From cb5e58d4653e6f9f5d8b972d0189d6f5d4e289aa Mon Sep 17 00:00:00 2001
From: Cameron Gutman <aicommander@gmail.com>
Date: Wed, 31 Oct 2018 18:20:39 -0700
Subject: [PATCH] Fix use-after-free caught by debug build of SDL2

---
 app/streaming/session.cpp | 17 ++++++++++++-----
 1 file changed, 12 insertions(+), 5 deletions(-)

diff --git a/app/streaming/session.cpp b/app/streaming/session.cpp
index 232b55fc..8e12a647 100644
--- a/app/streaming/session.cpp
+++ b/app/streaming/session.cpp
@@ -228,11 +228,14 @@ bool Session::isHardwareDecodeAvailable(StreamingPreferences::VideoDecoderSelect
         return false;
     }
 
-    SDL_DestroyWindow(window);
-
     bool ret = decoder->isHardwareAccelerated();
 
     delete decoder;
+
+    // This must be called after the decoder is deleted, because
+    // the renderer may want to interact with the window
+    SDL_DestroyWindow(window);
+
     SDL_QuitSubSystem(SDL_INIT_VIDEO);
 
     return ret;
@@ -265,11 +268,12 @@ int Session::getDecoderCapabilities(StreamingPreferences::VideoDecoderSelection
         return false;
     }
 
-    SDL_DestroyWindow(window);
-
     int caps = decoder->getDecoderCapabilities();
 
-    delete decoder;
+    // This must be called after the decoder is deleted, because
+    // the renderer may want to interact with the window
+    SDL_DestroyWindow(window);
+
     SDL_QuitSubSystem(SDL_INIT_VIDEO);
 
     return caps;
@@ -1176,7 +1180,10 @@ DispatchDeferredCleanup:
     m_VideoDecoder = nullptr;
     SDL_AtomicUnlock(&m_DecoderLock);
 
+    // This must be called after the decoder is deleted, because
+    // the renderer may want to interact with the window
     SDL_DestroyWindow(m_Window);
+
     if (iconSurface != nullptr) {
         SDL_FreeSurface(iconSurface);
     }