From f0e023bff2f2a25ffe5ed3166f55f7274d17c6bc Mon Sep 17 00:00:00 2001
From: Tom Englund <tomenglund26@gmail.com>
Date: Fri, 25 Oct 2024 12:26:48 +0200
Subject: [PATCH] security-context: avoid UB in C macro (#8229)

to safely use wl_container_of with a class the class has to be no
virtual functions, no inheritance, and uniform access control (e.g all
public)

work around this by putting this into a destroywrapper struct.
---
 src/protocols/SecurityContext.cpp | 12 ++++++++----
 src/protocols/SecurityContext.hpp | 12 +++++++++---
 2 files changed, 17 insertions(+), 7 deletions(-)

diff --git a/src/protocols/SecurityContext.cpp b/src/protocols/SecurityContext.cpp
index b42c3a97..13428b91 100644
--- a/src/protocols/SecurityContext.cpp
+++ b/src/protocols/SecurityContext.cpp
@@ -22,7 +22,8 @@ SP<CSecurityContextSandboxedClient> CSecurityContextSandboxedClient::create(int
 }
 
 static void onSecurityContextClientDestroy(wl_listener* l, void* d) {
-    CSecurityContextSandboxedClient* client = wl_container_of(l, client, destroyListener);
+    CSecurityContextSandboxedClientDestroyWrapper* wrap   = wl_container_of(l, wrap, listener);
+    CSecurityContextSandboxedClient*               client = wrap->parent;
     client->onDestroy();
 }
 
@@ -31,12 +32,15 @@ CSecurityContextSandboxedClient::CSecurityContextSandboxedClient(int clientFD_)
     if (!client)
         return;
 
-    destroyListener.notify = ::onSecurityContextClientDestroy;
-    wl_client_add_destroy_late_listener(client, &destroyListener);
+    wl_list_init(&destroyListener.listener.link);
+    destroyListener.listener.notify = ::onSecurityContextClientDestroy;
+    destroyListener.parent          = this;
+    wl_client_add_destroy_late_listener(client, &destroyListener.listener);
 }
 
 CSecurityContextSandboxedClient::~CSecurityContextSandboxedClient() {
-    wl_list_remove(&destroyListener.link);
+    wl_list_remove(&destroyListener.listener.link);
+    wl_list_init(&destroyListener.listener.link);
     close(clientFD);
 }
 
diff --git a/src/protocols/SecurityContext.hpp b/src/protocols/SecurityContext.hpp
index 76313bcf..63f58bde 100644
--- a/src/protocols/SecurityContext.hpp
+++ b/src/protocols/SecurityContext.hpp
@@ -37,14 +37,20 @@ class CSecurityContextManagerResource {
     SP<CWpSecurityContextManagerV1> resource;
 };
 
+class CSecurityContextSandboxedClient;
+struct CSecurityContextSandboxedClientDestroyWrapper {
+    wl_listener                      listener;
+    CSecurityContextSandboxedClient* parent = nullptr;
+};
+
 class CSecurityContextSandboxedClient {
   public:
     static SP<CSecurityContextSandboxedClient> create(int clientFD);
     ~CSecurityContextSandboxedClient();
 
-    void        onDestroy();
+    void                                          onDestroy();
 
-    wl_listener destroyListener;
+    CSecurityContextSandboxedClientDestroyWrapper destroyListener;
 
   private:
     CSecurityContextSandboxedClient(int clientFD_);
@@ -81,4 +87,4 @@ class CSecurityContextProtocol : public IWaylandProtocol {
 
 namespace PROTO {
     inline UP<CSecurityContextProtocol> securityContext;
-};
\ No newline at end of file
+};