compositor: inert wl_surface objects do not exist

There is no valid case, where you would actually destroy a
weston_surface, while leaving the wl_surface protocol object in
existence. Therefore, inert wl_surface objects do not exist, except
because of bugs.

To catch such bugs, check that the resource is really NULL before
actually destroying the weston_surface.

We actually used to have this check, but it was removed by:

	commit 9dadfb53526bc97d62dc01c165e8b6f722f7ea5a
	Author: Kristian Høgsberg <krh@bitplanet.net>
	Date:   Mon Jul 8 13:49:36 2013 -0400

	    compositor: Eliminate marshalling warning for leave events

However, the invariant was put back in:

	commit 0d379744d34e616fea840272deda6b7027f79f55
	Author: Giulio Camuffo <giuliocamuffo@gmail.com>
	Date:   Fri Nov 15 22:06:15 2013 +0100

	    compositor: set weston_surface:resource to NULL when destroyed

So apparently the issue fixed by 9dadfb53 was fixed another way later.

Signed-off-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>

diff --git a/src/compositor.c b/src/compositor.c
index e6a60bd3ced1ea8f43c5cabe24740cc38646ff1b..c94f00ff1efa6803f9628045668f624cbacbc250 100644 (file)
--- a/src/compositor.c
+++ b/src/compositor.c
@@ -1874,6 +1874,8 @@ weston_surface_destroy(struct weston_surface *surface)
        if (--surface->ref_count > 0)
                return;
 
+       assert(surface->resource == NULL);
+
        wl_signal_emit(&surface->destroy_signal, &surface->resource);
 
        assert(wl_list_empty(&surface->subsurface_list_pending));
@@ -1903,6 +1905,8 @@ destroy_surface(struct wl_resource *resource)
 {
        struct weston_surface *surface = wl_resource_get_user_data(resource);
 
+       assert(surface);
+
        /* Set the resource to NULL, since we don't want to leave a
         * dangling pointer if the surface was refcounted and survives
         * the weston_surface_destroy() call. */