From 765a224b3007c4ef617f22091db4c152de15dd86 Mon Sep 17 00:00:00 2001 From: Nicholas Marriott Date: Mon, 12 Nov 2007 16:39:30 +0000 Subject: [PATCH] Double-free on session destroy. --- TODO | 4 ++-- session.c | 12 ++++-------- 2 files changed, 6 insertions(+), 10 deletions(-) diff --git a/TODO b/TODO index 3f8b1d5f..83be9766 100644 --- a/TODO +++ b/TODO @@ -22,8 +22,8 @@ - client could pass term/tty fd up to server and then do nothing. what problems would this cause? -- need access to all terminfo data at once... signals? - cleanup/redesign IPC - IPC is arse-about-face: too much overhead. 8-byte header for each - packet... hrm. already scanning output for \e, could add an extra + IPC is slightly arse-about-face: too much overhead. 8-byte header for + each packet... hrm. already scanning output for \e, could add an extra byte to it for message - could use bsearch all over the place or get rid of smaller tables (clientmsg) - better errors when creating new windows/sessions (how?) diff --git a/session.c b/session.c index f1e7d952..e4a543ec 100644 --- a/session.c +++ b/session.c @@ -1,4 +1,4 @@ -/* $Id: session.c,v 1.28 2007-10-31 14:26:26 nicm Exp $ */ +/* $Id: session.c,v 1.29 2007-11-12 16:39:30 nicm Exp $ */ /* * Copyright (c) 2007 Nicholas Marriott @@ -124,8 +124,7 @@ session_create(const char *name, const char *cmd, u_int sx, u_int sy) void session_destroy(struct session *s) { - struct winlink *wl; - u_int i; + u_int i; if (session_index(s, &i) != 0) fatalx("session not found"); @@ -133,11 +132,8 @@ session_destroy(struct session *s) while (!ARRAY_EMPTY(&sessions) && ARRAY_LAST(&sessions) == NULL) ARRAY_TRUNC(&sessions, 1); - while (!RB_EMPTY(&s->windows)) { - wl = RB_ROOT(&s->windows); - RB_REMOVE(winlinks, &s->windows, wl); - winlink_remove(&s->windows, wl); - } + while (!RB_EMPTY(&s->windows)) + winlink_remove(&s->windows, RB_ROOT(&s->windows)); xfree(s->name); xfree(s);