aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorA. M. Joseph <adam@westerntelegraphic.net>2019-10-16 23:55:40 -0700
committerSimon Ser <contact@emersion.fr>2019-10-17 11:40:16 +0300
commit74c0e7921ae13986eb7d79bfa263f7ddb9312440 (patch)
tree02eea2824a322934758a99cf0e82bff2826105e0
parentd19f4f7bf866660d2199cb726bc3708eb42f98dd (diff)
xwayland.c handle_map(): NULL out xsurface->data() to prevent crashing.
When changing a surface from managed to unmanaged in handle_map(), the call to handle_destroy(.., view) causes the sway_xwayland_view pointed to by the untyped wlr_xwayland_surface.data field to become invalid garbage, yet the untyped wlr_xwayland_surface.data continues to point at it. In particular: view_get_*(view_from_wlr_surface(..)), even with appropriate NULL checking, will crash sway when this codepath is exercised (reliable test case: drop-down menus in Google Earth).
-rw-r--r--sway/desktop/xwayland.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/sway/desktop/xwayland.c b/sway/desktop/xwayland.c
index 0f708201..28d7c058 100644
--- a/sway/desktop/xwayland.c
+++ b/sway/desktop/xwayland.c
@@ -401,6 +401,7 @@ static void handle_map(struct wl_listener *listener, void *data) {
// This window used not to have the override redirect flag and has it
// now. Switch to unmanaged.
handle_destroy(&xwayland_view->destroy, view);
+ xsurface->data = NULL;
struct sway_xwayland_unmanaged *unmanaged = create_unmanaged(xsurface);
unmanaged_handle_map(&unmanaged->map, xsurface);
return;