From 8ac4a75969ede80c9d3c9900f376c7d6deb71b07 Mon Sep 17 00:00:00 2001 From: Simmo Saan Date: Thu, 21 Feb 2019 16:15:58 +0200 Subject: [PATCH] gui: fix use after free bug in /filter del (issue #1309) Deleting (freeing) a filter also frees its buffers, so refilter must happen before freeing. Disabling the filter temporarily fixes the bug. This fix disables the filter before filter_removing signal, though. --- src/core/wee-command.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/core/wee-command.c b/src/core/wee-command.c index ccbee03d2..aceee8605 100644 --- a/src/core/wee-command.c +++ b/src/core/wee-command.c @@ -2399,8 +2399,9 @@ COMMAND_CALLBACK(filter) ptr_filter = gui_filter_search_by_name (argv[2]); if (ptr_filter) { + ptr_filter->enabled = 0; // disable before refilter + gui_filter_all_buffers (ptr_filter); // refilter before free gui_filter_free (ptr_filter); - gui_filter_all_buffers (ptr_filter); gui_chat_printf_date_tags (NULL, 0, GUI_FILTER_TAG_NO_FILTER, _("Filter \"%s\" deleted"), argv[2]);