Age | Commit message (Collapse) | Author |
|
- src must be free after join_args()
- wordfree must bee used after wordexp
|
|
layer shell: fix some use after free on destroy
|
|
Both sway_output and sway_layer_shell listen to wlr's output destroy event,
but sway_layer_shell needs to access into sway_output's data strucure and needs
to be destroyed first.
Resolve this by making sway_layer_shell listen to a new event that happens at
start of sway_output's destroy handler
|
|
Fixes this kind of use-after-free:
==1795==ERROR: AddressSanitizer: heap-use-after-free on address 0x612000191ef0 at pc 0x00000048c388 bp 0x7ffe308f0410 sp 0x7ffe308f0400
WRITE of size 8 at 0x612000191ef0 thread T0
#0 0x48c387 in wl_list_remove ../common/list.c:157
#1 0x42196b in handle_destroy ../sway/desktop/layer_shell.c:275
#2 0x7f55cc2549fa in wlr_signal_emit_safe ../util/signal.c:29
#3 0x7f55cc22cf68 in layer_surface_destroy ../types/wlr_layer_shell.c:182
#4 0x7f55cc22d084 in layer_surface_resource_destroy ../types/wlr_layer_shell.c:196
#5 0x7f55cc4ca025 in destroy_resource src/wayland-server.c:688
#6 0x7f55cc4ca091 in wl_resource_destroy src/wayland-server.c:705
#7 0x7f55cc22c3a2 in resource_handle_destroy ../types/wlr_layer_shell.c:18
#8 0x7f55c8ef103d in ffi_call_unix64 (/lib64/libffi.so.6+0x603d)
#9 0x7f55c8ef09fe in ffi_call (/lib64/libffi.so.6+0x59fe)
#10 0x7f55cc4cdf2c (/lib64/libwayland-server.so.0+0xbf2c)
#11 0x7f55cc4ca3de in wl_client_connection_data src/wayland-server.c:420
#12 0x7f55cc4cbf01 in wl_event_loop_dispatch src/event-loop.c:641
#13 0x7f55cc4ca601 in wl_display_run src/wayland-server.c:1260
#14 0x40bb1e in server_run ../sway/server.c:141
#15 0x40ab2f in main ../sway/main.c:432
#16 0x7f55cb97318a in __libc_start_main ../csu/libc-start.c:308
#17 0x408d29 in _start (/opt/wayland/bin/sway+0x408d29)
0x612000191ef0 is located 48 bytes inside of 312-byte region [0x612000191ec0,0x612000191ff8)
freed by thread T0 here:
#0 0x7f55ce3bb880 in __interceptor_free (/lib64/libasan.so.5+0xee880)
#1 0x42f1db in handle_destroy ../sway/desktop/output.c:1275
#2 0x7f55cc2549fa in wlr_signal_emit_safe ../util/signal.c:29
#3 0x7f55cc23b4c2 in wlr_output_destroy ../types/wlr_output.c:284
#4 0x7f55cc1ddc20 in xdg_toplevel_handle_close ../backend/wayland/output.c:235
#5 0x7f55c8ef103d in ffi_call_unix64 (/lib64/libffi.so.6+0x603d)
previously allocated by thread T0 here:
#0 0x7f55ce3bbe50 in calloc (/lib64/libasan.so.5+0xeee50)
#1 0x42f401 in handle_new_output ../sway/desktop/output.c:1308
#2 0x7f55cc2549fa in wlr_signal_emit_safe ../util/signal.c:29
#3 0x7f55cc1d6cbf in new_output_reemit ../backend/multi/backend.c:113
#4 0x7f55cc2549fa in wlr_signal_emit_safe ../util/signal.c:29
#5 0x7f55cc1deac7 in wlr_wl_output_create ../backend/wayland/output.c:327
#6 0x7f55cc1db353 in backend_start ../backend/wayland/backend.c:55
#7 0x7f55cc1bad55 in wlr_backend_start ../backend/backend.c:35
#8 0x7f55cc1d67a0 in multi_backend_start ../backend/multi/backend.c:24
#9 0x7f55cc1bad55 in wlr_backend_start ../backend/backend.c:35
#10 0x40ba8a in server_run ../sway/server.c:136
#11 0x40ab2f in main ../sway/main.c:432
#12 0x7f55cb97318a in __libc_start_main ../csu/libc-start.c:308
|
|
dont focus-follow-mouse when keyboard grab
|
|
|
|
bugfix: avoid access after free
|
|
if src is NULL due to a previous error we cannot use it in the command
result string.
Moreover if `src` points to `p.we_wordv[0]` we cannot use it after
`wordfree(&p)` in the command result string.
Bonus feature: If there was an error accessing the file, the string
rapresentation of the error is now included in the command result
string.
|
|
tobiasblass/prepare_server_before_dropping_privileges
Perform (partial) server initialization before dropping privileges.
|
|
Init the dmabuf exporting protocol in wlroots
|
|
Allows desktop capture via the dmabuf-capture wlroots example client.
|
|
Some operations during backend creation (e.g. becoming DRM master)
require CAP_SYS_ADMIN privileges. At this point, sway has dropped them
already, though. This patch splits the privileged part of server_init
into its own function and calls it before dropping its privileges.
This fixes the bug with minimal security implications.
|
|
Set pool_buffers busy when handing them out
|
|
|
|
|
|
swayidle: fix stack overflow on sleep
|
|
|
|
Update for swaywm/wlroots#1060
|
|
|
|
Clean up keyboard handling code
|
|
* Ensure that modifier keys are identified even when the next key does
not produce a keysym. This requires that modifier change tracking
be done for each sway_shortcut_state.
* Permit regular and --release shortcuts on the same key combination.
Distinct bindings are identified for press and release cases; note
that the release binding needs to be identified for both key press
and key release events.
* Maintain ascending sort order for the shortcut state list, and keep
track of the number of pressed key ids, for simpler (and hence
faster) searching of the list of key bindings.
* Move binding duplicate detection into get_active_binding to avoid
duplicating error messages.
|
|
Sort the list comprising the set of keys for the binding in ascending
order. (Keyboard shortcuts depend only on the set of simultaneously
pressed keys, not their order, so this change should have no external
effect.) This simplifies comparisons between bindings.
|
|
Render drag icons
|
|
Implement Gaps
|
|
|
|
|
|
Fix compilation errors related to disabled outputs
|
|
|
|
Restore workspaces to output when re-enabled
|
|
|
|
|
|
swaylock: implement ^U to clear buffer
|
|
The whole state->xcb.modifiers thing didn't work at all (always 0)
The xkb doc says "[xkb_state_serialize_mods] should not be used in
regular clients; please use the xkb_state_mod_*_is_active API instead"
so here it is
|
|
sway/criteria: gcc string truncation warning fix
|
|
Swayidle: doublefork to not leave zombies around
|
|
|
|
|
|
|
|
Remove strip quoting and fix strncpy-overlap
|
|
|
|
Runtime variable expansion
|
|
Allow outputs to be re-enabled
|
|
|
|
|
|
|
|
Fix focusing after splitting tabs/stacks
|
|
|
|
|
|
Initialise previous cursor position.
|
|
Fix the problem with focus jumping to the container under the cursor
when first starting sway.
|