From 002b69f8fe90108faacaf2f728814fe52ff35095 Mon Sep 17 00:00:00 2001
From: Timothy Lee <timothy.ty.lee@gmail.com>
Date: Fri, 11 Apr 2025 21:17:19 +1000
Subject: Fix "heap-use-after-free" in resize_after_screen_change() (#1248)

When a native window is destroyed, make sure the callback to
Fl_WinAPI_Window_Driver::resize_after_screen_change() is removed.

Added by Albrecht-S:

Thanks for the original fix to Timothy Lee (@timothytylee).

src/drivers/X11/Fl_X11_Window_Driver.cxx: equivalent fix for X11
  as discussed on GitHub PR #1248
---
 src/drivers/WinAPI/Fl_WinAPI_Window_Driver.cxx | 5 +++--
 src/drivers/X11/Fl_X11_Window_Driver.cxx       | 1 +
 2 files changed, 4 insertions(+), 2 deletions(-)

(limited to 'src/drivers')

diff --git a/src/drivers/WinAPI/Fl_WinAPI_Window_Driver.cxx b/src/drivers/WinAPI/Fl_WinAPI_Window_Driver.cxx
index 88eb2cdca..b2735b711 100644
--- a/src/drivers/WinAPI/Fl_WinAPI_Window_Driver.cxx
+++ b/src/drivers/WinAPI/Fl_WinAPI_Window_Driver.cxx
@@ -1,7 +1,7 @@
 //
 // Definition of Windows window driver for the Fast Light Tool Kit (FLTK).
 //
-// Copyright 1998-2022 by Bill Spitzak and others.
+// Copyright 1998-2025 by Bill Spitzak and others.
 //
 // This library is free software. Distribution and use rights are outlined in
 // the file "COPYING" which should have been included with this file.  If this
@@ -50,6 +50,7 @@ Fl_WinAPI_Window_Driver::Fl_WinAPI_Window_Driver(Fl_Window *win)
 
 Fl_WinAPI_Window_Driver::~Fl_WinAPI_Window_Driver()
 {
+  Fl::remove_timeout(resize_after_screen_change, pWindow);
   if (shape_data_) {
     delete shape_data_->effective_bitmap_;
     delete shape_data_;
@@ -475,7 +476,7 @@ void Fl_WinAPI_Window_Driver::hide() {
 
   // Issue #569: undo RegisterDragDrop()
   RevokeDragDrop((HWND)ip->xid);
-  
+
   fl_i_own_selection[1] = 0; // issue #1233
 
   // make sure any custom icons get freed
diff --git a/src/drivers/X11/Fl_X11_Window_Driver.cxx b/src/drivers/X11/Fl_X11_Window_Driver.cxx
index b7e5da1ee..ee844aa03 100644
--- a/src/drivers/X11/Fl_X11_Window_Driver.cxx
+++ b/src/drivers/X11/Fl_X11_Window_Driver.cxx
@@ -58,6 +58,7 @@ Fl_X11_Window_Driver::Fl_X11_Window_Driver(Fl_Window *win)
 
 Fl_X11_Window_Driver::~Fl_X11_Window_Driver()
 {
+  Fl::remove_timeout(resize_after_screen_change, pWindow);
   if (shape_data_) {
     delete shape_data_->effective_bitmap_;
     delete shape_data_;
-- 
cgit v1.2.3