From 20b4515c24458d7b556b08a18f7a6c12c0709ae5 Mon Sep 17 00:00:00 2001 From: Thomas Goyne Date: Sun, 29 Dec 2013 11:44:22 -0800 Subject: [PATCH] Fix potential use-after-frees on redo Don't delete the old copy of the file until after the new version is committed to avoid a use-after-free when code tries to do things with the active line in a COMMIT_NEW handler, as just trying to avoid doing that hasn't really worked out. --- aegisub/src/subs_controller.cpp | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/aegisub/src/subs_controller.cpp b/aegisub/src/subs_controller.cpp index a03051069..bd4ccd072 100644 --- a/aegisub/src/subs_controller.cpp +++ b/aegisub/src/subs_controller.cpp @@ -323,9 +323,12 @@ void SubsController::Redo() { context->ass->swap(redo_stack.back().file); commit_id = redo_stack.back().commit_id; undo_stack.emplace_back(*context->ass, redo_stack.back().undo_description, commit_id); - redo_stack.pop_back(); context->ass->Commit("", AssFile::COMMIT_NEW); + + // Done after commit so that the old active line and selection stay alive + // while the commit is being processed + redo_stack.pop_back(); } wxString SubsController::GetUndoDescription() const {