From 7013bc3b69850ae3ae4e187d775193b8b1dba0ed Mon Sep 17 00:00:00 2001
From: Isaac Freund <ifreund@ifreund.xyz>
Date: Mon, 9 Aug 2021 16:40:45 +0200
Subject: [PATCH] Xwayland: fix possible use-after-free on unmap

The view.unmap() call may synchronously destroy the view, which makes
the the code removing listeners which is currently run after
view.unmap() access free'd memory.

To fix this, simply change the order of the calls to match that of
XdgToplevel.handleUnmap().
---
 river/XwaylandView.zig | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/river/XwaylandView.zig b/river/XwaylandView.zig
index 089aafc..b25e689 100644
--- a/river/XwaylandView.zig
+++ b/river/XwaylandView.zig
@@ -214,12 +214,12 @@ fn handleMap(listener: *wl.Listener(*wlr.XwaylandSurface), xwayland_surface: *wl
 fn handleUnmap(listener: *wl.Listener(*wlr.XwaylandSurface), xwayland_surface: *wlr.XwaylandSurface) void {
     const self = @fieldParentPtr(Self, "unmap", listener);
 
-    self.view.unmap();
-
     // Remove listeners that are only active while mapped
     self.commit.link.remove();
     self.set_title.link.remove();
     self.set_class.link.remove();
+
+    self.view.unmap();
 }
 
 fn handleRequestConfigure(