From f3cceb5b9e53fcc10f015d8b2ed42c84d9b0451d Mon Sep 17 00:00:00 2001 From: nicm Date: Thu, 12 Feb 2015 09:56:19 +0000 Subject: Take a reference to prevent cmdq being freed during the command. Can happen to cfg_cmd_q (possibly others) when source-file recurses into cmdq_continue. Fixes bug reported by Ismail Donmez and Theo Buehler. --- usr.bin/tmux/cmd-queue.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'usr.bin/tmux/cmd-queue.c') diff --git a/usr.bin/tmux/cmd-queue.c b/usr.bin/tmux/cmd-queue.c index d357fca1daa..bd400d70080 100644 --- a/usr.bin/tmux/cmd-queue.c +++ b/usr.bin/tmux/cmd-queue.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cmd-queue.c,v 1.21 2015/02/05 10:26:29 nicm Exp $ */ +/* $OpenBSD: cmd-queue.c,v 1.22 2015/02/12 09:56:19 nicm Exp $ */ /* * Copyright (c) 2013 Nicholas Marriott @@ -163,6 +163,7 @@ cmdq_continue(struct cmd_q *cmdq) int empty, flags; char s[1024]; + cmdq->references++; notify_disable(); empty = TAILQ_EMPTY(&cmdq->queue); @@ -220,11 +221,13 @@ empty: if (cmdq->client_exit > 0) cmdq->client->flags |= CLIENT_EXIT; if (cmdq->emptyfn != NULL) - cmdq->emptyfn(cmdq); /* may free cmdq */ + cmdq->emptyfn(cmdq); empty = 1; out: notify_enable(); + cmdq_free(cmdq); + return (empty); } -- cgit v1.2.3-59-g8ed1b