mainnika
/
weston
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

window: remove pointers to widget on destroy

Browse Source 
Input devices may hold a pointer to the widget being destroyed. Reset
such pointers in widget_destroy().

This fixes a use-after-free in window_destroy(), if an application
destroys its widgets before the window.

Signed-off-by: Pekka Paalanen <ppaalanen@gmail.com>
dev
Pekka Paalanen 13 years ago
parent 4dde2fc6f6
commit e156fb681e
1 changed files with 8 additions and 3 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 11
      clients/window.c

11
clients/window.c
Unescape View File

@ -973,9 +973,6 @@ window_destroy(struct window *window)
wl_list_for_each(input, &display->input_list, link) {
if (input->pointer_focus == window)
input->pointer_focus = NULL;
if (input->focus_widget &&
input->focus_widget->window == window)
input->focus_widget = NULL;
if (input->keyboard_focus == window)
input->keyboard_focus = NULL;
}
@ -1056,6 +1053,14 @@ widget_add_widget(struct widget *parent, void *data)
void
widget_destroy(struct widget *widget)
{
struct display *display = widget->window->display;
struct input *input;
wl_list_for_each(input, &display->input_list, link) {
if (input->focus_widget == widget)
input->focus_widget = NULL;
}
wl_list_remove(&widget->link);
free(widget);
}

Write Preview
Loading…
Cancel
Save