core: set resource to nullptr in onDestroyCalled

if the consumer does not free this resource within onDestroy, we'd be doing a UAF later in the ~dtor
This commit is contained in:
Vaxry 2024-06-07 11:04:54 +02:00
parent b06c0b8e56
commit f84ca21ed8

View file

@ -746,7 +746,7 @@ const wl_interface {} = {{
// if we still own the wayland resource, // if we still own the wayland resource,
// it means we need to destroy it. // it means we need to destroy it.
if (wl_resource_get_user_data(pResource) == this) {{ if (pResource && wl_resource_get_user_data(pResource) == this) {{
wl_resource_set_user_data(pResource, nullptr); wl_resource_set_user_data(pResource, nullptr);
wl_resource_destroy(pResource); wl_resource_destroy(pResource);
}} }}
@ -757,6 +757,11 @@ void {}::onDestroyCalled() {{
wl_list_remove(&resourceDestroyListener.link); wl_list_remove(&resourceDestroyListener.link);
wl_list_init(&resourceDestroyListener.link); wl_list_init(&resourceDestroyListener.link);
// set the resource to nullptr,
// as it will be freed. If the consumer does not destroy this resource
// in onDestroy here, we'd be doing a UAF in the ~dtor
pResource = nullptr;
if (onDestroy) if (onDestroy)
onDestroy(this); onDestroy(this);
}} }}