From: Mark Jamsek <mark@jamsek.com>
Subject: Re: tog blame: fix a double-free
To: Josiah Frentsos <jfrent@tilde.team>
Cc: gameoftrees@openbsd.org
Date: Sat, 15 Jul 2023 13:01:00 +1000

Josiah Frentsos <jfrent@tilde.team> wrote:
> * tog blame gnu/usr.bin/Makefile.inc
> * Press RET when it finishes annotating.
> * Press C-c while it's diffing.
> 
> It happens because open_diff_view() also calls view_close() on error.

Thanks, Josiah! I could reproduce your case.
Your patch fixes it, and has now been committed.

> diff 1494a06e4ce25cf1beafa90b6b1f98bdebf9e7e2 18d31f841e8a68f2cede608c1a5741286785bfb3
> commit - 1494a06e4ce25cf1beafa90b6b1f98bdebf9e7e2
> commit + 18d31f841e8a68f2cede608c1a5741286785bfb3
> blob - f94aa18a4e4ab0a9b2df4a58ff12917a90b189c3
> blob + 7bb059ecfaa26dc3c7b8d9f630f63c581d525b9b
> --- tog/tog.c
> +++ tog/tog.c
> @@ -6956,10 +6956,8 @@ input_blame_view(struct tog_view **new_view, struct to
>  		err = open_diff_view(diff_view, pid ? &pid->id : NULL,
>  		    id, NULL, NULL, 3, 0, 0, view, s->repo);
>  		got_object_commit_close(commit);
> -		if (err) {
> -			view_close(diff_view);
> +		if (err)
>  			break;
> -		}
>  		s->last_diffed_line = s->first_displayed_line - 1 +
>  		    s->selected_line;
>  		if (*new_view)


-- 
Mark Jamsek <https://bsdbox.org>
GPG: F2FF 13DE 6A06 C471 CA80  E6E2 2930 DC66 86EE CF68