The fcntl() argument is defined to be an int and not a long. This does not
matter on most architectures since the value is passed in registers, but
it causes issues on big-endian architectures that pass variadic arguments
on the stack.
Signed-off-by: Alex Richardson <Alexander.Richardson@cl.cam.ac.uk>
Reviewed-by: Simon Ser <contact@emersion.fr>
This code is only required for building wayland-scanner so it should be
scoped accordingly. libxml-2.0 will only be required if both "scanner"
and "dtd_validation" are set to true.
Signed-off-by: Michael Weiss <dev.primeos@gmail.com>
While MAP_FAILED is generally defined to that value, we should not be
relying on implementation details of system headers.
Signed-off-by: Alex Richardson <Alexander.Richardson@cl.cam.ac.uk>
Reviewed-by: Simon Ser <contact@emersion.fr>
This can be useful if the compositor wants to call wl_global_destroy() with some
delay but it doesn't have the wl_display object associated with the global,
which is needed to get access to the event loop.
Signed-off-by: Vlad Zahorodnii <vlad.zahorodnii@kde.org>
In wl_proxy_set_queue, passing a wl_event_queue from a completely
unrelated wl_display could lead to object IDs mismatches.
Add an assertion to catch this case. It's always a user bug if this
happens.
Signed-off-by: Simon Ser <contact@emersion.fr>
The compositor should handle absolute paths in WAYLAND_DISPLAY like the clients, ie not
adding the XDG_RUNTIME_DIR prefix if it's an absolute path.
This allows to create the wayland socket in a separate directory for system compositors if
desired. Clients could then directly inherit the environment variable.
Signed-off-by: Loïc Yhuel <loic.yhuel@softathome.com>
This allows to include client and server headers in the same file
fixing warnings like
In file included from ../subprojects/wlroots/include/wlr/types/wlr_layer_shell_v1.h:16,
from ../src/desktop.h:16,
from ../src/server.h:13,
from ../tests/testlib.c:8:
tests/59830eb@@footest@sta/wlr-layer-shell-unstable-v1-protocol.h:80:34: warning: redundant redeclaration of ‘zwlr_layer_shell_v1_interface’ [-Wredundant-decls]
80 | extern const struct wl_interface zwlr_layer_shell_v1_interface;
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from ../tests/testlib.h:8,
from ../tests/testlib.c:7:
tests/59830eb@@footest@sta/wlr-layer-shell-unstable-v1-client-protocol.h:77:34: note: previous declaration of ‘zwlr_layer_shell_v1_interface’ was here
77 | extern const struct wl_interface zwlr_layer_shell_v1_interface;
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from ../subprojects/wlroots/include/wlr/types/wlr_layer_shell_v1.h:16,
from ../src/desktop.h:16,
from ../src/server.h:13,
from ../tests/testlib.c:8:
tests/59830eb@@footest@sta/wlr-layer-shell-unstable-v1-protocol.h:106:34: warning: redundant redeclaration of ‘zwlr_layer_surface_v1_interface’ [-Wredundant-decls]
106 | extern const struct wl_interface zwlr_layer_surface_v1_interface;
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from ../tests/testlib.h:8,
from ../tests/testlib.c:7:
tests/59830eb@@footest@sta/wlr-layer-shell-unstable-v1-client-protocol.h:103:34: note: previous declaration of ‘zwlr_layer_surface_v1_interface’ was here
103 | extern const struct wl_interface zwlr_layer_surface_v1_interface;
Signed-off-by: Guido Günther <agx@sigxcpu.org>
Closes: #158
Add a paragraph about WAYLAND_SOCKET and describe what happens when the display
name is a relative path.
Signed-off-by: Simon Ser <contact@emersion.fr>
Wayland requires a binary, wayland-scanner, to be run during the build
process. For any configuration other than native builds (including
cross compiling and even 32-bit x86 builds on an x86-64 build machine)
Wayland's build process builds and uses its own wayland-scanner.
For any builds using a cross file, wayland-scanner is built for the host
machine and therefore cannot be executed during the build of the Wayland
libraries. Instead builds using a cross file must execute the build
machine's wayland-scanner (typically /usr/bin/wayland-scanner).
As such, to build Wayland's libraries for a non-native ABI a package
manager must build and install /usr/bin/wayland-scanner first. But then
the build for the native ABI then rebuilds wayland-scanner itself and
doesn't use the system's, and worse, wants to install its own, which
conflicts with the /usr/bin/wayland-scanner already installed!
So, add the -Dscanner=... option to control whether to install
wayland-scanner.
Signed-off-by: Matt Turner <mattst88@gmail.com>
We have always built libwayland with the scanner from the same build so
that the generated code and installed headers are exactly up-to-date
with the libwayland version. If libwayland was to use a scanner later
than itself, the scanner might do things that are not available in the
libwayland at hand, leading to a broken build or a broken library
(headers).
Signed-off-by: Matt Turner <mattst88@gmail.com>
libwayland now uses only one file descriptor to keep track of all
the timer event sources associated with an event loop. An array-based
binary heap is used to determine which event source has the earliest
deadline.
(Previously, each timer event source had its own timerfd, making it easy
for the a process using many timer event sources to run out of file
descriptors.)
Signed-off-by: Manuel Stoeckl <code@mstoeckl.com>
Meson is a next generation build system, simpler than Autotools and also faster
and more portable. Most importantly, it will make integrating ASan easier in
CI.
The goal is to maintain feature parity of the Meson build with the
Autotools build, until such time when we can drop the latter.
Add a script which generates the desired Doxygen configuration for our various
output formats and executes it using that configuration. This is not something
Meson can or should do.
Fixes: https://gitlab.freedesktop.org/wayland/wayland/issues/80
[daniels: Changed to bump version, use GitLab issues URL, remove header
checks not used in any code, remove pre-pkg-config Expat
support, added missing include paths to wayland-egl and
cpp-compile-test, added GitLab CI.
Bumped version, removed unnecessary pkg-config paths.]
[daniels: Properly install into mandir/man3 via some gross
paramaterisation, generate real stamp files.]
Pekka:
- squashed patches
- removed MAKEFLAGS from meson CI
- remove unused PACKAGE* defines
- fix up scanner dependency handling
- instead of host_scanner option, build wayland-scanner twice when cross-compiling
- changed .pc files to match more closely the autotools versions
- reorder doxygen man sources to reduce diff to autotools
- fix pkgconfig.generate syntax warnings (new in Meson)
- bump meson version to 0.47 for configure_file(copy) and run_command(check)
- move doc tool checks into doc/meson.build, needed in more places
- make all doc tools mandatory if building docs
- check dot and doxygen versions
- add build files under doc/publican
- reindent to match Weston Meson style
Simon:
- Remove install arg from configure_file
- Don't build wayland-scanner twice during cross-build
- Fix naming of the threads dependency
- Store tests in dict
- Add missing HAVE_* decls for functions
- Remove unused cc_native variable
- Make doxygen targets a dict
- Make dot_gv a dict
- Use dicts in man_pages
- Make decls use dicts
- Make generated_headers use dicts
- Align Meson version number with autotool's
Signed-off-by: Pekka Paalanen <pekka.paalanen@collabora.com>
Signed-off-by: Simon Ser <contact@emersion.fr>
Meson will need to build wayland-scanner twice with different config.h files,
once for build and another for host machine. It will be easier to include the
right config.h from compiler command line than playing with files.
Signed-off-by: Pekka Paalanen <pekka.paalanen@collabora.com>
Including wayland-server-core.h in wayland-private.h is problematic
because wayland-private.h is included by wayland-scanner which should be
able to build against non-POSIX platforms (e.g. MinGW). The only reason
that wayland-server-core.h was included in wayland-private.h was for the
wl_private_signal definitions, so move those to a
wayland-server-private.h file that can be included by both
wayland-server.c and the tests.
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Some platforms may not have strndup() (e.g. MinGW), so provide a
equivalent implementation if it's not found.
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
This commit adds a new wl_global_remove function that just sends a global
remove event without destroying it. See [1] for details.
Removing a global is racy, because clients have no way to acknowledge they
received the removal event.
It's possible to mitigate the issue by sending the removal event, waiting a
little and then destructing the global for real. The "wait a little" part is
compositor policy.
[1]: https://gitlab.freedesktop.org/wayland/wayland/issues/10
Signed-off-by: Simon Ser <contact@emersion.fr>
If a client set the F_SEAL_SHRINK seal on the fd before passing it to
the compositor, the kernel will ensure this fd won’t be able to shrink,
ever. This allows us to avoid setting up the SIGBUS handlers on such
file descriptors.
Signed-off-by: Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
When implementing a workaround for [1], one needs to accept a global to be
bound even though it has become stale.
Often, a global's user data is free'd when the global needs to be destroyed.
Being able to set the global's user data (e.g. to NULL) can help preventing a
use-after-free.
(The alternative is to make the compositor responsible for keeping track of
stale user data objects via e.g. refcounting.)
[1]: https://gitlab.freedesktop.org/wayland/wayland/issues/10
Signed-off-by: Simon Ser <contact@emersion.fr>
When doing unity builds via meson (example project:
https://github.com/swaywm/sway) multiple source files are glued together
via #include directives. Having every wayland-scanner generated source
file have an identifier named '*types[]' will lead to errors in these
unity builds if two or more of these are joined.
Signed-off-by: Marty E. Plummer <hanetzer@startmail.com>
Instead, set a fatal display error which will let an application
using libwayland-client shutdown cleanly.
Signed-off-by: Manuel Stoeckl <code@mstoeckl.com>
Once there has been a fatal display error, any new object requests
potentially rely on invalid state. (For example, a failure to read
from the compositor could hide a important event.) The safest way to
handle the new requests is not to make them.
Proxies produced by the request are still created, to ensure that
any code using the library does not crash from an unexpected NULL
pointer.
Signed-off-by: Manuel Stoeckl <code@mstoeckl.com>
The interface name provided by the client isn't used at all.
Check it matches the global's interface name to prevent object interface
mismatches between the client and the server. These are especially easy to get
when mixing up global names and other IDs in the client.
Signed-off-by: Simon Ser <simon.ser@intel.com>
Closes: https://gitlab.freedesktop.org/wayland/wayland/issues/113
If the client binds to a global with an interface mismatch, it may receive an
event from the server with an unknown opcode. See [1].
Instead of crashing, print a more useful debug message and close the connection.
[1]: https://gitlab.freedesktop.org/wayland/wayland/issues/113
Signed-off-by: Simon Ser <simon.ser@intel.com>
In the current workflow, socket file will be deleted if it already exists.
However, if the socket file is a symbolic link and the file that it refers
to doesn't exist, we will got "Address already in use" because bind()
thinks the socket file exists and won't create it.
Now, use lstat() to determine whether the socket file exists.
Signed-off-by: Liu Wenlong <liuwl.fnst@cn.fujitsu.com>
When an application and a toolkit share the same Wayland connection,
it will receive events with each others objects. For example if the
toolkit manages a set of surfaces, and the application another set, if
both the toolkit and application listen to pointer focus events,
they'll receive focus events for each others surfaces.
In order for the toolkit and application layers to identify whether a
surface is managed by itself or not, it cannot only rely on retrieving
the proxy user data, without going through all it's own proxy objects
finding whether it's one of them.
By adding the ability to "tag" a proxy object, the toolkit and
application can use the tag to identify what the user data pointer
points to something known.
To create a tag, the recommended way is to define a statically allocated
constant char array containing some descriptive string. The tag will be
the pointer to the non-const pointer to the beginning of the array.
For example, to identify whether a focus event is for a surface managed
by the code in question:
static const char *my_tag = "my tag";
static void
pointer_enter(void *data,
struct wl_pointer *wl_pointer,
uint32_t serial,
struct wl_surface *surface,
wl_fixed_t surface_x,
wl_fixed_t surface_y)
{
struct window *window;
const char * const *tag;
tag = wl_proxy_get_tag((struct wl_proxy *) surface);
if (tag != &my_tag)
return;
window = wl_surface_get_user_data(surface);
...
}
...
static void
init_window_surface(struct window *window)
{
struct wl_surface *surface;
surface = wl_compositor_create_surface(compositor);
wl_surface_set_user_data(surface, window);
wl_proxy_set_tag((struct wl_proxy *) surface,
&my_tag);
}
Signed-off-by: Jonas Ådahl <jadahl@gmail.com>
Instead, cleanly exit wl_closure_marshal and let the caller handler
the error. For wayland-client, the sole calling function will call
wl_abort() anyway. For wayland-server, the calling function will
cleanly shutdown the client.
This change ensures that compositors run with low file descriptor
limits or internal leaks need not crash suddenly (and sometimes
far from the problem) when space runs out.
Signed-off-by: Manuel Stoeckl <code@mstoeckl.com>
The pointer operand to the binary `+` operator must be to a complete
object type. Since we are working with byte sizes, use `char *` for
arithmetic instead.
Signed-off-by: Michael Forney <mforney@mforney.org>
Rather than have two versions of the macro with slightly different
interfaces, just use wl_container_of internally.
This also removes use of statement expressions, a GNU C extension.
Signed-off-by: Michael Forney <mforney@mforney.org>
The printf() format specifier "%m" is a glibc extension to print
the string returned by strerror(errno). While supported by other
libraries (e.g. uClibc and musl), it is not widely portable.
In Wayland code the format string is often passed to a logging
function that calls other syscalls before the conversion of "%m"
takes place. If one of such syscall modifies the value in errno,
the conversion of "%m" will incorrectly report the error string
corresponding to the new value of errno.
Remove all the occurrences of the specifier "%m" in Wayland code
by using directly the string returned by strerror(errno).
Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
This change checks that the "name" fields of the various structures in
a Wayland protocol XML file will be converted into C identifiers that
can be successfully compiled.
For names which will be inserted as the prefix of an identifier
enforce a match with [_a-zA-Z][_0-9a-zA-Z]* . For types only inserted
as the suffix of an identifier (enum, entry), enforce a format of
[_0-9a-zA-Z]+ .
Unicode characters (and escape sequences like \u0394) are not allowed,
because most older and some newer C compilers do not support them by
default.
For sake of simplicity, this patch does not check for collisions
with reserved words or standard library names.
Signed-off-by: Manuel Stoeckl <code@mstoeckl.com>
The size argument to wl_connection_demarshal() is taken from the message by the
caller wl_client_connection_data(), therefore 'size' is untrusted data
controllable by a Wayland client. The size should always be at least the header
size, otherwise the header is invalid.
If the size is smaller than header size, it leads to reading past the end of
allocated memory. Furthermore if size is zero, wl_closure_init() changes
behaviour and leaves num_arrays uninitialized, leading to access of arbitrary
memory.
Check that 'size' fits at least the header. The space for arguments is already
properly checked.
This makes the request_bogus_size test free of errors under Valgrind.
Fixes: https://gitlab.freedesktop.org/wayland/wayland/issues/52
Signed-off-by: Pekka Paalanen <pekka.paalanen@collabora.com>
Reviewed-by: Simon Ser <contact@emersion.fr>
The definition of wl_argument in wayland-util.h references wl_object,
so wl_object ought to be defined in wayland-util.h. This resolves
gitlab issue #78.
Fixes: https://gitlab.freedesktop.org/wayland/wayland/issues/78
Signed-off-by: Pekka Paalanen <pekka.paalanen@collabora.com>
Calling printf("%s", NULL) is undefined behaviour.
Signed-off-by: Simon Ser <contact@emersion.fr>
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.com>
Many languages such as C++ or Rust have an unwinding error-reporting
mechanism. Code in these languages can (and must!) wrap request handling
callbacks in unwind guards to avoid undefined behaviour.
As a consequence such code will detect internal server errors, but have
no way to communicate such failures to the client.
This adds a WL_DISPLAY_ERROR_IMPLEMENTATION error to wl_display so that
such code can notify (and disconnect) clients which hit internal bugs.
While servers can currently abuse other wl_display errors for the same
effect, adding an explicit error code allows clients to tell the
difference between errors which are their fault and errors which are the
server's fault. This is particularly interesting for automated bug
reporting.
v2: Rename error from "internal" to "implementation", in sympathy with
X11's BadImplementation error.
Add more justification in the commit message.
Signed-off-by: Christopher James Halse Rogers <christopher.halse.rogers@canonical.com>
Acked-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.com>
This will allow other wrappers around wl_resource_post_error to accept
variable argument lists.
Signed-off-by: Christopher James Halse Rogers <christopher.halse.rogers@canonical.com>
Acked-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.com>
libxml2 unconditonally defines XMLCALL to nothing. Expat does not
redefine XMLCALL if it is already defined, but if it is not, and we are
building with gcc on i386 (not x86-64), it will define it as 'cdecl'.
Including Expat before libxml thus results in a warning about XMLCALL
being redefined. Luckily we can get around this by just reversing the
include order: cdecl is a no-op on Unix-like systems, so by having
libxml first define XMLCALL to nothing and including Expat afterwards,
we avoid the warning and lose nothing.
Signed-off-by: Daniel Stone <daniels@collabora.com>
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Help static analysers by letting them know that once we fail(),
execution will terminally complete.
Signed-off-by: Daniel Stone <daniels@collabora.com>
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Found with both ASan leak sanitizer and Valgrind. We were trivially
leaking the enum name for every arg parsed by the scanner which had one.
If libxml-based DTD validation was enabled, we would also leak the DTD
itself, despite diligently freeing the document, context, etc.
Signed-off-by: Daniel Stone <daniels@collabora.com>
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
If the remote side sends sufficiently large `length` field, it will
overflow the `p` pointer. Technically it is undefined behavior, in
practice it makes `p < end`, so the length check passes. Attempts to
access the data later causes crashes.
This issue manifests only on 32bit systems, but the behavior is
undefined everywhere.
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Reviewed-by: Derek Foreman <derek.foreman.samsung@gmail.com>
