tiling_resize: fix use-after-free on view unmap during resize

Closing a tiled window (mod+shift+q) while resizing (mod+click) causes an use-after-free in handle_unref. Both conditions can be true in this case, which will result in dereferencing `e` on the second check after it has already been freed by the first `seatop_begin_default`. Fix by combining separate checks for the main container and its horizontal/vertical siblings into a single condition. The second check was added in 4957a35dc8d5b0e597d5f87132df2d2985becf48 and I've checked that this fix does not regress that issue.
author: Furkan Sahin <furkan-dev@proton.me> 2025-12-18 23:02:32 +0530
committer: Furkan Sahin <furkan-dev@proton.me> 2025-12-18 23:02:32 +0530
commit: f3a4d0f91b65a28dc21c62cac651b1389022b3e4 (patch)
tree: 77a9f0791b8c7078e7cee30e976a0e9ddc06bdbd
parent: a11ecb1baaf373965cbe052ac060fff476ecd101 (diff)
1 files changed, 1 insertions, 4 deletions
diff --git a/sway/input/seatop_resize_tiling.c b/sway/input/seatop_resize_tiling.c
index 15fd333b..be7b3c12 100644
--- a/sway/input/seatop_resize_tiling.c
+++ b/sway/input/seatop_resize_tiling.c
@@ -105,10 +105,7 @@ static void handle_pointer_motion(struct sway_seat *seat, uint32_t time_msec) {
 
 static void handle_unref(struct sway_seat *seat, struct sway_container *con) {
 	struct seatop_resize_tiling_event *e = seat->seatop_data;
-	if (e->con == con) {
-		seatop_begin_default(seat);
-	}
-	if (e->h_sib == con || e->v_sib == con) {
+	if (e->con == con || e->h_sib == con || e->v_sib == con) {
 		seatop_begin_default(seat);
 	}
 }
author	Furkan Sahin <furkan-dev@proton.me>	2025-12-18 23:02:32 +0530
committer	Furkan Sahin <furkan-dev@proton.me>	2025-12-18 23:02:32 +0530
commit	f3a4d0f91b65a28dc21c62cac651b1389022b3e4 (patch)
tree	77a9f0791b8c7078e7cee30e976a0e9ddc06bdbd
parent	a11ecb1baaf373965cbe052ac060fff476ecd101 (diff)