From 933208837d5bc4a7a5fa0f6d4d6a38313fdae06a Mon Sep 17 00:00:00 2001 From: Simon Ser Date: Tue, 23 Apr 2019 22:33:31 +0300 Subject: [PATCH] backend/wayland: fix wlr_wl_pointer use-after-free --- backend/wayland/wl_seat.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/backend/wayland/wl_seat.c b/backend/wayland/wl_seat.c index 6c8eb4f3b..6648f97ed 100644 --- a/backend/wayland/wl_seat.c +++ b/backend/wayland/wl_seat.c @@ -331,6 +331,11 @@ struct wlr_wl_pointer *pointer_get_wl(struct wlr_pointer *wlr_pointer) { static void pointer_destroy(struct wlr_pointer *wlr_pointer) { struct wlr_wl_pointer *pointer = pointer_get_wl(wlr_pointer); + + if (pointer->output->backend->current_pointer == pointer) { + pointer->output->backend->current_pointer = NULL; + } + wl_list_remove(&pointer->output_destroy.link); free(pointer); }