From 1e70a40d1c4b83f0b54e8405cb2a3e411979ec55 Mon Sep 17 00:00:00 2001
From: Sophie Winter <git@phie.me>
Date: Sun, 3 Sep 2023 20:39:03 +0200
Subject: [PATCH] Fix use-after-free inside of libwayland when proxy destroyed
 without being removed from list

---
 src/libwayland-shim.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/libwayland-shim.c b/src/libwayland-shim.c
index c1d600d..05e757a 100644
--- a/src/libwayland-shim.c
+++ b/src/libwayland-shim.c
@@ -197,6 +197,7 @@ wl_proxy_destroy (struct wl_proxy *proxy)
         if (wrapper->destroy) {
             wrapper->destroy(wrapper->data, proxy);
         }
+        wl_list_remove(&proxy->queue_link);
         // No need to worry about the refcount since it's only accessibly within libwayland, and it's only used by
         // functions that never see client facing objects
         g_free (proxy);