From 9e49ec6cd325bf521f63450f3f87525cb82c63a9 Mon Sep 17 00:00:00 2001 From: Nicholas Marriott Date: Sun, 12 Jul 2009 17:33:18 +0000 Subject: Creating a key binding which replaces itself (such as "bind x bind x lsw") frees the command list bound to the key while it is still being executed, leading to a use after free. To prevent this, create a dead keys list and defer freeing replaced or removed key bindings until the main loop when the key binding will have finished executing. Found by Johan Friis when creating a key binding to reload his configuration file. --- server.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'server.c') diff --git a/server.c b/server.c index e9986a72..71b619ae 100644 --- a/server.c +++ b/server.c @@ -346,6 +346,9 @@ server_main(int srv_fd) server_handle_windows(&pfd); server_handle_clients(&pfd); + /* Collect any unset key bindings. */ + key_bindings_clean(); + /* * If we have no sessions and clients left, let's get out * of here... -- cgit