aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2018-07-04Merge pull request #2208 from RyanDwyer/instruction-use-after-freeRyan Dwyer
Fix use after free in transaction code
2018-07-04Fix use after free in transaction codeRyan Dwyer
If we set an instruction as ready twice, it decreases the transaction's num_waiting a second time and applies the transaction earlier than it should. This no doubt has undesired effects, probably resulting in a use after free. Hopefully fixes the first part of #2207.
2018-07-04Merge pull request #2200 from mucamaca/fix_transparencyemersion
Fix #1857 -> transparency in swaylock
2018-07-04Merge pull request #2203 from martinetd/ipc-server-display-destroyemersion
ipc-server: add display destroy listener
2018-07-04Merge branch 'master' into fix_transparencyBor Grošelj Simić
2018-07-04Fix transparency in background images in swaylockBor Grošelj Simić
2018-07-04ipc-server: add display destroy listener and remove ipc_terminateDominique Martinet
wl_event_source_remove() is illegal after display has been destroyed, so just destroy everything when we still can. ==20392==ERROR: AddressSanitizer: heap-use-after-free on address 0x607000001240 at pc 0x00000048e86e bp 0x7ffe4b557e00 sp 0x7ffe4b557df0 READ of size 8 at 0x607000001240 thread T0 #0 0x48e86d in wl_list_insert ../common/list.c:149 #1 0x7fdf673d4d7d in wl_event_source_remove src/event-loop.c:487 #2 0x41b742 in ipc_terminate ../sway/ipc-server.c:94 #3 0x40b1ad in main ../sway/main.c:440 #4 0x7fdf6664c18a in __libc_start_main ../csu/libc-start.c:308 #5 0x409359 in _start (/opt/wayland/bin/sway+0x409359) 0x607000001240 is located 48 bytes inside of 72-byte region [0x607000001210,0x607000001258) freed by thread T0 here: #0 0x7fdf692c4880 in __interceptor_free (/lib64/libasan.so.5+0xee880) #1 0x7fdf673d371a in wl_display_destroy src/wayland-server.c:1097 previously allocated by thread T0 here: #0 0x7fdf692c4c48 in malloc (/lib64/libasan.so.5+0xeec48) #1 0x7fdf673d4d9e in wl_event_loop_create src/event-loop.c:522 #2 0x40acb2 in main ../sway/main.c:363 #3 0x7fdf6664c18a in __libc_start_main ../csu/libc-start.c:308
2018-07-04Merge pull request #2202 from RyanDwyer/fix-focus-damageemersion
Fix focus related damage
2018-07-04Merge pull request #2201 from martinetd/setenv-wl-displayemersion
startup: move setenv WAYLAND_DISPLAY before config execs
2018-07-04Fix focus related damageRyan Dwyer
When you have an unfocused container (so one view is focused_inactive), and you focus any other view in that container, the view with focused_inactive was not damaged. This is because we damaged the previous focus and new focus, but needed to damage the parent of the new focus.
2018-07-04startup: move setenv WAYLAND_DISPLAY before config execsDominique Martinet
We would previously run all config commands without the environment, which would appear to work as our socket name is the default one, but wayland clients would start up in the wrong sway session. (This explains why 'sometimes' my swayidle processes wouldn't die with sway, as they weren't listening to the correct socket)
2018-07-04Fix #1857Bor Grošelj Simić
2018-07-02Merge pull request #2194 from RyanDwyer/fix-incorrect-renderemersion
Don't return pending children in seat_get_active_current_child
2018-07-02Don't return pending children in seat_get_active_current_childRyan Dwyer
Fixes #2192. seat_get_active_current_child is intended to return a child of the given container which has finished its mapping transaction and is able to be rendered on screen. The previous implementation was capable of returning a pending child, which caused a child of a tabbed or stacked view to be rendered prematurely while it was mapping.
2018-07-02Merge pull request #2193 from RyanDwyer/fix-fullscreen-damageemersion
Fix damage on swaybar when view requests to exit fullscreen
2018-07-02Fix damage on swaybar when view requests to exit fullscreenRyan Dwyer
Fixes #2191
2018-07-02Merge pull request #2187 from martinetd/idle-inhibitemersion
Idle inhibit
2018-07-02Merge pull request #2186 from martinetd/static-analysisemersion
Static analysis fixes
2018-07-02idle_inhibit: move server data to its own structDominique Martinet
2018-07-02idle_inhibit: stop inhibitor when views become invisibleDominique Martinet
2018-07-02Add idle inhibit unstable v1 supportDominique Martinet
2018-07-02swaylock daemonize: fix leak of devnull fdDominique Martinet
2018-07-02load_config: move NULL path check before first useDominique Martinet
Found through static analysis
2018-07-02config include: fix leak on relative include pathDominique Martinet
Found through static analysis
2018-07-02bar config: fix uninitialized accesses on init errorDominique Martinet
If init fails halfway through it will call the destroy function, which needs some coherent stuff filled. Allocate with calloc and fill in what cannot fail first Found through static analysis.
2018-07-02cmd_assign: fix leak on errorDominique Martinet
Found through static analysis.
2018-07-02utf8_size: fix loop boundaryDominique Martinet
Found through static analysis
2018-07-02bar_cmd_modifier: fix use-after-free on errorDominique Martinet
Found through static analysis.
2018-07-02bar_cmd_font: fix leak of fontDominique Martinet
join_args is a freshly allocated string and can be used as is. Found through static analysis.
2018-07-02get_parent_pid: fix memory leakDominique Martinet
Found through static analysis.
2018-07-02read_config: fix leak on errorDominique Martinet
Found through static analysis.
2018-07-02cmd_background: fix leak on errorDominique Martinet
Found through static analysis.
2018-07-02transaction_apply: use float for quotientDominique Martinet
Pre-dividing 1000/60 would lose 2/3 due to round-up Found through static analysis
2018-07-02workspace_next_name: fix string length for ws_num >= 100Dominique Martinet
The check didn't include && ws_num < 100 so l would always be 1 or 2 Instead of fixing logic it's simpler to just call snprintf twice to get length and use that. Also change malloc failure check to sway_assert because both callers of this function do not do null check and would segfault... Found through static analysis.
2018-07-02find prev/next output/workspace: add NULL checkDominique Martinet
These could be called with NULL if there is no focus Found through static analysis.
2018-07-02output commands: move !argc checks after argc gets decrementedDominique Martinet
Found through static analysis.
2018-07-02config_commands_command: make alloc failure check more permanentDominique Martinet
policy is accessed again later Found through static analysis
2018-07-02input_config: free new_input_config on errorDominique Martinet
Found through static analysis.
2018-07-02ipc-server: fix more use-after-frees on ipc_send_reply errorDominique Martinet
Since ipc_send_reply frees the client on error, we need to check the return value properly as we access client later on Found through static analysis.
2018-07-02ipc-server: minor code cleanupDominique Martinet
No logic change here, this one is mostly to please static analyzer: - client->fd can never be -1 (and if it could, close() a few lines below would have needed the same check) - we never send permission denied error (dead code)
2018-07-02ipc-server: fix double-free on send error in ipc_send_eventDominique Martinet
ipc_send_reply already does client disconnect on error, so we shouldn't do it again. We also need to process current index again as disconnect removes client from the list we currently are processing (this is an indexed "list") Found through static analysis.
2018-07-02invoke_swaybar: fix message length header sizeDominique Martinet
size_t/ssize_t are 8 bytes on 64bit systems, so use the proper size to transmit that information. This could lead to ridiculously large alloc as len is not initialized to zero Found through static analysis
2018-07-02log_kernel: s/fclose/pclose/ (for popen'd FILE)Dominique Martinet
With recent glibc the functions are strictly identical, but this might not be true for all libc implementations Found through static analysis.
2018-07-01Merge pull request #2190 from emersion/screencopyemersion
Init screencopy manager
2018-07-01Init screencopy manageremersion
2018-07-01Merge pull request #2188 from martinetd/exec-always-cmdDrew DeVault
exec_always: fix leaks
2018-07-02exec_always: fix leaksDominique Martinet
- child would leak in the workspace_record_pid path - removing malloc lets us get rid of That Comment nobody seems to remember what it was about - we would leak pipe fds on first fork failling - we didn't return an error if second fork failed - the final executed process still had both pipe fds (would show up in /proc/23560/fd in launched programs) - we would write twice to the pipe if execl failed for some reason (e.g. if /bin/sh doesn't exist?!)
2018-06-30Merge pull request #2180 from martinetd/xdg_fullscreenRyan Dwyer
xdg_shell: listen to fullscreen request on map
2018-06-30xdg_shell: listen to fullscreen request on mapDominique Martinet
That event comes from the toplevel and not the surface, so would cause a use-after-free on destroy if the toplevel got destroyed first: ==5454==ERROR: AddressSanitizer: heap-use-after-free on address 0x6110001ed198 at pc 0x000000472d10 bp 0x7ffc19070a80 sp 0x7ffc19070a70 WRITE of size 8 at 0x6110001ed198 thread T0 #0 0x472d0f in wl_list_remove ../common/list.c:157 #1 0x42e159 in handle_destroy ../sway/desktop/xdg_shell_v6.c:243 #2 0x7fa9e5b28ce8 in wlr_signal_emit_safe ../util/signal.c:29 #3 0x7fa9e5afd6b1 in destroy_xdg_surface_v6 ../types/xdg_shell_v6/wlr_xdg_surface_v6.c:101 #4 0x7fa9e5d98025 in destroy_resource src/wayland-server.c:688 #5 0x7fa9e5d98091 in wl_resource_destroy src/wayland-server.c:705 #6 0x7fa9e27f103d in ffi_call_unix64 (/lib64/libffi.so.6+0x603d) #7 0x7fa9e27f09fe in ffi_call (/lib64/libffi.so.6+0x59fe) #8 0x7fa9e5d9bf2c (/lib64/libwayland-server.so.0+0xbf2c) #9 0x7fa9e5d983de in wl_client_connection_data src/wayland-server.c:420 #10 0x7fa9e5d99f01 in wl_event_loop_dispatch src/event-loop.c:641 #11 0x7fa9e5d98601 in wl_display_run src/wayland-server.c:1260 #12 0x40a2f4 in main ../sway/main.c:433 #13 0x7fa9e527318a in __libc_start_main ../csu/libc-start.c:308 #14 0x40b749 in _start (/opt/wayland/bin/sway+0x40b749) 0x6110001ed198 is located 152 bytes inside of 240-byte region [0x6110001ed100,0x6110001ed1f0) freed by thread T0 here: #0 0x7fa9e7c89880 in __interceptor_free (/lib64/libasan.so.5+0xee880) #1 0x7fa9e5affce9 in destroy_xdg_toplevel_v6 ../types/xdg_shell_v6/wlr_xdg_toplevel_v6.c:23 #2 0x7fa9e5d98025 in destroy_resource src/wayland-server.c:688 previously allocated by thread T0 here: #0 0x7fa9e7c89e50 in calloc (/lib64/libasan.so.5+0xeee50) #1 0x7fa9e5b00eea in create_xdg_toplevel_v6 ../types/xdg_shell_v6/wlr_xdg_toplevel_v6.c:427 #2 0x7fa9e27f103d in ffi_call_unix64 (/lib64/libffi.so.6+0x603d) The toplevel only notifies the compositor on destroy if it was mapped, so only listen to events at map time.
2018-06-30Merge pull request #2174 from martinetd/view-from-surfaceDrew DeVault
sway views: add helpers to get view and layer from wlr_surface