aboutsummaryrefslogtreecommitdiffstats
path: root/sway/desktop/xdg_shell.c
diff options
context:
space:
mode:
authorLibravatar Dominique Martinet <asmadeus@codewreck.org>2018-06-25 07:17:01 +0900
committerLibravatar Dominique Martinet <asmadeus@codewreck.org>2018-06-30 22:42:24 +0900
commitbc1e99305a7c9b6732792c136a868cca7a3e52c4 (patch)
tree97bd9df31669270fae15b677229f38c99db4cac0 /sway/desktop/xdg_shell.c
parentMerge pull request #2174 from martinetd/view-from-surface (diff)
downloadsway-bc1e99305a7c9b6732792c136a868cca7a3e52c4.tar.gz
sway-bc1e99305a7c9b6732792c136a868cca7a3e52c4.tar.zst
sway-bc1e99305a7c9b6732792c136a868cca7a3e52c4.zip
xdg_shell: listen to fullscreen request on map
That event comes from the toplevel and not the surface, so would cause a use-after-free on destroy if the toplevel got destroyed first: ==5454==ERROR: AddressSanitizer: heap-use-after-free on address 0x6110001ed198 at pc 0x000000472d10 bp 0x7ffc19070a80 sp 0x7ffc19070a70 WRITE of size 8 at 0x6110001ed198 thread T0 #0 0x472d0f in wl_list_remove ../common/list.c:157 #1 0x42e159 in handle_destroy ../sway/desktop/xdg_shell_v6.c:243 #2 0x7fa9e5b28ce8 in wlr_signal_emit_safe ../util/signal.c:29 #3 0x7fa9e5afd6b1 in destroy_xdg_surface_v6 ../types/xdg_shell_v6/wlr_xdg_surface_v6.c:101 #4 0x7fa9e5d98025 in destroy_resource src/wayland-server.c:688 #5 0x7fa9e5d98091 in wl_resource_destroy src/wayland-server.c:705 #6 0x7fa9e27f103d in ffi_call_unix64 (/lib64/libffi.so.6+0x603d) #7 0x7fa9e27f09fe in ffi_call (/lib64/libffi.so.6+0x59fe) #8 0x7fa9e5d9bf2c (/lib64/libwayland-server.so.0+0xbf2c) #9 0x7fa9e5d983de in wl_client_connection_data src/wayland-server.c:420 #10 0x7fa9e5d99f01 in wl_event_loop_dispatch src/event-loop.c:641 #11 0x7fa9e5d98601 in wl_display_run src/wayland-server.c:1260 #12 0x40a2f4 in main ../sway/main.c:433 #13 0x7fa9e527318a in __libc_start_main ../csu/libc-start.c:308 #14 0x40b749 in _start (/opt/wayland/bin/sway+0x40b749) 0x6110001ed198 is located 152 bytes inside of 240-byte region [0x6110001ed100,0x6110001ed1f0) freed by thread T0 here: #0 0x7fa9e7c89880 in __interceptor_free (/lib64/libasan.so.5+0xee880) #1 0x7fa9e5affce9 in destroy_xdg_toplevel_v6 ../types/xdg_shell_v6/wlr_xdg_toplevel_v6.c:23 #2 0x7fa9e5d98025 in destroy_resource src/wayland-server.c:688 previously allocated by thread T0 here: #0 0x7fa9e7c89e50 in calloc (/lib64/libasan.so.5+0xeee50) #1 0x7fa9e5b00eea in create_xdg_toplevel_v6 ../types/xdg_shell_v6/wlr_xdg_toplevel_v6.c:427 #2 0x7fa9e27f103d in ffi_call_unix64 (/lib64/libffi.so.6+0x603d) The toplevel only notifies the compositor on destroy if it was mapped, so only listen to events at map time.
Diffstat (limited to 'sway/desktop/xdg_shell.c')
-rw-r--r--sway/desktop/xdg_shell.c56
1 files changed, 28 insertions, 28 deletions
diff --git a/sway/desktop/xdg_shell.c b/sway/desktop/xdg_shell.c
index 5b40d903..82db4076 100644
--- a/sway/desktop/xdg_shell.c
+++ b/sway/desktop/xdg_shell.c
@@ -203,6 +203,29 @@ static void handle_new_popup(struct wl_listener *listener, void *data) {
203 popup_create(wlr_popup, &xdg_shell_view->view); 203 popup_create(wlr_popup, &xdg_shell_view->view);
204} 204}
205 205
206static void handle_request_fullscreen(struct wl_listener *listener, void *data) {
207 struct sway_xdg_shell_view *xdg_shell_view =
208 wl_container_of(listener, xdg_shell_view, request_fullscreen);
209 struct wlr_xdg_toplevel_set_fullscreen_event *e = data;
210 struct wlr_xdg_surface *xdg_surface =
211 xdg_shell_view->view.wlr_xdg_surface;
212 struct sway_view *view = &xdg_shell_view->view;
213
214 if (!sway_assert(xdg_surface->role == WLR_XDG_SURFACE_ROLE_TOPLEVEL,
215 "xdg_shell requested fullscreen of surface with role %i",
216 xdg_surface->role)) {
217 return;
218 }
219 if (!xdg_surface->mapped) {
220 return;
221 }
222
223 view_set_fullscreen(view, e->fullscreen);
224
225 struct sway_container *ws = container_parent(view->swayc, C_WORKSPACE);
226 arrange_and_commit(ws);
227}
228
206static void handle_unmap(struct wl_listener *listener, void *data) { 229static void handle_unmap(struct wl_listener *listener, void *data) {
207 struct sway_xdg_shell_view *xdg_shell_view = 230 struct sway_xdg_shell_view *xdg_shell_view =
208 wl_container_of(listener, xdg_shell_view, unmap); 231 wl_container_of(listener, xdg_shell_view, unmap);
@@ -216,6 +239,7 @@ static void handle_unmap(struct wl_listener *listener, void *data) {
216 239
217 wl_list_remove(&xdg_shell_view->commit.link); 240 wl_list_remove(&xdg_shell_view->commit.link);
218 wl_list_remove(&xdg_shell_view->new_popup.link); 241 wl_list_remove(&xdg_shell_view->new_popup.link);
242 wl_list_remove(&xdg_shell_view->request_fullscreen.link);
219} 243}
220 244
221static void handle_map(struct wl_listener *listener, void *data) { 245static void handle_map(struct wl_listener *listener, void *data) {
@@ -248,6 +272,10 @@ static void handle_map(struct wl_listener *listener, void *data) {
248 xdg_shell_view->new_popup.notify = handle_new_popup; 272 xdg_shell_view->new_popup.notify = handle_new_popup;
249 wl_signal_add(&xdg_surface->events.new_popup, 273 wl_signal_add(&xdg_surface->events.new_popup,
250 &xdg_shell_view->new_popup); 274 &xdg_shell_view->new_popup);
275
276 xdg_shell_view->request_fullscreen.notify = handle_request_fullscreen;
277 wl_signal_add(&xdg_surface->toplevel->events.request_fullscreen,
278 &xdg_shell_view->request_fullscreen);
251} 279}
252 280
253static void handle_destroy(struct wl_listener *listener, void *data) { 281static void handle_destroy(struct wl_listener *listener, void *data) {
@@ -261,34 +289,10 @@ static void handle_destroy(struct wl_listener *listener, void *data) {
261 wl_list_remove(&xdg_shell_view->destroy.link); 289 wl_list_remove(&xdg_shell_view->destroy.link);
262 wl_list_remove(&xdg_shell_view->map.link); 290 wl_list_remove(&xdg_shell_view->map.link);
263 wl_list_remove(&xdg_shell_view->unmap.link); 291 wl_list_remove(&xdg_shell_view->unmap.link);
264 wl_list_remove(&xdg_shell_view->request_fullscreen.link);
265 view->wlr_xdg_surface = NULL; 292 view->wlr_xdg_surface = NULL;
266 view_destroy(view); 293 view_destroy(view);
267} 294}
268 295
269static void handle_request_fullscreen(struct wl_listener *listener, void *data) {
270 struct sway_xdg_shell_view *xdg_shell_view =
271 wl_container_of(listener, xdg_shell_view, request_fullscreen);
272 struct wlr_xdg_toplevel_set_fullscreen_event *e = data;
273 struct wlr_xdg_surface *xdg_surface =
274 xdg_shell_view->view.wlr_xdg_surface;
275 struct sway_view *view = &xdg_shell_view->view;
276
277 if (!sway_assert(xdg_surface->role == WLR_XDG_SURFACE_ROLE_TOPLEVEL,
278 "xdg_shell requested fullscreen of surface with role %i",
279 xdg_surface->role)) {
280 return;
281 }
282 if (!xdg_surface->mapped) {
283 return;
284 }
285
286 view_set_fullscreen(view, e->fullscreen);
287
288 struct sway_container *ws = container_parent(view->swayc, C_WORKSPACE);
289 arrange_and_commit(ws);
290}
291
292struct sway_view *view_from_wlr_xdg_surface( 296struct sway_view *view_from_wlr_xdg_surface(
293 struct wlr_xdg_surface *xdg_surface) { 297 struct wlr_xdg_surface *xdg_surface) {
294 return xdg_surface->data; 298 return xdg_surface->data;
@@ -329,9 +333,5 @@ void handle_xdg_shell_surface(struct wl_listener *listener, void *data) {
329 xdg_shell_view->destroy.notify = handle_destroy; 333 xdg_shell_view->destroy.notify = handle_destroy;
330 wl_signal_add(&xdg_surface->events.destroy, &xdg_shell_view->destroy); 334 wl_signal_add(&xdg_surface->events.destroy, &xdg_shell_view->destroy);
331 335
332 xdg_shell_view->request_fullscreen.notify = handle_request_fullscreen;
333 wl_signal_add(&xdg_surface->toplevel->events.request_fullscreen,
334 &xdg_shell_view->request_fullscreen);
335
336 xdg_surface->data = xdg_shell_view; 336 xdg_surface->data = xdg_shell_view;
337} 337}
generated by cgit v1.2.3-54-g00ecf (git 2.44.0) at 2024-05-04 03:18:59 +0000