mirrors/labwc
1
0
Fork 0
mirror of https://github.com/labwc/labwc.git synced 2025-11-30 06:59:52 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

layers.c: fix UAF bug on TTY change

Browse source 
Call seat_set_focus_layer(seat, NULL) in node-destroy-handler to avoid
seat->focused_layer becoming invalid and causing UAF issues in certain
situations like when outputs (and therefore layer-trees) are destroyed.

Fixes: #2863

Helped-by: @Consolatis
This commit is contained in:
Johan Malm 2025-06-29 22:09:16 +01:00 committed by Consolatis
parent ca01dcaa95
commit e365d5eaf0
1 changed files with 11 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

11
src/layers.c
View file

@ -310,6 +310,17 @@ handle_node_destroy(struct wl_listener *listener, void *data)
struct lab_layer_surface *layer = struct lab_layer_surface *layer =
wl_container_of(listener, layer, node_destroy); wl_container_of(listener, layer, node_destroy);
struct seat *seat = &layer->server->seat;
/*
* If the surface of this node has the current keyboard focus, then we
* have to deal with `seat->focused_layer` to avoid UAF bugs, for
* example on TTY change. See issue #2863
*/
if (layer->layer_surface == seat->focused_layer) {
seat_set_focus_layer(seat, NULL);
}
/* /*
* Important: * Important:
* *