From ea0f58928c45a558984e54da28a7dc30f8e96b97 Mon Sep 17 00:00:00 2001
From: Adam Jackson <ajax@nwnk.net>
Date: Thu, 27 Jan 2005 21:03:39 +0000
Subject: Bug #2391: Fix a use-after-free in run_fades. (Jonathan Briggs)

---
 ChangeLog    |  7 +++++++
 configure.ac |  2 +-
 xcompmgr.c   | 11 ++++++++---
 3 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index d33bf7d..40c3a10 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2005-01-27  Adam Jackson  <ajax@freedesktop.org>
+
+	* xcompmgr.c:
+	Bug #2391: Fix a use-after-free in run_fades.  (Jonathan Briggs)
+	* configure.ac:
+	Bump to 1.1.2.
+
 2005-01-26  Eric Anholt  <anholt@FreeBSD.org>
 
 	* Makefile.am:
diff --git a/configure.ac b/configure.ac
index bd2263c..67caa05 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2,7 +2,7 @@
 # Process this file with autoconf to produce a configure script.
 
 AC_PREREQ(2.57)
-AC_INIT([xcompmgr], [1.1.1], [xorg@freedesktop.org])
+AC_INIT([xcompmgr], [1.1.2], [xorg@freedesktop.org])
 AC_CONFIG_SRCDIR([xcompmgr.c])
 AM_INIT_AUTOMAKE([dist-bzip2])
 AM_MAINTAINER_MODE
diff --git a/xcompmgr.c b/xcompmgr.c
index 3d8f3ab..32e125d 100644
--- a/xcompmgr.c
+++ b/xcompmgr.c
@@ -322,6 +322,7 @@ run_fades (Display *dpy)
     int	    now = get_time_in_milliseconds();
     fade    *f, *next;
     int	    steps;
+    Bool    need_dequeue;
 
 #if 0
     printf ("run fades\n");
@@ -342,12 +343,13 @@ run_fades (Display *dpy)
 	printf ("opacity now %g\n", f->cur);
 #endif
 	w->opacity = f->cur * OPAQUE;
+	need_dequeue = False;
 	if (f->step > 0)
 	{
 	    if (f->cur >= f->finish)
 	    {
 		w->opacity = f->finish*OPAQUE;
-		dequeue_fade (dpy, f);
+		need_dequeue = True;
 	    }
 	}
 	else
@@ -355,7 +357,7 @@ run_fades (Display *dpy)
 	    if (f->cur <= f->finish)
 	    {
 		w->opacity = f->finish*OPAQUE;
-		dequeue_fade (dpy, f);
+		need_dequeue = True;
 	    }
 	}
 	determine_mode (dpy, w);
@@ -365,6 +367,9 @@ run_fades (Display *dpy)
 	    w->shadow = None;
 	    w->extents = win_extents(dpy, w);
 	}
+	/* Must do this last as it might destroy f->w in callbacks */
+	if (need_dequeue)
+		dequeue_fade (dpy, f);
     }
     fade_time = now + fade_delta;
 }
@@ -1833,7 +1838,7 @@ ev_window (XEvent *ev)
 void
 usage (char *program)
 {
-    fprintf (stderr, "%s v1.1.1\n", program);
+    fprintf (stderr, "%s v1.1.2\n", program);
     fprintf (stderr, "usage: %s [options]\n", program);
     fprintf (stderr, "Options\n");
     fprintf (stderr, "   -d display\n      Specifies which display should be managed.\n");
-- 
cgit v1.2.3-70-g09d2