From 8714657d7bc6850a9d9c0591767bf13e80a55186 Mon Sep 17 00:00:00 2001
From: Simon Ser <contact@emersion.fr>
Date: Thu, 22 Jun 2023 16:28:43 +0200
Subject: [PATCH] xwayland: unset wlr_xwayland.server on destroy

This fixes a use-after-free in the Sway patch to filter the Xwayland
shell [1].

The server is destroyed first, then the shell. The Xwayland process
might still be using the shell while running.

When the shell is destroyed, libwayland will invoke the global
filter (to figure out whether to send a wl_registry.global_remove
to clients). Then Sway will compare the client with
wlr_xwayland_server.client. However, at that point, the server is
gone.

Reset the server to NULL so that Sway can check whether the server
is still running.

[1]: https://github.com/swaywm/sway/pull/7647
---
 xwayland/xwayland.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/xwayland/xwayland.c b/xwayland/xwayland.c
index 75c09f31..7f3a6eae 100644
--- a/xwayland/xwayland.c
+++ b/xwayland/xwayland.c
@@ -75,6 +75,7 @@ void wlr_xwayland_destroy(struct wlr_xwayland *xwayland) {
 
 	wlr_xwayland_set_seat(xwayland, NULL);
 	wlr_xwayland_server_destroy(xwayland->server);
+	xwayland->server = NULL;
 	wlr_xwayland_shell_v1_destroy(xwayland->shell_v1);
 	free(xwayland);
 }