From 71dfd60284ce7f755a9dc832693a0b5a6b048975 Mon Sep 17 00:00:00 2001
From: Andreas Haratzis <andreas.haratzis@gmail.com>
Date: Wed, 24 Jun 2020 22:29:53 -0700
Subject: [PATCH] Fix use-after-free when the user hovers over an auto-hide
 plasma panel in wayland...

Edge::handle calls showOnScreenEdge, which (on wayland) eventually calls internalShow, which eventually calls ScreenEdges::reserve, which destroys the same edge.
When showScreenOnEdge returns, 'this' has been freed.
Using a singleshot timer allows Edge::handle to return before the Edge is destroyed.
---
 xdgshellclient.cpp | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/xdgshellclient.cpp b/xdgshellclient.cpp
index cfb3d4ca40..8655971099 100644
--- a/xdgshellclient.cpp
+++ b/xdgshellclient.cpp
@@ -715,11 +715,16 @@ void XdgToplevelClient::showOnScreenEdge()
     if (!m_plasmaShellSurface) {
         return;
     }
-    hideClient(false);
-    workspace()->raiseClient(this);
-    if (m_plasmaShellSurface->panelBehavior() == PlasmaShellSurfaceInterface::PanelBehavior::AutoHide) {
-        m_plasmaShellSurface->showAutoHidingPanel();
-    }
+    
+    // ShowOnScreenEdge can be called by an Edge, and hideClient could destroy the Edge
+    // Use the singleshot to avoid use-after-free
+    QTimer::singleShot(0, [this](){
+        hideClient(false);
+        workspace()->raiseClient(this);
+        if (m_plasmaShellSurface->panelBehavior() == PlasmaShellSurfaceInterface::PanelBehavior::AutoHide) {
+            m_plasmaShellSurface->showAutoHidingPanel();
+        } 
+    });
 }
 
 void XdgToplevelClient::closeWindow()