From fa79aacea30eff5c4e3e094ceb98c316d53caefa Mon Sep 17 00:00:00 2001
From: Vaxry <vaxry@vaxry.net>
Date: Sat, 6 Apr 2024 18:43:10 +0100
Subject: [PATCH] constraint: fix possible uaf on double destruction

ref #5448
---
 src/desktop/Constraint.cpp | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/desktop/Constraint.cpp b/src/desktop/Constraint.cpp
index e78583217..dfe8d2170 100644
--- a/src/desktop/Constraint.cpp
+++ b/src/desktop/Constraint.cpp
@@ -3,6 +3,9 @@
 #include "../Compositor.hpp"
 
 CConstraint::CConstraint(wlr_pointer_constraint_v1* constraint, CWLSurface* owner) : m_pOwner(owner), m_pConstraint(constraint) {
+    RASSERT(!constraint->data, "CConstraint: attempted to duplicate ownership");
+
+    constraint->data = this;
     initSignals();
 
     m_vCursorPosOnActivate = g_pInputManager->getMouseCoordsInternal();
@@ -97,13 +100,13 @@ void CConstraint::deactivate() {
 
     m_bActive = false;
 
-    wlr_pointer_constraint_v1_send_deactivated(m_pConstraint);
-
     if (isLocked())
         g_pCompositor->warpCursorTo(logicPositionHint(), true);
 
     if (m_pConstraint->lifetime == ZWP_POINTER_CONSTRAINTS_V1_LIFETIME_ONESHOT)
         m_bDead = true;
+
+    wlr_pointer_constraint_v1_send_deactivated(m_pConstraint);
 }
 
 void CConstraint::activate() {