Commit graph

4138 commits

Author SHA1 Message Date
Ryan Dwyer af0f0375ef
Merge pull request #2163 from martinetd/use-after-free
layer shell: fix some use after free on destroy
2018-06-26 22:51:38 +10:00
Dominique Martinet 6856866a61 layer_shell: order destroying before sway_output
Both sway_output and sway_layer_shell listen to wlr's output destroy event,
but sway_layer_shell needs to access into sway_output's data strucure and needs
to be destroyed first.

Resolve this by making sway_layer_shell listen to a new event that happens at
start of sway_output's destroy handler
2018-06-26 21:20:56 +09:00
Dominique Martinet 08800c8ee2 layer_shell: cleanup output link on output destroy
Fixes this kind of use-after-free:
==1795==ERROR: AddressSanitizer: heap-use-after-free on address 0x612000191ef0 at pc 0x00000048c388 bp 0x7ffe308f0410 sp 0x7ffe308f0400
WRITE of size 8 at 0x612000191ef0 thread T0
    #0 0x48c387 in wl_list_remove ../common/list.c:157
    #1 0x42196b in handle_destroy ../sway/desktop/layer_shell.c:275
    #2 0x7f55cc2549fa in wlr_signal_emit_safe ../util/signal.c:29
    #3 0x7f55cc22cf68 in layer_surface_destroy ../types/wlr_layer_shell.c:182
    #4 0x7f55cc22d084 in layer_surface_resource_destroy ../types/wlr_layer_shell.c:196
    #5 0x7f55cc4ca025 in destroy_resource src/wayland-server.c:688
    #6 0x7f55cc4ca091 in wl_resource_destroy src/wayland-server.c:705
    #7 0x7f55cc22c3a2 in resource_handle_destroy ../types/wlr_layer_shell.c:18
    #8 0x7f55c8ef103d in ffi_call_unix64 (/lib64/libffi.so.6+0x603d)
    #9 0x7f55c8ef09fe in ffi_call (/lib64/libffi.so.6+0x59fe)
    #10 0x7f55cc4cdf2c  (/lib64/libwayland-server.so.0+0xbf2c)
    #11 0x7f55cc4ca3de in wl_client_connection_data src/wayland-server.c:420
    #12 0x7f55cc4cbf01 in wl_event_loop_dispatch src/event-loop.c:641
    #13 0x7f55cc4ca601 in wl_display_run src/wayland-server.c:1260
    #14 0x40bb1e in server_run ../sway/server.c:141
    #15 0x40ab2f in main ../sway/main.c:432
    #16 0x7f55cb97318a in __libc_start_main ../csu/libc-start.c:308
    #17 0x408d29 in _start (/opt/wayland/bin/sway+0x408d29)

0x612000191ef0 is located 48 bytes inside of 312-byte region [0x612000191ec0,0x612000191ff8)
freed by thread T0 here:
    #0 0x7f55ce3bb880 in __interceptor_free (/lib64/libasan.so.5+0xee880)
    #1 0x42f1db in handle_destroy ../sway/desktop/output.c:1275
    #2 0x7f55cc2549fa in wlr_signal_emit_safe ../util/signal.c:29
    #3 0x7f55cc23b4c2 in wlr_output_destroy ../types/wlr_output.c:284
    #4 0x7f55cc1ddc20 in xdg_toplevel_handle_close ../backend/wayland/output.c:235
    #5 0x7f55c8ef103d in ffi_call_unix64 (/lib64/libffi.so.6+0x603d)

previously allocated by thread T0 here:
    #0 0x7f55ce3bbe50 in calloc (/lib64/libasan.so.5+0xeee50)
    #1 0x42f401 in handle_new_output ../sway/desktop/output.c:1308
    #2 0x7f55cc2549fa in wlr_signal_emit_safe ../util/signal.c:29
    #3 0x7f55cc1d6cbf in new_output_reemit ../backend/multi/backend.c:113
    #4 0x7f55cc2549fa in wlr_signal_emit_safe ../util/signal.c:29
    #5 0x7f55cc1deac7 in wlr_wl_output_create ../backend/wayland/output.c:327
    #6 0x7f55cc1db353 in backend_start ../backend/wayland/backend.c:55
    #7 0x7f55cc1bad55 in wlr_backend_start ../backend/backend.c:35
    #8 0x7f55cc1d67a0 in multi_backend_start ../backend/multi/backend.c:24
    #9 0x7f55cc1bad55 in wlr_backend_start ../backend/backend.c:35
    #10 0x40ba8a in server_run ../sway/server.c:136
    #11 0x40ab2f in main ../sway/main.c:432
    #12 0x7f55cb97318a in __libc_start_main ../csu/libc-start.c:308
2018-06-26 21:20:56 +09:00
Ryan Dwyer a7b3f29292 Remove incorrect assertion and supporting code
Children can exist when destroying a container, such as when destroying
the last output. Sway is not terminating in that case.
2018-06-26 20:18:57 +10:00
Ryan Dwyer 93696b78ec Fix crash when closing output window from outer session
Emitting the close event needs to happen before
container_output_destroy, because container_output_destroy sets the
sway_output to NULL and sway_output is used in IPC.
2018-06-26 20:14:58 +10:00
Ryan Dwyer 834805f5e2 Fix crash when disconnecting output
We were freeing the sway_output immediately upon disconnect which left
a dangling pointer in the output's container. It then tried to use the
pointer when the container is freed.

We don't need to store the sway_output in an output's container which is
destroying, so the fix is to set the pointer to NULL and remove the use
in container_free.

Also added an arrange when the output is disconnected for good measure.
2018-06-26 19:40:42 +10:00
Ryan Dwyer 0085f64ac0 Remove timer when transaction destroys 2018-06-26 18:51:37 +10:00
Ryan Dwyer e8001e6fbe Damage output when views toggle fullscreen
Also add workspace to the transaction when a view maps in fullscreen
mode.
2018-06-26 14:24:15 +10:00
Ryan Dwyer 50190bc760 Rename view's free callback to destroy 2018-06-26 13:18:33 +10:00
Ryan Dwyer 7a922c65aa Damage output when a fullscreen view unmaps
Also moved the arranging into view_unmap to avoid excessive code
duplication.
2018-06-26 13:15:45 +10:00
Dominique Martinet c9be014557 xdg_shell: make view floating if a parent has been set
Prompts e.g. authentication request from firefox-wayland ought to be
floating.

This is a bit coarse but just fixed size is not enough, here is what
firefox does:
[1285461.363]  -> xdg_wm_base@18.get_xdg_surface(new id xdg_surface@68, wl_surface@71)
[1285461.508]  -> xdg_surface@68.get_toplevel(new id xdg_toplevel@67)
[1285461.571]  -> xdg_toplevel@67.set_parent(xdg_toplevel@37)
[1285461.630]  -> xdg_toplevel@67.set_title("Authentication Required")
[1285461.736]  -> xdg_toplevel@67.set_app_id("firefox")
...
[1285476.549] xdg_toplevel@67.configure(0, 0, array)
...
[1285502.080]  -> xdg_toplevel@67.set_min_size(299, 187)
[1285502.140]  -> xdg_toplevel@67.set_max_size(1920, 32767)

This can also be observed with e.g. the open window of gedit
(gedit->open->other documents)
2018-06-26 12:02:50 +09:00
Ryan Dwyer beacd4d9f9 Rename progress_queue to transaction_progress_queue 2018-06-25 16:50:01 +10:00
Ryan Dwyer 9b15e81cff Fix potential crash when fullscreen view unmaps
It happened when a view is a grandchild or deeper of the workspace, is
fullscreen, and unmaps. The workspace would not be included in the
transaction and its pointer to the fullscreen view was left dangling.
2018-06-25 16:41:31 +10:00
Drew DeVault 59086fabbf
Merge pull request #2159 from acrisci/focus-dont-follow-keyboard-grab
dont focus-follow-mouse when keyboard grab
2018-06-24 17:45:03 -07:00
Tony Crisci e9ad10c2d6 dont focus-follow-mouse when keyboard grab 2018-06-24 20:30:43 -04:00
Ryan Dwyer c371ff3de8 Implement per-configure debug timings 2018-06-25 09:25:51 +10:00
Ryan Dwyer 289d696adc Implement transaction timings debug
Launch sway with SWAY_DEBUG=txn_timings to enable it.
2018-06-25 09:09:43 +10:00
emersion eeb38d65cb
xwayland: accept configure requests from floating views 2018-06-24 19:21:02 +01:00
Ryan Dwyer a3976e2659 Fix another crash when moving out of stacks or tabs 2018-06-24 23:07:52 +10:00
Ryan Dwyer 1549fb719a Implement atomic layout updates for xwayland views 2018-06-24 23:01:09 +10:00
Ryan Dwyer b6a238c7b7 Fix crash when running move <direction> in an empty workspace 2018-06-24 16:03:24 +10:00
Ryan Dwyer b864ac0149 Fix crash when unmapping a view with reapable parents
container_destroy was calling container_reap_empty, which calls
container_destroy and so on. Eventually the original container_destroy
would return a NULL pointer to the caller which caused a crash.

This also fixes an arrange on the wrong container when moving views in
and out of stacks.
2018-06-24 15:50:53 +10:00
Ryan Dwyer 33e03cb277 Fix crash related to stacks and tabs 2018-06-24 13:08:47 +10:00
Ryan Dwyer f08a30d6d0 Force transactions to complete in order
This forces transactions to complete in order by using a singly linked
list stored in the sway server.
2018-06-24 12:33:23 +10:00
Ryan Dwyer 32b865e610 Fix crash when deleting last child in a tabbed or stacked container
There was no `current` child because the container was destroyed. This
makes it fall back to looking in the parent's current children list.
2018-06-23 17:47:28 +10:00
Ryan Dwyer b11c9199a6 Merge remote-tracking branch 'upstream/master' into atomic 2018-06-23 16:26:20 +10:00
Ryan Dwyer 38398e2d77 Implement atomic layout updates for tree operations
This implements atomic layout updates for when views map, reparent or
unmap.
2018-06-23 16:24:11 +10:00
Drew DeVault 5222e14555
Merge pull request #2155 from ael-code/fix_output_command_failure
bugfix: avoid access after free
2018-06-22 06:53:17 -07:00
ael-code ad085c1332
bugfix: avoid access after free
if src is NULL due to a previous error we cannot use it in the command
result string.

Moreover if `src` points to `p.we_wordv[0]` we cannot use it after
`wordfree(&p)` in the command result string.

Bonus feature: If there was an error accessing the file, the string
rapresentation of the error is now included in the command result
string.
2018-06-22 15:41:44 +02:00
Drew DeVault e8fbda4d21
Merge pull request #2146 from tobiasblass/prepare_server_before_dropping_privileges
Perform (partial) server initialization before dropping privileges.
2018-06-22 06:41:34 -07:00
emersion abdbf3c1d7
Merge pull request #2152 from atomnuker/master
Init the dmabuf exporting protocol in wlroots
2018-06-22 14:40:12 +01:00
Rostislav Pehlivanov aa9f058e3e Init the dmabuf exporting protocol in wlroots
Allows desktop capture via the dmabuf-capture wlroots example client.
2018-06-22 13:45:32 +01:00
Tobias Blass a5c091e302 Perform (partial) server initialization before dropping privileges.
Some operations during backend creation (e.g. becoming DRM master)
require CAP_SYS_ADMIN privileges. At this point, sway has dropped them
already, though. This patch splits the privileged part of server_init
into its own function and calls it before dropping its privileges.
This fixes the bug with minimal security implications.
2018-06-19 00:19:57 +02:00
emersion cda66e9a26
Automatically float xwayland windows 2018-06-18 22:52:10 +01:00
Ryan Dwyer 1c89f32533 Preserve buffers during transactions
* Also fix parts of the rendering where it was rendering the pending
state instead of current.
2018-06-18 20:42:12 +10:00
Ryan Dwyer 645bf446fa Merge remote-tracking branch 'upstream/master' into atomic 2018-06-18 15:58:48 +10:00
Drew DeVault 202ee51150
Merge pull request #2143 from vilhalmer/mark-pool-buffers-busy
Set pool_buffers busy when handing them out
2018-06-17 14:55:29 -07:00
vil 8884a063c1
Merge branch 'master' into mark-pool-buffers-busy 2018-06-17 17:37:58 -04:00
vilhalmer 54a5ee2747
Set pool_buffers busy when handing them out 2018-06-17 17:34:12 -04:00
Drew DeVault 7c44ca95f9
Merge pull request #2140 from Hello71/patch-2
swayidle: fix stack overflow on sleep
2018-06-17 11:26:57 -07:00
Alex Xu (Hello71) 7ed81cfd36 swayidle: fix stack overflow on sleep 2018-06-17 13:57:40 -04:00
Drew DeVault 378697b79d
Merge pull request #2135 from emersion/wlroots-1060
Update for swaywm/wlroots#1060
2018-06-16 14:07:25 -07:00
emersion 088cae45c8 Update for swaywm/wlroots#1060 2018-06-16 13:32:23 -04:00
Drew DeVault 55fe5fc580
Merge pull request #2130 from frsfnrrg/keyboard-tuning
Clean up keyboard handling code
2018-06-13 05:53:02 -07:00
frsfnrrg ca061ba8bf Fix keyboard shortcut handling inconsistencies
* Ensure that modifier keys are identified even when the next key does
  not produce a keysym. This requires that modifier change tracking
  be done for each sway_shortcut_state.

* Permit regular and --release shortcuts on the same key combination.
  Distinct bindings are identified for press and release cases; note
  that the release binding needs to be identified for both key press
  and key release events.

* Maintain ascending sort order for the shortcut state list, and keep
  track of the number of pressed key ids, for simpler (and hence
  faster) searching of the list of key bindings.

* Move binding duplicate detection into get_active_binding to avoid
  duplicating error messages.
2018-06-12 20:26:57 -04:00
frsfnrrg b23cd827cf Sort binding key lists
Sort the list comprising the set of keys for the binding in ascending
order. (Keyboard shortcuts depend only on the set of simultaneously
pressed keys, not their order, so this change should have no external
effect.) This simplifies comparisons between bindings.
2018-06-12 11:26:24 -04:00
Ryan Dwyer 9e96cfd310 Merge remote-tracking branch 'upstream/master' into atomic 2018-06-11 11:03:43 +10:00
Drew DeVault 867fb6aedb
Merge pull request #2124 from emersion/drag-icons
Render drag icons
2018-06-09 10:50:34 -07:00
Drew DeVault d9fc381e02
Merge pull request #2047 from natesymer/master
Implement Gaps
2018-06-09 08:43:18 -07:00
Nate Symer 6a910b9ba5 Implement gaps (PR #2047) 2018-06-09 09:34:56 -04:00