From f370665383619492377dcb896ad8b889d163277d Mon Sep 17 00:00:00 2001 From: oreo639 Date: Sat, 25 Mar 2023 16:27:08 -0700 Subject: [PATCH] openbox: fix use after free --- ...28e5a1002af41c976c8860f8299cfcd3cd72.patch | 50 +++++++++++++++++++ srcpkgs/openbox/template | 4 +- 2 files changed, 52 insertions(+), 2 deletions(-) create mode 100644 srcpkgs/openbox/patches/d41128e5a1002af41c976c8860f8299cfcd3cd72.patch diff --git a/srcpkgs/openbox/patches/d41128e5a1002af41c976c8860f8299cfcd3cd72.patch b/srcpkgs/openbox/patches/d41128e5a1002af41c976c8860f8299cfcd3cd72.patch new file mode 100644 index 000000000000..11e2b92b75a3 --- /dev/null +++ b/srcpkgs/openbox/patches/d41128e5a1002af41c976c8860f8299cfcd3cd72.patch @@ -0,0 +1,50 @@ +From d41128e5a1002af41c976c8860f8299cfcd3cd72 Mon Sep 17 00:00:00 2001 +From: pldubouilh +Date: Fri, 17 Mar 2023 18:23:47 +0100 +Subject: [PATCH] Fix list traversal issue in client_calc_layer + +The calls to client_calc_layer_internal can modify stacking_list, which +can cause us to follow dangling ->next pointers (either by the pointer +itself already being freed, or it pointing to a freed area). Avoid this +by copying the list first, the goal is to visit every client in the list +once so this should be fine. +--- + openbox/client.c | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +diff --git a/openbox/client.c b/openbox/client.c +index 7168b2407..b8264587c 100644 +--- a/openbox/client.c ++++ b/openbox/client.c +@@ -2742,9 +2742,12 @@ static void client_calc_layer_internal(ObClient *self) + void client_calc_layer(ObClient *self) + { + GList *it; ++ /* the client_calc_layer_internal calls below modify stacking_list, ++ so we have to make a copy to iterate over */ ++ GList *list = g_list_copy(stacking_list); + + /* skip over stuff above fullscreen layer */ +- for (it = stacking_list; it; it = g_list_next(it)) ++ for (it = list; it; it = g_list_next(it)) + if (window_layer(it->data) <= OB_STACKING_LAYER_FULLSCREEN) break; + + /* find the windows in the fullscreen layer, and mark them not-visited */ +@@ -2757,7 +2760,7 @@ void client_calc_layer(ObClient *self) + client_calc_layer_internal(self); + + /* skip over stuff above fullscreen layer */ +- for (it = stacking_list; it; it = g_list_next(it)) ++ for (it = list; it; it = g_list_next(it)) + if (window_layer(it->data) <= OB_STACKING_LAYER_FULLSCREEN) break; + + /* now recalc any windows in the fullscreen layer which have not +@@ -2768,6 +2771,8 @@ void client_calc_layer(ObClient *self) + !WINDOW_AS_CLIENT(it->data)->visited) + client_calc_layer_internal(it->data); + } ++ ++ g_list_free(it); + } + + gboolean client_should_show(ObClient *self) diff --git a/srcpkgs/openbox/template b/srcpkgs/openbox/template index 1c2de2ee5fd6..7d46193fd711 100644 --- a/srcpkgs/openbox/template +++ b/srcpkgs/openbox/template @@ -1,7 +1,7 @@ # Template file for 'openbox' pkgname=openbox version=3.6.1 -revision=4 +revision=5 build_style=gnu-configure configure_args="--enable-startup-notification $(vopt_enable svg librsvg)" hostmakedepends="automake libtool pkg-config gettext-devel" @@ -15,7 +15,7 @@ conf_files=" /etc/xdg/openbox/autostart" short_desc="Standards compliant, fast, light-weight, extensible window manager" maintainer="Orphaned " -license="GPL-2" +license="GPL-2.0-or-later" homepage="http://www.openbox.org" distfiles="http://openbox.org/dist/openbox/openbox-$version.tar.xz" checksum=abe75855cc5616554ffd47134ad15291fe37ebbebf1a80b69cbde9d670f0e26d