From 53126bf008a03cc70e3922bdb5741ad01aafaf21 Mon Sep 17 00:00:00 2001
From: Carlos Garnacho <carlosg@gnome.org>
Date: Fri, 24 Feb 2023 12:55:30 +0100
Subject: [PATCH] x11: Prevent use-after-free if a filter is removed during
 handling

Keep a pointer to the next element, to protect against filters removing
themselves.

Closes: https://gitlab.gnome.org/GNOME/mutter/-/issues/2640
Part-of: <https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/2868>
---
 src/x11/meta-x11-display.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/x11/meta-x11-display.c b/src/x11/meta-x11-display.c
index bda4c3d87..1bf37d6ca 100644
--- a/src/x11/meta-x11-display.c
+++ b/src/x11/meta-x11-display.c
@@ -2523,11 +2523,14 @@ meta_x11_display_run_event_funcs (MetaX11Display *x11_display,
                                   XEvent         *xevent)
 {
   MetaX11EventFilter *filter;
-  GList *l;
+  GList *next, *l = x11_display->event_funcs;
 
-  for (l = x11_display->event_funcs; l; l = l->next)
+  while (l)
     {
       filter = l->data;
+      next = l->next;
+
       filter->func (x11_display, xevent, filter->user_data);
+      l = next;
     }
 }