diff options
author | A. M. Joseph <adam@westerntelegraphic.net> | 2019-10-16 23:55:40 -0700 |
---|---|---|
committer | Simon Ser <contact@emersion.fr> | 2019-10-17 11:40:16 +0300 |
commit | 74c0e7921ae13986eb7d79bfa263f7ddb9312440 (patch) | |
tree | 02eea2824a322934758a99cf0e82bff2826105e0 | |
parent | d19f4f7bf866660d2199cb726bc3708eb42f98dd (diff) |
xwayland.c handle_map(): NULL out xsurface->data() to prevent crashing.
When changing a surface from managed to unmanaged in handle_map(), the
call to handle_destroy(.., view) causes the sway_xwayland_view pointed
to by the untyped wlr_xwayland_surface.data field to become invalid
garbage, yet the untyped wlr_xwayland_surface.data continues to point
at it. In particular: view_get_*(view_from_wlr_surface(..)), even
with appropriate NULL checking, will crash sway when this codepath is
exercised (reliable test case: drop-down menus in Google Earth).
-rw-r--r-- | sway/desktop/xwayland.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/sway/desktop/xwayland.c b/sway/desktop/xwayland.c index 0f708201..28d7c058 100644 --- a/sway/desktop/xwayland.c +++ b/sway/desktop/xwayland.c @@ -401,6 +401,7 @@ static void handle_map(struct wl_listener *listener, void *data) { // This window used not to have the override redirect flag and has it // now. Switch to unmanaged. handle_destroy(&xwayland_view->destroy, view); + xsurface->data = NULL; struct sway_xwayland_unmanaged *unmanaged = create_unmanaged(xsurface); unmanaged_handle_map(&unmanaged->map, xsurface); return; |