[matchbox-wm][PATCH] keys: Avoid freeing Wm_config member pointer in keys_load_config().


Simon Haggett
 

If the Wm_config instance contains a non-NULL pointer in its kbd_conf_file
member, then (in a build that does not use gconf) keys_load_config() will
assign that pointer to a local conf_path variable. However, keys_load_config()
later calls free() on this conf_path variable (since it may instead have been
assigned a malloc'd buffer). This can therefore leave Wm_config::kbd_conf_file
as a dangling pointer. Furthermore, if the user has specified the -kbdconfig
argument when starting matchbox-window-manager then this pointer comes from argv
and so the call to free() can lead to a segmentation fault.

This patch fixes the issue by using strdup() to make a copy of the string
pointed to by the Wm_config::kbd_conf_file member pointer. This matches the
approach used when conf_path is required to take the value of a string literal,
and ensures that free() can safely be called on conf_path.

Signed-off-by: Simon Haggett <simon.haggett@...>
---
src/keys.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/keys.c b/src/keys.c
index bc83bd4..ca77f81 100644
--- a/src/keys.c
+++ b/src/keys.c
@@ -326,7 +326,7 @@ keys_load_config(Wm *w)
};

if (w->config->kbd_conf_file != NULL)
- conf_path = w->config->kbd_conf_file;
+ conf_path = strdup(w->config->kbd_conf_file);

if (conf_path == NULL && getenv("HOME"))
{
--
2.17.1

Join yocto@lists.yoctoproject.org to automatically receive all group messages.