I've found a bug during wayland exploration - if you make two
drag'n'drops in weston client example, dnd - weston crashes with
segfault. I've tried to investigate it and found a problem.
In function drag_grab_button we first call data_device_end_drag_grab,
which sets seat->drag_data_source to NULL. Then we remove
listener from list only if drag_data_source is not NULL.
So if client will not free wl_data_source and start another drag'n'drop,
after the first one. Then two wl_data_source structures will be
free'd on client exit (let's name them s1 and s2).
next and prev pointer of
wl_data_source.resource.destroy_signal.listener_list in both
wl_data_source structures will be seat->drag_data_source_listener,
but next and prev in seat->drag_data_source_listener.link point
to listener_list in s2.
So if you try to iterate over listener_list in s1
then you get drag_data_source_listener as first item and
(struct wl_listener *)(&s2.resource.destroy_signal.listener_list)
Iteration over that list occurs in
wl_resource_destroy->destroy_resource->wl_signal_emit->wl_signal_emit
and try to call function at address of wl_resource->client, so
weston segfaults there.
This makes wl_seat_set_keyboard similar to wl_seat_set_pointer in that
it's a no-op, if you try to set keyboard to NULL when it already is
NULL, instead of refusing to set it to NULL ever.
Signed-off-by: Pekka Paalanen <ppaalanen@gmail.com>
Most of the time it does not make sense to pass a NULL object, string, or array
to a protocol request. This commit adds an explicit “allow-null” attribute
to mark the request arguments where NULL makes sense.
Passing a NULL object, string, or array to a protocol request which is not
marked as allow-null is now an error. An implementation will never receive
a NULL value for these arguments from a client.
Signed-off-by: Christopher James Halse Rogers <christopher.halse.rogers@canonical.com>
Attempting to write anything longer into the embedded char
array would create a non-null-terminated string, and all
later reads would run off the end into invalid memory.
This is a hard limitation of AF_LOCAL/AF_UNIX sockets.
Attempting to write anything longer into the embedded char
array would create a non-null-terminated string, and all
later reads would run off the end into invalid memory.
This is a hard limitation of AF_LOCAL/AF_UNIX sockets.
Always unlink() the lock file before closing the file
descriptor for it. Otherwise, there is a race like this:
Process A closes fd, releasing the lock
Process B opens the same file, taking the lock
Process A unlinks the lock file
Process C opens the same file, which now no longer exists,
and takes the lock on the newly created lock file
Process B and C both 'own' the same display socket.
unlink()ing while holding the lock is effectively a better
way to release the lock atomically.
When the server send a new object ID, the client used to have to allocate
the proxy manually and without type-safety. We now allocate the proxy
in a client-side post-processing step on the incoming closure.
Provide a slot for keyboard modifier state inside wl_keyboard for
implementations to update, and use this to send wl_keyboard:;modifier
events whenever the keyboard or pointer focus changes.
Signed-off-by: Daniel Stone <daniel@fooishbar.org>
If the data source is destroyed, the corresponding offers may stay around for
a little longer (until the owning client destroys it). When the offer is
finally destroyed, we have to be careful to only remove the source
destroy listener if the source hasn't yet been destroyed.
Thanks to Martin Minarik for tracking down where the corruption happened.
The wl_data_source object used to specify the implementation for data
offers created for it. This means you need a data offer to retrieve the
data from the source, which makes it awkward to use in-process in a
compositor. Now we instead have three virtual functions that can be
connected to a protocol object or in-process data-sources such as an
X server proxy or clipboard.
This event sends the current keyboard modifier/group state from the
compositor to the client, allowing all clients to have a consistent view
of the keyboard state (e.g. current layout, Caps Lock, et al). It
should be sent after a keyboard enter event, and also immediately after
any key event which changes the modifier state.
Signed-off-by: Daniel Stone <daniel@fooishbar.org>
If wl_pointer_set_focus or wl_keyboard_set_focus have been called before
a listener has been established for that seat and client combination,
the focus window will be set but the focus resource will be NULL. This
changes these functions to always attempt to search for the relevant
focus resource, allowing the resource to be set by calling
wl_keyboard_set_focus and wl_pointer_set_focus again when a listener has
been established.
Signed-off-by: Daniel Stone <daniel@fooishbar.org>
The core libwayland libraries should not handle logging, only passing
the error messages to subscribed functions.
An application linked to libwayland-server or libwayland-client
will be able to set own functions (one per library) to handle error
messages.
Change in this series: make the wl_log return int, because
of compatibility with printf. It will return the number of bytes logged.
Properly handle a drag with no data source, i.e., don't crash and send
events only to the client that initiated the drag. This way a client can
do self drag and drop without offering anything to other clients.
The commit that split wl_input_device into wl_seat and friends changed
erroneously the drag icon destroy listener, causing it to operate into
an invalid pointer to a wl_seat.
This avoids a valgrind error like:
==31496== Conditional jump or move depends on uninitialised value(s)
==31496== at 0x407620: weston_buffer_post_release (compositor.c:928)
==31496== by 0x406AEB: weston_surface_attach (compositor.c:725)
==31496== by 0x409EB8: pointer_attach (compositor.c:2009)
==31496== by 0x34ECE05D63: ffi_call_unix64 (unix64.S:75)
==31496== by 0x34ECE05784: ffi_call (ffi64.c:486)
==31496== by 0x5674C4D: wl_closure_invoke (connection.c:770)
==31496== by 0x566ECCB: wl_client_connection_data (wayland-server.c:255)
==31496== by 0x56722F9: wl_event_source_fd_dispatch (event-loop.c:79)
==31496== by 0x5672C99: wl_event_loop_dispatch (event-loop.c:410)
==31496== by 0x56705FF: wl_display_run (wayland-server.c:1004)
==31496== by 0x40C775: main (compositor.c:2937)
==31496== Uninitialised value was created by a heap allocation
==31496== at 0x4A074CD: malloc (vg_replace_malloc.c:236)
==31496== by 0x5670EA7: shm_pool_create_buffer (wayland-shm.c:113)
==31496== by 0x34ECE05D63: ffi_call_unix64 (unix64.S:75)
==31496== by 0x34ECE05784: ffi_call (ffi64.c:486)
==31496== by 0x5674C4D: wl_closure_invoke (connection.c:770)
==31496== by 0x566ECCB: wl_client_connection_data (wayland-server.c:255)
==31496== by 0x56722F9: wl_event_source_fd_dispatch (event-loop.c:79)
==31496== by 0x5672C99: wl_event_loop_dispatch (event-loop.c:410)
==31496== by 0x56705FF: wl_display_run (wayland-server.c:1004)
==31496== by 0x40C775: main (compositor.c:2937)
This ends up propagating through and creating a valgrind error like:
==22573== Conditional jump or move depends on uninitialised value(s)
==22573== at 0x409E57: pointer_attach (compositor.c:1999)
==22573== by 0x34ECE05D63: ffi_call_unix64 (unix64.S:75)
==22573== by 0x34ECE05784: ffi_call (ffi64.c:486)
==22573== by 0x5674C45: wl_closure_invoke (connection.c:770)
==22573== by 0x566ECCB: wl_client_connection_data (wayland-server.c:255)
==22573== by 0x56722F1: wl_event_source_fd_dispatch (event-loop.c:79)
==22573== by 0x5672C91: wl_event_loop_dispatch (event-loop.c:410)
==22573== by 0x56705F4: wl_display_run (wayland-server.c:1003)
==22573== by 0x40C775: main (compositor.c:2937)
wl_input_device has been both renamed and split. wl_seat is now a
virtual object representing a group of logically related input devices
with related focus.
It now only generates one event: to let clients know that it has new
capabilities. It takes requests which hand back objects for the
wl_pointer, wl_keyboard and wl_touch interfaces it exposes which all
provide the old input interface, just under different names.
Signed-off-by: Daniel Stone <daniel@fooishbar.org>
