From ca0962b5b1d696426e7583b1ce34a89219d1aa62 Mon Sep 17 00:00:00 2001
From: "Michael D. Lowis" <mike@mdlowis.com>
Date: Thu, 3 Jan 2019 22:02:09 -0500
Subject: [PATCH] fixed bug in job_finish() which resulted in a use-after-free

---
 TODO.md       |  2 --
 config.mk     |  7 ++++++-
 inc/win.h     |  5 -----
 src/lib/job.c | 17 +++++++++--------
 4 files changed, 15 insertions(+), 16 deletions(-)

diff --git a/TODO.md b/TODO.md
index 1bcc5be..59eb8a3 100644
--- a/TODO.md
+++ b/TODO.md
@@ -15,7 +15,6 @@
 * tide: should re-register with the registrar when a new registrar is launched
 * tide: Line - Get the current line number(s) containing the selection
 * tide: gap buffer does not handle UTF-8 currently
-* tide: holding cut shortcut will segfault eventually, paste probably as well
 * edit: hangs after launching an empty tide instance then trying to open already open file
 
 ## BACKLOG
@@ -67,4 +66,3 @@ isfile [VALUE]
 findfile [VALUE]
 matches [NAME] [REGEX]
 exec [CMD] [ARGS...]
-
diff --git a/config.mk b/config.mk
index 1de3ee6..cb8c7f5 100644
--- a/config.mk
+++ b/config.mk
@@ -20,8 +20,9 @@ CC = cc
 CFLAGS  = -g -MMD $(INCS)
 CFLAGS += --std=c99 -pedantic
 CFLAGS += -Wall -Wextra
-#CFLAGS += -Werror
+CFLAGS += -Werror
 CFLAGS += -Wno-missing-field-initializers -Wno-implicit-fallthrough
+
 # Linker Setup
 LD = $(CC)
 LDFLAGS = $(LIBS) -lX11 -lXft -lfontconfig -lXinerama -lutil -lm
@@ -30,6 +31,10 @@ LDFLAGS = $(LIBS) -lX11 -lXft -lfontconfig -lXinerama -lutil -lm
 AR = ar
 ARFLAGS = rcs
 
+# Enable Sanitizers
+#CFLAGS += -g -fsanitize=address,undefined
+#LDFLAGS += -g -fsanitize=address,undefined
+
 # Set the variables below or set them on the command line to enable the
 # corresponding feature
 DEBUG  = 0
diff --git a/inc/win.h b/inc/win.h
index edfbd1a..0aed412 100644
--- a/inc/win.h
+++ b/inc/win.h
@@ -129,14 +129,9 @@ void win_init(KeyBinding* bindings);
 void win_title(char* path);
 void win_font(char* font);
 void win_prop_set(char* xname, char* ename, char* value);
-void win_update(int ms);
 void win_loop(void);
 void win_quit(void);
 void win_togglefocus(void);
-void win_syncmouse(void);
-
 View* win_view(WinRegion id);
 Buf* win_buf(WinRegion id);
 bool win_keymodsset(int mask);
-bool win_sel_get(int selid, void(*cbfn)(char*));
-bool win_sel_set(int selid, char* str);
diff --git a/src/lib/job.c b/src/lib/job.c
index 104e5ac..df078c2 100644
--- a/src/lib/job.c
+++ b/src/lib/job.c
@@ -55,16 +55,17 @@ static void pipe_write(Job* job) {
     }
 }
 
-static void job_finish(Job* job) {
-    if (job == JobList) {
-        JobList = JobList->next;
+static Job* job_remove(Job* list, Job* job) {
+    if (list == job) {
+        return job->next;
     } else {
-        Job* curr = JobList;
-        while (curr->next && curr->next->fd != job->fd) {
-            curr->next = curr->next->next;
-            curr = curr->next;
-        }
+        list->next = job_remove(list->next, job);
+        return list;
     }
+}
+
+static void job_finish(Job* job) {
+    JobList = job_remove(JobList, job);
     close(job->fd);
     free(job->data);
     free(job);
-- 
2.49.0