[dev] [st] clipboard patch can lead to crashes with st 0.8

From: Daniel Tameling <tamelingdaniel_AT_gmail.com>
Date: Sat, 17 Mar 2018 11:04:22 +0100


the clipboard patch st-clipboard-20180309-c5ba9c0.diff can lead to
double frees with st 0.8. This is because, starting with commit
cfc7acdfd923924ae150a32061fb95987697b159, in brelease every time Button1
is released mousesel(e, 1) is called. Up to the commit, there was some
code that only called mousel when an actual selection was made. Now if
you just left-click setsel is called in mousesel with str being NULL
because that is what getsel() returns. This means that xsel.primary gets
set to NULL. If you now add xclipcopy() to setsel according to the
patch, the following can happen:

1. You make make a selection -> clipcopy copies it to the clipboard.
2. You left-click -> clipcopy frees xsel.clipcopy, but because
xsel.primary was set to NULL in setsel, it doesn't do anything else
3. You left click again -> clipcopy tries to free xsel.clipcopy again,
and st crashes

Also note that the mentioned commit changed the behaviour of the
primary. Before it, the primary survived up until you made a new
selection. Now it gets erased if you left-click once.

Kind regards,
Received on Sat Mar 17 2018 - 11:04:22 CET

This archive was generated by hypermail 2.3.0 : Sat Mar 17 2018 - 11:12:19 CET