From bf5e4bf11662ebedcae44cd846ba5e755d7a6ba1 Mon Sep 17 00:00:00 2001
From: Tom Englund <tomenglund26@gmail.com>
Date: Sat, 15 Mar 2025 19:57:52 +0100
Subject: [PATCH] syncobj: dont crash compositor on protocol errors (#9627)

dont call a member on null pointer if client misbehaves.
as in the weak pointer being expired.
---
 src/protocols/DRMSyncobj.cpp | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/src/protocols/DRMSyncobj.cpp b/src/protocols/DRMSyncobj.cpp
index 406b55e03..21b585137 100644
--- a/src/protocols/DRMSyncobj.cpp
+++ b/src/protocols/DRMSyncobj.cpp
@@ -30,7 +30,7 @@ WP<CSyncTimeline> CDRMSyncPointState::timeline() {
 }
 
 bool CDRMSyncPointState::expired() {
-    return !m_resource || !m_resource->timeline;
+    return m_resource.expired() || !m_resource->timeline;
 }
 
 UP<CSyncReleaser> CDRMSyncPointState::createSyncRelease() {
@@ -177,9 +177,14 @@ bool CDRMSyncobjSurfaceResource::protocolError() {
         return true;
     }
 
-    if (!!surface->pending.buffer->acquire != !!surface->pending.buffer->release) {
-        resource->error(surface->pending.buffer->acquire ? WP_LINUX_DRM_SYNCOBJ_SURFACE_V1_ERROR_NO_RELEASE_POINT : WP_LINUX_DRM_SYNCOBJ_SURFACE_V1_ERROR_NO_ACQUIRE_POINT,
-                        "Missing timeline");
+    if (!surface->pending.buffer->acquire || !surface->pending.buffer->acquire->timeline()) {
+        resource->error(WP_LINUX_DRM_SYNCOBJ_SURFACE_V1_ERROR_NO_ACQUIRE_POINT, "Missing acquire timeline");
+        surface->pending.rejected = true;
+        return true;
+    }
+
+    if (!surface->pending.buffer->release || !surface->pending.buffer->release->timeline()) {
+        resource->error(WP_LINUX_DRM_SYNCOBJ_SURFACE_V1_ERROR_NO_RELEASE_POINT, "Missing release timeline");
         surface->pending.rejected = true;
         return true;
     }