wlroots/backend/wayland/wl_seat.c

315 lines
10 KiB
C
Raw Normal View History

#define _XOPEN_SOURCE 500
2017-04-25 23:33:13 +00:00
#include <assert.h>
2017-04-25 23:19:21 +00:00
#include <stdint.h>
2018-02-12 20:29:23 +00:00
#include <stdlib.h>
#include <string.h>
2017-04-25 23:19:21 +00:00
#include <wayland-client.h>
2017-06-21 14:27:45 +00:00
#include <wlr/interfaces/wlr_input_device.h>
#include <wlr/interfaces/wlr_keyboard.h>
2018-02-12 20:29:23 +00:00
#include <wlr/interfaces/wlr_output.h>
#include <wlr/interfaces/wlr_pointer.h>
2017-06-22 14:53:48 +00:00
#include <wlr/interfaces/wlr_touch.h>
2017-06-21 16:10:07 +00:00
#include <wlr/util/log.h>
2017-04-25 23:19:21 +00:00
#include "backend/wayland.h"
2018-02-12 20:29:23 +00:00
#include "util/signal.h"
2017-04-25 23:19:21 +00:00
2017-06-22 13:41:59 +00:00
static void pointer_handle_enter(void *data, struct wl_pointer *wl_pointer,
uint32_t serial, struct wl_surface *surface, wl_fixed_t surface_x,
wl_fixed_t surface_y) {
2017-06-22 14:53:48 +00:00
struct wlr_input_device *dev = data;
2017-08-14 12:54:53 +00:00
struct wlr_wl_input_device *wlr_wl_dev = (struct wlr_wl_input_device *)dev;
2017-08-14 13:55:48 +00:00
assert(dev && dev->pointer);
struct wlr_wl_pointer *wlr_wl_pointer = (struct wlr_wl_pointer *)dev->pointer;
2017-08-14 15:09:56 +00:00
struct wlr_wl_backend_output *output =
get_wl_output_for_surface(wlr_wl_dev->backend, surface);
if (!output) {
// GNOME sends a pointer enter when the surface is being destroyed
return;
}
wayland backend: fix use-after free on output destroy ==12021==ERROR: AddressSanitizer: heap-use-after-free on address 0x617000015698 at pc 0x7f1a9abe1c09 bp 0x7ffe9068f6b0 sp 0x7ffe9068f6a0 WRITE of size 4 at 0x617000015698 thread T0 #0 0x7f1a9abe1c08 in pointer_handle_leave ../backend/wayland/wl_seat.c:40 #1 0x7f1a96ae7d1d in ffi_call_unix64 (/lib64/libffi.so.6+0x5d1d) #2 0x7f1a96ae768e in ffi_call (/lib64/libffi.so.6+0x568e) #3 0x7f1a988e0d8a (/lib64/libwayland-client.so.0+0x8d8a) #4 0x7f1a988dd927 (/lib64/libwayland-client.so.0+0x5927) #5 0x7f1a988debe3 in wl_display_dispatch_queue_pending (/lib64/libwayland-client.so.0+0x6be3) #6 0x7f1a9abdd6d6 in dispatch_events ../backend/wayland/backend.c:28 #7 0x7f1a9a968c11 in wl_event_loop_dispatch (/lib64/libwayland-server.so.0+0x9c11) #8 0x7f1a9a967449 in wl_display_run (/lib64/libwayland-server.so.0+0x8449) #9 0x418dff in main ../rootston/main.c:81 #10 0x7f1a99b5ef29 in __libc_start_main (/lib64/libc.so.6+0x20f29) #11 0x4057c9 in _start (/home/shared/wayland/wlroots/build/rootston/rootston+0x4057c9) 0x617000015698 is located 664 bytes inside of 696-byte region [0x617000015400,0x6170000156b8) freed by thread T0 here: #0 0x7f1a9af754b8 in __interceptor_free (/lib64/libasan.so.4+0xde4b8) #1 0x7f1a9abe01ee in wlr_wl_output_destroy ../backend/wayland/output.c:194 #2 0x7f1a9ac12918 in wlr_output_destroy ../types/wlr_output.c:299 #3 0x7f1a9abe061b in xdg_toplevel_handle_close ../backend/wayland/output.c:255 #4 0x7f1a96ae7d1d in ffi_call_unix64 (/lib64/libffi.so.6+0x5d1d) #5 0x7f1a96ae768e in ffi_call (/lib64/libffi.so.6+0x568e) #6 0x7f1a988e0d8a (/lib64/libwayland-client.so.0+0x8d8a) #7 0x7f1a988dd927 (/lib64/libwayland-client.so.0+0x5927) #8 0x7f1a988debe3 in wl_display_dispatch_queue_pending (/lib64/libwayland-client.so.0+0x6be3) #9 0x7f1a9abdd6d6 in dispatch_events ../backend/wayland/backend.c:28 #10 0x7f1a9a968c11 in wl_event_loop_dispatch (/lib64/libwayland-server.so.0+0x9c11) #11 0x7f1a9a967449 in wl_display_run (/lib64/libwayland-server.so.0+0x8449) #12 0x418dff in main ../rootston/main.c:81 #13 0x7f1a99b5ef29 in __libc_start_main (/lib64/libc.so.6+0x20f29) #14 0x4057c9 in _start (/home/shared/wayland/wlroots/build/rootston/rootston+0x4057c9) previously allocated by thread T0 here: #0 0x7f1a9af75a38 in __interceptor_calloc (/lib64/libasan.so.4+0xdea38) #1 0x7f1a9abe0703 in wlr_wl_output_create ../backend/wayland/output.c:272 #2 0x7f1a9abdd8eb in wlr_wl_backend_start ../backend/wayland/backend.c:55 #3 0x7f1a9abbeb49 in wlr_backend_start ../backend/backend.c:28 #4 0x7f1a9abd8ce1 in multi_backend_start ../backend/multi/backend.c:24 #5 0x7f1a9abbeb49 in wlr_backend_start ../backend/backend.c:28 #6 0x418c32 in main ../rootston/main.c:58 #7 0x7f1a99b5ef29 in __libc_start_main (/lib64/libc.so.6+0x20f29) #8 0x4057c9 in _start (/home/shared/wayland/wlroots/build/rootston/rootston+0x4057c9)
2018-03-17 16:11:43 +00:00
if (wlr_wl_pointer->current_output) {
wl_list_remove(&wlr_wl_pointer->output_destroy_listener.link);
}
wl_signal_add(&output->wlr_output.events.destroy,
&wlr_wl_pointer->output_destroy_listener);
2017-08-14 13:55:48 +00:00
wlr_wl_pointer->current_output = output;
output->enter_serial = serial;
update_wl_output_cursor(output);
2017-06-22 13:41:59 +00:00
}
static void pointer_handle_leave(void *data, struct wl_pointer *wl_pointer,
uint32_t serial, struct wl_surface *surface) {
struct wlr_input_device *dev = data;
2017-08-14 13:55:48 +00:00
assert(dev && dev->pointer);
struct wlr_wl_pointer *wlr_wl_pointer = (struct wlr_wl_pointer *)dev->pointer;
2017-08-14 16:19:42 +00:00
if (wlr_wl_pointer->current_output) {
wlr_wl_pointer->current_output->enter_serial = 0;
wlr_wl_pointer->current_output = NULL;
}
2017-06-22 13:41:59 +00:00
}
static void pointer_handle_motion(void *data, struct wl_pointer *wl_pointer,
uint32_t time, wl_fixed_t surface_x, wl_fixed_t surface_y) {
2017-06-22 14:53:48 +00:00
struct wlr_input_device *dev = data;
2017-08-14 13:55:48 +00:00
assert(dev && dev->pointer);
struct wlr_wl_pointer *wlr_wl_pointer =
(struct wlr_wl_pointer *)dev->pointer;
2017-08-14 13:55:48 +00:00
if (!wlr_wl_pointer->current_output) {
wayland backend: fix use-after free on output destroy ==12021==ERROR: AddressSanitizer: heap-use-after-free on address 0x617000015698 at pc 0x7f1a9abe1c09 bp 0x7ffe9068f6b0 sp 0x7ffe9068f6a0 WRITE of size 4 at 0x617000015698 thread T0 #0 0x7f1a9abe1c08 in pointer_handle_leave ../backend/wayland/wl_seat.c:40 #1 0x7f1a96ae7d1d in ffi_call_unix64 (/lib64/libffi.so.6+0x5d1d) #2 0x7f1a96ae768e in ffi_call (/lib64/libffi.so.6+0x568e) #3 0x7f1a988e0d8a (/lib64/libwayland-client.so.0+0x8d8a) #4 0x7f1a988dd927 (/lib64/libwayland-client.so.0+0x5927) #5 0x7f1a988debe3 in wl_display_dispatch_queue_pending (/lib64/libwayland-client.so.0+0x6be3) #6 0x7f1a9abdd6d6 in dispatch_events ../backend/wayland/backend.c:28 #7 0x7f1a9a968c11 in wl_event_loop_dispatch (/lib64/libwayland-server.so.0+0x9c11) #8 0x7f1a9a967449 in wl_display_run (/lib64/libwayland-server.so.0+0x8449) #9 0x418dff in main ../rootston/main.c:81 #10 0x7f1a99b5ef29 in __libc_start_main (/lib64/libc.so.6+0x20f29) #11 0x4057c9 in _start (/home/shared/wayland/wlroots/build/rootston/rootston+0x4057c9) 0x617000015698 is located 664 bytes inside of 696-byte region [0x617000015400,0x6170000156b8) freed by thread T0 here: #0 0x7f1a9af754b8 in __interceptor_free (/lib64/libasan.so.4+0xde4b8) #1 0x7f1a9abe01ee in wlr_wl_output_destroy ../backend/wayland/output.c:194 #2 0x7f1a9ac12918 in wlr_output_destroy ../types/wlr_output.c:299 #3 0x7f1a9abe061b in xdg_toplevel_handle_close ../backend/wayland/output.c:255 #4 0x7f1a96ae7d1d in ffi_call_unix64 (/lib64/libffi.so.6+0x5d1d) #5 0x7f1a96ae768e in ffi_call (/lib64/libffi.so.6+0x568e) #6 0x7f1a988e0d8a (/lib64/libwayland-client.so.0+0x8d8a) #7 0x7f1a988dd927 (/lib64/libwayland-client.so.0+0x5927) #8 0x7f1a988debe3 in wl_display_dispatch_queue_pending (/lib64/libwayland-client.so.0+0x6be3) #9 0x7f1a9abdd6d6 in dispatch_events ../backend/wayland/backend.c:28 #10 0x7f1a9a968c11 in wl_event_loop_dispatch (/lib64/libwayland-server.so.0+0x9c11) #11 0x7f1a9a967449 in wl_display_run (/lib64/libwayland-server.so.0+0x8449) #12 0x418dff in main ../rootston/main.c:81 #13 0x7f1a99b5ef29 in __libc_start_main (/lib64/libc.so.6+0x20f29) #14 0x4057c9 in _start (/home/shared/wayland/wlroots/build/rootston/rootston+0x4057c9) previously allocated by thread T0 here: #0 0x7f1a9af75a38 in __interceptor_calloc (/lib64/libasan.so.4+0xdea38) #1 0x7f1a9abe0703 in wlr_wl_output_create ../backend/wayland/output.c:272 #2 0x7f1a9abdd8eb in wlr_wl_backend_start ../backend/wayland/backend.c:55 #3 0x7f1a9abbeb49 in wlr_backend_start ../backend/backend.c:28 #4 0x7f1a9abd8ce1 in multi_backend_start ../backend/multi/backend.c:24 #5 0x7f1a9abbeb49 in wlr_backend_start ../backend/backend.c:28 #6 0x418c32 in main ../rootston/main.c:58 #7 0x7f1a99b5ef29 in __libc_start_main (/lib64/libc.so.6+0x20f29) #8 0x4057c9 in _start (/home/shared/wayland/wlroots/build/rootston/rootston+0x4057c9)
2018-03-17 16:11:43 +00:00
wlr_log(L_DEBUG, "pointer motion event without current output");
return;
}
struct wlr_output *wlr_output = &wlr_wl_pointer->current_output->wlr_output;
struct wlr_box box = {
.x = wl_fixed_to_int(surface_x),
.y = wl_fixed_to_int(surface_y),
};
wlr_box_transform(&box, wlr_output->transform, wlr_output->width,
wlr_output->height, &box);
box.x /= wlr_output->scale;
box.y /= wlr_output->scale;
struct wlr_box layout_box;
get_wl_output_layout_box(wlr_wl_pointer->current_output->backend,
2017-12-15 00:00:03 +00:00
&layout_box);
double ox = wlr_output->lx / (double)layout_box.width;
double oy = wlr_output->ly / (double)layout_box.height;
struct wlr_event_pointer_motion_absolute wlr_event = {
.device = dev,
.time_msec = time,
.x = box.x / (double)layout_box.width + ox,
.y = box.y / (double)layout_box.height + oy,
};
2018-02-12 08:12:31 +00:00
wlr_signal_emit_safe(&dev->pointer->events.motion_absolute, &wlr_event);
2017-06-22 13:41:59 +00:00
}
static void pointer_handle_button(void *data, struct wl_pointer *wl_pointer,
uint32_t serial, uint32_t time, uint32_t button, uint32_t state) {
2017-06-22 14:53:48 +00:00
struct wlr_input_device *dev = data;
assert(dev && dev->pointer);
2017-06-22 13:41:59 +00:00
2017-06-22 14:53:48 +00:00
struct wlr_event_pointer_button wlr_event;
wlr_event.device = dev;
2017-06-22 14:53:48 +00:00
wlr_event.button = button;
wlr_event.state = state;
2017-10-30 10:40:06 +00:00
wlr_event.time_msec = time;
2018-02-12 08:12:31 +00:00
wlr_signal_emit_safe(&dev->pointer->events.button, &wlr_event);
2017-06-22 13:41:59 +00:00
}
static void pointer_handle_axis(void *data, struct wl_pointer *wl_pointer,
uint32_t time, uint32_t axis, wl_fixed_t value) {
2017-06-22 14:53:48 +00:00
struct wlr_input_device *dev = data;
assert(dev && dev->pointer);
2017-08-14 13:55:48 +00:00
struct wlr_wl_pointer *wlr_wl_pointer = (struct wlr_wl_pointer *)dev->pointer;
2017-06-22 13:41:59 +00:00
2017-06-22 14:53:48 +00:00
struct wlr_event_pointer_axis wlr_event;
wlr_event.device = dev;
wlr_event.delta = wl_fixed_to_double(value);
2017-06-22 14:53:48 +00:00
wlr_event.orientation = axis;
2017-10-30 10:40:06 +00:00
wlr_event.time_msec = time;
2017-08-14 13:55:48 +00:00
wlr_event.source = wlr_wl_pointer->axis_source;
2018-02-12 08:12:31 +00:00
wlr_signal_emit_safe(&dev->pointer->events.axis, &wlr_event);
2017-06-22 13:41:59 +00:00
}
static void pointer_handle_frame(void *data, struct wl_pointer *wl_pointer) {
}
static void pointer_handle_axis_source(void *data, struct wl_pointer *wl_pointer,
uint32_t axis_source) {
2017-06-22 15:58:53 +00:00
struct wlr_input_device *dev = data;
2017-08-14 13:55:48 +00:00
assert(dev && dev->pointer);
struct wlr_wl_pointer *wlr_wl_pointer = (struct wlr_wl_pointer *)dev->pointer;
wlr_wl_pointer->axis_source = axis_source;
2017-06-22 13:41:59 +00:00
}
static void pointer_handle_axis_stop(void *data, struct wl_pointer *wl_pointer,
uint32_t time, uint32_t axis) {
}
static void pointer_handle_axis_discrete(void *data, struct wl_pointer *wl_pointer,
uint32_t axis, int32_t discrete) {
}
static const struct wl_pointer_listener pointer_listener = {
.enter = pointer_handle_enter,
.leave = pointer_handle_leave,
.motion = pointer_handle_motion,
.button = pointer_handle_button,
.axis = pointer_handle_axis,
.frame = pointer_handle_frame,
.axis_source = pointer_handle_axis_source,
.axis_stop = pointer_handle_axis_stop,
.axis_discrete = pointer_handle_axis_discrete
};
static void keyboard_handle_keymap(void *data, struct wl_keyboard *wl_keyboard,
uint32_t format, int32_t fd, uint32_t size) {
// TODO: set keymap
2017-06-22 13:41:59 +00:00
}
static void keyboard_handle_enter(void *data, struct wl_keyboard *wl_keyboard,
uint32_t serial, struct wl_surface *surface, struct wl_array *keys) {
}
static void keyboard_handle_leave(void *data, struct wl_keyboard *wl_keyboard,
uint32_t serial, struct wl_surface *surface) {
}
static void keyboard_handle_key(void *data, struct wl_keyboard *wl_keyboard,
uint32_t serial, uint32_t time, uint32_t key, uint32_t state) {
2017-06-22 14:53:48 +00:00
struct wlr_input_device *dev = data;
assert(dev && dev->keyboard);
2017-06-22 13:41:59 +00:00
struct wlr_event_keyboard_key wlr_event = {
.keycode = key,
.state = state,
.time_msec = time,
.update_state = false,
};
wlr_keyboard_notify_key(dev->keyboard, &wlr_event);
2017-06-22 13:41:59 +00:00
}
static void keyboard_handle_modifiers(void *data, struct wl_keyboard *wl_keyboard,
uint32_t serial, uint32_t mods_depressed, uint32_t mods_latched,
uint32_t mods_locked, uint32_t group) {
struct wlr_input_device *dev = data;
assert(dev && dev->keyboard);
wlr_keyboard_notify_modifiers(dev->keyboard, mods_depressed, mods_latched,
mods_locked, group);
2017-06-22 13:41:59 +00:00
}
static void keyboard_handle_repeat_info(void *data, struct wl_keyboard *wl_keyboard,
int32_t rate, int32_t delay) {
}
static struct wl_keyboard_listener keyboard_listener = {
.keymap = keyboard_handle_keymap,
.enter = keyboard_handle_enter,
.leave = keyboard_handle_leave,
.key = keyboard_handle_key,
.modifiers = keyboard_handle_modifiers,
.repeat_info = keyboard_handle_repeat_info
};
static void input_device_destroy(struct wlr_input_device *wlr_dev) {
struct wlr_wl_input_device *dev = (struct wlr_wl_input_device *)wlr_dev;
if (dev->resource) {
2017-08-14 12:54:53 +00:00
wl_proxy_destroy(dev->resource);
}
2017-08-14 12:54:53 +00:00
free(dev);
}
static struct wlr_input_device_impl input_device_impl = {
2017-06-22 13:41:59 +00:00
.destroy = input_device_destroy
};
2017-12-19 19:20:32 +00:00
bool wlr_input_device_is_wl(struct wlr_input_device *dev) {
return dev->impl == &input_device_impl;
}
static struct wlr_input_device *allocate_device(struct wlr_wl_backend *backend,
enum wlr_input_device_type type) {
2017-08-14 12:54:53 +00:00
struct wlr_wl_input_device *wlr_wl_dev;
if (!(wlr_wl_dev = calloc(1, sizeof(struct wlr_wl_input_device)))) {
wlr_log_errno(L_ERROR, "Allocation failed");
return NULL;
}
2017-08-14 12:54:53 +00:00
wlr_wl_dev->backend = backend;
int vendor = 0;
int product = 0;
2017-06-22 14:53:48 +00:00
const char *name = "wayland";
2017-08-14 12:54:53 +00:00
struct wlr_input_device *wlr_device = &wlr_wl_dev->wlr_input_device;
wlr_input_device_init(wlr_device, type, &input_device_impl,
name, vendor, product);
wl_list_insert(&backend->devices, &wlr_device->link);
return wlr_device;
}
static void pointer_handle_output_destroy(struct wl_listener *listener,
wayland backend: fix use-after free on output destroy ==12021==ERROR: AddressSanitizer: heap-use-after-free on address 0x617000015698 at pc 0x7f1a9abe1c09 bp 0x7ffe9068f6b0 sp 0x7ffe9068f6a0 WRITE of size 4 at 0x617000015698 thread T0 #0 0x7f1a9abe1c08 in pointer_handle_leave ../backend/wayland/wl_seat.c:40 #1 0x7f1a96ae7d1d in ffi_call_unix64 (/lib64/libffi.so.6+0x5d1d) #2 0x7f1a96ae768e in ffi_call (/lib64/libffi.so.6+0x568e) #3 0x7f1a988e0d8a (/lib64/libwayland-client.so.0+0x8d8a) #4 0x7f1a988dd927 (/lib64/libwayland-client.so.0+0x5927) #5 0x7f1a988debe3 in wl_display_dispatch_queue_pending (/lib64/libwayland-client.so.0+0x6be3) #6 0x7f1a9abdd6d6 in dispatch_events ../backend/wayland/backend.c:28 #7 0x7f1a9a968c11 in wl_event_loop_dispatch (/lib64/libwayland-server.so.0+0x9c11) #8 0x7f1a9a967449 in wl_display_run (/lib64/libwayland-server.so.0+0x8449) #9 0x418dff in main ../rootston/main.c:81 #10 0x7f1a99b5ef29 in __libc_start_main (/lib64/libc.so.6+0x20f29) #11 0x4057c9 in _start (/home/shared/wayland/wlroots/build/rootston/rootston+0x4057c9) 0x617000015698 is located 664 bytes inside of 696-byte region [0x617000015400,0x6170000156b8) freed by thread T0 here: #0 0x7f1a9af754b8 in __interceptor_free (/lib64/libasan.so.4+0xde4b8) #1 0x7f1a9abe01ee in wlr_wl_output_destroy ../backend/wayland/output.c:194 #2 0x7f1a9ac12918 in wlr_output_destroy ../types/wlr_output.c:299 #3 0x7f1a9abe061b in xdg_toplevel_handle_close ../backend/wayland/output.c:255 #4 0x7f1a96ae7d1d in ffi_call_unix64 (/lib64/libffi.so.6+0x5d1d) #5 0x7f1a96ae768e in ffi_call (/lib64/libffi.so.6+0x568e) #6 0x7f1a988e0d8a (/lib64/libwayland-client.so.0+0x8d8a) #7 0x7f1a988dd927 (/lib64/libwayland-client.so.0+0x5927) #8 0x7f1a988debe3 in wl_display_dispatch_queue_pending (/lib64/libwayland-client.so.0+0x6be3) #9 0x7f1a9abdd6d6 in dispatch_events ../backend/wayland/backend.c:28 #10 0x7f1a9a968c11 in wl_event_loop_dispatch (/lib64/libwayland-server.so.0+0x9c11) #11 0x7f1a9a967449 in wl_display_run (/lib64/libwayland-server.so.0+0x8449) #12 0x418dff in main ../rootston/main.c:81 #13 0x7f1a99b5ef29 in __libc_start_main (/lib64/libc.so.6+0x20f29) #14 0x4057c9 in _start (/home/shared/wayland/wlroots/build/rootston/rootston+0x4057c9) previously allocated by thread T0 here: #0 0x7f1a9af75a38 in __interceptor_calloc (/lib64/libasan.so.4+0xdea38) #1 0x7f1a9abe0703 in wlr_wl_output_create ../backend/wayland/output.c:272 #2 0x7f1a9abdd8eb in wlr_wl_backend_start ../backend/wayland/backend.c:55 #3 0x7f1a9abbeb49 in wlr_backend_start ../backend/backend.c:28 #4 0x7f1a9abd8ce1 in multi_backend_start ../backend/multi/backend.c:24 #5 0x7f1a9abbeb49 in wlr_backend_start ../backend/backend.c:28 #6 0x418c32 in main ../rootston/main.c:58 #7 0x7f1a99b5ef29 in __libc_start_main (/lib64/libc.so.6+0x20f29) #8 0x4057c9 in _start (/home/shared/wayland/wlroots/build/rootston/rootston+0x4057c9)
2018-03-17 16:11:43 +00:00
void *data) {
struct wlr_wl_pointer *wlr_wl_pointer =
wl_container_of(listener, wlr_wl_pointer, output_destroy_listener);
wlr_wl_pointer->current_output = NULL;
wl_list_remove(&wlr_wl_pointer->output_destroy_listener.link);
}
2017-04-25 23:19:21 +00:00
static void seat_handle_capabilities(void *data, struct wl_seat *wl_seat,
enum wl_seat_capability caps) {
struct wlr_wl_backend *backend = data;
assert(backend->seat == wl_seat);
2017-04-25 23:33:13 +00:00
if ((caps & WL_SEAT_CAPABILITY_POINTER)) {
2017-06-22 14:53:48 +00:00
wlr_log(L_DEBUG, "seat %p offered pointer", (void*) wl_seat);
2017-08-14 13:55:48 +00:00
struct wlr_wl_pointer *wlr_wl_pointer;
if (!(wlr_wl_pointer = calloc(1, sizeof(struct wlr_wl_pointer)))) {
wlr_log(L_ERROR, "Unable to allocate wlr_wl_pointer");
2017-06-22 14:53:48 +00:00
return;
}
wayland backend: fix use-after free on output destroy ==12021==ERROR: AddressSanitizer: heap-use-after-free on address 0x617000015698 at pc 0x7f1a9abe1c09 bp 0x7ffe9068f6b0 sp 0x7ffe9068f6a0 WRITE of size 4 at 0x617000015698 thread T0 #0 0x7f1a9abe1c08 in pointer_handle_leave ../backend/wayland/wl_seat.c:40 #1 0x7f1a96ae7d1d in ffi_call_unix64 (/lib64/libffi.so.6+0x5d1d) #2 0x7f1a96ae768e in ffi_call (/lib64/libffi.so.6+0x568e) #3 0x7f1a988e0d8a (/lib64/libwayland-client.so.0+0x8d8a) #4 0x7f1a988dd927 (/lib64/libwayland-client.so.0+0x5927) #5 0x7f1a988debe3 in wl_display_dispatch_queue_pending (/lib64/libwayland-client.so.0+0x6be3) #6 0x7f1a9abdd6d6 in dispatch_events ../backend/wayland/backend.c:28 #7 0x7f1a9a968c11 in wl_event_loop_dispatch (/lib64/libwayland-server.so.0+0x9c11) #8 0x7f1a9a967449 in wl_display_run (/lib64/libwayland-server.so.0+0x8449) #9 0x418dff in main ../rootston/main.c:81 #10 0x7f1a99b5ef29 in __libc_start_main (/lib64/libc.so.6+0x20f29) #11 0x4057c9 in _start (/home/shared/wayland/wlroots/build/rootston/rootston+0x4057c9) 0x617000015698 is located 664 bytes inside of 696-byte region [0x617000015400,0x6170000156b8) freed by thread T0 here: #0 0x7f1a9af754b8 in __interceptor_free (/lib64/libasan.so.4+0xde4b8) #1 0x7f1a9abe01ee in wlr_wl_output_destroy ../backend/wayland/output.c:194 #2 0x7f1a9ac12918 in wlr_output_destroy ../types/wlr_output.c:299 #3 0x7f1a9abe061b in xdg_toplevel_handle_close ../backend/wayland/output.c:255 #4 0x7f1a96ae7d1d in ffi_call_unix64 (/lib64/libffi.so.6+0x5d1d) #5 0x7f1a96ae768e in ffi_call (/lib64/libffi.so.6+0x568e) #6 0x7f1a988e0d8a (/lib64/libwayland-client.so.0+0x8d8a) #7 0x7f1a988dd927 (/lib64/libwayland-client.so.0+0x5927) #8 0x7f1a988debe3 in wl_display_dispatch_queue_pending (/lib64/libwayland-client.so.0+0x6be3) #9 0x7f1a9abdd6d6 in dispatch_events ../backend/wayland/backend.c:28 #10 0x7f1a9a968c11 in wl_event_loop_dispatch (/lib64/libwayland-server.so.0+0x9c11) #11 0x7f1a9a967449 in wl_display_run (/lib64/libwayland-server.so.0+0x8449) #12 0x418dff in main ../rootston/main.c:81 #13 0x7f1a99b5ef29 in __libc_start_main (/lib64/libc.so.6+0x20f29) #14 0x4057c9 in _start (/home/shared/wayland/wlroots/build/rootston/rootston+0x4057c9) previously allocated by thread T0 here: #0 0x7f1a9af75a38 in __interceptor_calloc (/lib64/libasan.so.4+0xdea38) #1 0x7f1a9abe0703 in wlr_wl_output_create ../backend/wayland/output.c:272 #2 0x7f1a9abdd8eb in wlr_wl_backend_start ../backend/wayland/backend.c:55 #3 0x7f1a9abbeb49 in wlr_backend_start ../backend/backend.c:28 #4 0x7f1a9abd8ce1 in multi_backend_start ../backend/multi/backend.c:24 #5 0x7f1a9abbeb49 in wlr_backend_start ../backend/backend.c:28 #6 0x418c32 in main ../rootston/main.c:58 #7 0x7f1a99b5ef29 in __libc_start_main (/lib64/libc.so.6+0x20f29) #8 0x4057c9 in _start (/home/shared/wayland/wlroots/build/rootston/rootston+0x4057c9)
2018-03-17 16:11:43 +00:00
wlr_wl_pointer->output_destroy_listener.notify =
pointer_handle_output_destroy;
2017-06-22 14:53:48 +00:00
struct wlr_input_device *wlr_device;
if (!(wlr_device = allocate_device(backend, WLR_INPUT_DEVICE_POINTER))) {
2017-08-14 13:55:48 +00:00
free(wlr_wl_pointer);
2017-06-22 14:53:48 +00:00
wlr_log(L_ERROR, "Unable to allocate wlr_device for pointer");
2017-04-25 23:33:13 +00:00
return;
}
2017-08-14 12:54:53 +00:00
struct wlr_wl_input_device *wlr_wl_device =
(struct wlr_wl_input_device *)wlr_device;
2017-04-25 23:33:13 +00:00
2017-06-22 14:53:48 +00:00
struct wl_pointer *wl_pointer = wl_seat_get_pointer(wl_seat);
wl_pointer_add_listener(wl_pointer, &pointer_listener, wlr_device);
2017-08-14 13:55:48 +00:00
wlr_device->pointer = &wlr_wl_pointer->wlr_pointer;
wlr_pointer_init(wlr_device->pointer, NULL);
2017-08-14 12:54:53 +00:00
wlr_wl_device->resource = wl_pointer;
wlr_signal_emit_safe(&backend->backend.events.new_input, wlr_device);
2017-08-14 16:19:42 +00:00
backend->pointer = wl_pointer;
}
2017-04-25 23:33:13 +00:00
if ((caps & WL_SEAT_CAPABILITY_KEYBOARD)) {
2017-06-22 14:53:48 +00:00
wlr_log(L_DEBUG, "seat %p offered keyboard", (void*) wl_seat);
struct wlr_input_device *wlr_device = allocate_device(backend,
WLR_INPUT_DEVICE_KEYBOARD);
2017-06-22 14:53:48 +00:00
if (!wlr_device) {
wlr_log(L_ERROR, "Unable to allocate wl_keyboard device");
2017-04-25 23:33:13 +00:00
return;
}
2017-08-14 13:41:14 +00:00
wlr_device->keyboard = calloc(1, sizeof(struct wlr_keyboard));
if (!wlr_device->keyboard) {
free(wlr_device);
wlr_log(L_ERROR, "Unable to allocate wlr keyboard");
return;
}
wlr_keyboard_init(wlr_device->keyboard, NULL);
2017-08-14 12:54:53 +00:00
struct wlr_wl_input_device *wlr_wl_device =
(struct wlr_wl_input_device *)wlr_device;
2017-06-22 14:53:48 +00:00
struct wl_keyboard *wl_keyboard = wl_seat_get_keyboard(wl_seat);
wl_keyboard_add_listener(wl_keyboard, &keyboard_listener, wlr_device);
2017-08-14 12:54:53 +00:00
wlr_wl_device->resource = wl_keyboard;
wlr_signal_emit_safe(&backend->backend.events.new_input, wlr_device);
2017-04-25 23:33:13 +00:00
}
2017-04-25 23:19:21 +00:00
}
static void seat_handle_name(void *data, struct wl_seat *wl_seat, const char *name) {
struct wlr_wl_backend *backend = data;
assert(backend->seat == wl_seat);
2017-08-11 23:19:45 +00:00
// Do we need to check if seatName was previously set for name change?
free(backend->seat_name);
backend->seat_name = strdup(name);
2017-04-25 23:19:21 +00:00
}
const struct wl_seat_listener seat_listener = {
.capabilities = seat_handle_capabilities,
.name = seat_handle_name,
};