desktop-shell: don't crash if a surface disappears while grabbed

A surface can get destroyed while a shell grab is active, which can
for example happen if the command running in weston-terminal exits.

When a surface gets destroyed, grab->shsurf is reset to NULL by
destroy_shell_grab_shsurf(), but otherwise the grab remains active and
its callbacks continue to be called. Thus, dereferencing grab->shsurf
in a callback without checking it for NULL first can lead to undefined
behavior, including crashes.

Several functions were already properly checking grab->shsurf for NULL,
move_grab_motion() being one example. Others, however, were not, which
is what this commit fixes.

Related to https://gitlab.freedesktop.org/wayland/weston/issues/192

Signed-off-by: Sergey Bugaev <bugaevc@gmail.com>

desktop-shell/shell.c

@@ -3559,8 +3559,7 @@ rotate_grab_motion(struct weston_pointer_grab *grab,
 		container_of(grab, struct rotate_grab, base.grab);
 	struct weston_pointer *pointer = grab->pointer;
 	struct shell_surface *shsurf = rotate->base.shsurf;
-	struct weston_surface *surface =
+	struct weston_surface *surface;
-		weston_desktop_surface_get_surface(shsurf->desktop_surface);
 	float cx, cy, dx, dy, cposx, cposy, dposx, dposy, r;
 
 	weston_pointer_move(pointer, event);
@@ -3568,6 +3567,8 @@ rotate_grab_motion(struct weston_pointer_grab *grab,
 	if (!shsurf)
 		return;
 
+	surface = weston_desktop_surface_get_surface(shsurf->desktop_surface);
+
 	cx = 0.5f * surface->width;
 	cy = 0.5f * surface->height;