From 14ef201295724f5c9ed254979845d0a2d5988bd3 Mon Sep 17 00:00:00 2001 From: Sergey Bugaev Date: Mon, 11 Feb 2019 22:55:09 +0300 Subject: [PATCH] desktop-shell: don't crash if a surface disappears while grabbed A surface can get destroyed while a shell grab is active, which can for example happen if the command running in weston-terminal exits. When a surface gets destroyed, grab->shsurf is reset to NULL by destroy_shell_grab_shsurf(), but otherwise the grab remains active and its callbacks continue to be called. Thus, dereferencing grab->shsurf in a callback without checking it for NULL first can lead to undefined behavior, including crashes. Several functions were already properly checking grab->shsurf for NULL, move_grab_motion() being one example. Others, however, were not, which is what this commit fixes. Related to https://gitlab.freedesktop.org/wayland/weston/issues/192 Signed-off-by: Sergey Bugaev --- desktop-shell/shell.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/desktop-shell/shell.c b/desktop-shell/shell.c index aac23ac7..34b44753 100644 --- a/desktop-shell/shell.c +++ b/desktop-shell/shell.c @@ -3559,8 +3559,7 @@ rotate_grab_motion(struct weston_pointer_grab *grab, container_of(grab, struct rotate_grab, base.grab); struct weston_pointer *pointer = grab->pointer; struct shell_surface *shsurf = rotate->base.shsurf; - struct weston_surface *surface = - weston_desktop_surface_get_surface(shsurf->desktop_surface); + struct weston_surface *surface; float cx, cy, dx, dy, cposx, cposy, dposx, dposy, r; weston_pointer_move(pointer, event); @@ -3568,6 +3567,8 @@ rotate_grab_motion(struct weston_pointer_grab *grab, if (!shsurf) return; + surface = weston_desktop_surface_get_surface(shsurf->desktop_surface); + cx = 0.5f * surface->width; cy = 0.5f * surface->height; -- 2.34.1