commit f8405c929e03f5dbe8ed41ede81cba7fad2d4a65
from: Stefan Sperling <stsp@stsp.name>
date: Sun Sep 02 11:45:01 2018 UTC

fix tog use-after-free via stale view->parent pointer

commit - 1a57306adedf8027b8f137105f39783cec2d75a9
commit + f8405c929e03f5dbe8ed41ede81cba7fad2d4a65
blob - 72a9f585af0ad899ef3958b0c733ba7cc849c919
blob + 8df3d9c4d29edb579f6b3e27749041df3ab69cb5
--- tog/tog.c
+++ tog/tog.c
@@ -466,6 +466,10 @@ view_loop(struct tog_view *view)
 			break;
 		if (dead_view) {
 			TAILQ_REMOVE(&views, dead_view, entry);
+			TAILQ_FOREACH(view, &views, entry) {
+				if (view->parent == dead_view)
+					view->parent = NULL;
+			}
 			if (dead_view->parent)
 				view = dead_view->parent;
 			else