From cc874f5d336250c54303aae79d24f7105eaec417 Mon Sep 17 00:00:00 2001
From: Carlos Garnacho <carlosg@gnome.org>
Date: Tue, 5 Sep 2023 17:44:18 +0200
Subject: [PATCH] x11: Avoid poking MetaCompositor during MetaDisplay
 destruction

Commit 9c3b130f67 changed slightly destruction order to handle use-after-free
situations, but missed a small new one introduced by the order change: The
MetaX11Display may schedule callbacks through MetaLaters, which depend on the
MetaCompositor, which is now freed before the MetaX11Display.

Since there is no winning move here, make the MetaX11Display aware of this
by avoiding to remove the callback if the MetaCompositor is already gone.
The MetaLaters infrastructure is already fully freed at this point (incl. the
data it contained), so this shouldn't be a leak.

Fixes: 9c3b130f67 ("display: Fix destruction order")
Part-of: <https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/3247>
---
 src/x11/meta-x11-display.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/src/x11/meta-x11-display.c b/src/x11/meta-x11-display.c
index 16cab06d8..d78dfc828 100644
--- a/src/x11/meta-x11-display.c
+++ b/src/x11/meta-x11-display.c
@@ -1660,9 +1660,14 @@ meta_x11_display_remove_cursor_later (MetaX11Display *x11_display)
   if (x11_display->reload_x11_cursor_later)
     {
       MetaDisplay *display = x11_display->display;
-      MetaLaters *laters = meta_compositor_get_laters (display->compositor);
 
-      meta_laters_remove (laters, x11_display->reload_x11_cursor_later);
+      /* May happen during destruction */
+      if (display->compositor)
+        {
+          MetaLaters *laters = meta_compositor_get_laters (display->compositor);
+          meta_laters_remove (laters, x11_display->reload_x11_cursor_later);
+        }
+
       x11_display->reload_x11_cursor_later = 0;
     }
 }