mirrors/sway
1
0
Fork 0
mirror of https://github.com/swaywm/sway.git synced 2026-04-03 07:15:39 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

server: recreate renderer in idle callback to avoid UAF

Browse source 
Destroying the wlr_renderer in a callback to its own renderer_lost event
is unsafe due to wl_signal_emit*() still accessing it after it was
destroyed.

Delegate recreation of renderer to an idle callback and ensure that only
one such idle callback is scheduled at a time by storing the returned
event source.
This commit is contained in:
Ferdinand Bachmann 2025-03-21 18:35:36 +01:00 committed by Simon Ser
parent ab2e1f5817
commit 240a69ad63
2 changed files with 16 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

1
include/sway/server.h
View file

@ -46,6 +46,7 @@ struct sway_server {
struct wl_listener new_output;
struct wl_listener renderer_lost;
struct wl_event_source *recreating_renderer;
struct wlr_idle_notifier_v1 *idle_notifier_v1;
struct sway_idle_inhibit_manager_v1 idle_inhibit_manager_v1;