Crash race between an xdgtoplevel window that be unmapped upon attaching a null buffer and clients destruction
As described by @vyivel, we seem to have some corner cases around xdg-shell. One on those which seem to have gone through quite back (tried until libweston 10), is that we seem to be UAF crashing when there's toplevel window that does an unmap upon attaching a NULL buffer, while in the same time, the client is terminated/disconnecting gracefully.
Basically toplevel window is unmap, following by client exiting.
==60214==ERROR: AddressSanitizer: heap-use-after-free on address 0x51900016c450 at pc 0x7fdb91d7f5c1 bp 0x7ffe078473f0 sp 0x7ffe078473e8
WRITE of size 8 at 0x51900016c450 thread T0
#0 0x7fdb91d7f5c0 in weston_desktop_surface_destroy ../libweston/desktop/surface.c:165
#1 0x7fdb91d80af5 in weston_desktop_surface_client_destroyed ../libweston/desktop/surface.c:258
#2 0x7fdb91d77720 in wl_signal_emit /usr/include/wayland-server-core.h:513
#3 0x7fdb91d779be in weston_desktop_client_destroy ../libweston/desktop/client.c:60
#4 0x7fdb91d77da2 in weston_desktop_client_handle_destroy ../libweston/desktop/client.c:84
#5 0x7fdb9249b717 in remove_and_destroy_resource (/lib64/libwayland-server.so.0+0xa717) (BuildId: 24125e1697bee5514c95cc823de5e1adbd8c96f2)
#6 0x7fdb9249b921 in wl_client_destroy (/lib64/libwayland-server.so.0+0xa921) (BuildId: 24125e1697bee5514c95cc823de5e1adbd8c96f2)
#7 0x7fdb9249bb17 in wl_client_connection_data (/lib64/libwayland-server.so.0+0xab17) (BuildId: 24125e1697bee5514c95cc823de5e1adbd8c96f2)
#8 0x7fdb9249ac91 in wl_event_loop_dispatch (/lib64/libwayland-server.so.0+0x9c91) (BuildId: 24125e1697bee5514c95cc823de5e1adbd8c96f2)
#9 0x7fdb9249ccf4 in wl_display_run (/lib64/libwayland-server.so.0+0xbcf4) (BuildId: 24125e1697bee5514c95cc823de5e1adbd8c96f2)
#10 0x7fdb9275e253 in wet_main ../frontend/main.c:4779
#11 0x40116a in main ../frontend/executable.c:33
#12 0x7fdb9250d087 in __libc_start_call_main (/lib64/libc.so.6+0x2a087) (BuildId: 77c77fee058b19c6f001cf2cb0371ce3b8341211)
#13 0x7fdb9250d14a in __libc_start_main_alias_1 (/lib64/libc.so.6+0x2a14a) (BuildId: 77c77fee058b19c6f001cf2cb0371ce3b8341211)
#14 0x401084 in _start (/home/kira/opt/gfx/weston/build/frontend/weston+0x401084) (BuildId: 65ecbbce5e44577cdbcefb0d7294eaeb335ce219)
Using xdg_toplevel_unmap_before_popup