From f84ca21ed84e6657a8d239ff5e02d4a0b0e29957 Mon Sep 17 00:00:00 2001
From: Vaxry <vaxry@vaxry.net>
Date: Fri, 7 Jun 2024 11:04:54 +0200
Subject: [PATCH] core: set resource to nullptr in onDestroyCalled

if the consumer does not free this resource within onDestroy, we'd be doing a UAF later in the ~dtor
---
 src/main.cpp | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/main.cpp b/src/main.cpp
index bf423cf..c0af877 100644
--- a/src/main.cpp
+++ b/src/main.cpp
@@ -746,7 +746,7 @@ const wl_interface {} = {{
 
     // if we still own the wayland resource,
     // it means we need to destroy it.
-    if (wl_resource_get_user_data(pResource) == this) {{
+    if (pResource && wl_resource_get_user_data(pResource) == this) {{
         wl_resource_set_user_data(pResource, nullptr);
         wl_resource_destroy(pResource);
     }}
@@ -757,6 +757,11 @@ void {}::onDestroyCalled() {{
     wl_list_remove(&resourceDestroyListener.link);
     wl_list_init(&resourceDestroyListener.link);
 
+    // set the resource to nullptr,
+    // as it will be freed. If the consumer does not destroy this resource
+    // in onDestroy here, we'd be doing a UAF in the ~dtor
+    pResource = nullptr;
+
     if (onDestroy)
         onDestroy(this);
 }}