While the default Unix socket buffer size on Linux is relatively
small, on some computers the default size may be configured to
be huge, making the overflow test never actually overflow the
Wayland display socket.
The changed code now explicitly sets the display socket send buffer
size to be small enough to guarantee an overflow.
Signed-off-by: Manuel Stoeckl <code@mstoeckl.com>
This change ensures that the compositor process is not able to respond
to any of the noop requests sent by the client process, by using the
test compositor's `stop_display` mechanism to coordinate when the
compositor should stop processing messages.
(Before this change, it was possible that one of the calls of
wl_event_loop_dispatch in the compositor process could respond to all
the client's noop requests before returning.)
Signed-off-by: Manuel Stoeckl <code@mstoeckl.com>
At higher warning levels, GCC complains about unused variables.
Remove two completely unused, and one set-but-not-used, variables from
display-test to make it happy.
Signed-off-by: Daniel Stone <daniels@collabora.com>
Meson is a next generation build system, simpler than Autotools and also faster
and more portable. Most importantly, it will make integrating ASan easier in
CI.
The goal is to maintain feature parity of the Meson build with the
Autotools build, until such time when we can drop the latter.
Add a script which generates the desired Doxygen configuration for our various
output formats and executes it using that configuration. This is not something
Meson can or should do.
Fixes: https://gitlab.freedesktop.org/wayland/wayland/issues/80
[daniels: Changed to bump version, use GitLab issues URL, remove header
checks not used in any code, remove pre-pkg-config Expat
support, added missing include paths to wayland-egl and
cpp-compile-test, added GitLab CI.
Bumped version, removed unnecessary pkg-config paths.]
[daniels: Properly install into mandir/man3 via some gross
paramaterisation, generate real stamp files.]
Pekka:
- squashed patches
- removed MAKEFLAGS from meson CI
- remove unused PACKAGE* defines
- fix up scanner dependency handling
- instead of host_scanner option, build wayland-scanner twice when cross-compiling
- changed .pc files to match more closely the autotools versions
- reorder doxygen man sources to reduce diff to autotools
- fix pkgconfig.generate syntax warnings (new in Meson)
- bump meson version to 0.47 for configure_file(copy) and run_command(check)
- move doc tool checks into doc/meson.build, needed in more places
- make all doc tools mandatory if building docs
- check dot and doxygen versions
- add build files under doc/publican
- reindent to match Weston Meson style
Simon:
- Remove install arg from configure_file
- Don't build wayland-scanner twice during cross-build
- Fix naming of the threads dependency
- Store tests in dict
- Add missing HAVE_* decls for functions
- Remove unused cc_native variable
- Make doxygen targets a dict
- Make dot_gv a dict
- Use dicts in man_pages
- Make decls use dicts
- Make generated_headers use dicts
- Align Meson version number with autotool's
Signed-off-by: Pekka Paalanen <pekka.paalanen@collabora.com>
Signed-off-by: Simon Ser <contact@emersion.fr>
The tests that run exec-fd-leak-checker expect the binary to be located
in the current directory. This is not always the case; for instance, the
binaries could be built under `tests`, but be invoked under the
top-level build directory.
We can use an environment variable to control what's the location of the
test binaries, and fall back to the current directory if the variable is
unset.
Reviewed-by: Daniel Stone <daniels@collabora.com>
Including wayland-server-core.h in wayland-private.h is problematic
because wayland-private.h is included by wayland-scanner which should be
able to build against non-POSIX platforms (e.g. MinGW). The only reason
that wayland-server-core.h was included in wayland-private.h was for the
wl_private_signal definitions, so move those to a
wayland-server-private.h file that can be included by both
wayland-server.c and the tests.
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
This test makes sure that after wl_global_remove:
* The global_remove event is sent to existing clients
* Binding to the removed global still works
* A new client will not see the removed global advertised
Signed-off-by: Simon Ser <contact@emersion.fr>
When doing unity builds via meson (example project:
https://github.com/swaywm/sway) multiple source files are glued together
via #include directives. Having every wayland-scanner generated source
file have an identifier named '*types[]' will lead to errors in these
unity builds if two or more of these are joined.
Signed-off-by: Marty E. Plummer <hanetzer@startmail.com>
The new display test runs a client that makes a very large number of
trivial requests. After responding to initial setup requests, the server
is paused, letting the trivial requests fill up the Unix socket buffer,
making further writes to the socket fail. The test then checks that the
client sets an appropriate error code, and does not abort or crash.
Signed-off-by: Manuel Stoeckl <code@mstoeckl.com>
When an application and a toolkit share the same Wayland connection,
it will receive events with each others objects. For example if the
toolkit manages a set of surfaces, and the application another set, if
both the toolkit and application listen to pointer focus events,
they'll receive focus events for each others surfaces.
In order for the toolkit and application layers to identify whether a
surface is managed by itself or not, it cannot only rely on retrieving
the proxy user data, without going through all it's own proxy objects
finding whether it's one of them.
By adding the ability to "tag" a proxy object, the toolkit and
application can use the tag to identify what the user data pointer
points to something known.
To create a tag, the recommended way is to define a statically allocated
constant char array containing some descriptive string. The tag will be
the pointer to the non-const pointer to the beginning of the array.
For example, to identify whether a focus event is for a surface managed
by the code in question:
static const char *my_tag = "my tag";
static void
pointer_enter(void *data,
struct wl_pointer *wl_pointer,
uint32_t serial,
struct wl_surface *surface,
wl_fixed_t surface_x,
wl_fixed_t surface_y)
{
struct window *window;
const char * const *tag;
tag = wl_proxy_get_tag((struct wl_proxy *) surface);
if (tag != &my_tag)
return;
window = wl_surface_get_user_data(surface);
...
}
...
static void
init_window_surface(struct window *window)
{
struct wl_surface *surface;
surface = wl_compositor_create_surface(compositor);
wl_surface_set_user_data(surface, window);
wl_proxy_set_tag((struct wl_proxy *) surface,
&my_tag);
}
Signed-off-by: Jonas Ådahl <jadahl@gmail.com>
The pointer operand to the binary `+` operator must be to a complete
object type. Since we are working with byte sizes, use `char *` for
arithmetic instead.
Signed-off-by: Michael Forney <mforney@mforney.org>
Rather than have two versions of the macro with slightly different
interfaces, just use wl_container_of internally.
This also removes use of statement expressions, a GNU C extension.
Signed-off-by: Michael Forney <mforney@mforney.org>
The printf() format specifier "%m" is a glibc extension to print
the string returned by strerror(errno). While supported by other
libraries (e.g. uClibc and musl), it is not widely portable.
In Wayland code the format string is often passed to a logging
function that calls other syscalls before the conversion of "%m"
takes place. If one of such syscall modifies the value in errno,
the conversion of "%m" will incorrectly report the error string
corresponding to the new value of errno.
Remove all the occurrences of the specifier "%m" in Wayland code
by using directly the string returned by strerror(errno).
Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
The test runs wayland_scanner on a set of XML protocol files which
have malformed element names, and confirms that an error is produced
and indicates the correct line.
Copyright notifications are not included in the test files, as
they are not code; of course, the project license still applies.
Signed-off-by: Manuel Stoeckl <code@mstoeckl.com>
The size argument to wl_connection_demarshal() is taken from the message by the
caller wl_client_connection_data(), therefore 'size' is untrusted data
controllable by a Wayland client. The size should always be at least the header
size, otherwise the header is invalid.
If the size is smaller than header size, it leads to reading past the end of
allocated memory. Furthermore if size is zero, wl_closure_init() changes
behaviour and leaves num_arrays uninitialized, leading to access of arbitrary
memory.
Check that 'size' fits at least the header. The space for arguments is already
properly checked.
This makes the request_bogus_size test free of errors under Valgrind.
Fixes: https://gitlab.freedesktop.org/wayland/wayland/issues/52
Signed-off-by: Pekka Paalanen <pekka.paalanen@collabora.com>
Reviewed-by: Simon Ser <contact@emersion.fr>
This attempts to reproduce the error conditions from
https://gitlab.freedesktop.org/wayland/wayland/issues/52 and make it crash.
While the crash was repeatable in my tests, it depends on garbage on stack
leading to access of invalid memory, which is not guaranteed.
This is a FAIL_TEST, so that the following fix commit can be verified.
Signed-off-by: Pekka Paalanen <pekka.paalanen@collabora.com>
Reviewed-by: Simon Ser <contact@emersion.fr>
Many languages such as C++ or Rust have an unwinding error-reporting
mechanism. Code in these languages can (and must!) wrap request handling
callbacks in unwind guards to avoid undefined behaviour.
As a consequence such code will detect internal server errors, but have
no way to communicate such failures to the client.
This adds a WL_DISPLAY_ERROR_IMPLEMENTATION error to wl_display so that
such code can notify (and disconnect) clients which hit internal bugs.
While servers can currently abuse other wl_display errors for the same
effect, adding an explicit error code allows clients to tell the
difference between errors which are their fault and errors which are the
server's fault. This is particularly interesting for automated bug
reporting.
v2: Rename error from "internal" to "implementation", in sympathy with
X11's BadImplementation error.
Add more justification in the commit message.
Signed-off-by: Christopher James Halse Rogers <christopher.halse.rogers@canonical.com>
Acked-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.com>
There are far better ways to detect memory leaks, such as either
valgrind or ASan. Having Meson makes it really easy to use these tools
in our tests, and we can do that in CI as well.
Having these local wrappers actually completely broke ASan usage, so
remove them in favour of using the more powerful options.
Signed-off-by: Daniel Stone <daniels@collabora.com>
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Clang will rightly point out that example_sockaddr_un in socket-test
will get discarded from the compilation unit as it is completely unused.
Put in a couple of lines which of no value other than stopping Clang
from complaining.
Signed-off-by: Daniel Stone <daniels@collabora.com>
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Clang warns that it can silently discard a non-volatile write to a NULL
pointer (perhaps it constitutes undefined behaviour?), and recommends
changing it to volatile.
This patch slavishly complies with the demand of the unfeeling machine.
Signed-off-by: Daniel Stone <daniels@collabora.com>
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Attempting to demarshal message with array or string longer than its
body should return failure. Handling the length correctly is tricky when
it gets to near-UINT32_MAX values. Unexpected overflows can cause
crashes and other security issues.
These tests verify that demarshalling such message gives failure instead
of crash.
v2: Added consts, serialized opcode and size properly, updated style.
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Acked-by: Derek Foreman <derek.foreman.samsung@gmail.com>
For years it's been common practice to free the object containing
the wl_listener inside resource destruction notifiers, but not
remove the listener from the list.
That is: It's been safe to assume (when only one listener is present)
that the wl_listener will never be touched again, since this is
a destruction callback.
Recently some patches were reviewed that made some positive changes
to our internal signal handling code, but would've violated this
assumption, and changed free()d memory in several existing compositors
(weston, mutter, enlightenment).
Since the breakage was extremely subtle, codify this assumption in
a test case (thus promoting it to an ABI promise).
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Reviewed-by: Markus Ongyerth <wl@ongy.net>
Signed-off-by: Derek Foreman <derekf@osg.samsung.com>
SEGV and ABRT by default cause a core dump, which may create a file,
launch crash handlers, and so on. sanity-test has 21 processes that
are expected to crash like this. Disable core dumps on them all.
I counted 21 entries in coredumpctl list, while only 16 functions needed
patching. After this patch no entries appear in coredumpctl list.
Signed-off-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Reviewed-by: Daniel Stone <daniels@collabora.com>
Commit e501230d1d "scanner: Fix broken
private-code generation" changed the scanner output without updating the
reference output for scanner tests.
Update the reference data. This fixes 'make check'.
Signed-off-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Reviewed-by: Derek Foreman <derekf@osg.samsung.com>
First one is deprecated in favour of the second option.
The latter is newly introduced and annotates the generated symbols
accordingly.
v2: Don't introduce small-public-code.c - reuse small-code.c (Pekka)
Cc: Pekka Paalanen <ppaalanen@gmail.com>
Signed-off-by: Emil Velikov <emil.velikov@collabora.com>
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Reviewed-by: Derek Foreman <derekf@osg.samsung.com>
Until recently, if an event attempting to deliver an fd to a zombie
object was demarshalled after the object was made into a zombie, we
leaked the fd and left it in the buffer.
If another event attempting to deliver an fd to a live object was in that
same buffer, the zombie's fd would be delivered instead.
This test recreates that situation.
While this is a ridiculously contrived way to force this race - delivering
an event from a destruction handler - I do have reports of this race
being hit in real world code.
Signed-off-by: Derek Foreman <derekf@osg.samsung.com>
Acked-by: Daniel Stone <daniels@collabora.com>
Until recently, if a client destroying a resource raced with the
server generating an event on that resource that delivered a file
descriptor, we would leak the fd.
This tests for a leaked fd from that race condition.
Reviewed-by: Daniel Stone <daniels@collabora.com>
Signed-off-by: Derek Foreman <derekf@osg.samsung.com>
In order to support system compositor instances, it is necessary to
allow clients' wl_display_connect() to find the compositor's listening
socket somewhere outside of XDG_RUNTIME_DIR. For a full account, see
the discussion beginning here:
https://lists.freedesktop.org/archives/wayland-devel/2017-November/035664.html
This change adjusts the client-side connection logic so that, if
WAYLAND_DISPLAY is formatted as an absolute pathname, the socket
connection attempt is made to just $WAYLAND_DISPLAY rather than
usual user-private location $XDG_RUNTIME_DIR/$WAYLAND_DISPLAY.
This change is based on Davide Bettio's submission of the same concept
at:
https://lists.freedesktop.org/archives/wayland-devel/2015-August/023838.html.
v4 changes:
* Improved internal comments and some boundary-condition
error checks in test case.
* Refer to compositor as "Wayland server" rather than "Wayland
display" in wl_display_connect() doxygen comments.
* Remove redundant descriptions of parameter-interpretation
mechanics from wl_display_connect() manpage. Reworked things
to make it clear that 'name' and $WAYLAND_DISLAY are each
capable of encoding absolute server socket paths.
* Remove callout to reference implementation behavior in protocol
documented. In its place there is now a simple statement that
implementations can optionally support absolute socket paths.
v3 changes:
* Added test case.
* Clarified documentation to note that 'name' parameter to wl_display_connect()
can also be an absolute path.
v2 changes:
* Added backward incompatibility note to wl_display_connect() manpage.
* Rephased wl_display_connect() manpage changes to precisely match actual
changed behavior.
* Added mention of new absolute path behavior in wl_display_connect()
doxygen comments.
* Mentioned new absolute path interpretation of WAYLAND_DISPLAY in
protocol documentation.
Signed-off-by: Matt Hoosier <matt.hoosier@gmail.com>
Acked-by: Jonas Ådahl <jadahl@gmail.com>
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Without this attribute, these macros were making Weston’s tests fail to
build with LTO enabled.
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=94602
Signed-off-by: Markus Trippelsdorf <markus@trippelsdorf.de>
Signed-off-by: Emmanuel Gil Peyrot <emmanuel.peyrot@collabora.com>
Tested-by: Emmanuel Gil Peyrot <emmanuel.peyrot@collabora.com>
Reviewed-by: Daniel Stone <daniels@collabora.com>
This is a preparatory patch for the next one.
Signed-off-by: Emmanuel Gil Peyrot <emmanuel.peyrot@collabora.com>
Reviewed-by: Daniel Stone <daniels@collabora.com>
New IDs are internally dealt with as objects, however this test
expected to deal with 'n' as the uint32_t type that's just seen
through the wire. We should give it an object instead, and
expect an object from it.
https://bugs.freedesktop.org/show_bug.cgi?id=99899
Signed-off-by: Carlos Garnacho <carlosg@gnome.org>
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Tested-by: Kalev Lember <kalevlember@gmail.com>
Reviewed-by: Yong Bakos <ybakos@humanoriented.com>
connection-test.c did not cover wl_argument_from_va_list, so add one
test that specifically tests this method.
Signed-off-by: Yong Bakos <ybakos@humanoriented.com>
Reviewed-by: Daniel Stone <daniels@collabora.com>
wl_list_for_each_safe, which is used by wl_signal_emit is not really
safe. If a signal has two listeners, and the first one removes and
re-inits the second one, it would enter an infinite loop, which was hit
in weston on resource destruction, which emits a signal.
This commit adds a new version of wl_signal, called wl_priv_signal,
which is private in wayland-server.c and which does not have this problem.
The old wl_signal cannot be improved without breaking backwards compatibility.
Signed-off-by: Giulio Camuffo <giulio.camuffo@kdab.com>
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Unlike a wheel rotation, a wheel tilt is a discrete-only axis. Wheel rotations
are mapped to degrees in libinput but that that does not apply to wheel tilt
axes where there is no physical equivalent.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Jonas Ådahl <jadahl@gmail.com>
Acked-by: Daniel Stone <daniels@collabora.com>
Reviewed-by: Daniel Stone <daniels@collabora.com>
Reviewed-by: Yong Bakos <ybakos@humanoriented.com>
This was already in the DTD but not supported by the scanner.
The check for ever-increasing "since" tags is not strictly required for enum
entries as we control the binary value. But it keeps the xml file in
good order, preventing things like:
<entry name="first" value="…" />
<entry name="second" value="…" since="3"/>
<entry name="third" value="…" since="2"/>
<entry name="fourth" value="…" since="3"/>
If this is undesirable in the future the check can be removed without
side-effects.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
These are the protocol.xml changes from:
66a26aeb2a: protocol: Remove inconsistent line breaks
a26ed0949e: protocol: indentation fixes
6a18a87727: protocol: Extend wl_touch with touchpoint shape and orientation
and a few other, smaller ones.
Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Daniel Stone <daniels@collabora.com>
Reviewed-by: Yong Bakos <ybakos@humanoriented.com>
Tested-by: Yong Bakos <ybakos@humanoriented.com>
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Add tests that ensure that wayland-scanner output for a given input does
not change unexpectedly. This makes it very easy to review
wayland-scanner patches.
Before, when patches were proposed for wayland-scanner, I had to
build wayland without the patches, save the generated files into a
temporary directory, apply the patches, build again, and diff the old
vs. new generated file.
No more. Now whenever someone makes intentional changes to
wayland-scanner's output, he will also have to patch the example output
files to match. That means that reviewers see the diff of the generated
files straight from the patch itself. Verifying the diff is true is as
easy as 'make check'.
The tests use separate example XML files instead of wayland.xml
directly, so that wayland.xml can be updated without fixing scanner
tests, avoiding the churn.
example.xml starts as a copy of wayland.xml. If wayland.xml starts using
new wayland-scanner features, they should be copied into example.xml
again to be covered by the tests.
This patch relies on the previous patch to actually add all the data
files for input and reference output.
The scanner output is fed through sed to remove parts that are allowed
to vary: the scanner version string.
v2: no need for scanner-test.sh to depend on the test data
Task: https://phabricator.freedesktop.org/T3313
Signed-off-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Reviewed-by: Emilio Pozuelo Monfort <emilio.pozuelo@collabora.co.uk> (v1)
Reviewed-by: Yong Bakos <ybakos@humanoriented.com>
Tested-by: Yong Bakos <ybakos@humanoriented.com>
This patch adds the input and reference output data files for the
wayland-scanner tests to be added by the following patch.
The data files are split into their own patch because they are extremely
uninteresting to review:
- example.xml is just a copy wayland.xml from 1.12.0
- small.xml is a tiny dummy definition used for testing scanner
variations without causing lots of big output files
- the other files are wayland-scanner products from the xml files
Signed-off-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Reviewed-by: Emilio Pozuelo Monfort <emilio.pozuelo@collabora.co.uk>
v2: update output due to 2c6350beb9
Acked-by: Yong Bakos <ybakos@humanoriented.com>
Array argument symbols in a wl_message may be nullable, but the test for
wl_message_count_arrays did not test this. Add one more wl_message with
nullable array arguments.
Signed-off-by: Yong Bakos <ybakos@humanoriented.com>
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
message-test.c did not cover wl_message_count_arrays, so add one test that
specifically tests this method. Note that this exposes wl_message_count_arrays
in a private header (wayland-private.h), and removes the `static` modifier of
the implementation.
Signed-off-by: Yong Bakos <ybakos@humanoriented.com>
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Rather than using a hardcoded 'wayland-tests' directory under
the existing XDG_RUNTIME_DIR to use as the new runtime dir, use mkdtemp
to guarantee uniqueness. This fixes make -jN check, as well as just
happening to run 'make check' twice from the same session.
Signed-off-by: Daniel Stone <daniels@collabora.com>
Reported-by: Pekka Paalanen <pekka.paalanen@collabora.com>
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Tested-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Include wayland-util.h in addition to wayland-private.h, to be more explicit
about where wl_array is defined.
Remove the useless repeated testing of wl_array_init, because if it fails once
out of thousands of iterations we're all doomed anyway.
Signed-off-by: Yong Bakos <ybakos@humanoriented.com>
Reviewed-by: Eric Engestrom <eric.engestrom@imgtec.com>
[Pekka: add the memset]
Signed-off-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
array-test.c did not cover wl_array_release, so add one test that specifically
tests this method.
Signed-off-by: Yong Bakos <ybakos@humanoriented.com>
Reviewed-by: Eric Engestrom <eric.engestrom@imgtec.com>
[Pekka: do not overwrite array.data]
Signed-off-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
list-test.c did not cover wl_list_length, so add one test that specifically
tests this method.
Signed-off-by: Yong Bakos <ybakos@humanoriented.com>
Reviewed-by: Eric Engestrom <eric.engestrom@imgtec.com>
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
The new wl_display_add_protocol_logger allows to set a function as
a logger, which will get called when a new request is received or an
event is sent.
This is akin to setting WAYLAND_DEBUG=1, but more powerful because it
can be enabled at run time and allows to show the log e.g. in a UI view.
A test is added for the new functionality.
Signed-off-by: Giulio Camuffo <giulio.camuffo@kdab.com>
Reviewed-by: Jonas Ådahl <jadahl@gmail.com>
Reviewed-by: Yong Bakos <ybakos@humanoriented.com>
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
