From 08ac192b9d99d9c8c0fff484d803f10740e7e415 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jonas=20=C3=85dahl?= Date: Mon, 25 Apr 2016 18:42:57 +0800 Subject: [PATCH] wayland: Handle wl_data_device being destroyed while focused A wl_data_device object may be created while it is being focused, either because the client destroyed it or because the client was destroyed. Handle this by early out in focus handler vfuncs the case where it was destroyed, so that we don't corrupt memory and/or cause segmentation fault. https://bugzilla.gnome.org/show_bug.cgi?id=765062 --- src/wayland/meta-wayland-data-device.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/src/wayland/meta-wayland-data-device.c b/src/wayland/meta-wayland-data-device.c index c7b324f65..96d03c978 100644 --- a/src/wayland/meta-wayland-data-device.c +++ b/src/wayland/meta-wayland-data-device.c @@ -1424,9 +1424,10 @@ meta_wayland_drag_dest_focus_out (MetaWaylandDataDevice *data_device, { MetaWaylandDragGrab *grab = data_device->current_grab; - if (grab->drag_focus_data_device) - wl_data_device_send_leave (grab->drag_focus_data_device); + if (!grab->drag_focus_data_device) + return; + wl_data_device_send_leave (grab->drag_focus_data_device); wl_list_remove (&grab->drag_focus_listener.link); grab->drag_focus_data_device = NULL; } @@ -1439,6 +1440,9 @@ meta_wayland_drag_dest_motion (MetaWaylandDataDevice *data_device, MetaWaylandDragGrab *grab = data_device->current_grab; wl_fixed_t sx, sy; + if (!grab->drag_focus_data_device) + return; + meta_wayland_pointer_get_relative_coordinates (grab->generic.pointer, grab->drag_focus, &sx, &sy); @@ -1453,6 +1457,9 @@ meta_wayland_drag_dest_drop (MetaWaylandDataDevice *data_device, { MetaWaylandDragGrab *grab = data_device->current_grab; + if (!grab->drag_focus_data_device) + return; + wl_data_device_send_drop (grab->drag_focus_data_device); }