From f9d3cc956df5715e7c1772153d551a37b56e2852 Mon Sep 17 00:00:00 2001
From: Nathan Mills <38995150+Quipyowert2@users.noreply.github.com>
Date: Sun, 7 Feb 2021 16:49:18 -0800
Subject: [PATCH] Fix double free.

When a command starting with an asterisk was encountered, ModuleConfig
was called, which calls AddToModList which frees its argument
sometimes. Then __execute_function tries to free the same pointer
again. This commit fixes this by only freeing rline in AddToModList if
it points at xasprintf'd memory, as freeing the memory from xasprintf
won't invalidate expaction.

Fixes #425.
---
 fvwm/modconf.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)
 mode change 100644 => 100755 fvwm/modconf.c

diff --git a/fvwm/modconf.c b/fvwm/modconf.c
old mode 100644
new mode 100755
index f45bafdf6..ddbe96773
--- a/fvwm/modconf.c
+++ b/fvwm/modconf.c
@@ -154,7 +154,10 @@ static struct moduleInfoList *AddToModList(char *tline)
 	this->data = expand_vars(rline, NULL, False, True, NULL, exc);
 	strcpy(this->data, rline);
 	exc_destroy_context(exc);
-	free(rline);
+	/* Free rline only if it is xasprintf'd memory (not pointing at tline
+	 * anymore). If we free our tline argument it causes a crash in __execute_function. */
+	if (rline != tline)
+		free(rline);
 
 	this->next = NULL;
 	if(prev == NULL)