For anybody wondering what caused the bug. They forgot to set a pointer to null after free. Which caused the use after free, because their null checks didn't work.

Are there even any distros who still run Xorg as root?

Memory unsafe language strikes again. How much longer are we going to put up with this?

We're in 2023, and I'm still reading about pieces of software that can be exploited because of poor memory management (either unexpected reads, unexpected writes, or incorrect deallocation).

When I started diving into memory issues two decades ago, the younger version of me really thought that, 20 years down the line, we would have figured out better ways to deal with memory other than those buggy malloc, free, sprintf and strcat.

Guess what? We have! But way too much C/C++ code is still around. The X window system is 40 years old, some parts of its code literally stand on toothpicks and there's no one left around who still understands them, security flaws keep popping up once every 1-2 months, but it still powers nearly the entirity of the all the UIs that run on a UNIX - based system. Isn't that just insane?