xwayland: set surface_id to 0 when client resource is found

When Xwayland requests that a wl_surface be created and the X event is
handled before the wayland requests, a surface ID is stored to
window->surface_id and the window is added to the unpaired window list. When
weston_wm_create_surface is called, the window is removed from the list and
window->surface_id is set to zero. If window->surface_id is not zero when
weston_wm_window_destroy is called, the window is assumed to be in the
unpaired window list and wl_list_remove is called. If
weston_wm_window_handle_surface_id is called and the surface has already
been created, the window is not added to the unpaired window list, but
window->surface_id isn't set to zero. When the window is destroyed, removing
the window from the list is attempted anyway and a crash occurs.

This patch stores the surface ID in a temporary variable and only assigns it
to window->surface_id when the window is added to the unpaired window list.
Otherwise window->surface_id is set to zero to maintain its use as a flag
variable.

Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=80273
Signed-off-by: Tyler Veness <calcmogul@gmail.com>

xwayland/window-manager.c

@@ -1371,14 +1371,17 @@ weston_wm_window_handle_surface_id(struct weston_wm_window *window,
 	 * hasn't been created yet.  In that case put the window on
 	 * the unpaired window list and continue when the surface gets
 	 * created. */
-	window->surface_id = client_message->data.data32[0];
-	resource = wl_client_get_object(wm->server->client,
-					window->surface_id);
-	if (resource)
+	uint32_t surface = client_message->data.data32[0];
+	resource = wl_client_get_object(wm->server->client, surface);
+	if (resource) {
+		window->surface_id = 0;
 		xserver_map_shell_surface(window,
 					  wl_resource_get_user_data(resource));
-	else
+	}
+	else {
+		window->surface_id = surface;
 		wl_list_insert(&wm->unpaired_window_list, &window->link);
+	}
 }
 
 static void