d275bc7f84
Currently it is possible to iterate over client-owned resources
during client destruction that have had their associated memory
released.
This can occur when client code calls wl_client_destroy(). The
following sequence illustrates how this may occur.
1. The server initiates destruction of the connected client via
call to wl_client_destroy().
2. Resource destroy listeners / destructors are invoked and
resource memory is freed one resource at a time [1].
3. If a listener / destructor for a resource results in a call
to wl_client_for_each_resource(), the iteration will proceed
over resources that have been previously freed in step 2,
resulting in UAFs / crashes.
The issue is that resources remain in the client's object map
even after they have had their memory freed, and are removed
from the map only after each individual resource has had its
memory released.
This patch corrects this by ensuring resource destruction first
invokes listeners / destructors and then removing them from the
client's object map before releasing the associated memory.
[1] https://gitlab.freedesktop.org/wayland/wayland/-/blob/main/src/wayland-server.c?ref_type=heads#L928
Signed-off-by: Thomas Lukaszewicz thomaslukaszewicz@gmail.com
|
||
|---|---|---|
| .gitlab/issue_templates | ||
| cursor | ||
| doc | ||
| egl | ||
| protocol | ||
| src | ||
| tests | ||
| .editorconfig | ||
| .gitignore | ||
| .gitlab-ci.yml | ||
| .mailmap | ||
| .triage-policies.yml | ||
| CONTRIBUTING.md | ||
| COPYING | ||
| meson.build | ||
| meson_options.txt | ||
| README.md | ||
| release.sh | ||
| releasing.txt | ||
| wayland-scanner.m4 | ||
| wayland-scanner.mk | ||
Wayland
Wayland is a project to define a protocol for a compositor to talk to its clients as well as a library implementation of the protocol. The compositor can be a standalone display server running on Linux kernel modesetting and evdev input devices, an X application, or a wayland client itself. The clients can be traditional applications, X servers (rootless or fullscreen) or other display servers.
The wayland protocol is essentially only about input handling and buffer management. The compositor receives input events and forwards them to the relevant client. The clients creates buffers and renders into them and notifies the compositor when it needs to redraw. The protocol also handles drag and drop, selections, window management and other interactions that must go through the compositor. However, the protocol does not handle rendering, which is one of the features that makes wayland so simple. All clients are expected to handle rendering themselves, typically through cairo or OpenGL.
Building the wayland libraries is fairly simple, aside from libffi, they don't have many dependencies:
$ git clone https://gitlab.freedesktop.org/wayland/wayland
$ cd wayland
$ meson build/ --prefix=PREFIX
$ ninja -C build/ install
where PREFIX is where you want to install the libraries.
See https://wayland.freedesktop.org for documentation.