From 7d25b45aabfaea4527586546ba4c3d9c1343113d Mon Sep 17 00:00:00 2001
From: Ruslan Bukin <br@bsdpad.com>
Date: Tue, 17 Jan 2023 19:30:25 +0000
Subject: [PATCH] Don't destroy the display until all its event loops have been
 destroyed. This fixes mutex use after free issue. (Discovered on CHERI ABI).

---
 src/client/qwaylanddisplay.cpp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/client/qwaylanddisplay.cpp b/src/client/qwaylanddisplay.cpp
index 2bf09331c..7b6b5bfff 100644
--- a/src/client/qwaylanddisplay.cpp
+++ b/src/client/qwaylanddisplay.cpp
@@ -371,11 +371,11 @@ QWaylandDisplay::~QWaylandDisplay(void)
 #if QT_CONFIG(cursor)
     mCursorThemes.clear();
 #endif
-    if (mDisplay)
-        wl_display_disconnect(mDisplay);
 
     if (m_frameEventQueue)
         wl_event_queue_destroy(m_frameEventQueue);
+    if (mDisplay)
+        wl_display_disconnect(mDisplay);
 }
 
 // Steps which is called just after constructor. This separates registry_global() out of the constructor