core: set resource to nullptr in onDestroyCalled

if the consumer does not free this resource within onDestroy, we'd be doing a UAF later in the ~dtor
hyprwm · Jun 7, 2024 · f84ca21 · f84ca21
1 parent b06c0b8
commit f84ca21
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/src/main.cpp b/src/main.cpp
@@ -746,7 +746,7 @@ const wl_interface {} = {{
 
     // if we still own the wayland resource,
     // it means we need to destroy it.
-    if (wl_resource_get_user_data(pResource) == this) {{
+    if (pResource && wl_resource_get_user_data(pResource) == this) {{
         wl_resource_set_user_data(pResource, nullptr);
         wl_resource_destroy(pResource);
     }}
@@ -757,6 +757,11 @@ void {}::onDestroyCalled() {{
     wl_list_remove(&resourceDestroyListener.link);
     wl_list_init(&resourceDestroyListener.link);
 
+    // set the resource to nullptr,
+    // as it will be freed. If the consumer does not destroy this resource
+    // in onDestroy here, we'd be doing a UAF in the ~dtor
+    pResource = nullptr;
+
     if (onDestroy)
         onDestroy(this);
 }}