From 00dcc68e16bce6d581355eac4156d89422c3ff64 Mon Sep 17 00:00:00 2001
From: Alexander Orzechowski <alex@ozal.ski>
Date: Sun, 17 Sep 2023 01:27:43 -0400
Subject: [PATCH] cursor: Unset cursor image when there is not available
 xcursor theme

This fixes a crash in the case where the last cursor was a client surface
cursor but then transitioned into a server managed xcursor that isn't
available. Because the logic would return early before, we would continue
to reference a texture pointer belonging to a client surface but would
otherwise disassociate with it (we wouldn't clear the cursor if the surface
is destroyed) resulting an an eventual UAF.

Let's just make the cursor invisible if we don't know what to show. It's
compositor policy if they want to show a default.

Co-authored-by: Scott Moreau <oreaus@gmail.com>
Fixes: #3686
---
 types/wlr_cursor.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/types/wlr_cursor.c b/types/wlr_cursor.c
index a228bc9f..8c995c22 100644
--- a/types/wlr_cursor.c
+++ b/types/wlr_cursor.c
@@ -550,7 +550,12 @@ static void cursor_output_cursor_update(struct wlr_cursor_output_cursor *output_
 		float scale = output_cursor->output_cursor->output->scale;
 		wlr_xcursor_manager_load(manager, scale);
 		struct wlr_xcursor *xcursor = wlr_xcursor_manager_get_xcursor(manager, name, scale);
-		if (xcursor == NULL || output_cursor->xcursor == xcursor) {
+		if (xcursor == NULL) {
+			wlr_output_cursor_set_buffer(output_cursor->output_cursor, NULL, 0, 0);
+			return;
+		}
+
+		if (output_cursor->xcursor == xcursor) {
 			return;
 		}