Linux will let you mmap a region of a file that is larger than the
size of the file. If you then try to read from that region the process
will get a SIGBUS signal. Currently the clients can use this to crash
a compositor because it can create a pool and lie about the size of
the file which will cause the compositor to try and read past the end
of it. The compositor can't simply check the size of the file to
verify that it is big enough because then there is a race condition
where the client may truncate the file after the check is performed.
This patch adds the following two public functions in the server API
which can be used wrap access to an SHM buffer:
void wl_shm_buffer_begin_access(struct wl_shm_buffer *buffer);
void wl_shm_buffer_end_access(struct wl_shm_buffer *buffer);
The first time wl_shm_buffer_begin_access is called a signal handler
for SIGBUS will be installed. If the signal is caught then the buffer
for the current pool is remapped to an anonymous private buffer at the
same address which allows the compositor to continue without crashing.
The end_access function will then post an error to the buffer
resource.
The current pool is stored as part of some thread-local storage so
that multiple threads can safely independently access separate
buffers.
Eventually we may want to add some more API so that compositors can
hook into the signal handler or replace it entirely if they also want
to do some SIGBUS handling.
The scanner is not very forgiving if the protocol doesn't match it's
expectations and crashes without much of a notice. Thus, validate the protocol
against a DTD.
Move the protocol subdir forward so we validate first before trying anything
else, and install the DTD so we can validate weston's protocols as well.
In wl_display_dispatch_queue, if poll fails then it would previously
return immediately and leak a reference in display->reader_count. Then
if the application ignores the error and tries to read again it will
block forever. This can happen for example if the poll fails with
EINTR which the application might consider to be a recoverable error.
This patch makes it cancel the read so the reader_count will be
decremented when poll fails.
Since /* */ do not nest, documentation is forced to either use C++ style
// comments or some other foreign notation. This commit provides an alias
that allows C-style comments to be introduced in code blocks that support
aliases.
It should be noted that this macro will not work within \code blocks, as
Doxygen commands are ignored there. Instead, Doxygen's fenced code
blocks (created via ~~~) must be used for proper output. To demonstrate:
~~~
struct example_node {
int id;
\comment{Other members ...}
};
~~~
will roughly yield the following HTML (excluding syntax highlighting):
<pre>
struct example_node {
int id;
/* Other members ... */
};
</pre>
This commit creates a shared file list that is included by both the
client and the server for the XML Makefile targets, as classes within
util are used by both the client and the server.
This is needed for doxygen to generate output for macro definitions, such
as wl_container_of, that are contained by this file. Classes like
wl_list would be documented regardless.
If an interface has a destructor but no 'destroy' method we used to
not emit a destroy method. Now with the fix for missing destroy
requests for wl_pointer etc we need to emit the local wl_*_destroy
always.
We missed destroy requests in the 1.0 protocol and since the scanner
generates local-only *_destroy requests in that case we can't add
destroy requests without breaking protocol. A client needs to verify
that the server provides a version 3 seat to use the protocol destructor
so the name needs to be something else than wl_*_destroy.
v2 (Rob Bradford): Rebased, bumped the protocol versions and added since
attributes to the requests.
This commit adds support for language bindings on the client half of the
library. The idea is the same as for server-side dispatchers.
Signed-off-by: Jason Ekstrand <jason@jlekstrand.net>
This commit adds support for server-side languages bindings. This is done
in two ways:
1. Adding a wl_resource_set_dispatcher function that corresponds to
wl_resource_set_interface. The only difference between the two functions
is that the new version takes a dispatcher along with the implementation,
data, and destructor. This allows for runtime calling of native language
functions for callbacks instead of having to generate function pointers.
2. Adding versions of wl_resource_post_event and wl_resource_queue_event
that take an array of wl_argument instead of a variable argument list.
This allows for easier run-time argument conversion and removes the need
for libffi-based calling of variadic functions.
Signed-off-by: Jason Ekstrand <jason@jlekstrand.net>
There have been a lot of questions asked lately about versioning of
interfaces and protocol objects. This addition to the documentation should
clear up some of those questions.
Signed-off-by: Jason Ekstrand <jason@jlekstrand.net>
The method described of alocation IDs has been wrong at least since version
1.0. This commit updates it to correspond to the way IDs are chosen in
versions >= 1.0.
Signed-off-by: Jason Ekstrand <jason@jlekstrand.net>
When generating HTML, don't split once we're into subjections. This
generates a single page for each protocol interface instead of the previous
separate pages for requests, events and enums.
No effect on the rest of the HTML configuration.
This is the mirror function to wl_proxy_add_listener and is useful
inside client libraries to differentiate events on listeners for which
multiple proxies have been created.
If wayland-scanner.pc can't be found the variables end up being set
irrespectively, leaving the user with odd compiler errors about missing
headers, etc.
