From 4512f268c689db62b46c88e813935c66eda14742 Mon Sep 17 00:00:00 2001
From: Alan Coopersmith <alan.coopersmith@oracle.com>
Date: Sun, 30 Sep 2018 14:28:35 -0700
Subject: When replacing a colormap, free old map, not new one

Found by Oracle's Parfait 2.2 static analyzer:

Error: Use after free
   Use after free [use-after-free] (CWE 416):
      Use after free of pointer Scr
        at line 421 of src/util.c in function 'InsertRGBColormap'.
        Invalid pointer accessible via global Scr at line 105 of src/twm.c
          maps escapes to sc->maps at line 419 of src/util.c in function 'InsertRGBColormap'
          maps freed with XFree at line 406

Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
---
 src/util.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/util.c b/src/util.c
index 8e9dab9..e254cd5 100644
--- a/src/util.c
+++ b/src/util.c
@@ -403,7 +403,7 @@ InsertRGBColormap (Atom a, XStandardColormap *maps, int nmaps, Bool replace)
     }
 
     if (replace) {			/* just update contents */
-	if (sc->maps) XFree (maps);
+	if (sc->maps) XFree (sc->maps);
 	if (sc == Scr->StdCmapInfo.mru) Scr->StdCmapInfo.mru = NULL;
     } else {				/* else appending */
 	sc->next = NULL;
-- 
cgit v1.2.3