e_explicit_sync: fix use after free

if e_explicit_sync_surface is destroyed before e_client is deleted,
e_explicit_sync_surface is used after it is freed
in _e_explicit_sync_surface_cb_before_surface_commit because
hook is not deleted.

Change-Id: I0a2d8336365dbe85b37bc46e9d8de0e8fe33f12e

diff --git a/src/bin/e_explicit_sync.c b/src/bin/e_explicit_sync.c
index 89e72ef4a0663f03a2232599aa9880ab2264acf7..86c26b901ac834c03208fce8397267c6e14a1ab6 100644 (file)
--- a/src/bin/e_explicit_sync.c
+++ b/src/bin/e_explicit_sync.c
@@ -335,6 +335,12 @@ _e_explicit_sync_surface_cb_resource_destroy(struct wl_resource *resource)
 
    EX_SYNC_TRACE("Explicit_Sync Surface:%p Destroy", explicit_sync_surface->ec, explicit_sync_surface);
 
+   if (explicit_sync_surface->before_surface_commit_hook)
+     {
+        e_comp_wl_hook_del(explicit_sync_surface->before_surface_commit_hook);
+        explicit_sync_surface->before_surface_commit_hook = NULL;
+     }
+
    if (explicit_sync_surface->pending_acquire_fence_fd != -1)
      _e_explicit_sync_fd_clear(&explicit_sync_surface->pending_acquire_fence_fd);