We did it only for client entries for some reason, so when we used wl_client_get_object() for some server object that has been destroyed, we got dangling pointer.
NOTE: this is basically an API change, since it changes the return value of wl_client_get_object() in some corner cases. However, now we return NULL insted of a pointer to invalid memory, which could be OK API break. Signed-off-by: Marek Chalupa <[email protected]> --- src/wayland-server.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/src/wayland-server.c b/src/wayland-server.c index f745e62..c93a426 100644 --- a/src/wayland-server.c +++ b/src/wayland-server.c @@ -562,16 +562,20 @@ destroy_resource(void *element, void *data) { struct wl_resource *resource = element; struct wl_client *client = resource->client; + uint32_t id = resource->object.id; uint32_t flags; wl_signal_emit(&resource->destroy_signal, resource); - flags = wl_map_lookup_flags(&client->objects, resource->object.id); + flags = wl_map_lookup_flags(&client->objects, id); if (resource->destroy) resource->destroy(resource); if (!(flags & WL_MAP_ENTRY_LEGACY)) free(resource); + + /* replace the object with NULL since it is destroyed */ + wl_map_insert_at(&client->objects, 0, id, NULL); } WL_EXPORT void @@ -584,11 +588,9 @@ wl_resource_destroy(struct wl_resource *resource) destroy_resource(resource, NULL); if (id < WL_SERVER_ID_START) { - if (client->display_resource) { + if (client->display_resource) wl_resource_queue_event(client->display_resource, WL_DISPLAY_DELETE_ID, id); - } - wl_map_insert_at(&client->objects, 0, id, NULL); } else { wl_map_remove(&client->objects, id); } -- 2.5.5 _______________________________________________ wayland-devel mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/wayland-devel
