From fc3e3cf6536aaf04600f944b6004cfb8cf38d94c Mon Sep 17 00:00:00 2001
From: zhou liang <liang.zhou@gehealthcare.com>
Date: Sat, 7 Jun 2025 03:28:10 +0000
Subject: [PATCH] compositor: prevent weston_surface references a destroyed
 output

weston_surface retains a pointer to its associated output, but if the
output is destroyed, the pointer becomes invalid. In set_fullscreen(),
weston_shell_utils_get_focused_output may return this stale output via
weston_keyboard, leading to a use-after-free crash.

This change ensures the output reference is cleared when the output is
destroyed, preventing potential crashes.

Signed-off-by: zhou liang <liang.zhou@gehealthcare.com>
---
 libweston/compositor.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/libweston/compositor.c b/libweston/compositor.c
index 108d1c7cf..399a632f7 100644
--- a/libweston/compositor.c
+++ b/libweston/compositor.c
@@ -1483,6 +1483,7 @@ notify_view_output_destroy(struct wl_listener *listener, void *data)
 		     struct weston_view, output_destroy_listener);
 
 	view->output = NULL;
+	view->surface->output = NULL;
 	view->output_destroy_listener.notify = NULL;
 }