[PATCH weston] xwm: Fix a weston crash when a window surface is created after unmap

[Derek Foreman]

If windows are created and quickly destroyed it's possible that they'll be
on the unpaired window list at the time of surface creation.  The surface
destroy listener for that surface isn't properly freed and a crash happens
some time later.

This patch removes the window from the unpaired list during unmap, so we
should never get to the destroy handler with a surface destroy listener set.

Just in case there's another path to that failure, I've also removed the
surface destroy listener in the destory handler.

Signed-off-by: Derek Foreman <derekf at osg.samsung.com>
---

This applies on top of my earlier xwm patch (Add and use helper function...)
and stops a very hard to trigger segfault in weston.

 xwayland/window-manager.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/xwayland/window-manager.c b/xwayland/window-manager.c
index 5d22ded..cab7e20 100644
--- a/xwayland/window-manager.c
+++ b/xwayland/window-manager.c
@@ -1001,6 +1001,14 @@ weston_wm_handle_unmap_notify(struct weston_wm *wm, xcb_generic_event_t *event)
 	if (!wm_lookup_window(wm, unmap_notify->window, &window))
 		return;
 
+	if (window->surface_id) {
+		/* Make sure we're not on the unpaired surface list or we
+		 * could be assigned a surface during surface creation that
+		 * was mapped before this unmap request.
+		 */
+		wl_list_remove(&window->link);
+		window->surface_id = 0;
+	}
 	if (wm->focus_window == window)
 		wm->focus_window = NULL;
 	if (window->surface)
@@ -1207,6 +1215,9 @@ weston_wm_window_destroy(struct weston_wm_window *window)
 	if (window->surface_id)
 		wl_list_remove(&window->link);
 
+	if (window->surface)
+		wl_list_remove(&window->surface_destroy_listener.link);
+
 	hash_table_remove(window->wm->window_hash, window->id);
 	free(window);
 }
-- 
2.1.4