Commit Graph

2235 Commits

Author SHA1 Message Date
Dominique Martinet
a2354d5992 cmd_background: fix leak on error
Found through static analysis.
2018-07-02 08:03:41 +09:00
Dominique Martinet
df494a7e51 transaction_apply: use float for quotient
Pre-dividing 1000/60 would lose 2/3 due to round-up

Found through static analysis
2018-07-02 08:03:41 +09:00
Dominique Martinet
c78ab67877 workspace_next_name: fix string length for ws_num >= 100
The check didn't include && ws_num < 100 so l would always be 1 or 2
Instead of fixing logic it's simpler to just call snprintf twice to get
length and use that.

Also change malloc failure check to sway_assert because both callers of
this function do not do null check and would segfault...

Found through static analysis.
2018-07-02 08:03:41 +09:00
Dominique Martinet
9c9ee3e4ef find prev/next output/workspace: add NULL check
These could be called with NULL if there is no focus

Found through static analysis.
2018-07-02 08:03:41 +09:00
Dominique Martinet
ab18740529 output commands: move !argc checks after argc gets decremented
Found through static analysis.
2018-07-02 08:03:41 +09:00
Dominique Martinet
557a14a6fe config_commands_command: make alloc failure check more permanent
policy is accessed again later

Found through static analysis
2018-07-02 08:03:41 +09:00
Dominique Martinet
5690bea227 input_config: free new_input_config on error
Found through static analysis.
2018-07-02 08:03:41 +09:00
Dominique Martinet
ebe69583c7 ipc-server: fix more use-after-frees on ipc_send_reply error
Since ipc_send_reply frees the client on error, we need to check the
return value properly as we access client later on

Found through static analysis.
2018-07-02 08:03:41 +09:00
Dominique Martinet
0ab04b7434 ipc-server: minor code cleanup
No logic change here, this one is mostly to please static analyzer:
 - client->fd can never be -1 (and if it could, close() a few lines below
would have needed the same check)
 - we never send permission denied error (dead code)
2018-07-02 08:03:41 +09:00
Dominique Martinet
546ddbcd5b ipc-server: fix double-free on send error in ipc_send_event
ipc_send_reply already does client disconnect on error, so we shouldn't
do it again.
We also need to process current index again as disconnect removes client
from the list we currently are processing (this is an indexed "list")

Found through static analysis.
2018-07-02 08:03:41 +09:00
Dominique Martinet
9c8fb7d025 invoke_swaybar: fix message length header size
size_t/ssize_t are 8 bytes on 64bit systems, so use the proper size to
transmit that information.
This could lead to ridiculously large alloc as len is not initialized to zero

Found through static analysis
2018-07-02 08:03:41 +09:00
Dominique Martinet
1b7f554474 log_kernel: s/fclose/pclose/ (for popen'd FILE)
With recent glibc the functions are strictly identical, but this might
not be true for all libc implementations

Found through static analysis.
2018-07-02 08:03:41 +09:00
emersion
7abb4d63e2
Init screencopy manager 2018-07-01 22:55:25 +01:00
Dominique Martinet
ce17788533 exec_always: fix leaks
- child would leak in the workspace_record_pid path
 - removing malloc lets us get rid of That Comment nobody seems
to remember what it was about
 - we would leak pipe fds on first fork failling
 - we didn't return an error if second fork failed
 - the final executed process still had both pipe fds
(would show up in /proc/23560/fd in launched programs)
 - we would write twice to the pipe if execl failed for some reason
(e.g. if /bin/sh doesn't exist?!)
2018-07-02 00:09:56 +09:00
Dominique Martinet
bc1e99305a xdg_shell: listen to fullscreen request on map
That event comes from the toplevel and not the surface, so would cause
a use-after-free on destroy if the toplevel got destroyed first:

==5454==ERROR: AddressSanitizer: heap-use-after-free on address 0x6110001ed198 at pc 0x000000472d10 bp 0x7ffc19070a80 sp 0x7ffc19070a70
WRITE of size 8 at 0x6110001ed198 thread T0
    #0 0x472d0f in wl_list_remove ../common/list.c:157
    #1 0x42e159 in handle_destroy ../sway/desktop/xdg_shell_v6.c:243
    #2 0x7fa9e5b28ce8 in wlr_signal_emit_safe ../util/signal.c:29
    #3 0x7fa9e5afd6b1 in destroy_xdg_surface_v6 ../types/xdg_shell_v6/wlr_xdg_surface_v6.c:101
    #4 0x7fa9e5d98025 in destroy_resource src/wayland-server.c:688
    #5 0x7fa9e5d98091 in wl_resource_destroy src/wayland-server.c:705
    #6 0x7fa9e27f103d in ffi_call_unix64 (/lib64/libffi.so.6+0x603d)
    #7 0x7fa9e27f09fe in ffi_call (/lib64/libffi.so.6+0x59fe)
    #8 0x7fa9e5d9bf2c  (/lib64/libwayland-server.so.0+0xbf2c)
    #9 0x7fa9e5d983de in wl_client_connection_data src/wayland-server.c:420
    #10 0x7fa9e5d99f01 in wl_event_loop_dispatch src/event-loop.c:641
    #11 0x7fa9e5d98601 in wl_display_run src/wayland-server.c:1260
    #12 0x40a2f4 in main ../sway/main.c:433
    #13 0x7fa9e527318a in __libc_start_main ../csu/libc-start.c:308
    #14 0x40b749 in _start (/opt/wayland/bin/sway+0x40b749)

0x6110001ed198 is located 152 bytes inside of 240-byte region [0x6110001ed100,0x6110001ed1f0)
freed by thread T0 here:
    #0 0x7fa9e7c89880 in __interceptor_free (/lib64/libasan.so.5+0xee880)
    #1 0x7fa9e5affce9 in destroy_xdg_toplevel_v6 ../types/xdg_shell_v6/wlr_xdg_toplevel_v6.c:23
    #2 0x7fa9e5d98025 in destroy_resource src/wayland-server.c:688

previously allocated by thread T0 here:
    #0 0x7fa9e7c89e50 in calloc (/lib64/libasan.so.5+0xeee50)
    #1 0x7fa9e5b00eea in create_xdg_toplevel_v6 ../types/xdg_shell_v6/wlr_xdg_toplevel_v6.c:427
    #2 0x7fa9e27f103d in ffi_call_unix64 (/lib64/libffi.so.6+0x603d)

The toplevel only notifies the compositor on destroy if it was mapped,
so only listen to events at map time.
2018-06-30 22:42:24 +09:00
Dominique Martinet
9ea4cc13a0 sway views: add helpers to get view and layer from wlr_surface 2018-06-30 22:31:14 +09:00
Ryan Dwyer
e396af853b Merge remote-tracking branch 'upstream/master' into atomic 2018-06-30 22:46:25 +10:00
Rostislav Pehlivanov
0cc24dd9c8 Fix crash with stacking layout after f42bf0ad4
The "simple" rendering function only applies to tiled views.
2018-06-30 12:45:49 +01:00
Ryan Dwyer
fc6fde7d90 Fix compile error 2018-06-30 21:07:54 +10:00
Rostislav Pehlivanov
f42bf0ad4a container_at_view: don't offset the view by the window geometry
Fixes floating window input offsets. As discussed on IRC with emersion,
this shouldn't have been done in the first place.
2018-06-30 11:11:06 +01:00
Rostislav Pehlivanov
e0d0e8f840 Revert "Don't unmaximize floating views"
This reverts commit 97672295ed.
2018-06-30 11:10:47 +01:00
emersion
4de28bba68
Fix floating views not receiving frame events
That happened when they were in tabbed or stacked containers.

Fixes #2161
2018-06-30 09:49:51 +01:00
Ryan Dwyer
96c8c02483 Fix flash of background when xwayland views are mapped
A flash of background was happening for two reasons:

1) We were using the xsurface's dimensions to check if the surface is
ready, but these are pending dimensions.
2) In my particular setup, the default geometry of the xsurface does not
intersect any output, which prevented it from receiving a frame done
event. This made the transaction time out and the client would only
redraw once it's been rendered.
2018-06-30 14:30:14 +10:00
Ryan Dwyer
3a6ed5110c Render saved buffers with the surface's dimensions 2018-06-29 21:13:22 +10:00
Ryan Dwyer
a2fbb20a61 Merge remote-tracking branch 'upstream/master' into atomic 2018-06-29 20:04:24 +10:00
Ryan Dwyer
d7169ee7ff Replace list_empty with a simple alternative 2018-06-29 19:44:54 +10:00
Ryan Dwyer
e8fb6b3325 Fix crash when moving last child of a container to workspace or output
We were arranging a parent which may have been deleted by the reaper,
which meant the `current` children list of the surviving parent had a
dangling pointer.

Instead, we now reap the workspace.
2018-06-29 19:36:22 +10:00
Armin Preiml
1eede432fc fix handling key modifiers if not pressed at first
fixes #2169
2018-06-28 15:23:26 +02:00
Armin Preiml
c4b900c1e0 fix accidently removing borders on XCB_CONFIGURE_REQUEST
The view was configured with the container coordinates.
Although they were right on the first configure, they
changed after a XCB_CONFIGURE_REQUEST, when the
border was already drawn.
2018-06-27 17:56:53 +02:00
Thomas Plaçais
9a3c6d2dbe Check if command input has at least 2 arguments 2018-06-27 15:58:53 +02:00
Ryan Dwyer
9652529cc1 Allow views to skip configures
To do this properly, the transaction queue will only be processed if it
can be completely processed.
2018-06-27 19:07:48 +10:00
Ryan Dwyer
e6829c5991 Move unsetting of view->surface into view_unmap 2018-06-27 17:54:57 +10:00
Ryan Dwyer
8773ed3970 Fix memleak in container_get_box
Rather than allocate a structure and expect callers to free it, take a
pointer to an existing struct as an argument.

This function is no longer called anywhere though.
2018-06-27 17:47:41 +10:00
Ryan Dwyer
be86d3aba6 Remove transaction_add_damage
Instead, damage each container when applying the transaction.
2018-06-27 17:46:03 +10:00
Ryan Dwyer
61c1187685 Fix nitpicks 2018-06-27 17:23:44 +10:00
Ryan Dwyer
bf38081382
Merge branch 'master' into xwayland-wants-float 2018-06-27 13:21:00 +10:00
emersion
ecd748d240
Merge branch 'master' into float_xdg_shell 2018-06-26 15:13:03 +01:00
ael-code
a4578815f1
cleanup output-background subcommand handling
- fixes a double-free error when access() failed.

- refactor code to make memory managment (alloc/free) more straightforward
   - do not bring the temporary wordexp_t struct around
   - do not postpone errors handling
2018-06-26 15:40:32 +02:00
ael-code
4550cb2b3e
fix memleak on background cmd error
- src must be free after join_args()
- wordfree must bee used after wordexp
2018-06-26 15:37:39 +02:00
Dominique Martinet
6856866a61 layer_shell: order destroying before sway_output
Both sway_output and sway_layer_shell listen to wlr's output destroy event,
but sway_layer_shell needs to access into sway_output's data strucure and needs
to be destroyed first.

Resolve this by making sway_layer_shell listen to a new event that happens at
start of sway_output's destroy handler
2018-06-26 21:20:56 +09:00
Dominique Martinet
08800c8ee2 layer_shell: cleanup output link on output destroy
Fixes this kind of use-after-free:
==1795==ERROR: AddressSanitizer: heap-use-after-free on address 0x612000191ef0 at pc 0x00000048c388 bp 0x7ffe308f0410 sp 0x7ffe308f0400
WRITE of size 8 at 0x612000191ef0 thread T0
    #0 0x48c387 in wl_list_remove ../common/list.c:157
    #1 0x42196b in handle_destroy ../sway/desktop/layer_shell.c:275
    #2 0x7f55cc2549fa in wlr_signal_emit_safe ../util/signal.c:29
    #3 0x7f55cc22cf68 in layer_surface_destroy ../types/wlr_layer_shell.c:182
    #4 0x7f55cc22d084 in layer_surface_resource_destroy ../types/wlr_layer_shell.c:196
    #5 0x7f55cc4ca025 in destroy_resource src/wayland-server.c:688
    #6 0x7f55cc4ca091 in wl_resource_destroy src/wayland-server.c:705
    #7 0x7f55cc22c3a2 in resource_handle_destroy ../types/wlr_layer_shell.c:18
    #8 0x7f55c8ef103d in ffi_call_unix64 (/lib64/libffi.so.6+0x603d)
    #9 0x7f55c8ef09fe in ffi_call (/lib64/libffi.so.6+0x59fe)
    #10 0x7f55cc4cdf2c  (/lib64/libwayland-server.so.0+0xbf2c)
    #11 0x7f55cc4ca3de in wl_client_connection_data src/wayland-server.c:420
    #12 0x7f55cc4cbf01 in wl_event_loop_dispatch src/event-loop.c:641
    #13 0x7f55cc4ca601 in wl_display_run src/wayland-server.c:1260
    #14 0x40bb1e in server_run ../sway/server.c:141
    #15 0x40ab2f in main ../sway/main.c:432
    #16 0x7f55cb97318a in __libc_start_main ../csu/libc-start.c:308
    #17 0x408d29 in _start (/opt/wayland/bin/sway+0x408d29)

0x612000191ef0 is located 48 bytes inside of 312-byte region [0x612000191ec0,0x612000191ff8)
freed by thread T0 here:
    #0 0x7f55ce3bb880 in __interceptor_free (/lib64/libasan.so.5+0xee880)
    #1 0x42f1db in handle_destroy ../sway/desktop/output.c:1275
    #2 0x7f55cc2549fa in wlr_signal_emit_safe ../util/signal.c:29
    #3 0x7f55cc23b4c2 in wlr_output_destroy ../types/wlr_output.c:284
    #4 0x7f55cc1ddc20 in xdg_toplevel_handle_close ../backend/wayland/output.c:235
    #5 0x7f55c8ef103d in ffi_call_unix64 (/lib64/libffi.so.6+0x603d)

previously allocated by thread T0 here:
    #0 0x7f55ce3bbe50 in calloc (/lib64/libasan.so.5+0xeee50)
    #1 0x42f401 in handle_new_output ../sway/desktop/output.c:1308
    #2 0x7f55cc2549fa in wlr_signal_emit_safe ../util/signal.c:29
    #3 0x7f55cc1d6cbf in new_output_reemit ../backend/multi/backend.c:113
    #4 0x7f55cc2549fa in wlr_signal_emit_safe ../util/signal.c:29
    #5 0x7f55cc1deac7 in wlr_wl_output_create ../backend/wayland/output.c:327
    #6 0x7f55cc1db353 in backend_start ../backend/wayland/backend.c:55
    #7 0x7f55cc1bad55 in wlr_backend_start ../backend/backend.c:35
    #8 0x7f55cc1d67a0 in multi_backend_start ../backend/multi/backend.c:24
    #9 0x7f55cc1bad55 in wlr_backend_start ../backend/backend.c:35
    #10 0x40ba8a in server_run ../sway/server.c:136
    #11 0x40ab2f in main ../sway/main.c:432
    #12 0x7f55cb97318a in __libc_start_main ../csu/libc-start.c:308
2018-06-26 21:20:56 +09:00
Ryan Dwyer
a7b3f29292 Remove incorrect assertion and supporting code
Children can exist when destroying a container, such as when destroying
the last output. Sway is not terminating in that case.
2018-06-26 20:18:57 +10:00
Ryan Dwyer
93696b78ec Fix crash when closing output window from outer session
Emitting the close event needs to happen before
container_output_destroy, because container_output_destroy sets the
sway_output to NULL and sway_output is used in IPC.
2018-06-26 20:14:58 +10:00
Ryan Dwyer
834805f5e2 Fix crash when disconnecting output
We were freeing the sway_output immediately upon disconnect which left
a dangling pointer in the output's container. It then tried to use the
pointer when the container is freed.

We don't need to store the sway_output in an output's container which is
destroying, so the fix is to set the pointer to NULL and remove the use
in container_free.

Also added an arrange when the output is disconnected for good measure.
2018-06-26 19:40:42 +10:00
Ryan Dwyer
0085f64ac0 Remove timer when transaction destroys 2018-06-26 18:51:37 +10:00
Ryan Dwyer
e8001e6fbe Damage output when views toggle fullscreen
Also add workspace to the transaction when a view maps in fullscreen
mode.
2018-06-26 14:24:15 +10:00
Ryan Dwyer
50190bc760 Rename view's free callback to destroy 2018-06-26 13:18:33 +10:00
Ryan Dwyer
7a922c65aa Damage output when a fullscreen view unmaps
Also moved the arranging into view_unmap to avoid excessive code
duplication.
2018-06-26 13:15:45 +10:00
Dominique Martinet
c9be014557 xdg_shell: make view floating if a parent has been set
Prompts e.g. authentication request from firefox-wayland ought to be
floating.

This is a bit coarse but just fixed size is not enough, here is what
firefox does:
[1285461.363]  -> xdg_wm_base@18.get_xdg_surface(new id xdg_surface@68, wl_surface@71)
[1285461.508]  -> xdg_surface@68.get_toplevel(new id xdg_toplevel@67)
[1285461.571]  -> xdg_toplevel@67.set_parent(xdg_toplevel@37)
[1285461.630]  -> xdg_toplevel@67.set_title("Authentication Required")
[1285461.736]  -> xdg_toplevel@67.set_app_id("firefox")
...
[1285476.549] xdg_toplevel@67.configure(0, 0, array)
...
[1285502.080]  -> xdg_toplevel@67.set_min_size(299, 187)
[1285502.140]  -> xdg_toplevel@67.set_max_size(1920, 32767)

This can also be observed with e.g. the open window of gedit
(gedit->open->other documents)
2018-06-26 12:02:50 +09:00
Ryan Dwyer
beacd4d9f9 Rename progress_queue to transaction_progress_queue 2018-06-25 16:50:01 +10:00