From 39afe3fc2ac79e8a875296d66ab42328f309e2ab Mon Sep 17 00:00:00 2001
From: Tiago Cunha <tcunha@gmx.com>
Date: Mon, 12 Oct 2009 00:37:41 +0000
Subject: [PATCH] Sync OpenBSD patchset 388:

Set the current window pointer to NULL when killing a winlink that is to be
replaced with link-window -k. This prevents it being pushed onto the last
window stack and causing a use-after-free.

Only took me an hour to find this :-/...
---
 server-fn.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/server-fn.c b/server-fn.c
index f34c8aec..e7077335 100644
--- a/server-fn.c
+++ b/server-fn.c
@@ -1,4 +1,4 @@
-/* $Id: server-fn.c,v 1.93 2009-10-11 23:38:16 tcunha Exp $ */
+/* $Id: server-fn.c,v 1.94 2009-10-12 00:37:41 tcunha Exp $ */
 
 /*
  * Copyright (c) 2007 Nicholas Marriott <nicm@users.sourceforge.net>
@@ -284,8 +284,10 @@ server_link_window(struct session *src, struct winlink *srcwl,
 			winlink_remove(&dst->windows, dstwl);
 
 			/* Force select/redraw if current. */
-			if (dstwl == dst->curw)
+			if (dstwl == dst->curw) {
 				selectflag = 1;
+				dst->curw = NULL;
+			}
 		}
 	}