Analogous to last two commits.
Signed-off-by: Emil Velikov <emil.l.velikov@gmail.com>
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Reviewed-by: Quentin Glidic <sardemff7+git@sardemff7.net>
Analogous to previous commit but for the server(-core) header.
Signed-off-by: Emil Velikov <emil.l.velikov@gmail.com>
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Reviewed-by: Quentin Glidic <sardemff7+git@sardemff7.net>
Adding extern "C" wrapper before includes (especially system ones) is
illadvised as the headers themselves can behave diffently in that case.
See the section "Including C Headers in C++ Code" in the following
http://www.oracle.com/technetwork/articles/servers-storage-dev/mixingcandcpluspluscode-305840.html
Signed-off-by: Emil Velikov <emil.l.velikov@gmail.com>
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Reviewed-by: Quentin Glidic <sardemff7+git@sardemff7.net>
Adds one space to the @param lines in generated .h files,
aligning the indentation with the rest of the comment block.
Signed-off-by: Yong Bakos <ybakos@humanoriented.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Although autogen.sh has a --disable-dtd-validation option, it is
on by default, so it seems convenient to add the generated symlink
to .gitignore.
Signed-off-by: Yong Bakos <ybakos@humanoriented.com>
Reviewed-by: Bryce Harrington <bryce@osg.samsung.com>
If wl_shm_buffer_get_data() is called on a shm pool that has an external
reference and a pending resize, then the buffer may be outside the pool's
current mapping.
Log a warning if this happens.
Signed-off-by: Derek Foreman <derekf@osg.samsung.com>
Reviewed-by: Bryce Harrington <bryce@osg.samsung.com>
If a compositor is rendering in one thread while dispatching wayland
events in another, a wl_shm_pool_resize() could change the memory
mappings it's rendering from and cause a crash.
Now we defer wl_shm_pool_resize() if the compositor has references on a
pool, and perform the actual resize when it drops those references.
Signed-off-by: Derek Foreman <derekf@osg.samsung.com>
Reviewed-by: Bryce Harrington <bryce@osg.samsung.com>
This is a preliminary step towards deferring shm resize operations until
after the compositor has released all external references on a pool.
Signed-off-by: Derek Foreman <derekf@osg.samsung.com>
Reviewed-by: Bryce Harrington <bryce@osg.samsung.com>
If the client passed a size <= 0 to shm_create_pool, it would
go to err_free, which wouldn't close the fd, and thus leave it opened.
We can also move the size check before the struct wl_shm_pool
malloc, so in case the client passes a wrong size, it won't
do an unnecessary malloc and then free.
Reviewed-by: Bryce Harrington <bryce@osg.samsung.com>
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
And insert "client" or "server" into the PROJECT_NAME to know which one we
have.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Bryce Harrington <bryce@osg.samsung.com>
This switches the scanner to generate doxygen-compatible tags for the
generated protocol headers, and hooks up the doxygen build to generate server
and client-side API documentation. That documentation is now in
Client/ and Server/, respectively.
GENERATE_HTML is on by default and must be disabled for the xml/man targets to
avoid messing up the new documentation. We disable all three three targets in
the doxyfile (xml and man default to NO anyway) to make it obvious that they
need to be set in the per-target instructions.
Each protocol is a separate doxygen @page, with each interface a @subpage.
Wayland only has one protocol, wayland-protocols will have these nested.
Each protocol page has a list of interfaces and the copyright and description
where available.
All interfaces are grouped by doxygen @defgroup and @ingroups and appear in
"Modules" in the generated output. Each interface subpage has the description
and a link to the actual API doc.
Function, struct and #defines are documented in doxygen style and associated
with the matching interface.
Note that pages and groups have fixed HTML file names and are directly
linkable/bookmark-able.
The @mainpage is a separate file that's included at build time. It doesn't
contain much other than links to where the interesting bits are. It's a static
file though that supports markdown, so we can extend it easily in the future.
For doxygen we need the new options EXTRACT_ALL and OPTIMIZE_OUTPUT_FOR_C so
it scans C code properly. EXTRACT_STATIC is needed since most of the protocol
hooks are static.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Bryce Harrington <bryce@osg.samsung.com>
Before this patch:
$ scanelf -lpqe ./wayland-scanner
RWX --- --- ./wayland-scanner
That indicates the stack is executable, which is a bad thing for
security. Wayland-scanner does not actually need an executable stack, it
is just an oversight from using an .S file in the sources.
Add a special incantation in dtddata.S to make it not cause the stack to
become executable.
Reported-by: Mart Raudsepp <leio@gentoo.org>
Signed-off-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Tested-by: Mart Raudsepp <leio@gentoo.org>
When configured with --disable-dtd-validation:
CPPAS src/dtddata.o
src/dtddata.S: Assembler messages:
src/dtddata.S:39: Error: file not found: src/wayland.dtd.embed
Makefile:1520: recipe for target 'src/dtddata.o' failed
This is because the variable name used does not match the implicit
variable name in autoconf.
Fix the variable name, making both --disable-dtd-validation and
--enable-dtd-validation to what they should.
Do not try to build dtddata.S if dtd-validation is disabled. It depends
on wayland.dtd.embed which is created by configure only if
dtd-validation is enabled.
If not building dtddata.S, also make sure the extern definitions in
scanner.c are compiled out.
Bugzilla: https://bugs.gentoo.org/show_bug.cgi?id=575212
Reported-by: leio@gentoo.org
Signed-off-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Reviewed-by: Quentin Glidic <sardemff7+git@sardemff7.net>
Tested-by: Bryce Harrington <bryce@osg.samsung.com>
test if receiving an error on already destroyed object won't
do any harm
Signed-off-by: Marek Chalupa <mchqwerty@gmail.com>
Reviewed-by: Jonas Ådahl <jadahl@gmail.com>
Reviewed-by: Bryce Harrington <bryce@osg.samsung.com>
Tested-by: Bryce Harrington <bryce@osg.samsung.com>
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
If an error is received on a destroyed object, we'd get NULL passed
to display_handle_error() instead of a pointer to a valid wl_proxy.
The logging is changed to report [unknown interface] and [unknown id]
instead of the actual interface name and id.
The wl_display_get_protocol_error() documentation is updated to handle
the situation. For when the proxy was NULL, the object id 0 and
interface NULL is written.
Signed-off-by: Jonas Ådahl <jadahl@gmail.com>
Reviewed-by: Marek Chalupa <mchqwerty@gmail.com>
Reviewed-by: Bryce Harrington <bryce@osg.samsung.com>
[Pekka: changed the error message wording]
Signed-off-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Acked-by: Jonas Ådahl <jadahl@gmail.com>
This reverts commit 88ff135ad4.
The parent interface version may be higher than this interface version,
and the child object should inherit that version.
This check is wrong.
This reverts commit 8125919b0d.
This makes things far more annoying than intended, especially since
the list of default warnings isn't consistent from distro to distro.
New --enable-fatal-warnings ./configure option that just adds -Werror
to GCC_CFLAGS
Signed-off-by: Derek Foreman <derekf@osg.samsung.com>
Reviewed-by: Bryce Harrington <bryce@osg.samsung.com>
We shouldn't ever create a resource with version less than 1 or
greater than the interface version.
Reviewed-by: Marek Chalupa <mchqwerty@gmail.com>
Signed-off-by: Derek Foreman <derekf@osg.samsung.com>
We're creating resources with versions up to 4. wl_display isn't version 4,
so this is technically verifying that we can do something we shouldn't.
wl_seat already has versions this high, so switch to that.
Signed-off-by: Derek Foreman <derekf@osg.samsung.com>
Reviewed-by: Daniel Stone <daniels@collabora.com>
Reviewed-by: Marek Chalupa <mchqwerty@gmail.com>
Reviewed-by: Bryce Harrington <bryce@osg.samsung.com>
When we are adding padding bytes making our wl_buffer buffer content 4
byte aligned, we are just moving the pointer. Since the buffer is
allocated using plain malloc(), this means our padding bytes are
effectively uninitialized data, which could be anything previously
allocated in the server process. As we'll be sharing this buffer
content with arbitrary clients, we are effectively sharing private
memory with every client, and even though a well behaving client will
discard any such memory, a malicious client may not.
Therefor, to avoid any potential missuse of the uninitialized padding
memory shared between the server and client, initialize the buffer
content to 0, making the padding bytes always 0.
Signed-off-by: Jonas Ådahl <jadahl@gmail.com>
Reviewed-by: Derek Foreman <derekf@osg.samsung.com>
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Reviewed-by: Bryce Harrington <bryce@osg.samsung.com>
Some copyright strings could result in broken generated header files with
unmatched */
This change:
Runs the loop long enough so the copyright[i] == 0 test can actually
happen. (if there was no \n no copyright text was printed, */ still was)
Prints the opening /* even if there was whitespace at the start of
the very first line.
Only emits a */ if a /* was printed.
Signed-off-by: Derek Foreman <derekf@osg.samsung.com>
Reviewed-by: Jon A. Cruz <jonc@osg.samsung.com>
Reviewed-by: Bryce Harrington <bryce@osg.samsung.com>
Don't just print prefix the errors with "protocol", but the actual file
name, if wayland-scanner was passed with the filename of the protocol
file. If wayland-scanner is reading from stdin, errors will be prefixed
with "<stdin>" instead of "protocol".
Signed-off-by: Jonas Ådahl <jadahl@gmail.com>
Reviewed-by: David Fort <contact@hardening-consulting.com>
Reviewed-by: Derek Foreman <derekf@osg.samsung.com>
Reviewed-by: Bryce Harrington <bryce@osg.samsung.com>
0 is not a valid version number for registry bind requests, so
let's check for it in registry_bind.
Signed-off-by: Derek Foreman <derekf@osg.samsung.com>
Reviewed-by: Daniel Stone <daniels@collabora.com>
Reviewed-by: Bryce Harrington <bryce@osg.samsung.com>
Add a note to the wl_data_device_manager global interface about the
different requirements for operating the objects created from the bound
global.
Signed-off-by: Jonas Ådahl <jadahl@gmail.com>
Reviewed-by: Carlos Garnacho <carlosg@gnome.org>
This adds an API to get the file descriptor for a client.
The client file descriptor can be used for a wayland compositor to validate
a request from a client if there are any additional information provided from
the client's file descriptor.
For instance, this will be helpful in some linux distributions, in which SELinux
or SMACK is enabled. In those environments, each file (including socket) will have
each security contexts in its inode as xattr member variable. A wayland compositor
can validate a client request by getting the file descriptor of the client and
by checking the security contexts associated with the file descriptor.
Signed-off-by: Sung-Jin Park <input.hacker@gmail.com>
Add a test that confirms that proxy versions are always 0 for display
and correct otherwise.
Signed-off-by: Derek Foreman <derekf@osg.samsung.com>
Reviewed-by: Daniel Stone <daniels@collabora.com>
This provides a standardized mechanism for tracking protocol object
versions in client code. The wl_display object is created with version 1.
Every time an object is created from within wl_registry_bind, it gets the
bound version. Every other time an object is created, it simply inherits
it's version from the parent object that created it.
(comments and minor reformatting added
by Derek Foreman <derekf@osg.samsung.com>)
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Second trivial commit squashed into this one:
Authored by Derek Foreman <derekf@osg.samsung.com>
Signed-off-by: Derek Foreman <derekf@osg.samsung.com>
(it's literally one of code and a lot of comments)
This sets wl_display's version (for proxy version query purposes)
to 0. Any proxy created with unversioned API (this happens when
a client compiled with old headers links against new wayland)
will inherit this 0.
This gives us a way for new libraries linked by old clients to
realize they can't know a proxy's version.
wl_display's version being unqueryable (always returning 0) is
an acceptable side effect, since it's a special object you can't
bind specific versions of anyway.
Second half:
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Reviewed-by: Jason Ekstrand <jason@jlekstrand.net>
If a client is terminated due to some reason, it should always be
possible to retrieve protocol error associated with the termination.
Test that, while either using the dispatch helpers
(wl_display_dispatch(_queue)() or the prepare read API, it should be
possible to retrieve the error after EPIPE.
Signed-off-by: Jonas Ådahl <jadahl@gmail.com>
Reviewed-by: Daniel Stone <daniels@collabora.com>
Change the API to pass an "void *" argument to the client main
function, allowing the caller to call the same main function with
different input.
A helper (client_create_noarg) is added for when no argument is passed,
and the existing test cases are changed to use this function instead.
Signed-off-by: Jonas Ådahl <jadahl@gmail.com>
Reviewed-by: Daniel Stone <daniels@collabora.com>
We currently wait for clients in the wl_client destroy signal, which is
called before the client is destructed and the socket is closed. If test
clients rely on being closed due to the socket being closed we'd dead
lock. Avoid this by synchronizing in an idle task that is called after
the client is fully destroyed.
Signed-off-by: Jonas Ådahl <jadahl@gmail.com>
Reviewed-by: Daniel Stone <daniels@collabora.com>
wl_display_flush() may fail with EAGAIN which means that not all data
waiting in the buffer has been flushed. We later block until there is
data to read, which could mean that we block on input from the
compositor without having sent out all data from the client. Avoid this
by fully flushing the socket before starting to wait.
This commit also changes the array length of the struct pollfd array
from 2 to 1, as only one element was ever used.
Signed-off-by: Jonas Ådahl <jadahl@gmail.com>
Reviewed-by: Daniel Stone <daniels@collabora.com>
Instead of doing things that do the equivalent of using
wl_display_prepare_read() and friends, just use the public API. The
only semantical difference is that we will now unlock and lock the mutex
more times compared to before.
Signed-off-by: Jonas Ådahl <jadahl@gmail.com>
Reviewed-by: Daniel Stone <daniels@collabora.com>
If flushing hits EPIPE it should not make it a fatal error since it
would make it impossible to process the rest of the data available in
the buffer. Instead, let reading the socket make EPIPE fatal, letting
the client have the possibility to process the last messages including
any error causing the termination.
Signed-off-by: Jonas Ådahl <jadahl@gmail.com>
Reviewed-by: Daniel Stone <daniels@collabora.com>
