# HG changeset patch
# User Olaf Wintermann <olaf.wintermann@gmail.com>
# Date 1686511294 -7200
# Node ID 283d3d7a657ac154cbc65df503b609059161400d
# Parent  8776125fd49c1cd03821d2cc100e193fb3641962
fix UAF in davql select exec

diff -r 8776125fd49c -r 283d3d7a657a libidav/davqlexec.c
--- a/libidav/davqlexec.c	Fri Jun 09 22:37:17 2023 +0200
+++ b/libidav/davqlexec.c	Sun Jun 11 21:21:34 2023 +0200
@@ -622,12 +622,12 @@
     
     // do a propfind request for each resource on the stack
     while(stack->size > 0) {
-        DavQLRes *sr = cxListAt(stack, 0); // get first element from the stack
-        cxListRemove(stack, 0);
+        DavQLRes *sr_ptr = cxListAt(stack, 0); // get first element from the stack
+        DavResource *root = sr_ptr->resource;
+        int res_depth = sr_ptr->depth;
         cxListRemove(stack, 0); // remove first element
-        DavResource *root = sr->resource;
         
-        util_set_url(sn, dav_resource_get_href(sr->resource));
+        util_set_url(sn, dav_resource_get_href(root));
         CURLcode ret = do_propfind_request(sn, rqbuf, rpbuf);
         long http_status = 0;
         curl_easy_getinfo(sn->handle, CURLINFO_RESPONSE_CODE, &http_status);
@@ -702,11 +702,11 @@
                                 //resource_add_child(root, child);
                                 resource_add_ordered_child(root, child, ordercr);
                                 if(child->iscollection &&
-                                    (depth < 0 || depth > sr->depth+1))
+                                    (depth < 0 || depth > res_depth+1))
                                 {
                                     DavQLRes rs;
                                     rs.resource = child;
-                                    rs.depth = sr->depth + 1;
+                                    rs.depth = res_depth + 1;
                                     cxListInsert(stack, 0, &rs);
                                 }
                             } else {