From 7c27d73b02a1958f323a7c30f46c99414cd6f6bf Mon Sep 17 00:00:00 2001
From: mwenzkowski <29407878+mwenzkowski@users.noreply.github.com>
Date: Fri, 21 Dec 2018 23:25:07 +0100
Subject: Check xdg_surface's role before using its toplevel

Don't access xdg_surface->toplevel if xdg_surface->role is equal to
WLR_XDG_SURFACE_ROLE_NONE, since this could lead to crash. The same
checks are added for xdg_surface_v6.

Fixes #3311
---
 sway/desktop/xdg_shell.c    | 2 +-
 sway/desktop/xdg_shell_v6.c | 2 +-
 sway/tree/container.c       | 5 +++--
 3 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/sway/desktop/xdg_shell.c b/sway/desktop/xdg_shell.c
index b5dcfb0f..152bd26f 100644
--- a/sway/desktop/xdg_shell.c
+++ b/sway/desktop/xdg_shell.c
@@ -216,7 +216,7 @@ static bool is_transient_for(struct sway_view *child,
 		return false;
 	}
 	struct wlr_xdg_surface *surface = child->wlr_xdg_surface;
-	while (surface) {
+	while (surface && surface->role == WLR_XDG_SURFACE_ROLE_TOPLEVEL) {
 		if (surface->toplevel->parent == ancestor->wlr_xdg_surface) {
 			return true;
 		}
diff --git a/sway/desktop/xdg_shell_v6.c b/sway/desktop/xdg_shell_v6.c
index a7ea163f..3eed54ab 100644
--- a/sway/desktop/xdg_shell_v6.c
+++ b/sway/desktop/xdg_shell_v6.c
@@ -213,7 +213,7 @@ static bool is_transient_for(struct sway_view *child,
 		return false;
 	}
 	struct wlr_xdg_surface_v6 *surface = child->wlr_xdg_surface_v6;
-	while (surface) {
+	while (surface && surface->role == WLR_XDG_SURFACE_V6_ROLE_TOPLEVEL) {
 		if (surface->toplevel->parent == ancestor->wlr_xdg_surface_v6) {
 			return true;
 		}
diff --git a/sway/tree/container.c b/sway/tree/container.c
index e20e44d4..0415d63c 100644
--- a/sway/tree/container.c
+++ b/sway/tree/container.c
@@ -341,7 +341,7 @@ static bool surface_is_popup(struct wlr_surface *surface) {
 	if (wlr_surface_is_xdg_surface(surface)) {
 		struct wlr_xdg_surface *xdg_surface =
 			wlr_xdg_surface_from_wlr_surface(surface);
-		while (xdg_surface) {
+		while (xdg_surface && xdg_surface->role != WLR_XDG_SURFACE_ROLE_NONE) {
 			if (xdg_surface->role == WLR_XDG_SURFACE_ROLE_POPUP) {
 				return true;
 			}
@@ -353,7 +353,8 @@ static bool surface_is_popup(struct wlr_surface *surface) {
 	if (wlr_surface_is_xdg_surface_v6(surface)) {
 		struct wlr_xdg_surface_v6 *xdg_surface_v6 =
 			wlr_xdg_surface_v6_from_wlr_surface(surface);
-		while (xdg_surface_v6) {
+		while (xdg_surface_v6 &&
+				xdg_surface_v6->role != WLR_XDG_SURFACE_V6_ROLE_NONE) {
 			if (xdg_surface_v6->role == WLR_XDG_SURFACE_V6_ROLE_POPUP) {
 				return true;
 			}
-- 
cgit v1.2.3-54-g00ecf