Commit Graph

484 Commits

Author SHA1 Message Date
Uli Schlachter c7f8b28d8d Fix use-after-free in x11 backend during shutdown
The xcb_connection_t instance that is used here comes from
XGetXCBConnection(), is created by XOpenDisplay(), and is owned by the
returned Display*. Calling xcb_disconnect() directly on it leads to
various use-after-frees during shutdown, as reported by valgrind. The
first one of the about 30 errors is:

    Invalid read of size 4
       at 0x71F2051: xcb_take_socket (in /usr/lib64/libxcb.so.1.1.0)
       by 0x78551DD: ??? (in /usr/lib64/libX11.so.6.3.0)
       by 0x7855A14: _XFlush (in /usr/lib64/libX11.so.6.3.0)
       by 0x7858504: _XGetRequest (in /usr/lib64/libX11.so.6.3.0)
       by 0x7838966: XFreeGC (in /usr/lib64/libX11.so.6.3.0)
       by 0x783238B: XCloseDisplay (in /usr/lib64/libX11.so.6.3.0)
       by 0x4E680C2: wlr_x11_backend_destroy (backend.c:333)
       by 0x4E57E94: wlr_backend_destroy (backend.c:39)
       by 0x4E629FB: multi_backend_destroy (backend.c:47)
       by 0x4E62B5A: handle_display_destroy (backend.c:90)
       by 0x50B7E9F: ??? (in /usr/lib64/libwayland-server.so.0.1.0)
       by 0x50B8476: wl_display_destroy (in /usr/lib64/libwayland-server.so.0.1.0)
     Address 0xc14dda0 is 0 bytes inside a block of size 21,152 free'd
       at 0x4C2DD18: free (vg_replace_malloc.c:530)
       by 0x4E680A5: wlr_x11_backend_destroy (backend.c:330)
       by 0x4E57E94: wlr_backend_destroy (backend.c:39)
       by 0x4E629FB: multi_backend_destroy (backend.c:47)
       by 0x4E62B5A: handle_display_destroy (backend.c:90)
       by 0x50B7E9F: ??? (in /usr/lib64/libwayland-server.so.0.1.0)
       by 0x50B8476: wl_display_destroy (in /usr/lib64/libwayland-server.so.0.1.0)
       by 0x40C54E: main (main.c:84)
     Block was alloc'd at
       at 0x4C2EA1E: calloc (vg_replace_malloc.c:711)
       by 0x71F0C60: xcb_connect_to_fd (in /usr/lib64/libxcb.so.1.1.0)
       by 0x71F4BD4: xcb_connect_to_display_with_auth_info (in /usr/lib64/libxcb.so.1.1.0)
       by 0x7854AA1: _XConnectXCB (in /usr/lib64/libX11.so.6.3.0)
       by 0x7845481: XOpenDisplay (in /usr/lib64/libX11.so.6.3.0)
       by 0x4E681B6: wlr_x11_backend_create (backend.c:376)
       by 0x4E580EE: wlr_backend_autocreate (backend.c:99)
       by 0x40C27D: main (main.c:35)

Normally, one would expect this to crash during XCloseDisplay() when
xcb_disconnect() is called again and frees the same data again (glibc would
detect a double free). However, XCloseDisplay() tries to clean up some internal
caches first for which it has to send requests to the X11 server (e.g. the
XFreeGC() above). This fails since the file descriptor was already closed,
which causes an IO error. Xlib's _XDefaultIOError() handles this by printing an
error message and calling exit(1).

Thus, the only symptom of this problem was compositors exiting
mid-shutdown and printing an error message:

    XIO:  fatal IO error 11 (Resource temporarily unavailable) on X server ":0"
          after 6 requests (6 known processed) with 0 events remaining.

Fixes: https://github.com/swaywm/wlroots/issues/745
Signed-off-by: Uli Schlachter <psychon@znc.in>
2018-03-26 10:48:30 +02:00
emersion a854c2f246
Merge branch 'master' into gles2-renderer-redesign 2018-03-23 00:55:55 +01:00
Drew DeVault ef3769851f
Merge pull request #740 from emersion/egl-debug
render/egl: use EGL_KHR_debug
2018-03-22 18:54:21 -04:00
Dominique Martinet d5e14ab247 wayland backend: fix use-after free on output destroy
==12021==ERROR: AddressSanitizer: heap-use-after-free on address 0x617000015698 at pc 0x7f1a9abe1c09 bp 0x7ffe9068f6b0 sp 0x7ffe9068f6a0
WRITE of size 4 at 0x617000015698 thread T0
    #0 0x7f1a9abe1c08 in pointer_handle_leave ../backend/wayland/wl_seat.c:40
    #1 0x7f1a96ae7d1d in ffi_call_unix64 (/lib64/libffi.so.6+0x5d1d)
    #2 0x7f1a96ae768e in ffi_call (/lib64/libffi.so.6+0x568e)
    #3 0x7f1a988e0d8a  (/lib64/libwayland-client.so.0+0x8d8a)
    #4 0x7f1a988dd927  (/lib64/libwayland-client.so.0+0x5927)
    #5 0x7f1a988debe3 in wl_display_dispatch_queue_pending (/lib64/libwayland-client.so.0+0x6be3)
    #6 0x7f1a9abdd6d6 in dispatch_events ../backend/wayland/backend.c:28
    #7 0x7f1a9a968c11 in wl_event_loop_dispatch (/lib64/libwayland-server.so.0+0x9c11)
    #8 0x7f1a9a967449 in wl_display_run (/lib64/libwayland-server.so.0+0x8449)
    #9 0x418dff in main ../rootston/main.c:81
    #10 0x7f1a99b5ef29 in __libc_start_main (/lib64/libc.so.6+0x20f29)
    #11 0x4057c9 in _start (/home/shared/wayland/wlroots/build/rootston/rootston+0x4057c9)

0x617000015698 is located 664 bytes inside of 696-byte region [0x617000015400,0x6170000156b8)
freed by thread T0 here:
    #0 0x7f1a9af754b8 in __interceptor_free (/lib64/libasan.so.4+0xde4b8)
    #1 0x7f1a9abe01ee in wlr_wl_output_destroy ../backend/wayland/output.c:194
    #2 0x7f1a9ac12918 in wlr_output_destroy ../types/wlr_output.c:299
    #3 0x7f1a9abe061b in xdg_toplevel_handle_close ../backend/wayland/output.c:255
    #4 0x7f1a96ae7d1d in ffi_call_unix64 (/lib64/libffi.so.6+0x5d1d)
    #5 0x7f1a96ae768e in ffi_call (/lib64/libffi.so.6+0x568e)
    #6 0x7f1a988e0d8a  (/lib64/libwayland-client.so.0+0x8d8a)
    #7 0x7f1a988dd927  (/lib64/libwayland-client.so.0+0x5927)
    #8 0x7f1a988debe3 in wl_display_dispatch_queue_pending (/lib64/libwayland-client.so.0+0x6be3)
    #9 0x7f1a9abdd6d6 in dispatch_events ../backend/wayland/backend.c:28
    #10 0x7f1a9a968c11 in wl_event_loop_dispatch (/lib64/libwayland-server.so.0+0x9c11)
    #11 0x7f1a9a967449 in wl_display_run (/lib64/libwayland-server.so.0+0x8449)
    #12 0x418dff in main ../rootston/main.c:81
    #13 0x7f1a99b5ef29 in __libc_start_main (/lib64/libc.so.6+0x20f29)
    #14 0x4057c9 in _start (/home/shared/wayland/wlroots/build/rootston/rootston+0x4057c9)

previously allocated by thread T0 here:
    #0 0x7f1a9af75a38 in __interceptor_calloc (/lib64/libasan.so.4+0xdea38)
    #1 0x7f1a9abe0703 in wlr_wl_output_create ../backend/wayland/output.c:272
    #2 0x7f1a9abdd8eb in wlr_wl_backend_start ../backend/wayland/backend.c:55
    #3 0x7f1a9abbeb49 in wlr_backend_start ../backend/backend.c:28
    #4 0x7f1a9abd8ce1 in multi_backend_start ../backend/multi/backend.c:24
    #5 0x7f1a9abbeb49 in wlr_backend_start ../backend/backend.c:28
    #6 0x418c32 in main ../rootston/main.c:58
    #7 0x7f1a99b5ef29 in __libc_start_main (/lib64/libc.so.6+0x20f29)
    #8 0x4057c9 in _start (/home/shared/wayland/wlroots/build/rootston/rootston+0x4057c9)
2018-03-22 21:27:49 +01:00
Dominique Martinet b0c2bbebd1 x11 backend: fix various leaks
- xcb_query_pointer_reply return value needs to be freed
 - call XCloseDisplay
 - remove wl event_source
2018-03-22 21:25:41 +01:00
emersion 60bfe0a6aa
backend/drm: remove remaining raw GL call
This makes the hardware cursor code a less efficient. Can be
fixed with a GLES3 renderer.
2018-03-21 11:34:08 +01:00
emersion b1f93bc5cc
render/egl: use EGL_KHR_debug 2018-03-21 10:42:43 +01:00
emersion 3581573bdc
render/gles2: make wlr_renderer_begin take viewport size
This allows raw GL calls outside wlr_renderer to be removed.
2018-03-21 07:37:09 +01:00
emersion c41de2d1be
render: split render.h into wlr_renderer.h and wlr_texture.h 2018-03-19 23:16:29 +01:00
emersion 6227da96b1
backend/drm: don't hardcode matrix 2018-03-18 11:34:23 +01:00
emersion 7894fca224
matrix: rename wlr_matrix_texture to wlr_matrix_projection 2018-03-15 21:26:45 +01:00
emersion 876f07e9f1
renderer: replace wlr_texture_get_matrix by wlr_render_texture 2018-03-15 19:31:02 +01:00
emersion 824a95ad19
matrix: use 2D matrices 2018-03-15 15:33:58 +01:00
emersion d26b67cb06
matrix: unify API, don't use array pointers 2018-03-15 11:10:56 +01:00
emersion b6a3f240c7
matrix: move to types/ 2018-03-15 09:11:27 +01:00
Tony Crisci efa9eeb5d5
Merge pull request #716 from emersion/fix-cursor-hotspot-update
Fix cursor hotspot update
2018-03-12 21:50:07 -04:00
emersion d24f868bbe
backend/drm: fix cursor hotspot not updated 2018-03-12 19:34:43 +01:00
emersion 7cdad5cde4
Merge pull request #710 from emersion/dont-move-hidden-cursors
output: don't move hidden cursors
2018-03-12 14:25:20 +01:00
emersion 92ca4ad474
backend/drm: refactor wlr_drm_connector_set_cursor 2018-03-11 11:40:03 +01:00
Drew DeVault bfc0e95d2c Add mode support to libinput backend
And extend tablet example with tilt and ring support
2018-03-07 20:57:55 -05:00
Scott Anderson 3c9fc7c68e Add const to x11 and input interfaces 2018-03-06 21:16:18 +13:00
Scott Anderson 902d6cc240 Use xcb atoms properly 2018-03-06 21:15:47 +13:00
Markus Ongyerth 2cea430488 prevent current_mode null on output_enable(false)
The current mode was set to NULL to abuse it as state variable
persisting DRM suspend/resume, this results resulted in a segfault on
normal DPMS cycle.

This reverts that change and uses the wlr_output enabled variable, which
also persists and makes more sense.
2018-03-01 15:48:25 +01:00
Markus Ongyerth a65ef8ea86 restore dpms state on drm resume
If there is no current mode, set outputs to dpms off in drm resume.
Sets current mode to null on disable to ensure this can be checked.
2018-02-26 18:12:51 +01:00
Drew DeVault 3296365ce5
Merge pull request #659 from agx/alpha
Make wlr_render_with_matrix use alpha
2018-02-25 13:16:35 -05:00
Guido Günther d08792bfff Add alpha to wlr_render_with_matrix
so we can use the alpha channel to e.g. blend in textures
2018-02-25 13:47:48 +01:00
Drew DeVault 7da653bbb4
Merge pull request #669 from acrisci/headless-output-frame-timer
destroy frame timer in headless output
2018-02-25 00:26:32 -05:00
Tony Crisci 721e4ec55f remove frame timer from headless output 2018-02-24 22:32:57 -05:00
Dan Robertson 99e6cba3c3
Fix null deref in wlr_libinput_backend_destroy
If input_event is null (e.g. if backend_start has not been called yet)
wl_event_source_remove will result in a null deref.
2018-02-25 02:26:56 +00:00
Tony Crisci 94d53d53f9
Merge pull request #657 from emersion/wl-backend-uninitialized-field
backend/wayland: fix uninitialized wlr_event_keyboard_key::update_state
2018-02-24 10:14:22 -05:00
Guido Günther 9716aa9b92 x11: parse vendor and model out of xcb setup information 2018-02-23 09:52:56 +01:00
emersion 11e5f0bac8
backend/wayland: fix uninitialized wlr_event_keyboard_key::update_state 2018-02-23 09:40:31 +01:00
Drew DeVault 1d9be89e2d
Revert "ELF Visibility" 2018-02-19 18:01:27 -05:00
Drew DeVault 868ad5af69
Merge pull request #647 from ascent12/elf_visibility
ELF Visibility
2018-02-18 21:49:23 -05:00
Scott Anderson 86269052eb Explicitly export EFL symbols 2018-02-19 14:26:40 +13:00
Guido Günther 15afef6cbc x11 backend: set window title
This makes windows identifiable in the window list
2018-02-18 23:42:04 +01:00
Scott Anderson f27c0b44b8 Remove usec_to_msec from public API 2018-02-19 10:43:25 +13:00
Rodrigo Lourenço 168e26489a Add missing dependencies 2018-02-14 18:42:39 +00:00
emersion c2e1474010
Reformat all #include directives 2018-02-12 21:29:23 +01:00
emersion 36ead80cd1
Make wlr_signal_emit_safe private 2018-02-12 19:52:47 +01:00
emersion 10ecf871f2
Remove wlr_backend.events.{output_remove,device_remove} 2018-02-12 10:36:43 +01:00
emersion 5e58d46cc1
Add wlr_signal_emit_safe 2018-02-12 09:12:31 +01:00
Drew DeVault 664d7bfe4e
Merge pull request #618 from VincentVanlaer/atomic-gamma
Add atomic gamma control
2018-02-10 09:51:09 -05:00
Drew DeVault 8fc7edd636
Merge pull request #623 from martinetd/mesonopt
Meson option enhancements
2018-02-10 09:49:13 -05:00
Dominique Martinet 435aec0033 meson build: only link with deps when required by options 2018-02-10 11:30:47 +01:00
Dominique Martinet 19d7edb430 meson.build status: print actual build options in message
We were printing the option intent (true by default for all), but
some are disabled when a component is not found and this was not
reflected.
2018-02-10 10:44:42 +01:00
Vincent Vanlaer 7cb828ac70 Fallback gamma on legacy if properties don't exist 2018-02-10 10:24:49 +01:00
emersion bf6d245400
Swap buffers with damage 2018-02-09 22:54:14 +01:00
Vincent Vanlaer dd69d7b764 Use VLA instead of heap alloc 2018-02-09 19:37:01 +01:00
Vincent Vanlaer 0232269a2d Fix style 2018-02-09 19:35:44 +01:00