From 80e15775a512a35be1d57013c1c5cede3c8b5181 Mon Sep 17 00:00:00 2001
From: Carlos Garnacho <carlosg@gnome.org>
Date: Wed, 6 Sep 2023 18:13:00 +0200
Subject: [PATCH] compositor: Fix surface accounting at MetaWindowActor

When the actor gets a new "main" surface assigned, it adds the
new surface to the stack of surface actors, but forgets to remove
the old one.

This stale pointer in the array may cause invalid reads and crashes
after the assigned surface is disposed, e.g. when destroying the
MetaWindowActor tries to disconnect signals from all accounted
surface actors.

Fixes: 9a2c8b2592a4 ("window: Add suspend state")
Part-of: <https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/3252>
---
 src/compositor/meta-window-actor.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/compositor/meta-window-actor.c b/src/compositor/meta-window-actor.c
index e51fe041d..9074b24bb 100644
--- a/src/compositor/meta-window-actor.c
+++ b/src/compositor/meta-window-actor.c
@@ -367,6 +367,9 @@ meta_window_actor_real_assign_surface_actor (MetaWindowActor  *self,
   MetaWindowActorPrivate *priv =
     meta_window_actor_get_instance_private (self);
 
+  if (priv->surface)
+    meta_window_actor_remove_surface_actor (self, priv->surface);
+
   g_clear_object (&priv->surface);
   priv->surface = g_object_ref_sink (surface_actor);