this use-after-free bug.

0x0000000000416372 in con_get_workspace (con=0x7ab9c0) at ../i3/src/con.c:375
0x0000000000416103 in con_has_managed_window (con=0x7ab9c0) at ../i3/src/con.c:266
0x000000000042b413 in x_push_changes (con=0x78d190) at ../i3/src/x.c:1132
0x0000000l0004533e8 in tree_render () at ../i3/src/tree.c:504
0x0000000000452b4f in tree_close_internal (con=0x7b67c0, kill_window=DONT_KILL_WINDOW, dont_kill_parent=false, force_set_focus=false)
../i3/src/tree.c:314
0x00000000004196f0 in con_on_remove_child (con=0x7b67c0) at ../i3/src/con.c:1801
0x0000000000452eb7 in tree_close_internal (con=0x783840, kill_window=DONT_KILL_WINDOW, dont_kill_parent=false, force_set_focus=false)
../i3/src/tree.c:364
0x0000000000431516 in floating_enable (con=0x7ab9c0, automatic=false) at ../i3/src/floating.c:183
0x0000000000431eed in toggle_floating_mode (con=0x7ab9c0, automatic=false) at ../i3/src/floating.c:379
0x0000000000420d92 in cmd_floating (current_match=0x679a20 , cmd_output=0x679aa0 , floating_mode=0x7ab8c0 "toggle")
../i3/src/commands.c:1088
0x000000000043e5ae in GENERATED_call (call_identifier=60, result=0x679aa0 ) at include/GENERATED_command_call.h:486
0x000000000043ee19 in next_state (token=0x675d70 ) at ../i3/src/commands_parser.c:187
0x000000000043f2fb in parse_command (input=0x7b4fe0 "floating toggle", gen=0x0) at ../i3/src/commands_parser.c:308
0x00000000004125f8 in run_binding (bind=0x784260, con=0x0) at ../i3/src/bindings.c:792
0x000000000042bace in handle_key_press (event=0x7a01a0) at ../i3/src/key_press.c:33
0x000000000044e6aa in handle_event (type=2, event=0x7a01a0) at ../i3/src/handlers.c:1420
0x0000000000439533 in xcb_check_cb (loop=0x7ffff532f8e0, w=0x68c140, revents=32768) at ../i3/src/main.c:133
0x00007ffff5125d73 in ev_invoke_pending () from /usr/lib/x86_64-linux-gnu/libev.so.4
0x00007ffff51293de in ev_run () from /usr/lib/x86_64-linux-gnu/libev.so.4
0x0000000000439418 in ev_loop (loop=0x7ffff532f8e0, flags=0) at /usr/include/ev.h:835
0x000000000043d51d in main (argc=3, argv=0x7fffffffe0a8) at ../i3/src/main.c:913
 		2016-11-08 00:56:46 -08:00
.github Add issue template 2016-02-19 18:48:49 +01:00
contrib contrib: add per-workspace-layout.pl 2014-01-26 16:51:32 +01:00
debian debian: add missing dh-autoreconf to Build-Depends (#2516) 2016-10-25 20:54:41 +02:00
docs Fix typo (#2536) 2016-11-05 03:32:40 -07:00
etc Move/rename config files/.desktop files into subdirs 2016-10-23 21:09:24 +02:00
i3-config-wizard Ensure all *.[ch] files include config.h 2016-10-23 21:09:24 +02:00
i3-dump-log Ensure all *.[ch] files include config.h 2016-10-23 21:09:24 +02:00
i3-input Ensure all *.[ch] files include config.h 2016-10-23 21:09:24 +02:00
i3-msg Fix memory leak in i3-msg. (#2542) 2016-11-06 08:14:37 -08:00
i3-nagbar Ensure all *.[ch] files include config.h 2016-10-23 21:09:24 +02:00
i3bar Merge pull request #2507 from stapelberg/autotools 2016-10-25 08:56:12 +02:00
include Ensure all *.[ch] files include config.h 2016-10-23 21:09:24 +02:00
libi3 Ensure all *.[ch] files include config.h 2016-10-23 21:09:24 +02:00
m4 Switch to autotools (GNU build system) 2016-10-23 21:09:21 +02:00
man generate asciidoc.conf via autoconf 2016-10-23 21:09:24 +02:00
parser-specs Added new criteria 'tiling' / 'floating'. (#2481) 2016-09-27 19:04:00 -07:00
share Move/rename config files/.desktop files into subdirs 2016-10-23 21:09:24 +02:00
src Fix an use-after-free bug (#2522) 2016-11-08 00:56:46 -08:00
testcases Merge pull request #2507 from stapelberg/autotools 2016-10-25 08:56:12 +02:00
travis travis: use correct path to debian packages (#2521) 2016-10-28 23:41:13 +02:00
.clang-format clang-format: don’t define ForeachMacros 2014-06-19 11:17:46 +02:00
.gitignore pull autotools.gitignore into .gitignore 2016-10-23 21:09:24 +02:00
.travis.yml Update travis for autotools 2016-10-23 21:09:24 +02:00
DEPENDS Remove conditional compilation for cairo/pangocairo (#2480) 2016-09-27 12:57:00 -07:00
I3_VERSION initial (manual) version files check-in 2016-04-07 19:12:21 +02:00
LICENSE Remove copyright year range from License 2016-01-17 16:25:54 +05:30
Makefile.am Update travis for autotools 2016-10-23 21:09:24 +02:00
PACKAGE-MAINTAINER Update PACKAGE-MAINTAINER’s compilation instructions 2016-10-23 21:09:24 +02:00
RELEASE-NOTES-4.12 release i3 4.12 2016-03-06 16:17:15 +01:00
configure.ac configure: add build directory to gitignore (#2543) 2016-11-07 11:49:26 -08:00
generate-command-parser.pl travis: check spelling of binaries and manpages, use docker 2016-02-06 10:36:43 +01:00
i3-dmenu-desktop i3-dmenu-desktop: do not die on failed open 2016-03-23 18:48:38 +01:00
i3-migrate-config-to-v4 Remove dead documentation for non-existing feature "stack-limit". 2015-06-09 23:13:15 +02:00
i3-save-tree Update "mark" to "marks" in i3-save-tree. (#2308) 2016-04-23 12:43:23 +01:00
i3-sensible-editor Added Neovim to i3-sensible-editor 2016-02-01 01:18:41 +00:00
i3-sensible-pager Quote the variables in i3-sensible-* correctly 2015-11-30 21:36:23 +00:00
i3-sensible-terminal Add uxterm to terminal list (#2397) 2016-07-19 19:28:42 +01:00
logo.svg s/i3.zekjur.net/i3wm.org/g 2011-08-28 17:44:42 +02:00
pseudo-doc.doxygen s/i3.zekjur.net/i3wm.org/g 2011-08-28 17:44:42 +02:00
release.sh generate asciidoc.conf via autoconf 2016-10-23 21:09:24 +02:00