From 000487c36cfac5438890cf78fb04646eb28071ec Mon Sep 17 00:00:00 2001
From: Carlos Garnacho <carlosg@gnome.org>
Date: Fri, 15 May 2020 18:39:57 +0200
Subject: [PATCH] gdk/wayland: Handle disorderly tablet/pad disconnects

If the tablet gets removed/freed while there are pad events in flight,
we leave a dangling pointer from the pad to the tablet, which may
lead to invalid reads/writes when handling the pad event(s).
---
 gdk/wayland/gdkdevice-wayland.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/gdk/wayland/gdkdevice-wayland.c b/gdk/wayland/gdkdevice-wayland.c
index 4dde7a600a..65e556abee 100644
--- a/gdk/wayland/gdkdevice-wayland.c
+++ b/gdk/wayland/gdkdevice-wayland.c
@@ -2788,6 +2788,14 @@ _gdk_wayland_seat_remove_tablet (GdkWaylandSeat       *seat,
   gdk_seat_device_removed (GDK_SEAT (seat), tablet->eraser_device);
   gdk_seat_device_removed (GDK_SEAT (seat), tablet->master);
 
+  while (tablet->pads)
+    {
+      GdkWaylandTabletPadData *pad = tablet->pads->data;
+
+      pad->current_tablet = NULL;
+      tablet->pads = g_list_remove (tablet->pads, pad);
+    }
+
   zwp_tablet_v2_destroy (tablet->wp_tablet);
 
   _gdk_device_set_associated_device (tablet->master, NULL);
-- 
2.30.2