From 50b401677be27103e7c4a67ca455d286f562ff7c Mon Sep 17 00:00:00 2001 From: Ryan Dwyer Date: Wed, 4 Jul 2018 22:58:17 +1000 Subject: [PATCH] Fix use after free in transaction code If we set an instruction as ready twice, it decreases the transaction's num_waiting a second time and applies the transaction earlier than it should. This no doubt has undesired effects, probably resulting in a use after free. Hopefully fixes the first part of #2207. --- sway/desktop/transaction.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/sway/desktop/transaction.c b/sway/desktop/transaction.c index 7b670aec..b4d796cb 100644 --- a/sway/desktop/transaction.c +++ b/sway/desktop/transaction.c @@ -377,7 +377,9 @@ static void set_instructions_ready(struct sway_view *view, int index) { for (int i = 0; i <= index; ++i) { struct sway_transaction_instruction *instruction = view->swayc->instructions->items[i]; - set_instruction_ready(instruction); + if (!instruction->ready) { + set_instruction_ready(instruction); + } } }