Fixes use-after-free on exit of labwc running nested:
==50906== Invalid write of size 8
==50906== at 0x4A85403: wl_list_remove (wayland-util.c:57)
==50906== by 0x40BBAF9: destroy_wl_buffer (output.c:146)
==50906== by 0x40B9B4F: backend_destroy (backend.c:488)
==50906== by 0x409E96F: wlr_backend_destroy (backend.c:68)
==50906== by 0x40B78A6: multi_backend_destroy (backend.c:62)
==50906== by 0x409E96F: wlr_backend_destroy (backend.c:68)
==50906== by 0x4043DA0: server_finish (server.c:788)
==50906== by 0x403AA85: main (main.c:277)
==50906== Address 0xb4435e8 is 40 bytes inside a block of size 136 free'd
==50906== at 0x4A3E8EF: free (vg_replace_malloc.c:989)
==50906== by 0x409C954: buffer_destroy (shm.c:28)
==50906== by 0x40E96F4: buffer_consider_destroy (buffer.c:42)
==50906== by 0x40E9754: wlr_buffer_drop (buffer.c:52)
==50906== by 0x41498DA: slot_reset (swapchain.c:44)
==50906== by 0x4149933: wlr_swapchain_destroy (swapchain.c:53)
==50906== by 0x40CB1FA: wlr_output_finish (output.c:410)
==50906== by 0x40BE00B: output_destroy (output.c:957)
==50906== by 0x40CB2FC: wlr_output_destroy (output.c:436)
==50906== by 0x40B9AFC: backend_destroy (backend.c:481)
==50906== by 0x409E96F: wlr_backend_destroy (backend.c:68)
==50906== by 0x40B78A6: multi_backend_destroy (backend.c:62)
==50906== Block was alloc'd at
==50906== at 0x4A42C13: calloc (vg_replace_malloc.c:1675)
==50906== by 0x409CA84: allocator_create_buffer (shm.c:68)
==50906== by 0x409C7BA: wlr_allocator_create_buffer (allocator.c:186)
==50906== by 0x4149B80: wlr_swapchain_acquire (swapchain.c:102)
==50906== by 0x40C90DA: render_cursor_buffer (cursor.c:246)
==50906== by 0x40C93DC: output_cursor_attempt_hardware (cursor.c:303)
==50906== by 0x40C9A61: output_cursor_set_texture (cursor.c:420)
==50906== by 0x40C9738: wlr_output_cursor_set_buffer (cursor.c:352)
==50906== by 0x40F13A0: output_cursor_set_xcursor_image (wlr_cursor.c:507)
==50906== by 0x40F1B28: cursor_output_cursor_update (wlr_cursor.c:630)
==50906== by 0x40F1C2A: cursor_update_outputs (wlr_cursor.c:657)
==50906== by 0x40F1CF9: wlr_cursor_set_xcursor (wlr_cursor.c:674)
Fixes: 7963ba6a0d
("buffer: introduce wlr_buffer_finish()")
(cherry picked from commit 16cb509a6e)
We can just use a regular assignment instead. This is more
type-safe since there is no need to provide the struct size.
The remaining memcpy() calls perform array copies or copies from
void pointers (which may be unaligned).
Some formats like sub-sampled YCbCr use a block of bytes to
store the color values for more than one pixel. Update our format
table to be able to handle such formats.
This allows callers to specify the operations they'll perform on
the returned data pointer. The motivations for this are:
- The upcoming Linux MAP_NOSIGBUS flag may only be usable on
read-only mappings.
- gbm_bo_map with GBM_BO_TRANSFER_READ hurts performance.
