Fix use after free in transactions

In set_instructions_ready, calling set_instruction_ready may cause any
number of transactions to get applied, which removes them from the list
being iterated.  The iteration variables need to be adjusted
accordingly.
This commit is contained in:
Ryan Dwyer 2018-07-28 15:19:14 +10:00
parent 7ad9d743fa
commit 073ac425d5

View file

@ -364,7 +364,13 @@ static void set_instructions_ready(struct sway_view *view, int index) {
struct sway_transaction_instruction *instruction = struct sway_transaction_instruction *instruction =
view->swayc->instructions->items[i]; view->swayc->instructions->items[i];
if (!instruction->ready) { if (!instruction->ready) {
// set_instruction_ready can remove instructions from the list we're
// iterating
size_t length = view->swayc->instructions->length;
set_instruction_ready(instruction); set_instruction_ready(instruction);
size_t num_removed = length - view->swayc->instructions->length;
i -= num_removed;
index -= num_removed;
} }
} }
} }