From 48176160ab953c33a391413ce6b927546d6a4b87 Mon Sep 17 00:00:00 2001
From: Kamikadze <40305144+Kam1k4dze@users.noreply.github.com>
Date: Sat, 14 Feb 2026 18:09:25 +0500
Subject: [PATCH] commit-timing: avoid use-after-free in timer callback
 (#13271)

---
 src/protocols/CommitTiming.cpp | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/protocols/CommitTiming.cpp b/src/protocols/CommitTiming.cpp
index c1fca990..9cc2da83 100644
--- a/src/protocols/CommitTiming.cpp
+++ b/src/protocols/CommitTiming.cpp
@@ -39,11 +39,11 @@ CCommitTimerResource::CCommitTimerResource(UP<CWpCommitTimerV1>&& resource_, SP<
         if (!state->timer) {
             state->timer = makeShared<CEventLoopTimer>(
                 state->pendingTimeout,
-                [this, state](SP<CEventLoopTimer> self, void* data) {
-                    if (!m_surface || !state)
+                [surface = m_surface, state](SP<CEventLoopTimer> self, void* data) {
+                    if (!surface || !state)
                         return;
 
-                    m_surface->m_stateQueue.unlock(state, LOCK_REASON_TIMER);
+                    surface->m_stateQueue.unlock(state, LOCK_REASON_TIMER);
                 },
                 nullptr);
             g_pEventLoopManager->addTimer(state->timer);