From 89cd1ca828cc7e44b0396f82d62a4f4de9e78472 Mon Sep 17 00:00:00 2001
From: Joshua Ashton <joshua@froggi.es>
Date: Sat, 13 Apr 2024 02:57:58 +0100
Subject: [PATCH] backend: Fix use after free in CBaseBackendFb::DecRef

---
 src/backend.cpp | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/backend.cpp b/src/backend.cpp
index e9106cfe1..d11fccaea 100644
--- a/src/backend.cpp
+++ b/src/backend.cpp
@@ -74,11 +74,12 @@ namespace gamescope
     }
     uint32_t CBaseBackendFb::DecRef()
     {
+        wlr_buffer *pClientBuffer = m_pClientBuffer;
         uint32_t uRefCount = IBackendFb::DecRef();
-        if ( m_pClientBuffer && !uRefCount )
+        if ( pClientBuffer && !uRefCount )
         {
             wlserver_lock();
-            wlr_buffer_unlock( m_pClientBuffer );
+            wlr_buffer_unlock( pClientBuffer );
             wlserver_unlock();
         }
         return uRefCount;