From 1e1ee69b7f32e945588a0235d8ee19d8681ddd47 Mon Sep 17 00:00:00 2001
From: sharkautarch <128002472+sharkautarch@users.noreply.github.com>
Date: Sun, 1 Dec 2024 16:44:23 -0500
Subject: [PATCH] backend, steamcompmgr: fix use-after-free issue at exit

all: also release the xwayland_server_guard lock before calling pthread_exit() to prevent gamescope from hanging at exit
---
 src/backend.cpp      | 19 +++++++------------
 src/backend.h        |  8 +++++---
 src/steamcompmgr.cpp |  8 +++++---
 3 files changed, 17 insertions(+), 18 deletions(-)

diff --git a/src/backend.cpp b/src/backend.cpp
index 8a6bbe8ed9..8049b0ed6c 100644
--- a/src/backend.cpp
+++ b/src/backend.cpp
@@ -16,34 +16,29 @@ namespace gamescope
     // IBackend
     /////////////
 
-    static IBackend *s_pBackend = nullptr;
+    static std::atomic<IBackend*> s_pBackend = nullptr;
 
     IBackend *IBackend::Get()
     {
         return s_pBackend;
     }
-
+    
+    
     bool IBackend::Set( IBackend *pBackend )
     {
-        if ( s_pBackend )
-        {
-            delete s_pBackend;
-            s_pBackend = nullptr;
-        }
-
         if ( pBackend )
         {
             s_pBackend = pBackend;
-            if ( !s_pBackend->Init() )
+            if ( !GetBackend()->Init() )
             {
-                delete s_pBackend;
-                s_pBackend = nullptr;
+								s_pBackend = nullptr;
                 return false;
             }
         }
 
         return true;
     }
+    
 
     /////////////////
     // CBaseBackendFb
@@ -184,4 +179,4 @@ namespace gamescope
 
         GetBackend()->DumpDebugInfo();
     });
-}
+}
\ No newline at end of file
diff --git a/src/backend.h b/src/backend.h
index dd295f4ac0..8020e0ced4 100644
--- a/src/backend.h
+++ b/src/backend.h
@@ -170,7 +170,7 @@ namespace gamescope
         wlr_buffer *m_pClientBuffer = nullptr;
         std::shared_ptr<CReleaseTimelinePoint> m_pReleasePoint;
     };
-
+    
     class IBackend
     {
     public:
@@ -206,6 +206,7 @@ namespace gamescope
 
         virtual bool UsesModifiers() const = 0;
         virtual std::span<const uint64_t> GetSupportedModifiers( uint32_t uDrmFormat ) const = 0;
+        
         inline bool SupportsFormat( uint32_t uDrmFormat ) const
         {
             return Algorithm::Contains( this->GetSupportedModifiers( uDrmFormat ), DRM_FORMAT_MOD_INVALID );
@@ -263,6 +264,8 @@ namespace gamescope
 
         virtual void OnBackendBlobDestroyed( BackendBlob *pBlob ) = 0;
     private:
+        
+        void DestroyBackend();
     };
 
 
@@ -347,5 +350,4 @@ namespace gamescope
 inline gamescope::IBackend *GetBackend()
 {
     return gamescope::IBackend::Get();
-}
-
+}
\ No newline at end of file
diff --git a/src/steamcompmgr.cpp b/src/steamcompmgr.cpp
index 11a7cade6c..8d15bda9d2 100644
--- a/src/steamcompmgr.cpp
+++ b/src/steamcompmgr.cpp
@@ -5896,7 +5896,7 @@ error(Display *dpy, XErrorEvent *ev)
 }
 
 [[noreturn]] static void
-steamcompmgr_exit(void)
+steamcompmgr_exit(std::optional<std::unique_lock<std::mutex>> lock = std::nullopt)
 {
 	g_ImageWaiter.Shutdown();
 
@@ -5936,7 +5936,9 @@ steamcompmgr_exit(void)
     wlserver_lock();
     wlserver_shutdown();
     wlserver_unlock(false);
-
+	
+	if (lock)
+		lock->unlock();
 	pthread_exit(NULL);
 }
 
@@ -8042,7 +8044,7 @@ steamcompmgr_main(int argc, char **argv)
 		vblank = false;
 	}
 
-	steamcompmgr_exit();
+	steamcompmgr_exit(std::optional<std::unique_lock<std::mutex>> {std::in_place_t{}, std::move(xwayland_server_guard)} );
 }
 
 void steamcompmgr_send_frame_done_to_focus_window()