Commit Graph

4338 Commits

Author SHA1 Message Date
Dominique Martinet 4a1c9a1925 xwm: fix use-after-free involving parents/children
Happens when e.g. closing gimp.

==24039==ERROR: AddressSanitizer: heap-use-after-free on address 0x6150001a7a78 at pc 0x7f09b09f1bb2 bp 0x7ffcf0237bf0 sp 0x7ffcf0237be0
WRITE of size 8 at 0x6150001a7a78 thread T0
    #0 0x7f09b09f1bb1 in wl_list_remove ../util/signal.c:55
    #1 0x7f09b094cf03 in xwayland_surface_destroy ../xwayland/xwm.c:295
    #2 0x7f09b0950245 in xwm_handle_destroy_notify ../xwayland/xwm.c:717
    #3 0x7f09b095304a in x11_event_handler ../xwayland/xwm.c:1149
    #4 0x7f09b0c68f01 in wl_event_loop_dispatch src/event-loop.c:641
    #5 0x7f09b0c67601 in wl_display_run src/wayland-server.c:1260
    #6 0x40a2f4 in main ../sway/main.c:433
    #7 0x7f09b011018a in __libc_start_main (/lib64/libc.so.6+0x2318a)
    #8 0x40b749 in _start (/opt/wayland/bin/sway+0x40b749)

0x6150001a7a78 is located 120 bytes inside of 496-byte region [0x6150001a7a00,0x6150001a7bf0)
freed by thread T0 here:
    #0 0x7f09b2b58880 in __interceptor_free (/lib64/libasan.so.5+0xee880)
    #1 0x7f09b094d1a1 in xwayland_surface_destroy ../xwayland/xwm.c:315
    #2 0x7f09b0950245 in xwm_handle_destroy_notify ../xwayland/xwm.c:717
    #3 0x7f09b095304a in x11_event_handler ../xwayland/xwm.c:1149
    #4 0x7f09b0c68f01 in wl_event_loop_dispatch src/event-loop.c:641
    #5 0x7f09b0c67601 in wl_display_run src/wayland-server.c:1260
    #6 0x40a2f4 in main ../sway/main.c:433
    #7 0x7f09b011018a in __libc_start_main (/lib64/libc.so.6+0x2318a)
    #8 0x40b749 in _start (/opt/wayland/bin/sway+0x40b749)

previously allocated by thread T0 here:
    #0 0x7f09b2b58e50 in calloc (/lib64/libasan.so.5+0xeee50)
    #1 0x7f09b094b585 in xwayland_surface_create ../xwayland/xwm.c:119
    #2 0x7f09b0950151 in xwm_handle_create_notify ../xwayland/xwm.c:706
    #3 0x7f09b0953032 in x11_event_handler ../xwayland/xwm.c:1146
    #4 0x7f09b0c68f01 in wl_event_loop_dispatch src/event-loop.c:641
    #5 0x7f09b0c67601 in wl_display_run src/wayland-server.c:1260
    #6 0x40a2f4 in main ../sway/main.c:433
    #7 0x7f09b011018a in __libc_start_main (/lib64/libc.so.6+0x2318a)
    #8 0x40b749 in _start (/opt/wayland/bin/sway+0x40b749)
2018-06-25 17:28:44 +09:00
Dominique Martinet 954969698a wlr_primary_selection: fix use-after-free when cancelling source
seat->primary_election_source_destroy points to the source that just got
freed by the cancel.

==7843==ERROR: AddressSanitizer: heap-use-after-free on address 0x60b0004269b0 at pc 0x7fb95bf4ccd0 bp 0x7ffd75013940 s
p 0x7ffd75013930
WRITE of size 8 at 0x60b0004269b0 thread T0
    #0 0x7fb95bf4cccf in wl_list_remove ../util/signal.c:55
    #1 0x7fb95bf3f4c6 in wlr_seat_set_primary_selection ../types/wlr_primary_selection.c:238
    #2 0x7fb95becb1a7 in xwm_handle_selection_event ../xwayland/selection/selection.c:124
    #3 0x7fb95bed2e5d in x11_event_handler ../xwayland/xwm.c:1139
    #4 0x7fb95c1bdf01 in wl_event_loop_dispatch src/event-loop.c:641
    #5 0x7fb95c1bc601 in wl_display_run src/wayland-server.c:1260
    #6 0x40a2f4 in main ../sway/main.c:433
    #7 0x7fb95b69718a in __libc_start_main (/lib64/libc.so.6+0x2318a)
    #8 0x40b749 in _start (/opt/wayland/bin/sway+0x40b749)

0x60b0004269b0 is located 64 bytes inside of 112-byte region [0x60b000426970,0x60b0004269e0)
freed by thread T0 here:
    #0 0x7fb95e0ad880 in __interceptor_free (/lib64/libasan.so.5+0xee880)
    #1 0x7fb95bf3f49e in wlr_seat_set_primary_selection ../types/wlr_primary_selection.c:236
    #2 0x7fb95becb1a7 in xwm_handle_selection_event ../xwayland/selection/selection.c:124
    #3 0x7fb95bed2e5d in x11_event_handler ../xwayland/xwm.c:1139
    #4 0x7fb95c1bdf01 in wl_event_loop_dispatch src/event-loop.c:641

previously allocated by thread T0 here:
    #0 0x7fb95e0ade50 in calloc (/lib64/libasan.so.5+0xeee50)
    #1 0x7fb95bec7ad6 in xwm_selection_get_targets ../xwayland/selection/incoming.c:355
    #2 0x7fb95bec7ad6 in xwm_handle_selection_notify ../xwayland/selection/incoming.c:402
    #3 0x7fb95becb1a7 in xwm_handle_selection_event ../xwayland/selection/selection.c:124
    #4 0x7fb95bed2e5d in x11_event_handler ../xwayland/xwm.c:1139
    #5 0x7fb95c1bdf01 in wl_event_loop_dispatch src/event-loop.c:641

SUMMARY: AddressSanitizer: heap-use-after-free ../util/signal.c:55 in wl_list_remove
Shadow bytes around the buggy address:
  0x0c168007cce0: fd fd fd fa fa fa fa fa fa fa fa fa fd fd fd fd
  0x0c168007ccf0: fd fd fd fd fd fd fd fd fd fa fa fa fa fa fa fa
  0x0c168007cd00: fa fa fd fd fd fd fd fd fd fd fd fd fd fd fd fa
  0x0c168007cd10: fa fa fa fa fa fa fa fa fd fd fd fd fd fd fd fd
  0x0c168007cd20: fd fd fd fd fd fa fa fa fa fa fa fa fa fa fd fd
=>0x0c168007cd30: fd fd fd fd fd fd[fd]fd fd fd fd fd fa fa fa fa
  0x0c168007cd40: fa fa fa fa fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c168007cd50: fd fa fa fa fa fa fa fa fa fa fd fd fd fd fd fd
  0x0c168007cd60: fd fd fd fd fd fd fd fa fa fa fa fa fa fa fa fa
  0x0c168007cd70: fd fd fd fd fd fd fd fd fd fd fd fd fd fa fa fa
  0x0c168007cd80: fa fa fa fa fa fa fd fd fd fd fd fd fd fd fd fd
2018-06-25 17:28:44 +09:00
Rostislav Pehlivanov 5707653e85 examples/dmabuf-capture: move encoding to a separate thread
Drop new frames if too slow. Speeds up encoding significantly, even with vaapi.
2018-06-25 06:41:59 +01:00
Drew DeVault 253a88f030
Merge pull request #1086 from acrisci/input-inhibit-emit-safe
input-inhibit: use wlr_signal_emit_safe
2018-06-24 16:44:53 -07:00
Tony Crisci a2ff144429 input-inhibit: use wlr_signal_emit_safe 2018-06-24 19:33:15 -04:00
Drew DeVault 4c6d80606d
Merge pull request #1085 from acrisci/xdg-popup-grab-fixes
xdg-shell: end pointer and keyboard grab at the same time
2018-06-24 16:07:01 -07:00
Tony Crisci 006edc9dcb xdg-shell: end pointer and keyboard grab at the same time 2018-06-24 18:50:04 -04:00
Tony Crisci 0fa784de0e
Merge pull request #1054 from swaywm/cancel-grab-on-focus-change
rootston: Cancel existing keyboard grab when changing focus
2018-06-24 18:38:52 -04:00
Tony Crisci 356e466d5a use seat function to end grab 2018-06-24 18:18:30 -04:00
Tony Crisci e8c0996b93 Merge branch 'master' into cancel-grab-on-focus-change 2018-06-24 18:16:42 -04:00
Drew DeVault e459fe0ec7
Merge pull request #992 from emersion/screencontent
Implement wlr_export_dmabuf_unstable_v1 protocol
2018-06-22 05:37:07 -07:00
Drew DeVault 47c7674a68
Merge pull request #1075 from emersion/fix-xdg-toplevel-compare
xdg-shell{,-v6}: fix compare_xdg_surface_toplevel_state
2018-06-20 18:54:01 -07:00
emersion 0e3b35c87e
Merge pull request #1072 from emersion/surface-remove-matrices
surface: remove matrices
2018-06-20 21:29:17 +01:00
emersion a59774f364
xdg-shell{,-v6}: fix compare_xdg_surface_toplevel_state 2018-06-20 21:25:01 +01:00
Scott Anderson df876a7cf8
Merge pull request #1073 from tobiasblass/fix_recvmsg_endless_loop
FIX: Suprocess loops endlessly when the control socket closes.
2018-06-21 08:18:37 +12:00
Drew DeVault 637479ce05
Merge pull request #1071 from emersion/remove-wlr-frame-callback
surface: remove wlr_frame_callback
2018-06-20 13:04:26 -07:00
emersion 831b7297a4
surface: remove matrices
These were unused.
2018-06-20 21:01:35 +01:00
Tobias Blass 482fc48c74 FIX: Suprocess loops endlessly when the control socket closes.
recvmsg(3) returns 0 if the connection partner has shut down its socket.
The communicate function considered 0 a successful message, though, and
keeps calling recvmsg(3) again and again.
2018-06-20 22:00:45 +02:00
emersion a6c0e25d36
surface: remove wlr_frame_callback
This removes the need to allocate a structure for frame callbacks.
wl_resource_get_link is used instead.
2018-06-20 20:00:23 +01:00
emersion cc89906ddf
Merge pull request #1067 from emersion/fix-surface-double-release
surface: fix double wl_buffer.release events
2018-06-17 18:24:34 +01:00
Rostislav Pehlivanov ed7d5b0f53 Fix example 2018-06-17 15:19:17 +01:00
emersion 57548b557a
Merge branch 'master' into screencontent 2018-06-17 14:49:18 +01:00
emersion bd0c1b7949
export-dmabuf: update protocol 2018-06-17 14:19:45 +01:00
Rostislav Pehlivanov 9eddcbc376 Update example and protocol 2018-06-17 14:06:52 +01:00
emersion 843621714f
surface: fix double wl_buffer.release events
Prior to this commit, we re-uploaded the buffer even if a new one
wasn't attached. After uploading, we send wl_buffer.release. So,
this sequence of requests resulted in a double release:

    surface.attach(buffer, 0, 0)
    surface.commit()
    <- buffer.release()
    surface.commit()
    <- buffer.release()
2018-06-17 12:49:34 +01:00
Drew DeVault fb118ac996
Merge pull request #1062 from emersion/wlr-buffer-comeback
Add back wlr_buffer
2018-06-16 13:43:14 -07:00
emersion 225aa815b0
buffer: fix wlr_texture leak on failed alloc 2018-06-16 19:01:13 +01:00
emersion ac0f9acb06
Merge pull request #1066 from ammen99/master
layer-shell: check if the surface is mapped in layer_surface_destroy()
2018-06-16 15:44:01 +01:00
Ilia Bozhinov 23707f6504 layer-shell: check whether the surface is mapped in layer_surface_destroy()
If the layer surface has been closed by the compositor, using
layer_surface_close(), then the unmap event is emitted. However, when
the layer surface is later destroyed by the client, the compositor used
to get a second unmap, which is fixed with this commit.
2018-06-16 17:29:53 +03:00
Drew DeVault 8e33deb0be
Merge pull request #1063 from ascent12/multi-seat
Multiseat fixes
2018-06-14 10:37:06 -07:00
emersion da114d5013
buffer: don't destroy DMA-BUF textures with wl_buffer
After some discussions on #wayland, it seems that as soon as you
hold a reference to a DMA-BUF (via EGLImage for instance), the
underlying memory won't get free'd. The client is allowed to
re-use the DMA-BUF and upload something else to it though.
2018-06-14 10:15:14 +01:00
Scott Anderson 964e0a50be Check for seat0 properly 2018-06-14 21:02:32 +12:00
Scott Anderson 47985d2dc5 Multiseat fixes 2018-06-14 20:46:16 +12:00
emersion 73f924b5ec
Merge branch 'remove-surface-texture' into wlr-buffer-comeback 2018-06-14 08:56:49 +01:00
emersion 3a2ef75d3a
Add back wlr_buffer
This reverts commit d27eeaa14c.
2018-06-14 08:51:38 +01:00
Drew DeVault d27eeaa14c Revert "Merge pull request #1050 from emersion/wlr-buffer"
This reverts commit 5e4af4862e, reversing
changes made to 9a1f0e2d5f.
2018-06-13 19:57:42 -04:00
emersion 0378d143d9
surface: remove wlr_surface.texture
The texture is managed by the surface's wlr_buffer now. In
particular, the buffer can destroy the texture early if it becomes
invalid.
2018-06-13 19:38:10 +01:00
emersion d643361c48
Merge pull request #1047 from NotKit/gles2fix
Fix GLES2 renderer to use glGetUniformLocations locations
2018-06-13 15:37:16 +01:00
Drew DeVault 5e4af4862e
Merge pull request #1050 from emersion/wlr-buffer
Introduce wlr_buffer
2018-06-13 05:40:23 -07:00
NeKit 6f29db1044 gles2 renderer: introduce struct wlr_gles2_tex_shader 2018-06-13 13:43:01 +03:00
emersion 38d415dd20
buffer: make wlr_buffer_ref return the buffer 2018-06-11 08:13:35 +01:00
Genki Sky 28d718c0dd rootston: Cancel existing keyboard grab when changing focus
It's possible that a non-default keyboard grab exists when we are trying
to change focus. For example, say there is an XDG popup when we click on
a different window. This popup's keyboard grab will swallow any
keyboard_notify_enter(), meaning the newly-clicked window won't receive
keyboard input.

So, we cancel any existing grabs in roots_seat_set_focus(). Before this
fix, a window would have been set as active but not receive keyboard
entry.

Fixes #233.

Signed-off-by: Genki Sky <sky@genki.is>
2018-06-10 21:47:49 -04:00
Drew DeVault 9a1f0e2d5f
Merge pull request #1052 from VincentVanlaer/egl-damage-khr
Split eglSwapBuffersWithDamage feature detection
2018-06-09 10:19:40 -07:00
Vincent Vanlaer f1a62a3200 Rename egl.exts to match the extension names 2018-06-09 19:11:51 +02:00
emersion 9ea5b1a85e
Merge branch 'master' into wlr-buffer 2018-06-09 17:54:47 +01:00
Vincent Vanlaer 5ec6d8230d Split eglSwapBuffersWithDamage feature detection
Detecting whether eglSwapBuffersWithDamageEXT or
eglSwapBuffersWithDamageKHR is used should be based on the extension
string, not only on the availability of the function.
2018-06-09 11:39:14 +02:00
emersion 9179b438a5
Merge pull request #1051 from RedSoxFan/fix-atti-assert
Fix atti assert in wlr_egl_init
2018-06-09 08:06:24 +01:00
Brian Ashworth 18bbe2d897 Fix atti assert in wlr_egl_init 2018-06-08 20:25:36 -04:00
Drew DeVault 7f3ad497eb Merge branch 'surface-fix-buffer-release' 2018-06-08 19:54:11 -04:00
emersion 8770449eb7
Merge pull request #1028 from emersion/egl-context-priority
Request a high priority EGL context
2018-06-08 21:06:01 +01:00