From c60ffd2840036af1ea6f2b6c6e1e9014bb8e2c34 Mon Sep 17 00:00:00 2001
From: Jonas Maebe <jonas.maebe@elis.ugent.be>
Date: Mon, 23 Apr 2012 16:02:16 -0700
Subject: [PATCH] apple: Fix a use after free

Reviewed-by: Jeremy Huddleston <jeremyhu@apple.com>
---
 src/glx/apple/apple_glx_surface.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/glx/apple/apple_glx_surface.c b/src/glx/apple/apple_glx_surface.c
index 39f513034dc..d42fa3b3269 100644
--- a/src/glx/apple/apple_glx_surface.c
+++ b/src/glx/apple/apple_glx_surface.c
@@ -206,6 +206,10 @@ apple_glx_surface_destroy(unsigned int uid)
    if (d) {
       d->types.surface.pending_destroy = true;
       d->release(d);
+
+      /* apple_glx_drawable_find_by_uid returns a locked drawable */
+      d->unlock(d);
+
       /* 
        * We release 2 references to the surface.  One was acquired by
        * the find, and the other was leftover from a context, or 
@@ -217,7 +221,5 @@ apple_glx_surface_destroy(unsigned int uid)
        * by a glViewport callback (see apple_glx_context_update()).
        */
       d->destroy(d);
-
-      d->unlock(d);
    }
 }
-- 
2.30.2