From 2585f322cba40baa1dc3741f9871571bd2db8b78 Mon Sep 17 00:00:00 2001
From: Simon Ser <contact@emersion.fr>
Date: Tue, 12 Jan 2021 10:45:14 +0100
Subject: render/gles2: fix EGL use-after-free

The wlr_egl was cleaned up too early.

While at it, also fix a memory leak.

Fixes: b899a412e3eb ("backend: remove wlr_egl from all backends")
---
 render/gles2/renderer.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'render')

diff --git a/render/gles2/renderer.c b/render/gles2/renderer.c
index 6ae5e843..2a78eb3e 100644
--- a/render/gles2/renderer.c
+++ b/render/gles2/renderer.c
@@ -674,7 +674,6 @@ static void gles2_destroy(struct wlr_renderer *wlr_renderer) {
 	struct wlr_gles2_renderer *renderer = gles2_get_renderer(wlr_renderer);
 
 	wlr_egl_make_current(renderer->egl, EGL_NO_SURFACE, NULL);
-	wlr_egl_finish(renderer->egl);
 
 	struct wlr_gles2_buffer *buffer, *buffer_tmp;
 	wl_list_for_each_safe(buffer, buffer_tmp, &renderer->buffers, link) {
@@ -696,6 +695,9 @@ static void gles2_destroy(struct wlr_renderer *wlr_renderer) {
 
 	wlr_egl_unset_current(renderer->egl);
 
+	wlr_egl_finish(renderer->egl);
+	free(renderer->egl);
+
 	if (renderer->drm_fd >= 0) {
 		close(renderer->drm_fd);
 	}
-- 
cgit v1.2.3