From 08976f7a2a836a81731c45f6e8bbb8b8738d0a05 Mon Sep 17 00:00:00 2001 From: Michael Stapelberg Date: Fri, 8 Jan 2016 20:41:09 +0100 Subject: [PATCH] con_mark: fix heap-use-after-free --- src/con.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/con.c b/src/con.c index ccc8445e..51b2a3f6 100644 --- a/src/con.c +++ b/src/con.c @@ -608,7 +608,8 @@ void con_mark(Con *con, const char *mark, mark_mode_t mode) { DLOG("Removing all existing marks on con = %p.\n", con); mark_t *current; - TAILQ_FOREACH(current, &(con->marks_head), marks) { + while (!TAILQ_EMPTY(&(con->marks_head))) { + current = TAILQ_FIRST(&(con->marks_head)); con_unmark(con, current->name); } }