From 6920be311b276277ad7c38a96ccca4746b94bd95 Mon Sep 17 00:00:00 2001
From: nicm <nicm>
Date: Tue, 7 Apr 2015 13:06:22 +0000
Subject: When replacing, don't free the old paste until after the new one's
 name has been copied. Fixes a use-after-free in window-copy.c. Bug reported
 by J Raynor (who also provided a different fix).

---
 paste.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'paste.c')

diff --git a/paste.c b/paste.c
index de80115e..2ccc3cd2 100644
--- a/paste.c
+++ b/paste.c
@@ -247,9 +247,6 @@ paste_set(char *data, size_t size, const char *name, char **cause)
 		return (-1);
 	}
 
-	pb = paste_get_name(name);
-	if (pb != NULL)
-		paste_free_name(name);
 
 	pb = xmalloc(sizeof *pb);
 
@@ -261,6 +258,9 @@ paste_set(char *data, size_t size, const char *name, char **cause)
 	pb->automatic = 0;
 	pb->order = paste_next_order++;
 
+	if (paste_get_name(name) != NULL)
+		paste_free_name(name);
+
 	RB_INSERT(paste_name_tree, &paste_by_name, pb);
 	RB_INSERT(paste_time_tree, &paste_by_time, pb);
 
-- 
cgit v1.2.3