wayland-client: Delete pthread_key before iterating thread_data

As iterating the list of thread_data on disconnect, if a thread_data
referred by 'th_data_next' got freed by a thread exiting, then illegal
access would have happened.

To prevent destroy_thread_data() from calling by a thread exiting while
iterating the list of thread_data, this patch deletes pthread_key before
iterating the list.

Change-Id: I1b1616ec02bd3a7a45157b51e1913f9fea79388f

diff --git a/src/wayland-client.c b/src/wayland-client.c
index 0e01c92..12418a6 100644 (file)
--- a/src/wayland-client.c
+++ b/src/wayland-client.c
@@ -1623,12 +1623,12 @@ wl_display_disconnect(struct wl_display *display)
                tid = thread_data->tid;
        }
 
-       wl_list_for_each_safe(thread_data, th_data_next, &display->threads, link)
-               destroy_thread_data(thread_data);
-
        pthread_setspecific(display->thread_data_key, NULL);
        pthread_key_delete(display->thread_data_key);
 
+       wl_list_for_each_safe(thread_data, th_data_next, &display->threads, link)
+               destroy_thread_data(thread_data);
+
        wl_connection_destroy(display->connection);
        wl_map_for_each(&display->objects, free_zombies, NULL);
        wl_map_release(&display->objects);