Calling wl_display_terminate() will exit the wl_display event loop
at the start of the next loop iteration. This works fine when
wl_display_terminate() is called after the event loop wakes up
from polling on the added event sources. If, however, it is
called before polling starts, the event loop will not exit until
one or more event sources trigger. Depending on the types of event
sources, they may never trigger (or may not trigger for a long time),
so the event loop may never exit.
Add an extra event source to the wl_display event loop that will trigger
whenever wl_display_terminate() is called, so that the event loop will
always exit.
Fixes#201
Signed-off-by: Damian Hobson-Garcia <dhobsong@igel.co.jp>
shm_pool_create_buffer() can raise a false WL_SHM_ERROR_INVALID_STRIDE
error under some circumstances because of integer division.
Fix this by using a strict comparison operator instead of lower or
equal.
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Reviewed-by: Demi Marie Obenour <demi@invisiblethingslab.com>
Reviewed-by: Simon Ser <contact@emersion.fr>
Reviewed-by: Jonas Ådahl <jadahl@gmail.com>
Closes: https://gitlab.freedesktop.org/wayland/wayland/-/issues/235
It may be obvious that the mapping must be established in read-only
mode, but it wasn't specified in the specification text.
Signed-off-by: Simon Ser <contact@emersion.fr>
This uses the new FreeBSD supported added in
https://gitlab.freedesktop.org/freedesktop/ci-templates/-/merge_requests/114
After the latest series of commits, we should be able to compile and
successfully run all tests, so adding this CI job will prevent any future
FreeBSD regressions.
Signed-off-by: Alex Richardson <Alexander.Richardson@cl.cam.ac.uk>
On Linux the signal will be immediately visible in the epoll_wait() call.
However, on FreeBSD we may need a small delay between kill() call and the
signal being visible to the kevent() call. This sometimes happens when the
signal processing and kevent processing runs on different CPUs in the
kernel, so becomes more likely when the system is under load (e.g. running
all tests in parallel).
See https://github.com/jiixyj/epoll-shim/pull/32
Signed-off-by: Alex Richardson <Alexander.Richardson@cl.cam.ac.uk>
If we are compiling against a version of FreeBSD where MSG_CMSG_CLOEXEC
does not work, use the fallback directly. This was only fixed recently
(in https://cgit.freebsd.org/src/commit/?id=6ceacebdf52211).
Signed-off-by: Alex Richardson <Alexander.Richardson@cl.cam.ac.uk>
This allows running the tests on FreeBSD without mounting fdescfs.
Previously you had to run `mount -t fdescfs -o linrdlnk null /dev/fd` to
get file descriptors >=3 listed in /dev/fd.
Signed-off-by: Alex Richardson <Alexander.Richardson@cl.cam.ac.uk>
/dev/fd exists on all operating systems I can test (Linux, FreeBSD, macOS),
whereas /proc/self/fd only appears to exist on Linux.
Signed-off-by: Alex Richardson <Alexander.Richardson@cl.cam.ac.uk>
Some operating systems (e.g. FreeBSD) do not implement mremap.
In that case we can grow the mapping by trying to map adjacent memory.
If that fails we can fall back to creating a new larger mapping and
moving the old memory contents there.
Co-authored-by: Koop Mast <kwm@rainbow-runner.nl>
Signed-off-by: Alex Richardson <Alexander.Richardson@cl.cam.ac.uk>
On FreeBSD we have to use getsockopt(fd, SOL_LOCAL, LOCAL_PEERCRED)
instead. This change is based on a downstream patch in FreeBSD ports.
Co-authored-by: Greg V <greg@unrelenting.technology>
Co-authored-by: Koop Mast <kwm@rainbow-runner.nl>
Signed-off-by: Alex Richardson <Alexander.Richardson@cl.cam.ac.uk>
FreeBSD does not provide epoll(7) and instead requires an external library,
epoll-shim, that implements epoll() using kqueue(2)
Co-authored-by: Jan Beich <jbeich@FreeBSD.org>
Signed-off-by: Alex Richardson <Alexander.Richardson@cl.cam.ac.uk>
On some systems (e.g. FreeBSD with the latest epoll-shim), fcntl is
declared as a macro instead of a function. Wrap the definition here in
parantheses to avoid function-macro expansion.
Signed-off-by: Alex Richardson <Alexander.Richardson@cl.cam.ac.uk>
struct wl_buffer has other meaning in wayland, thus making this a pretty
confusing structure name. Function names like wl_buffer_put() just
compound the confusion.
Rename the struct and the associated functions (none of which are called
from outside this file anyway). The struct retains a wl_ prefix, as is
the custom for wayland internal data structures. The function names
have not retained this prefix, as we have many static function that
aren't prefixed.
Signed-off-by: Derek Foreman <derek.foreman@collabora.com>
Use the new flagged marshal+destroy function in generated code.
It's intended as a replacement for all existing wl_proxy_marshal_*
functions, so I've used it to replace them all. This results in a large
update to the scanner test files as well.
We now pass the new WL_MARSHAL_FLAG_DESTROY flag when appropriate, so
the race condition in #86 caused by releasing the display mutex between
marshalling the proxy and destroying the proxy is now gone.
Fixes#86
Signed-off-by: Derek Foreman <derek.foreman@collabora.com>
There's a race when destroying wayland objects in a multi-threaded client.
This occurs because we call:
wl_proxy_marshal(foo);
wl_proxy_destroy(foo);
And each of these functions takes, and releases, the display mutex.
Between the two calls, the display is not locked.
In order to allow atomically marshalling the proxy and destroying the
proxy without releasing the lock, add yet more wl_proxy_marshal_*
functions. This time add flags and jam in all existing warts with the
hope that we can make it future proof this time.
Signed-off-by: Derek Foreman <derek.foreman@collabora.com>
Split wl_proxy_destroy into two pieces, wl_proxy_destroy_unlocked which
performs the critical section code with no locking, and wl_proxy_destroy
which locks before calling that.
We'll use the new unlocked variant later in code that already holds the
lock.
There is a slight functional change - an aborting check is now called
with the lock held. This should be harmless as wl_abort() performs
no locking.
Signed-off-by: Derek Foreman <derek.foreman@collabora.com>
The theme getting loaded by this function is not to be confused
with the theme named "default" located on the filesystem. Instead,
it's a minimal theme directly bundled into libwayland-cursor.
Make this clearer by naming this theme "fallback".
Signed-off-by: Simon Ser <contact@emersion.fr>
The use case is systems where for some reason the current xcursor theme
cannot be accessed (an application packaged as a strictly confined snap,
for example).
Before falling back to wayland's default cursor theme, it is worth
trying the xcursor theme called "default", which hopefully looks better
than the former.
Fixes: https://gitlab.gnome.org/Community/Ubuntu/gnome-sdk/-/issues/6
Signed-off-by: Olivier Tilloy <olivier.tilloy@canonical.com>
No sense in generating enormously long paths. This also happens to fix
artifacts not actually recording anything because we had a mismatch in
artifact paths vs. actual paths.
Signed-off-by: Daniel Stone <daniels@collabora.com>
The appropriate concurrency level is not necessarily the number of
available CPUs; limit it to what the runners tell us we should be using.
Signed-off-by: Daniel Stone <daniels@collabora.com>
Specifically, in the log formed when WAYLAND_DEBUG is set, this commit
ensures that floating point numbers are formatted using '.' instead of
the locale-specific decimal separator. As the debug logs are not
otherwise localized for end-users, and may be parsed by scripts, it is
better to have consistent output here.
The 24.8 fixed point numbers are now represented with 8 digits after
the decimal, since this is both exact and simpler to compute.
Signed-off-by: Manuel Stoeckl <code@mstoeckl.com>
Sanitizers need to intercept syscalls in the compiler run-time library, as
do these tests. We try to make this work by using dlsym(RTLD_NEXT) to find
the next definition in the chain, but here this approach won't work because
the compiler run-time library is linked into the same elf object as the test
interceptors are.
The sanitizer library supports this by giving the intercept functions a
prefix and making them only weakly alias the real names, so our interceptors
can call the sanitizers interceptors explicitly, which will then use dlsym
to call the real function.
By making our declarations of the sanitizer interceptor function weak we can
handle any combination of intercepts (including none, if there is no
sanitizer). If our declaration is resolves to a NULL pointer, we just use
dlsym.
Signed-off-by: Fergus Dall <sidereal@google.com>
The connection_demarshal test writes a 10 byte string into a wayland message,
but doesn't pad it out to a four byte boundary. This leads to the last 32-bit
word of the message being partially uninitialized, which triggers an msan
violation when the message is written to the socket.
Signed-off-by: Fergus Dall <sidereal@google.com>
This function constructs a socket path in sun_path using snprintf, which
returns the amount of space that would have been used if the buffer was
large enough. It then checks if this is larger then the actual buffer size
and, if so, returns ENAMETOOLONG. This is correct.
However, after calling snprintf and before checking that the length isn't too
long, it tries to compute a pointer to the part of the path that matches the
input name. It does this by adding the computed path length to the pointer to
the start of the path buffer, which will take it to one-past the null
terminator, and then walking backwards. If the path fits in the buffer, this
will take it at most one-past-the-end of the allocation, which is allowed, but
if the path is longer then the buffer then the pointer addition is undefined behavior.
Fix this by moving the display name computation past the check that the path
length is not too long.
This is detected by the test socket_path_overflow_server_create under ubsan.
Signed-off-by: Fergus Dall <sidereal@google.com>
for_each_helper tries to calculate a one-past-the-end pointer for its
wl_array input. This is fine when the array has one or more entries, but we
initialize arrays by setting wl_array.data to NULL. Pointer arithmetic is
only defined when both the pointer operand and the result point to the same
allocation, or one-past-the-end of that allocation. As NULL points to no
allocation, no pointer arithmetic can be performed on it, not even adding 0,
even if the result is never dereferenced.
This is caught by clang's ubsan from version 10.
Many tests already hit this case, but I added an explicit test for iterating
over an empty wl_map.
Signed-off-by: Fergus Dall <sidereal@google.com>
Before this patch, setting WAYLAND_DEBUG=1 or WAYLAND_DEBUG=client made
a program log all requests sent and events that it processes. However,
some events received are not processed. This can happen when a Wayland
server sends an event to an object that does not exist, or was recently
destroyed by the client program (either before the event was decoded,
or after being decoded but before being dispatched.)
This commit prints all discarded messages in the debug log, producing
lines like:
[1234567.890] discarded [unknown]@42.[event 0](0 fd, 12 byte)
[1234567.890] discarded wl_callback@3.done(34567)
[1234567.890] discarded [zombie]@13.[event 1](3 fd, 8 byte)
The first indicates an event to an object that does not exist; the
second, an event to an object that was deleted after decoding, but
before dispatch; the third, an event to an object that left a
'zombie' marker behind to indicate which events have associated
file descriptors.
Signed-off-by: Manuel Stoeckl <code@mstoeckl.com>
The problem was found running Weston, with both Weston and Wayland built
with ASan:
../../git/wayland/src/wayland-util.c:150:2: runtime error: null pointer passed as argument 1, which is declared to never be null
../../git/wayland/src/wayland-util.c:150:2: runtime error: null pointer passed as argument 2, which is declared to never be null
This turns out to be caused by copying an empty array into an empty
array.
That seems to be completely valid thing to do, and wl_array_init()
initializes the pointers to NULL and size to zero. Copying initialized
arrays must always be valid.
The error are caused by calling memcpy() with NULL pointers. It doesn't
explode, because also the size is zero.
Fix the problem by calling memcpy() only if size is not zero. This
should keep things like copying an empty array into a non-empty array
work.
Signed-off-by: Pekka Paalanen <pekka.paalanen@collabora.com>
This previously would have caused a memory leak and incorrect
comments.
Signed-off-by: James Legg <lankyleggy@gmail.com>
Signed-off-by: Pekka Paalanen <pekka.paalanen@collabora.com>
entry may have a description according to the DTD. This is used in
some protocols including xdg-shell.
Fixes the code comment on an enum declaration using the description of
the last enum that had one, adds the descriptions to the comments on
enumerators, and avoids leaking the previously missing descriptions.
Fixes#208
Signed-off-by: James Legg <lankyleggy@gmail.com>
Signed-off-by: Pekka Paalanen <pekka.paalanen@collabora.com>
I just noticed that libwayland test suite is ASan and UBSan clean, so
let's turn that on in CI to avoid regressing.
Signed-off-by: Pekka Paalanen <pekka.paalanen@collabora.com>
Catch any API mis-use with an assert. This should abort when the
user calls unreferences the pool more times than it's referenced.
Also change the refcount check to explicitly check for positive
counts. That makes the condition more readable.
Signed-off-by: Simon Ser <contact@emersion.fr>
