compositor: Fix crash when surface is map'd and unmap'd before repaint

If a surface is map'd and unmap'd before an output repaint occurs, it
is not added to the compositor's surface list, so the field
weston_surface::link might be invalid (the field is initialized on
weston_surface_create()), and it that case Weston will crash on the
call to wl_list_remove(&surface->link) in weston_surface_unmap().

Initialize the surface->link after the call to wl_list_remove() to make
sure a following call to wl_list_remove() won't cause a crash.

diff --git a/src/compositor.c b/src/compositor.c
index 0d07576..db49c35 100644 (file)
--- a/src/compositor.c
+++ b/src/compositor.c
@@ -661,6 +661,11 @@ weston_surface_unmap(struct weston_surface *surface)
        wl_list_remove(&surface->link);
        wl_list_remove(&surface->layer_link);
 
+       /* If a surface is mapped and unmapped before a repaint occurs, it
+        * won't be added to the compositor's surface list, so make sure the
+        * call to wl_list_remove(&surface->link) won't fail next time */
+       wl_list_init(&surface->link);
+
        wl_list_for_each(seat, &surface->compositor->seat_list, link) {
                if (seat->seat.keyboard &&
                    seat->seat.keyboard->focus == &surface->surface)