If an index.theme contains a theme name which gets close to INT_MAX,
then creation of full path can lead to a signed integer overflow,
which is undefined behavior.
Fix this by turning one of the values to size_t. Easy solution for a
probably never occurring issue.
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
This protocol has been superseded. Replace this outdated reference
with a generic hint that protocol extensions may provide this
functionality.
Signed-off-by: Simon Ser <contact@emersion.fr>
It wasn't explicitly stated that wl_seat.capabilities should also
be sent on bind. Everyone did because it was obviously sensible.
This also clarifies that static seat name should be sent before
announcing capabilities so clients can associate these devices with the
right seat name.
Signed-off-by: David Edmundson <davidedmundson@kde.org>
The paragraph later says that accessing different buffers is
allowed. The function checks whether the same pool is accessed.
Signed-off-by: Simon Ser <contact@emersion.fr>
Shared memory buffers are currently tied to the lifetime of their
underlying wl_buffer resource. This becomes problematic when the client
destroys the resource after committing new state which references the
wl_buffer because a compositor might have to defer applying the commit.
This commit adds methods to keep the wl_shm_buffer alive longer than the
underlying resource. This implicitly also keeps the buffer pool alive
and because the wl_shm_buffer uses offsets into the pool, it even works
when the underlying storage gets remapped somewhere else, which can
happen when the client resizes the pool.
Signed-off-by: Sebastian Wick <sebastian.wick@redhat.com>
If the pool refcount reaches zero, it is freed, so accessing its members
is UB which ASan would catch.
Also simplify check for negative refcounts.
Signed-off-by: Sebastian Wick <sebastian.wick@redhat.com>
Sebastian pointed out that the existing text could be read as
wl_buffer.destroy not being allowed before the wl_buffer.release event
arrives, contrary to what the wl_surface.attach description says.
Clarify to be consistent with the latter.
This is a follow-up for
https://gitlab.freedesktop.org/wayland/wayland/-/merge_requests/141 .
Signed-off-by: Michel Dänzer <mdaenzer@redhat.com>
v2:
* Simplify clarification, don't talk about callbacks. (Julian Orth)
* Add reference to details in the description of wl_surface.attach.
(Daniel Stone)
v3:
* Tweak clarification again. (Sebastian Wick)
v4:
* Make clarification even less ambiguous. (Simon Ser, Julian Orth)
v5:
* Just refer to the description of wl_surface.attach instead of trying
to clarify anything here. (Sebastian Wick)
This seems to have been the case since 2013.
This is useful for wrappers that need two pointers to identify proxies.
One pointer (stored in the user data) pointing to a singleton object to
identify that the proxy has a known structure. And one pointer (stored
in the dispatcher data) pointing to per-proxy data.
Signed-off-by: Julian Orth <ju.orth@gmail.com>
Generated XXX_is_valid() functions for enums are guarded behind the
same #define as the enum itself. This worked fine until recently,
but since fbd7460737 ("scanner: add new enum-header mode") we're
also generating enum-only headers.
When including the enum-only header first, and then the server
header, the validator functions are missing.
Define a separate guard to fix this.
Signed-off-by: Simon Ser <contact@emersion.fr>
The `timespec` struct is defined in `time.h` header but only if
`_POSIX_C_SOURCE` is set or when using the C11 standard.
Signed-off-by: Vlad Zahorodnii <vlad.zahorodnii@kde.org>
Now that wl_fixed_from_double() calls round() from a function declared
in a header, our users need to explicitly pick that dependency up in
order to avoid build errors.
Signed-off-by: Daniel Stone <daniels@collabora.com>
Closes: wayland/weston#991
Add tests which verify that...
* wl_display_dispatch_timeout with a big enough timeout behaves the same
as wl_display_dispatch
* wl_display_dispatch_timeout will time out when there are no messages
to dispatch
Signed-off-by: Sebastian Wick <sebastian.wick@redhat.com>
For dispatching messages on a queue with a timeout.
This slightly changes the samantics of wl_display_dispatch. Previously
it was possible for it to return even though there wasn't a single
dispatched event. The function correctly returned 0 in this case but it
is now used to indicate a timeout.
Signed-off-by: Sebastian Wick <sebastian.wick@redhat.com>
Makes it possible to e.g. `call wl_client_get_credentials` with a `const
struct wl_client *` from a global filter callback.
Signed-off-by: Sebastian Wick <sebastian.wick@redhat.com>
This includes an explicit way to specify the container architecture,
which fixes our rebuilds on ARMv7.
Signed-off-by: Daniel Stone <daniels@collabora.com>
when cast double to fixed pointer, there will be big
error, eg 1919.9998 to 1919. Call round before cast
to get nearest value 1920 of 1919.9998
Signed-off-by: Haihua Hu <jared.hu@nxp.com>
Prevents undefined behavior if there is not enough space in the buffer
for a queued message.
Signed-off-by: Demi Marie Obenour <demi@invisiblethingslab.com>
Calling a function with the wrong type is immediate undefined behavior,
even if the ABI says it should be harmless. UBSAN picks it up
immediately, and any decent control-flow integrity mechanism will as
well.
Signed-off-by: Demi Marie Obenour <demi@invisiblethingslab.com>
Creating a pointer that is more than one element past the end of an
array is undefined behavior, even if the pointer is not dereferenced.
Avoid this undefined behavior by using `p >= end` instead of
`p + 1 > end` and `SOMETHING > end - p` instead of
`p + SOMETHING > end`.
Signed-off-by: Demi Marie Obenour <demi@invisiblethingslab.com>
This commit describes a new wl_fixes interface that can be used to
destroy wl_registry objects.
Users of libwayland-client should use it as follows:
- call wl_fixes_destroy_registry(registry)
- call wl_registry_destroy(registry)
Users of libwayland-server should, in their implementation of the
request, call wl_resource_destroy(registry).
It should be similar in other protocol implementations.
Signed-off-by: Julian Orth <ju.orth@gmail.com>
This request doesn't make sense for all surface roles. For instance,
for maximized/tiled/fullscreen xdg_toplevel, for xdg_popup, for
layer-shell surfaces, etc.
Signed-off-by: Simon Ser <contact@emersion.fr>
The previous change introducing the logical state caused some confusion.
Clarify that most application should not use the list of pressed keys.
Signed-off-by: Julian Orth <ju.orth@gmail.com>
libwayland cannot construct these messages as it uses strlen() to
determine string lengths. libwayland is also guaranteed to misinterpret
these messages, since message handlers only get a pointer and no length.
Therefore, reject strings containing NUL bytes.
Also remove a redundant check from the unmarshalling code. The
zero-length case has already been checked for.
Signed-off-by: Demi Marie Obenour <demi@invisiblethingslab.com>
This was broken (when in a subproject) before Meson 1.3.0, and so
Meson warns against this unless the project targets 1.3.0 or newer.
Signed-off-by: Joaquim Monteiro <joaquim.monteiro@protonmail.com>
The log that appears before a display_error can be captured as crash
signature. Useful to know what it is.
This is cherry-picked from chromium https://crrev.com/c/4697877
Signed-off-by: Fangzhou Ge <fangzhoug@chromium.org>
From cleanup commit 0cecde304:
assert()s can be compiled away by #defining NDEBUG. Some build systems
do this. Using wl_abort gives a human readable error message and it
isn't compiled away.
That commit missed one final assert, presumably due to missing it with
grep because of a coding style issue. Fix that up, and remove inclusion
of <assert.h> as appropriate.
Signed-off-by: Derek Foreman <derek.foreman@collabora.com>
