From efd84bff238f8e12bf652525990d36baada8785b Mon Sep 17 00:00:00 2001
From: Peter Harris <pharris@opentext.com>
Date: Thu, 22 Feb 2018 18:07:38 -0500
Subject: [PATCH] composite: Fix use-after-free in compReparentWindow

If an implicitly redirected window is unredirected by the reparent
operation, cw will be a stale pointer.

Signed-off-by: Peter Harris <pharris@opentext.com>
Reviewed-by: Keith Packard <keithp@keithp.com>
---
 composite/compwindow.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/composite/compwindow.c b/composite/compwindow.c
index e74ce661a..54b4e6ac4 100644
--- a/composite/compwindow.c
+++ b/composite/compwindow.c
@@ -432,7 +432,7 @@ compReparentWindow(WindowPtr pWin, WindowPtr pPriorParent)
 {
     ScreenPtr pScreen = pWin->drawable.pScreen;
     CompScreenPtr cs = GetCompScreen(pScreen);
-    CompWindowPtr cw = GetCompWindow(pWin);
+    CompWindowPtr cw;
 
     pScreen->ReparentWindow = cs->ReparentWindow;
     /*
@@ -471,6 +471,7 @@ compReparentWindow(WindowPtr pWin, WindowPtr pPriorParent)
     cs->ReparentWindow = pScreen->ReparentWindow;
     pScreen->ReparentWindow = compReparentWindow;
 
+    cw = GetCompWindow(pWin);
     if (pWin->damagedDescendants || (cw && cw->damaged))
         compMarkAncestors(pWin);