diff options
| author | Dominique Martinet <[email protected]> | 2018-06-25 07:17:01 +0900 | 
|---|---|---|
| committer | Dominique Martinet <[email protected]> | 2018-06-30 22:42:24 +0900 | 
| commit | bc1e99305a7c9b6732792c136a868cca7a3e52c4 (patch) | |
| tree | 97bd9df31669270fae15b677229f38c99db4cac0 /include/sway/input/seat.h | |
| parent | 792eb6ad402ae76bdc12b267af6bf7abac2b95f9 (diff) | |
xdg_shell: listen to fullscreen request on map
That event comes from the toplevel and not the surface, so would cause
a use-after-free on destroy if the toplevel got destroyed first:
==5454==ERROR: AddressSanitizer: heap-use-after-free on address 0x6110001ed198 at pc 0x000000472d10 bp 0x7ffc19070a80 sp 0x7ffc19070a70
WRITE of size 8 at 0x6110001ed198 thread T0
    #0 0x472d0f in wl_list_remove ../common/list.c:157
    #1 0x42e159 in handle_destroy ../sway/desktop/xdg_shell_v6.c:243
    #2 0x7fa9e5b28ce8 in wlr_signal_emit_safe ../util/signal.c:29
    #3 0x7fa9e5afd6b1 in destroy_xdg_surface_v6 ../types/xdg_shell_v6/wlr_xdg_surface_v6.c:101
    #4 0x7fa9e5d98025 in destroy_resource src/wayland-server.c:688
    #5 0x7fa9e5d98091 in wl_resource_destroy src/wayland-server.c:705
    #6 0x7fa9e27f103d in ffi_call_unix64 (/lib64/libffi.so.6+0x603d)
    #7 0x7fa9e27f09fe in ffi_call (/lib64/libffi.so.6+0x59fe)
    #8 0x7fa9e5d9bf2c  (/lib64/libwayland-server.so.0+0xbf2c)
    #9 0x7fa9e5d983de in wl_client_connection_data src/wayland-server.c:420
    #10 0x7fa9e5d99f01 in wl_event_loop_dispatch src/event-loop.c:641
    #11 0x7fa9e5d98601 in wl_display_run src/wayland-server.c:1260
    #12 0x40a2f4 in main ../sway/main.c:433
    #13 0x7fa9e527318a in __libc_start_main ../csu/libc-start.c:308
    #14 0x40b749 in _start (/opt/wayland/bin/sway+0x40b749)
0x6110001ed198 is located 152 bytes inside of 240-byte region [0x6110001ed100,0x6110001ed1f0)
freed by thread T0 here:
    #0 0x7fa9e7c89880 in __interceptor_free (/lib64/libasan.so.5+0xee880)
    #1 0x7fa9e5affce9 in destroy_xdg_toplevel_v6 ../types/xdg_shell_v6/wlr_xdg_toplevel_v6.c:23
    #2 0x7fa9e5d98025 in destroy_resource src/wayland-server.c:688
previously allocated by thread T0 here:
    #0 0x7fa9e7c89e50 in calloc (/lib64/libasan.so.5+0xeee50)
    #1 0x7fa9e5b00eea in create_xdg_toplevel_v6 ../types/xdg_shell_v6/wlr_xdg_toplevel_v6.c:427
    #2 0x7fa9e27f103d in ffi_call_unix64 (/lib64/libffi.so.6+0x603d)
The toplevel only notifies the compositor on destroy if it was mapped,
so only listen to events at map time.
Diffstat (limited to 'include/sway/input/seat.h')
0 files changed, 0 insertions, 0 deletions
