[PATCH wayland 2/5] server: set map entry to NULL after resource is destroyed

[Marek Chalupa]

We did it only for client entries for some reason, so when
we used wl_client_get_object() for some server object that
has been destroyed, we got dangling pointer.

NOTE: this is basically an API change, since it changes
the return value of wl_client_get_object() in some corner cases.
However, now we return NULL insted of a pointer to invalid memory,
which could be OK API break.

Signed-off-by: Marek Chalupa <mchqwerty at gmail.com>
---
 src/wayland-server.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/src/wayland-server.c b/src/wayland-server.c
index f745e62..c93a426 100644
--- a/src/wayland-server.c
+++ b/src/wayland-server.c
@@ -562,16 +562,20 @@ destroy_resource(void *element, void *data)
 {
 	struct wl_resource *resource = element;
 	struct wl_client *client = resource->client;
+	uint32_t id = resource->object.id;
 	uint32_t flags;
 
 	wl_signal_emit(&resource->destroy_signal, resource);
 
-	flags = wl_map_lookup_flags(&client->objects, resource->object.id);
+	flags = wl_map_lookup_flags(&client->objects, id);
 	if (resource->destroy)
 		resource->destroy(resource);
 
 	if (!(flags & WL_MAP_ENTRY_LEGACY))
 		free(resource);
+
+	/* replace the object with NULL since it is destroyed */
+	wl_map_insert_at(&client->objects, 0, id, NULL);
 }
 
 WL_EXPORT void
@@ -584,11 +588,9 @@ wl_resource_destroy(struct wl_resource *resource)
 	destroy_resource(resource, NULL);
 
 	if (id < WL_SERVER_ID_START) {
-		if (client->display_resource) {
+		if (client->display_resource)
 			wl_resource_queue_event(client->display_resource,
 						WL_DISPLAY_DELETE_ID, id);
-		}
-		wl_map_insert_at(&client->objects, 0, id, NULL);
 	} else {
 		wl_map_remove(&client->objects, id);
 	}
-- 
2.5.5