From d2b36b7bd1847ff9e3748bff5edbbf9b2ea8a71a Mon Sep 17 00:00:00 2001
From: Kirill Primak <vyivel@eclair.cafe>
Date: Sat, 8 Jan 2022 22:52:55 +0300
Subject: [PATCH] xdg-shell: fix potential use-after-free

---
 types/xdg_shell/wlr_xdg_popup.c    | 1 +
 types/xdg_shell/wlr_xdg_toplevel.c | 1 +
 2 files changed, 2 insertions(+)

diff --git a/types/xdg_shell/wlr_xdg_popup.c b/types/xdg_shell/wlr_xdg_popup.c
index 17b71cd4..6f887fca 100644
--- a/types/xdg_shell/wlr_xdg_popup.c
+++ b/types/xdg_shell/wlr_xdg_popup.c
@@ -331,6 +331,7 @@ void create_xdg_popup(struct wlr_xdg_surface *surface,
 		wl_resource_get_version(surface->resource), id);
 	if (surface->popup->resource == NULL) {
 		free(surface->popup);
+		surface->popup = NULL;
 		wl_resource_post_no_memory(surface->resource);
 		return;
 	}
diff --git a/types/xdg_shell/wlr_xdg_toplevel.c b/types/xdg_shell/wlr_xdg_toplevel.c
index 8bbec935..ed7ecadd 100644
--- a/types/xdg_shell/wlr_xdg_toplevel.c
+++ b/types/xdg_shell/wlr_xdg_toplevel.c
@@ -475,6 +475,7 @@ void create_xdg_toplevel(struct wlr_xdg_surface *surface,
 		wl_resource_get_version(surface->resource), id);
 	if (surface->toplevel->resource == NULL) {
 		free(surface->toplevel);
+		surface->toplevel = NULL;
 		wl_resource_post_no_memory(surface->resource);
 		return;
 	}