Age | Commit message (Collapse) | Author |
|
Fix damage tracking debug mode
|
|
|
|
wlr_seat destroy: fix use-after-free when destroying clients
|
|
wl_resource_for_each_safe isn't safe to use here because it accesses
the list's head memory one last time at the end of the loop. Work
around this by breaking out early.
==19880==ERROR: AddressSanitizer: heap-use-after-free on address 0x60d0000e6368 at pc 0x7fab68619de2 bp 0x7ffd5c91cee0 sp 0x7ffd5c91ced0
READ of size 8 at 0x60d0000e6368 thread T0
#0 0x7fab68619de1 in wlr_seat_destroy ../types/seat/wlr_seat.c:179
#1 0x7fab68619fb9 in handle_display_destroy ../types/seat/wlr_seat.c:196
#2 0x7fab688e4f8f in wl_priv_signal_emit src/wayland-server.c:2024
#3 0x7fab688e56ca in wl_display_destroy src/wayland-server.c:1092
#4 0x40c11e in server_fini ../sway/server.c:138
#5 0x40b1a8 in main ../sway/main.c:438
#6 0x7fab67b5e18a in __libc_start_main ../csu/libc-start.c:308
#7 0x409359 in _start (/opt/wayland/bin/sway+0x409359)
0x60d0000e6368 is located 24 bytes inside of 144-byte region [0x60d0000e6350,0x60d0000e63e0)
freed by thread T0 here:
#0 0x7fab6a7d6880 in __interceptor_free (/lib64/libasan.so.5+0xee880)
#1 0x7fab68619805 in seat_client_handle_resource_destroy ../types/seat/wlr_seat.c:97
#2 0x7fab688e5025 in destroy_resource src/wayland-server.c:688
previously allocated by thread T0 here:
#0 0x7fab6a7d6e50 in calloc (/lib64/libasan.so.5+0xeee50)
#1 0x7fab686198df in seat_handle_bind ../types/seat/wlr_seat.c:127
#2 0x7fab6530503d in ffi_call_unix64 (/lib64/libffi.so.6+0x603d)
|
|
fix: add stack update on focus change
|
|
|
|
Enable the stack update again for focus changes on non-focusable views.
|
|
properly check if the point is inside the surface in wlr_surface_pointer_accepts_input
|
|
wlr_surface_point_accepts_input
|
|
Introduce wlr_xdg_surface_for_each_popup
|
|
It is common to want to iterate an xdg-surface's popups separately from
the toplevel and subsurfaces. For example, popups are typically rendered
on top of most other surfaces.
wlr_xdg_surface_for_each_surface continues to iterate both surfaces and
popups to maintain backwards compatibility.
|
|
wlr_seat destroy: fix use-after-free after primary selection source cancel
|
|
the primary_selection_source_destroy list points to memory freed by
that cancel callback, so remove from list before freeing
|
|
Close fd's obtained from logind
|
|
|
|
Add wlr-screencopy-unstable-v1 support
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
s/wlr_subsurface_from_surface/wlr_subsurface_from_wlr_surface/
|
|
This was the only x_from_wlr_surface function that lacked the wlr_ prefix,
let's have an API as uniform as possible.
|
|
Static analysis fixes
|
|
Found through static analysis
|
|
Found through static analysis
|
|
Found through static analysis
|
|
We cannot handle just one of the two being NULL later down the road
(e.g. divide by zero in matrix projection code),
just ignore any such configure request.
Found through static analysis
|
|
renderer is checked for NULL, but was dereferenced before that.
Found through static analysis
|
|
'when' points to now that was defined in the if, so compiler could reuse
that memory area by the time 'when' is called
Found through static analysis.
|
|
Even if the file is removed right away, a race with someone using inotify
is definitely possible, so play safe and restrict umask for our tmpfiles
Found through static analysis.
|
|
mmap leak found through static analysis
|
|
Found through static analysis
|
|
Found through static analysis
|
|
Found through static analysis
|
|
The test was done after dereferencing output in pointer_handle_enter,
just move it up one line.
No reason pointer_handle_leave would not need the check if enter needs
it, add it there.
Found through static analysis.
|
|
These operations are done in 32-bit arithmetics before being casted to 64-bit,
thus can overflow before the cast.
Casting early fixes the issue.
Found through static analysis
|
|
do not send focus request to a window that doesn't allow it
|
|
|
|
|
|
contributing: move wl_resource_set_user_data() right before free()
|
|
Idle inhibit cleanup
|
|
|
|
- Rename handlers to <type>_handle_resource_destroy and
<type>_handle_destroy to be coherent
- Make sure we never destroy wl_resources when we shouldn't
Updates #999
|
|
xdg_shell popup: fix potential segv in handle_destroy
|
|
|