desktop-shell: don't crash if a surface disappears while grabbed

A surface can get destroyed while a shell grab is active, which can
for example happen if the command running in weston-terminal exits.

When a surface gets destroyed, grab->shsurf is reset to NULL by
destroy_shell_grab_shsurf(), but otherwise the grab remains active and
its callbacks continue to be called. Thus, dereferencing grab->shsurf
in a callback without checking it for NULL first can lead to undefined
behavior, including crashes.

Several functions were already properly checking grab->shsurf for NULL,
move_grab_motion() being one example. Others, however, were not, which
is what this commit fixes.

Related to https://gitlab.freedesktop.org/wayland/weston/issues/192

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>

diff --git a/desktop-shell/shell.c b/desktop-shell/shell.c
index aac23ac7c4e837a52fdcb7debde9a200e8b768fd..34b4475394e662c539f3f6abdd02090979d9e839 100644 (file)
--- a/desktop-shell/shell.c
+++ b/desktop-shell/shell.c
@@ -3559,8 +3559,7 @@ rotate_grab_motion(struct weston_pointer_grab *grab,
                container_of(grab, struct rotate_grab, base.grab);
        struct weston_pointer *pointer = grab->pointer;
        struct shell_surface *shsurf = rotate->base.shsurf;
-       struct weston_surface *surface =
-               weston_desktop_surface_get_surface(shsurf->desktop_surface);
+       struct weston_surface *surface;
        float cx, cy, dx, dy, cposx, cposy, dposx, dposy, r;
 
        weston_pointer_move(pointer, event);
@@ -3568,6 +3567,8 @@ rotate_grab_motion(struct weston_pointer_grab *grab,
        if (!shsurf)
                return;
 
+       surface = weston_desktop_surface_get_surface(shsurf->desktop_surface);
+
        cx = 0.5f * surface->width;
        cy = 0.5f * surface->height;