composite: Fix use-after-free of the COW

Merged Olivier Fourdan requested to merge ofourdan/xserver:fix-use-after-free-COW into master


If a client explicitly destroys the compositor overlay window (aka COW), we would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later.

Make sure to clear the CompScreen pointer to the COW when the latter gets destroyed explicitly by the client.

This vulnerability was discovered by: Jan-Niklas Sohn working with Trend Micro Zero Day Initiative

Signed-off-by: Olivier Fourdan Reviewed-by: Adam Jackson

Merge request reports