remove view from its own unmap event listener so when subsurfaces
link try to remove themselves they won't run into it.
This fixes the following ASAN use-after-free error on a build slightly
modified to instrument wl_list operations:
==71705==ERROR: AddressSanitizer: heap-use-after-free on address 0x6160000829a0 at pc 0x000000508eb7 bp 0x7ffec8fd8030 sp 0x7ffec8fd8028
WRITE of size 8 at 0x6160000829a0 thread T0
#0 0x508eb6 in wl_list_remove ../common/list.c:181
#1 0x4f4998 in view_child_destroy ../sway/tree/view.c:1131
#2 0x4f38fa in subsurface_handle_destroy ../sway/tree/view.c:946
#3 0x7fda50744892 in wlr_signal_emit_safe ../util/signal.c:29
#4 0x7fda5072f0dd in subsurface_destroy ../types/wlr_surface.c:649
#5 0x7fda507312c4 in subsurface_handle_surface_destroy ../types/wlr_surface.c:1094
#6 0x7fda50744892 in wlr_signal_emit_safe ../util/signal.c:29
#7 0x7fda5072f305 in surface_handle_resource_destroy ../types/wlr_surface.c:677
#8 0x7fda508180ce in destroy_resource (/lib64/libwayland-server.so.0+0xc0ce)
#9 0x7fda508187f2 in wl_client_destroy (/lib64/libwayland-server.so.0+0xc7f2)
#10 0x7fda50818e5f in wl_client_connection_data (/lib64/libwayland-server.so.0+0xce5f)
#11 0x7fda50818219 in wl_event_loop_dispatch (/lib64/libwayland-server.so.0+0xc219)
#12 0x7fda50818984 in wl_display_run (/lib64/libwayland-server.so.0+0xc984)
#13 0x43122c in server_run ../sway/server.c:254
#14 0x42f47c in main ../sway/main.c:433
#15 0x7fda503cab74 in __libc_start_main (/lib64/libc.so.6+0x27b74)
#16 0x40f6fd in _start (/opt/wayland/bin/sway+0x40f6fd)
0x6160000829a0 is located 288 bytes inside of 592-byte region [0x616000082880,0x616000082ad0)
freed by thread T0 here:
#0 0x7fda50f01a27 in free (/lib64/libasan.so.6+0xaea27)
#1 0x4532d8 in destroy ../sway/desktop/xdg_shell.c:262
#2 0x4ed17b in view_destroy ../sway/tree/view.c:67
#3 0x4ed300 in view_begin_destroy ../sway/tree/view.c:83
#4 0x454a3f in handle_destroy ../sway/desktop/xdg_shell.c:507
#5 0x7fda50744892 in wlr_signal_emit_safe ../util/signal.c:29
#6 0x7fda506e2c87 in reset_xdg_surface ../types/xdg_shell/wlr_xdg_surface.c:481
#7 0x7fda506e3018 in destroy_xdg_surface ../types/xdg_shell/wlr_xdg_surface.c:516
#8 0x7fda506dfbe5 in xdg_client_handle_resource_destroy ../types/xdg_shell/wlr_xdg_shell.c:71
#9 0x7fda508180ce in destroy_resource (/lib64/libwayland-server.so.0+0xc0ce)
previously allocated by thread T0 here:
#0 0x7fda50f01ed7 in calloc (/lib64/libasan.so.6+0xaeed7)
#1 0x454bc8 in handle_xdg_shell_surface ../sway/desktop/xdg_shell.c:528
#2 0x7fda50744892 in wlr_signal_emit_safe ../util/signal.c:29
#3 0x7fda506e2363 in handle_xdg_surface_commit ../types/xdg_shell/wlr_xdg_surface.c:378
#4 0x7fda5072e368 in surface_commit_state ../types/wlr_surface.c:455
#5 0x7fda5072e51d in surface_commit_pending ../types/wlr_surface.c:474
#6 0x7fda5072ea58 in surface_commit ../types/wlr_surface.c:542
#7 0x7fda4fb3ac03 in ffi_call_unix64 (/lib64/libffi.so.6+0x6c03)
Fixes#5168
If any error is encountered during execution of the first subcommand of
a freshly created bar configuration, parsing apparently is to be aborted
and the current bar config is freed. The pointer to that memory is left
dangling though, leading to a use-after-free on successive bar
subcommands. This quite reliably ends in a crash like so:
sway -c reproducer.config
00:00:00.083 [sway/config.c:865] Error on line 2 'foo bar': Unknown/invalid command 'foo' (s)
free(): double free detected in tcache 2
00:00:00.608 [swaynag/swaynag.c:451] failed to register with the wayland display
Aborted (core dumped)
Minimal reproducer config:
bar {
foo bar
position top
}
Other messages:
malloc(): unaligned fastbin chunk detected
double free or corruption (fasttop)
The invalid command has to be the first for a newly created bar config.
Removing the command or switching order so it's not the first one masks
the problem.
Prevent this from occuring by resetting the pointer to NULL after
freeing the memory.
Signed-off-by: Michael Weiser <michael.weiser@gmx.de>
the original behavior set fullscreen for all descendents of a container,
which causes issues when firefox is one of those children because it
sends its own set_fullscreen request in response to being fullscreened.
Can be useful to make sure a bugfix is included. In the future maybe
the wlroots version string could include a commit hash when built
from source, too.
When a tiling container is floated, the focus stack needs to be
appropraitely modified to return the container to its original
position in the tree upon floating disable, like i3.
Firefox got a lot better. I think now would be a good time to remove
the advice from the issue template. We can always add it back if we
start getting invalid bug reports again.
Logic that obtains current DPMS state is put inside the handler.
sway_output from which the current DPMS state will be obtained is selected by the following logic:
* For '-' and '--' the focused output is used;
* For '*' error "Cannot apply toggle to all outputs" is reported;
* For everything else all_output_by_name_or_id() is used.
Fixes#5929.
This commit adds missing error-handling to the creation of the tokener
instance. The stack depth parameter is used to initialize an array that
json-c prefaults ahead of time, causing INT_MAX to result in out of
memory errors.
Also drop the depth to 256 to prevent this OOM.
Though this fix is not very satisfactory -- json-c could be made to
not prefault -- it should do for now. At the very least, swaybar will
not crash.
Fixes#6126.
There's no inherent limit on the nesting Sway can generate, and the
default used by `json_tokener_new`, 32, can plausibly be hit during
regular usage.
Fixes#6115.
When an application inhibited idle, a view pointer was stored and a
destroy listener was registered to the wlr inhibitor. As the wlr
inhibitor lives longer than the view, this lead to a dangling view
pointer between view unmap and inhibitor destroy.
Store a pointer to the wlr inhibitor instead of to the view, and look up
the view when needed, which may at any point be NULL. This also allows
for an inhibitor to remain functional if a surface is re-mapped.
Only wl_pointer.motion was used to update pointer position, which would
cause issues if the pointer was not moved prior to wl_pointer.button.
This also fixes touch input through wl_pointer emulation, which fires
wl_pointer.button immediately after wl_pointer.enter.
Copied from a similar fix made to swaynag.
Closes: https://github.com/swaywm/sway/issues/6109
IconThemePath is not a standard property in XDG's StatusNotifierItem
specification, so missing this property should not be logged as an error.
This patch changes the log level to SWAY_DEBUG when swaybar queries the
value of IconThemePath so that swaybar won't log the returned message as
an error if IconThemePath does not exist.
Closes: https://github.com/swaywm/sway/issues/6092
container_at checks if the position provided matches the currently
focused container with view_container_at as a fast path.
view_container_at checks using the main container geometry, which
includes the titlebar and border area. If a tabbed container is focused,
then positions over unfocused tabs are incorrectly reported as belonging
to the focused container, breaking focus on click.
Add view_container_content_at for use in the focused container fast path
which only tests container content area, and fall back to full workspace
scans for border and titlebar areas.
Closes: https://github.com/swaywm/sway/issues/6074
Closes#5605
Text Subpixel antialiasing is :
- FreeType makes glyph bitmaps containing coverage percentage for each
subpixel, instead of pixel
- Then draw by performing the blend for each subpixel, instead of pixel (e.g.
dual-source blending in opengl)
And there's only one Alpha channel, so this extra coverage data can't
leave Cairo to reach the compositor through there.
Therefore, it can't work as intended if output text alpha != bar background
alpha. Disable it for those cases, enable it elsewhere
As for color emojis, they are RGBA bitmaps. If drawn with text alpha=1.0
and background alpha=1.0 (should be completely opaque bar), then with
'CAIRO_OPERATOR_SOURCE' then texels with alpha < 1.0 result in a blend with
whatever's behind the bar, instead of the bar background
container_at would maintain the current focus as long as a position was
over one of the container view's surfaces. If an oversized surface was
being clipped, this lead to weird focus behavior.
Instead, use view_container_at for this test, which intersects the
container box before looking at surfaces.
If a surface is associated with a sway container, we limit the
destination box to the container dimensions.
Floating views and popups are exempt from this clipping.
Previously, the special case handling of scratchpad and unmark commands
was (probably accidentally) limited to criteria directly handled in the
execute_command function. This would exclude: 1. for_window criteria, as
these are handled externally for views and 2. and mouse bindings which
select target the node currently under the mouse cursor.
As a concrete example `for_window [app_id="foobar"] move scratchpad,
scratchpad show` would show (or hide due to the toggling functionality)
another window from the scratchpad, instead of showing the window with
app_id "foobar".
This commit replaces the "using_criteria" flag with "node_overridden"
with the more general notion of signifying that the node (and
container/workspace) in the current command handler context of the sway
config is not defined by the currently focused node, but instead
overridden by other means, i.e., criteria or mouse position.
When issuing a focus command on a specific container, users expect to
proceed it even if is hidden by a fullscreen window.
This matches the behavior of i3.