Changeset 7d6a751 for owl.h

Timestamp:

Mar 1, 2010, 8:33:47 PM (14 years ago)

Author:

Nelson Elhage <nelhage@mit.edu>

Branches:

release-1.5

Children:

b22170c

Parents:

7fd450f

git-author:

Anders Kaseorg <andersk@mit.edu> (01/25/10 21:56:47)

git-committer:

Nelson Elhage <nelhage@mit.edu> (03/01/10 20:33:47)

Message:

Move cachedmsgid from owl_filter to owl_view.

This fixes a use-after-free bug: owl_function_create_filter sets
inuse=1, removes the current filter (hence freeing it), then calls
owl_function_change_currentview_filter → owl_view_save_curmsgid →
owl_filter_set_cachedmsgid, which writes to the filter that was just
freed.

This means that you can no longer keep two independent positions in
two different filters by repeatedly switching between filter1 → empty
→ filter2 → empty → filter1.  But I doubt anyone even knew that was
possible before.

Signed-off-by: Anders Kaseorg <andersk@mit.edu>
Reviewed-by: Nelson Elhage <nelhage@mit.edu>

File:

• owl.h (modified) (2 diffs)

owl.h

@@ -425 +425 @@
   int fgcolor;
   int bgcolor;
-  int cachedmsgid;  /* cached msgid: should move into view eventually */
 } owl_filter;
 
@@ -433 +432 @@
   owl_messagelist ml;
   const owl_style *style;
+  int cachedmsgid;
 } owl_view;