From 2e70757dc0b5adb854c2911081e670d753d6a524 Mon Sep 17 00:00:00 2001
From: X512 <danger_mail@list.ru>
Date: Thu, 25 Jul 2024 22:26:25 +0900
Subject: [PATCH] egl/haiku: fix double free of BBitmap

Cc: mesa-stable
Part-of: <https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/30364>
---
 src/egl/drivers/haiku/egl_haiku.cpp | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/src/egl/drivers/haiku/egl_haiku.cpp b/src/egl/drivers/haiku/egl_haiku.cpp
index 15417767406..62d2fb5c3cd 100644
--- a/src/egl/drivers/haiku/egl_haiku.cpp
+++ b/src/egl/drivers/haiku/egl_haiku.cpp
@@ -115,6 +115,9 @@ haiku_create_window_surface(_EGLDisplay *disp, _EGLConfig *conf,
       return NULL;
    }
 
+   // Unset and delete previously set bitmap if any.
+   delete ((BitmapHook *)native_window)->SetBitmap(NULL);
+
    return &wgl_surf->base;
 }
 
@@ -168,6 +171,13 @@ haiku_destroy_surface(_EGLDisplay *disp, _EGLSurface *surf)
       struct haiku_egl_surface *hgl_surf = haiku_egl_surface(surf);
       struct pipe_screen *screen = hgl_dpy->disp->fscreen->screen;
       screen->fence_reference(screen, &hgl_surf->throttle_fence, NULL);
+
+      // Unset bitmap to release ownership. Bitmap will be deleted later
+      // when destroying framebuffer.
+      BitmapHook *bitmapHook = (BitmapHook*)hgl_surf->fb->winsysContext;
+      if (bitmapHook != NULL)
+         bitmapHook->SetBitmap(NULL);
+
       hgl_destroy_st_framebuffer(hgl_surf->fb);
       free(surf);
    }