If the length of a message exceeds the maximum length of the buffer, the
buffer size will reach its maximum value and stay there forever, with no
message ever being successfully processed. Since libwayland uses
level-triggered epoll, this will cause the compositor to loop forever
and consume CPU time. In libwayland 1.22 and below, there was an
explicit check that caused messages exceeding 4096 bytes to result in an
EOVERFLOW error, preventing the loop. However, this check was removed
between d074d52902 ("connection: Dynamically resize connection buffers").
To prevent this problem, always limit the size of messages to 4096 bytes.
Since the default and minimum buffer size is 4096 bytes, this ensures
that a single message will always fit in the buffer. It would be
possible to allow larger messages if the buffer size was larger, but the
maximum size of a message should not depend on the buffer size chosen by
the compositor.
Rejecting messages that exceed 4092 bytes seems to have the advantage of
reserving 4 bits, not 3, in the size field for future use. However,
message sizes in the range [0x0, 0x7] are invalid, so one can obtain a
fourth bit by negating the meaning of bit 12 if bits 0 through 11
(inclusive) are 0. Allowing 4096-byte messages provides the far more
important advantage that regressions compared to 1.22 are impossible
and regressions compared to 1.23 are extremely unlikely. The only case
where a regression is possible is:
- The receiving side is using libwayland 1.23.
- The sending side is either using libwayland 1.23 or is not using
libwayland.
- The sender sends a message exceeding 4096 bytes.
- If the sender of the large message is the client, the server has
increased the buffer size from the default value.
This combination is considered extremely unlikely, as libwayland 1.22
and below would disconnect upon receiving such a large message.
4096-byte messages, however, have always worked, so there was no reason
to avoid sending them.
Fixes: d074d52902 ("connection: Dynamically resize connection buffers").
Fixes: #494
Signed-off-by: Demi Marie Obenour <demi@invisiblethingslab.com>
when cast double to fixed pointer, there will be big
error, eg 1919.9998 to 1919. Call round before cast
to get nearest value 1920 of 1919.9998
Signed-off-by: Haihua Hu <jared.hu@nxp.com>
If a wl_array has size zero, wl_array_for_each computes NULL + 0 to get
to the end pointer. This should be fine, and indeed it would be fine in
C++. But the C specification has a mistake here and it is actually
undefined behavior. See
https://davidben.net/2024/01/15/empty-slices.html
Clang's -fsanitize=undefined flags this. I ran into this in Chromium's
build with wayland-scanner on one of our XML files.
../../third_party/wayland/src/src/scanner.c:1853:2: runtime error: applying zero offset to null pointer
#0 0x55c979b8e02c in emit_code third_party/wayland/src/src/scanner.c:1853:2
#1 0x55c979b89323 in main third_party/wayland/src/src/scanner.c
#2 0x7f8dfdb8c6c9 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
#3 0x7f8dfdb8c784 in __libc_start_main csu/../csu/libc-start.c:360:3
#4 0x55c979b70f39 in _start (...)
An empty XML file is sufficient to hit this case, so I've added it as a
test. To reproduce, undo the fix and include only the test, then build
with:
CC=clang CFLAGS="-fno-sanitize-recover=undefined" meson build/ -Db_sanitize=undefined -Db_lundef=false
ninja -C build test
Signed-off-by: David Benjamin <davidben@google.com>
Doxygen doesn't support documenting unnamed function arguments.
Fixes the following warnings:
src/wayland-util.h:697: warning: argument 'const' of command @param is not found in the argument list of wl_dispatcher_func_t(const void *, void *, uint32_t, const struct wl_message *, union wl_argument *)
src/wayland-util.h:697: warning: argument 'void' of command @param is not found in the argument list of wl_dispatcher_func_t(const void *, void *, uint32_t, const struct wl_message *, union wl_argument *)
src/wayland-util.h:697: warning: argument 'void' of command @param is not found in the argument list of wl_dispatcher_func_t(const void *, void *, uint32_t, const struct wl_message *, union wl_argument *)
src/wayland-util.h:697: warning: argument 'uint32_t' of command @param is not found in the argument list of wl_dispatcher_func_t(const void *, void *, uint32_t, const struct wl_message *, union wl_argument *)
src/wayland-util.h:697: warning: argument 'const' of command @param is not found in the argument list of wl_dispatcher_func_t(const void *, void *, uint32_t, const struct wl_message *, union wl_argument *)
src/wayland-util.h:697: warning: argument 'struct' of command @param is not found in the argument list of wl_dispatcher_func_t(const void *, void *, uint32_t, const struct wl_message *, union wl_argument *)
src/wayland-util.h:697: warning: argument 'wl_message' of command @param is not found in the argument list of wl_dispatcher_func_t(const void *, void *, uint32_t, const struct wl_message *, union wl_argument *)
src/wayland-util.h:697: warning: argument 'union' of command @param is not found in the argument list of wl_dispatcher_func_t(const void *, void *, uint32_t, const struct wl_message *, union wl_argument *)
src/wayland-util.h:697: warning: argument 'wl_argument' of command @param is not found in the argument list of wl_dispatcher_func_t(const void *, void *, uint32_t, const struct wl_message *, union wl_argument *)
src/wayland-util.h:725: warning: argument 'const' of command @param is not found in the argument list of wl_log_func_t(const char *, va_list)
src/wayland-util.h:725: warning: argument 'char' of command @param is not found in the argument list of wl_log_func_t(const char *, va_list)
src/wayland-util.h:725: warning: argument 'va_list' of command @param is not found in the argument list of wl_log_func_t(const char *, va_list)
src/wayland-util.h:697: warning: argument 'const' of command @param is not found in the argument list of wl_dispatcher_func_t(const void *, void *, uint32_t, const struct wl_message *, union wl_argument *)
src/wayland-util.h:697: warning: argument 'void' of command @param is not found in the argument list of wl_dispatcher_func_t(const void *, void *, uint32_t, const struct wl_message *, union wl_argument *)
src/wayland-util.h:697: warning: argument 'void' of command @param is not found in the argument list of wl_dispatcher_func_t(const void *, void *, uint32_t, const struct wl_message *, union wl_argument *)
src/wayland-util.h:697: warning: argument 'uint32_t' of command @param is not found in the argument list of wl_dispatcher_func_t(const void *, void *, uint32_t, const struct wl_message *, union wl_argument *)
src/wayland-util.h:697: warning: argument 'const' of command @param is not found in the argument list of wl_dispatcher_func_t(const void *, void *, uint32_t, const struct wl_message *, union wl_argument *)
src/wayland-util.h:697: warning: argument 'struct' of command @param is not found in the argument list of wl_dispatcher_func_t(const void *, void *, uint32_t, const struct wl_message *, union wl_argument *)
src/wayland-util.h:697: warning: argument 'wl_message' of command @param is not found in the argument list of wl_dispatcher_func_t(const void *, void *, uint32_t, const struct wl_message *, union wl_argument *)
src/wayland-util.h:697: warning: argument 'union' of command @param is not found in the argument list of wl_dispatcher_func_t(const void *, void *, uint32_t, const struct wl_message *, union wl_argument *)
src/wayland-util.h:697: warning: argument 'wl_argument' of command @param is not found in the argument list of wl_dispatcher_func_t(const void *, void *, uint32_t, const struct wl_message *, union wl_argument *)
src/wayland-util.h:725: warning: argument 'const' of command @param is not found in the argument list of wl_log_func_t(const char *, va_list)
src/wayland-util.h:725: warning: argument 'char' of command @param is not found in the argument list of wl_log_func_t(const char *, va_list)
src/wayland-util.h:725: warning: argument 'va_list' of command @param is not found in the argument list of wl_log_func_t(const char *, va_list)
Signed-off-by: Simon Ser <contact@emersion.fr>
The definition of wl_argument in wayland-util.h references wl_object,
so wl_object ought to be defined in wayland-util.h. This resolves
gitlab issue #78.
Fixes: https://gitlab.freedesktop.org/wayland/wayland/issues/78
Signed-off-by: Pekka Paalanen <pekka.paalanen@collabora.com>
Despite their clear names, wl_array and wl_list members are undocumented,
resulting in doxygen warnings[1] when building documentation.
Document these members, suppressing the warnings.
[1] Warnings are visible when EXTRACT_ALL = NO.
Signed-off-by: Yong Bakos <ybakos@humanoriented.com>
Reviewed-by: Daniel Stone <daniels@collabora.com>
Adjust the brief, clarify the behavior and arguments, correct a grammar
error, document the parameters, and document the return type.
Signed-off-by: Yong Bakos <ybakos@humanoriented.com>
Reviewed-by: Bryce Harrington <bryce@osg.samsung.com>
Reviewed-by: Daniel Stone <daniels@collabora.com>
Use declarative voice, remove the unnecessary doxygen \enum tag, and add
two see-also's. This keeps the output the same but makes the comment
voice consistent, a little more readable, and refers to documented
functions that use this enum type.
Signed-off-by: Yong Bakos <ybakos@humanoriented.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Standardize the doxygen comment format, add clarity to the writing, decouple
the description from specifics of usage, add see-also's, and massage the union
member type comments.
Signed-off-by: Yong Bakos <ybakos@humanoriented.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Add doxygen comments for wl_fixed_t and its methods.
Although wl_fixed_t can be thought of as an opaque struct, it is a typedef. As
such, doxygen does not provide an elegant means of documenting it as both a
'class' with members and as a typedef. In other words, documenting it as a class
gives us a nice doxygen page for wl_fixed_t and its related methods, but this
leaves the typedef documentation blank in the documentation for wayland-util,
and does not provide a link to the documentation for wl_fixed_t. Hence, this
patch does not treat wl_fixed_t as a class/struct, resulting in the typedef
being documented and keeping the functions listed in wayland-util, rather than a
separate unlinked page devoted to just wl_fixed_t.
Signed-off-by: Yong Bakos <ybakos@humanoriented.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Daniel Stone <daniels@collabora.com>
wl_fixed_to_double had a stray space before the parameter list.
Remove this space.
Signed-off-by: Yong Bakos <ybakos@humanoriented.com>
Reviewed-by: Daniel Stone <daniels@collabora.com>
Add doxygen comment blocks so these annotations are documented in the html
documentation.
Signed-off-by: Yong Bakos <ybakos@humanoriented.com>
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Add doxygen comments for wl_array and its methods.
Signed-off-by: Yong Bakos <ybakos@humanoriented.com>
Reviewed-by: Eric Engestrom <eric.engestrom@imgtec.com>
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
To complement on the new resource created signal, this allows to
iterate over the existing resources of a client.
Signed-off-by: Giulio Camuffo <giulio.camuffo@kdab.com>
Reviewed-by: Jonas Ådahl <jadahl@gmail.com>
[Pekka: added empty lines, init ret in for_each_helper()]
Signed-off-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Analogous to last two commits.
Signed-off-by: Emil Velikov <emil.l.velikov@gmail.com>
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Reviewed-by: Quentin Glidic <sardemff7+git@sardemff7.net>
A few of the header files had function prototypes that were not
following project conventions, sometimes even in the same file.
Corrected these to follow as per wayland-os.h.
Signed-off-by: Jon A. Cruz <jonc@osg.samsung.com>
This is a minor documentation fix. I did not see any asterisks in the
output as reported by Pekka Paalanen. Using doxygen 1.7.6.1.
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Also removed \comment and used C++ comments. There does not appear
to be any other way to put comments into code samples.
Reviewed-by: Bryce Harrington <b.harrington@samsung.com>
These blocks were misformatted in normal paragraph style in the
generated docs. Also, added \comment{} for comments within one code
example.
Signed-off-by: Benjamin Herr <ben@0x539.de>
The previous implementation of the wl_container_of macro was
dereferencing the sample pointer in order to get an address of the
member to calculate the offset. Ideally this shouldn't cause any
problems because the dereference doesn't actually cause the address to
be read from so it shouldn't matter if the pointer is uninitialised.
However this is probably technically invalid and could cause undefined
behavior. Clang appears to take advantage of this undefined behavior
and doesn't bother doing the subtraction. It also gives a warning when
it does this.
The documentation for wl_container_of implies that it should only be
given an initialised pointer and if that is done then there is no
problem with clang. However this is quite easy to forget and doesn't
cause any problems or warnings with gcc so it's quite easy to
accidentally break clang.
To fix the problem this changes the macro to use pointer -
offsetof(__typeof__(sample), member) so that it doesn't need to deref
the sample pointer. This does however require that the __typeof__
operator is supported by the compiler. In practice we probably only
care about gcc and clang and both of these happily support the
operator.
The previous implementation was also using __typeof__ but it had a
fallback path avoiding it when the operator isn't available. The
fallback effectively has undefined behaviour and it is targetting
unknown compilers so it is probably not a good idea to leave it in.
Instead, this patch just removes it. If someone finds a compiler that
doesn't have __typeof__ but does work with the old implementation then
maybe they could add it back in as a special case.
This patch removes the initialisation anywhere where the sample
pointer was being unitialised before using wl_container_of. The
documentation for the macro has also been updated to specify that this
is OK.
This is needed for doxygen to generate output for macro definitions, such
as wl_container_of, that are contained by this file. Classes like
wl_list would be documented regardless.
This commit adds support for server-side languages bindings. This is done
in two ways:
1. Adding a wl_resource_set_dispatcher function that corresponds to
wl_resource_set_interface. The only difference between the two functions
is that the new version takes a dispatcher along with the implementation,
data, and destructor. This allows for runtime calling of native language
functions for callbacks instead of having to generate function pointers.
2. Adding versions of wl_resource_post_event and wl_resource_queue_event
that take an array of wl_argument instead of a variable argument list.
This allows for easier run-time argument conversion and removes the need
for libffi-based calling of variadic functions.
Signed-off-by: Jason Ekstrand <jason@jlekstrand.net>
With the work to add wl_resource accessors and port weston to use them,
we're ready to make wl_resource and wl_object opaque structs. We keep
wl_buffer in the header for EGL stacks to use, but don't expose it by
default. In time we'll remove it completely, but for now it provides a
transition paths for code that still uses wl_buffer.
Reviewed-by: Jason Ekstrand<jason@jlekstrand.net>
The _* namespace and identifiers with double underscore are reserved
by the C standard. That makes __wl_container_of is double plus bad,
so lets just call it wl_container_of.
Exporting unprefixed symbols is a pretty bad idea so don't do that.
Instea of redefining it WL_ARRAY_LENGTH, we just move the define to
our private header. The scanner generates code that uses ARRAY_LENGTH,
but we can just make it count the number elements and emit an integer
constant instead.
We might have to perform memory allocations in wl_array_copy(), so catch
out-of-memory errors in wl_array_add() and return -1 before changing any
state.
Signed-off-by: David Herrmann <dh.herrmann@googlemail.com>
