Fixes heap-use-after-free:
==32046==ERROR: AddressSanitizer: heap-use-after-free on address 0x615000064d20 at pc 0x55571ce4d303 bp 0x7fff545c64c0 sp 0x7fff545c64b0
WRITE of size 8 at 0x615000064d20 thread T0
#0 0x55571ce4d302 in xdg_decoration_handle_destroy ../sway/xdg_decoration.c:13
#1 0x7f64009d6f36 in wlr_signal_emit_safe ../util/signal.c:29
#2 0x7f64009d3c46 in toplevel_decoration_handle_resource_destroy ../types/wlr_xdg_decoration_v1.c:65
#3 0x7f6400a19f8d (/usr/lib/x86_64-linux-gnu/libwayland-server.so.0+0x7f8d)
#4 0x7f6400a19fed in wl_resource_destroy (/usr/lib/x86_64-linux-gnu/libwayland-server.so.0+0x7fed)
#5 0x7f64009d3d1f in toplevel_decoration_handle_surface_destroy ../types/wlr_xdg_decoration_v1.c:82
#6 0x7f64009d6f36 in wlr_signal_emit_safe ../util/signal.c:29
#7 0x7f64009b059c in reset_xdg_surface ../types/xdg_shell/wlr_xdg_surface.c:453
#8 0x7f64009b0688 in destroy_xdg_surface ../types/xdg_shell/wlr_xdg_surface.c:483
#9 0x7f64009af08c in xdg_client_handle_resource_destroy ../types/xdg_shell/wlr_xdg_shell.c:71
#10 0x7f6400a19f8d (/usr/lib/x86_64-linux-gnu/libwayland-server.so.0+0x7f8d)
#11 0x7f6400a1e211 (/usr/lib/x86_64-linux-gnu/libwayland-server.so.0+0xc211)
#12 0x7f6400a1e6fe (/usr/lib/x86_64-linux-gnu/libwayland-server.so.0+0xc6fe)
#13 0x7f6400a1a0ec in wl_client_destroy (/usr/lib/x86_64-linux-gnu/libwayland-server.so.0+0x80ec)
#14 0x7f6400a1a1c4 (/usr/lib/x86_64-linux-gnu/libwayland-server.so.0+0x81c4)
#15 0x7f6400a1b941 in wl_event_loop_dispatch (/usr/lib/x86_64-linux-gnu/libwayland-server.so.0+0x9941)
#16 0x7f6400a1a569 in wl_display_run (/usr/lib/x86_64-linux-gnu/libwayland-server.so.0+0x8569)
#17 0x55571ce4c7fd in server_run ../sway/server.c:214
#18 0x55571ce4ad59 in main ../sway/main.c:405
#19 0x7f640071109a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2409a)
#20 0x55571ce2cfa9 in _start (/usr/local/bin/sway+0x35fa9)
0x615000064d20 is located 32 bytes inside of 504-byte region [0x615000064d00,0x615000064ef8)
freed by thread T0 here:
#0 0x7f6401531b70 in free (/usr/lib/x86_64-linux-gnu/libasan.so.5+0xedb70)
#1 0x55571ce6c72b in destroy ../sway/desktop/xdg_shell.c:252
#2 0x55571cee3f7b in view_destroy ../sway/tree/view.c:60
#3 0x55571cee4090 in view_begin_destroy ../sway/tree/view.c:73
#4 0x55571ce6dd95 in handle_destroy ../sway/desktop/xdg_shell.c:464
#5 0x7f64009d6f36 in wlr_signal_emit_safe ../util/signal.c:29
#6 0x7f64009b059c in reset_xdg_surface ../types/xdg_shell/wlr_xdg_surface.c:453
#7 0x7f64009b0688 in destroy_xdg_surface ../types/xdg_shell/wlr_xdg_surface.c:483
#8 0x7f64009af08c in xdg_client_handle_resource_destroy ../types/xdg_shell/wlr_xdg_shell.c:71
#9 0x7f6400a19f8d (/usr/lib/x86_64-linux-gnu/libwayland-server.so.0+0x7f8d)
previously allocated by thread T0 here:
#0 0x7f6401532138 in calloc (/usr/lib/x86_64-linux-gnu/libasan.so.5+0xee138)
#1 0x55571ce6df39 in handle_xdg_shell_surface ../sway/desktop/xdg_shell.c:485
#2 0x7f64009d6f36 in wlr_signal_emit_safe ../util/signal.c:29
#3 0x7f64009b0167 in handle_xdg_surface_commit ../types/xdg_shell/wlr_xdg_surface.c:350
#4 0x7f64009ce2a5 in surface_commit_pending ../types/wlr_surface.c:372
#5 0x7f64009ce523 in surface_commit ../types/wlr_surface.c:444
#6 0x7f63ff63ddad in ffi_call_unix64 (/usr/lib/x86_64-linux-gnu/libffi.so.6+0x5dad)
Fixes#3759
This makes it so running `move [to] scratchpad` on a container already
in the scratchpad does not return an error. To match i3's behavior, a
visible scratchpad container will be hidden and a hidden scratchpad
container will be treated as a noop.
This modifies the places where output_get_active_workspace is called to
handle a NULL result. Some places already handled it and did not need a
change, some just have guard off code blocks, others return errors, and
some have sway_asserts since the case should never happen. A lot of this
is probably just safety precautions since they probably will never be
called when `output_get_active_workspace` is not fully configured with a
workspace.
If an output's node was dirty and the transaction was committed before a
workspace was moved to or created for the output, the instruction would
have a bad value for `state->active_workspace` due to a missing
length check in `output_get_active_workspace`. If there was no focus on
the output, the first workspace was being returned. If the workspace
list was currently empty, the value was either garbage, or in the case of
an output being disabled and re-enabled, a workspace that may have been
previously freed. This just adds the length check to avoid returning out
of bounds value.
Fixes memory leaks in the form of:
Direct leak of 24 byte(s) in 1 object(s) allocated from:
#0 0x7f5f7c2f4f30 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.5+0xedf30)
#1 0x563c799569f2 in ipc_recv_response ../common/ipc-client.c:94
#2 0x563c79957062 in ipc_single_command ../common/ipc-client.c:138
#3 0x563c798a56cc in run_as_ipc_client ../sway/main.c:127
#4 0x563c798a6a3a in main ../sway/main.c:349
#5 0x7f5f7b4d609a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2409a)
Fixes memory leaks in the form of:
Direct leak of 20 byte(s) in 1 object(s) allocated from:
#0 0x7f5f7c2f4f30 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.5+0xedf30)
#1 0x563c7995b36a in join_args ../common/stringop.c:268
#2 0x563c798a6a1a in main ../sway/main.c:348
#3 0x7f5f7b4d609a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2409a)
This calls `workspace_consider_destroy` on the workspace that was
visible on an output that a workspace was just evacuated to. This
prevents having hidden empty workspaces.
This changes `workspace_next_name` to use the next available number as
the workspace name instead of the number of outputs. This fixes the case
where a number that is already in use could be returned. The workspace
numbers in use have no relation to the number of outputs so it makes
more sense to use the lowest available number
This documents the wildcard character for both inputs and seats. There
is also a tip added on trying the wildcard to verify a setting if the
identifier does not appear to be working.
This fixes the issue of the display freezing on reload with
wlroots#1545.
On master, all output configs are applied on reload. This may cause an
output to have its config applied up to three times, instead of just
once. The three cases are: output name, output identifier, and wildcard.
Not only is this inefficient, but it can cause swaybg to be spawned and
immediately killed.
However, swaybg requires two roundtrips of wl_display (to obtain needed
globals) before it enters its normal event loop. Modesetting will
roundtrip the wl_display. Without modesetting, waitpid for killing
swaybg could block infinitely due to swaybg being blocked by
wl_display_roundtrip.
This only configured an output once. It either uses the wildcard config
or creates an empty wildcard config and applies that. This also fixes a
bug where an output would not be reset when there is no output config to
apply to it.
On the DRM backend, if an output is dpms'd off and a different output is
hotplugged, the CRTC for the output is reclaimed. When modesetting an
output without a CRTC, a CRTC will not be given to an output that is not
desired to be enabled. This splits setting the dpms state in
apply_output_config. If the output should be dpms on, the it is enabled
before attempting to modeset. Otherwise, it is dpms'd off after setting
everything else.
This also adds DPMS_ON to the default output configs.
In seatop_move_tiling, it is possible to cause a stack overflow by
dragging a container into one of its descendants. This disables the
ability to move into a descendant.
This allows the focused inactive tree node and visible workspaces to be
changed while a surface layer has focus. The layer temporarily loses
focus, the tree focus changes, and the layer gets refocused.
When moving a descendant of a tabbed or stacked container, it is possible
for the target node to be the node being moved. This causes a segfault in
`handle_finish` since the node will be detached and then attempted to be
attached to it own parent, which is NULL due to the detach. In this
case, the target node should not be set to the node being moved, but the
parent of the node. This also allows for a descendant of a tabbed or
stacked container to be dragged out of the tabs/stacks and to be a
sibling of the tabbbed/stacked container, which was not previously
possible.
It is possible for `wlr_surface_is_subsurface` to return true, but
`wlr_surface_from_wlr_surface` to be NULL. This adds a NULL check to the
value returned by `wlr_surface_from_wlr_surface` and breaks out of the
while loop in `subsurface_get_root_coords`.
In handle_cursor_motion, the timestamp passed to
`wlr_relative_pointer_manager_v1_send_relative_motion` should be
microseconds (not milliseconds) according to relative-pointer-v1 spec.
When a layer surface is focused, `seat_get_focused_workspace` will be
NULL. This changes `workspace_get_initial_output` to use output of the
focus inactive. If the focus inactive is also NULL, then either the
first output or the noop output will be used as fallbacks.
This aborts sway and displays an error message about XDG_RUNTIME_DIR
not being set without initializing the wl_display or logging any other
information.
This fixes a few misc memory leaks reported by asan:
- Items of `config->config_chain` are now freed instead of just the list
itself
- `bar->swaybar_command` is now freed
- The result returned by a seat subcommand is now returned instead of
leaked
If the active xkb_layout does not have a name, use `NULL` instead of
`json_object_new_string(NULL)`. This also makes it so swaymsg will pretty
print this as `(unnamed)`.
If `repeat_rate` or `repeat_delay` is set without the other being set,
the default was being used for both. This changes the logic to respect
the value given and use the default for the other when only one is set.
If the bar was set to "invisible" and subsequently "toggle" was send twice, the
new mode was never set and the bar->mode was double freed.
Fix this by not requiring the bar->mode to be "hide" and instead show it
unconditionally, because it was either hidden or invisible.
Fixes#3637
It is possible to make the title bars have a zero pixel height while
stacked, by using a blank font and no padding. This causes a division by
zero when attempting to calculate the child index in
container_at_stacked, which then results in a segfault when attempting
to access the child at that bad index (INT_MIN). This just skips the
check to see if the cursor is over a title bar of a child of a stacked
container when the title bar height is zero since there will be no title
bars.
sway-bar(5) documents `modifier none`, which comes from i3. This
implements the functionality for `modifier none` since it was not
previously implemented. The bar modifier toggles visibility of the bar
when the bar mode is set to hide. When the bar modifier is set to
`none`, the ability to toggle visibility of the bar will be disabled.
Since a tablet tool provides the WL_SEAT_CAPABILITY_POINTER capability,
sway will attempt to use the xcursor manager to set a cursor image. If
the tablet tool was the first (and possibly only) device to provide the
capability for the seat, the xcursor manager was not being configured
before attempting to set a cursor image. This was due to
`seat_configure_xcursor` only being called in `seat_configure_pointer`.
Since the xcursor manager was NULL in this case, it would cause a
segfault when attempting to set a cursor image. This adds a call to
`seat_configure_xcursor` in `seat_configure_tablet_tool` to ensure that
the seat has a xcursor manager.
Since `load_include_config` compares against the realpath of a config
file when checking if a config has already been added, the main config's
realpath has to be added to the config_chain.
However, includes from the main config should be processed relative to
the path given to allow for symbolic links. This stores the realpath in
`config->config_chain`, but uses the given path for all other
operations.
When both options and positional arguments are given, sway would print
the error `Don't use options with the IPC client`. Over the past
several months, it seems like users are including this error message in
issues instead of a debug log due to not understanding that the error
message means there is an issue with their command.
This makes the error message more verbose and will hopefully make it so
more users understand that the message is not a bug in sway, but with
the command used.
