The code here is wrong, leaky, and inconsistent. We don't free,
unlink or clean up things when we should in every error path.
Centralize the data destruction so it's easier to keep track of
and easier to bug fix.
Use function linking syntax instead of variable linking, to resolve two
warnings:
wayland-server.h:167: warning: explicit link request to 'wl_list_remove' could not be resolved
wayland-server.h:188: warning: explicit link request to 'wl_list_remove' could not be resolved
Signed-off-by: Bryce Harrington <b.harrington@samsung.com>
When an error occurs, wl_display_get_error() does not
provide any way of getting know if it was a local error or if it was
an error event, respectively what object caused the error and what
the error was.
This patch introduces a new function wl_display_get_protocol_error()
which will return error code, interface and id of the object that
generated the error.
wl_display_get_error() will work the same way as before.
wl_display_get_protocol_error() DOES NOT indicate that a non-protocol
error happened. It returns valid information only in that case that
(protocol) error occurred, so it should be used after calling
wl_display_get_error() with positive result.
[Pekka Paalanen] Applied another hunk of Bryce's comments to docs,
added libtool version bump.
Reviewed-by: Pekka Paalanen <ppaalanen@gmail.com>
Reviewed-by: Bryce Harrington <b.harrington@samsung.com>
Commit 99a72777f9 introduced a new error
for when the 'since' version decreases. It also reset the version for
messages without a version to 1. Versioning semantics in the spec files
was a little under-specified and we don't want to break projects caught in
this grey zone.
This commits replaces previous configure.ac as the 1.4.93 tag and the
final 1.5 RC.
This could be useful for compositors who need to be able to not send
events if the client bound a version lower than the newest provided.
Event version numbers are exposed as
[INTERFACE_NAME]_[EVENT_NAME]_SINCE_VERSION for example wl_output.scale
will have the version macro WL_OUTPUT_SCALE_SINCE_VERSION.
Signed-off-by: Jonas Ådahl <jadahl@gmail.com>
Fail if a message with version implicitly set to 1 (i.e. not specified)
comes after a message with since-version > 1.
Signed-off-by: Jonas Ådahl <jadahl@gmail.com>
If for some reason that errno is neither value (ENOMEM or
EINVAL), then prior to this patch, there would be a NULL
deref in wl_closure_lookup(...) at the "else if" conditional
when closure == NULL. Also, closure might not be NULL but still
fall into the block due to the wl_closure_lookup < 0 condition...
in that case, we need to destroy the closure to avoid a memory
leak.
Currently, wl_connection_demarshal only sets errno to ENOMEM
or EINVAL... we've already checked for ENOMEM so remove check
for EINVAL (just assume it). Also, call wl_closure_destroy(...)
unconditionally in the "else if" block (assume it can handle
NULL closure, too, which it does right now).
Signed-off-by: U. Artie Eoff <ullysses.a.eoff@intel.com>
This implements a simple fix for the blocking problem that occurs when
updating a timer event source after the timer expires, but before its
callback is dispatched. This can happen when another event happens during the
same epoll wakeup as the timer event, and causes the read() call in
wl_event_source_timer_dispatch() to block for the updated duration of the
timer.
We never want this read() call to block, so I believe it makes sense for the
timerfd to be non-blocking, and we simply ignore the case where the read fails
with EAGAIN. We still report all other errors as before, and still ignore the
actual value read from the socket.
With this change, the event_loop_timer_updates unit test case I submitted
previously now passes, and weston appears to work as before.
If a message was too big to fit in the connection buffer, the code
in wl_buffer_put would just write past the end of it.
I haven't seen any real world use case that would trigger this bug, but
it was possible to trigger it by sending a long enough string to the
wl_data_source.offer request.
Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=69267
In order to set a logging function all the time, the output we get
needs to be useful. Logging about trivial things like the socket
we're using and when clients disconnect doesn't realy help anyone.
In some cases, like Xwayland, stdout and stderr are redirected to
/dev/null, losing us valuable information, while wl_log can be
overridden, allowing us to send it to a log file instead. This
can help debugging immensely.
The code very intentionally emits a lot of redundant declarations
to simplify the scanner code. Somebody building with -Wredundant-decls
would have compile errors, so emit special pragmas to turn those
warnings off.
These pragmas should be ignored outside of gcc/clang.
errno is supposed to be positive, not negative. It seems that
everything else that calls display_fatal_error() calls it with
a positive error code, so do it here as well.
The wl_display events (error and delete_id) need to be handled even
if the default queue doesn't get dispatched for a while. For example,
a busy EGL rendering loop hits wl_display.sync every eglSwapBuffers()
and we need to process the delete_id events to maintain the object ID
data structure.
As it is, that doesn't happen, but with this change we special case
wl_display events. We put them on a custom, private queue and when
dispatching events, we always dispatch display_queue events first.
The wl_display proxy should still be the default_queue, so that objects
created from wl_display requests get assigned to that.
The previous implementation of the wl_container_of macro was
dereferencing the sample pointer in order to get an address of the
member to calculate the offset. Ideally this shouldn't cause any
problems because the dereference doesn't actually cause the address to
be read from so it shouldn't matter if the pointer is uninitialised.
However this is probably technically invalid and could cause undefined
behavior. Clang appears to take advantage of this undefined behavior
and doesn't bother doing the subtraction. It also gives a warning when
it does this.
The documentation for wl_container_of implies that it should only be
given an initialised pointer and if that is done then there is no
problem with clang. However this is quite easy to forget and doesn't
cause any problems or warnings with gcc so it's quite easy to
accidentally break clang.
To fix the problem this changes the macro to use pointer -
offsetof(__typeof__(sample), member) so that it doesn't need to deref
the sample pointer. This does however require that the __typeof__
operator is supported by the compiler. In practice we probably only
care about gcc and clang and both of these happily support the
operator.
The previous implementation was also using __typeof__ but it had a
fallback path avoiding it when the operator isn't available. The
fallback effectively has undefined behaviour and it is targetting
unknown compilers so it is probably not a good idea to leave it in.
Instead, this patch just removes it. If someone finds a compiler that
doesn't have __typeof__ but does work with the old implementation then
maybe they could add it back in as a special case.
This patch removes the initialisation anywhere where the sample
pointer was being unitialised before using wl_container_of. The
documentation for the macro has also been updated to specify that this
is OK.
In wl_display_add_shm_format(), check the return value from
wl_array_add() before dereferencing it and assigning it a value.
Return the resulting pointer back to the caller.
Signed-off-by: U. Artie Eoff <ullysses.a.eoff@intel.com>
POSIX says to set errno=0 before calling strtol since
the return value alne cannot tell a failure.
on ubuntu armel I get:
../src/wayland-scanner client-header < ../../protocol/wayland.xml > wayland-client-protocol.h
<stdin>:1188: error: invalid integer (2)
Signed-off-by: Adrian Negreanu <adrian.m.negreanu@intel.com>
Restart the poll() if we take a signal. This is easily triggered in
an application that ends up blocking in eglSwapBuffers(), and causes EGL
to fail to allocate a back buffer.
This will be useful in order to implement the
EGL_WL_create_wayland_buffer_from_image extension. The buffers created
within Mesa's Wayland platform are created using the the wl_drm object
as a proxy factory which means they will be set to use Mesa's internal
event queue. However, these buffers will be owned by the client
application so they ideally need to use the default event loop. This
function provides a way to set the proxy's event queue back to the
default.
krh: Edited from Neils original patch to just use wl_proxy_set_queue() with
a NULL argument instead of introducing a new function.
Otherwise the tail of fds_in buffer would just shift beyond the beginning.
That confuses the actual request handler and results in a crash further on
due to corrupted tail.
Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
A bug in Weston's toytoolkit gave me an hour of debugging headaches.
Improve the error messages that we send if a client requests an invalid
global, either by name or by version.
The server requires clients to only allocate one ID ahead of the previously
highest ID in order to keep the ID range tight. Failure to do so will
make the server close the client connection. However, the way we allocate
new IDs is racy. The generated code looks like:
new_proxy = wl_proxy_create(...);
wl_proxy_marshal(proxy, ... new_proxy, ...);
If two threads do this at the same time, there's a chance that thread A
will allocate a proxy, then get pre-empted by thread B which then allocates
a proxy and then passes it to wl_proxy_marshal(). The ID for thread As
proxy will be one higher that the currently highest ID, but the ID for
thread Bs proxy will be two higher. But since thread B prempted thread A
before it could send its new ID, B will send its new ID first, the server
will see the ID from thread Bs proxy first, and will reject it.
We fix this by introducing wl_proxy_marshal_constructor(). This
function is identical to wl_proxy_marshal(), except that it will
allocate a wl_proxy for NEW_ID arguments and send it, all under the
display mutex. By introducing a new function, we maintain backwards
compatibility with older code from the generator, and make sure that
the new generated code has an explicit dependency on a new enough
libwayland-client.so.
A virtual Wayland merit badge goes to Kalle Vahlman, who tracked this
down and analyzed the issue.
Reported-by: Kalle Vahlman <kalle.vahlman@movial.com>
It would be possible to make the compositor leak file descriptors by
passing descriptors of open unmmapable files to it, such as /dev/null.
Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
