- May 02, 2019
-
-
Antonio Borneo authored
The printf() format specifier "%m" is a glibc extension to print the string returned by strerror(errno). While supported by other libraries (e.g. uClibc and musl), it is not widely portable. In Wayland code the format string is often passed to a logging function that calls other syscalls before the conversion of "%m" takes place. If one of such syscall modifies the value in errno, the conversion of "%m" will incorrectly report the error string corresponding to the new value of errno. Remove all the occurrences of the specifier "%m" in Wayland code by using directly the string returned by strerror(errno). Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>
-
The test runs wayland_scanner on a set of XML protocol files which have malformed element names, and confirms that an error is produced and indicates the correct line. Copyright notifications are not included in the test files, as they are not code; of course, the project license still applies. Signed-off-by: Manuel Stoeckl <code@mstoeckl.com>
-
This change checks that the "name" fields of the various structures in a Wayland protocol XML file will be converted into C identifiers that can be successfully compiled. For names which will be inserted as the prefix of an identifier enforce a match with [_a-zA-Z][_0-9a-zA-Z]* . For types only inserted as the suffix of an identifier (enum, entry), enforce a format of [_0-9a-zA-Z]+ . Unicode characters (and escape sequences like \u0394) are not allowed, because most older and some newer C compilers do not support them by default. For sake of simplicity, this patch does not check for collisions with reserved words or standard library names. Signed-off-by: Manuel Stoeckl <code@mstoeckl.com>
-
- Apr 27, 2019
-
-
Fixed refresh rate doesn't always make sense for all outputs. In case it's not available or not relevant, allow compositors to send zero. For instance the can be the case for virtual outputs. Signed-off-by: Simon Ser <contact@emersion.fr>
-
- Apr 19, 2019
-
-
Harish Krupo authored
Explicitly state that the invalid_finish protocol error would be raised when wl_data_offer.finish request is sent for non drag-and-drop operations. Signed-off-by: Harish Krupo <harishkrupo@gmail.com>
-
Harish Krupo authored
The docbook-xsl package includes all the stylesheets required to build the docs without internet access. Test: One way to emulate missing style sheets is to move /etc/xml/catalog file to a different location. Doing so should cause configure to fail with "checking for docbook stylesheets... no" v2: add AC_MSG_RESULT (Pekka) Signed-off-by: Harish Krupo <harishkrupo@gmail.com>
-
- Apr 12, 2019
-
-
Simon Ser authored
Signed-off-by: Simon Ser <contact@emersion.fr>
-
- Apr 11, 2019
-
-
Simon Ser authored
Remove Weston-specific bits, strip off outdated instructions. Signed-off-by: Simon Ser <contact@emersion.fr>
-
Simon Ser authored
This file is imported from Weston (commit 53d7c243). Signed-off-by: Simon Ser <contact@emersion.fr>
-
- Apr 08, 2019
-
-
Pekka Paalanen authored
Signed-off-by: Pekka Paalanen <pekka.paalanen@collabora.com>
-
- Apr 06, 2019
-
-
Signed-off-by: Leonid Bobrov <mazocomp@disroot.org>
-
- Mar 21, 2019
-
-
Derek Foreman authored
-
- Mar 14, 2019
-
-
Derek Foreman authored
-
- Mar 13, 2019
-
-
Derek Foreman authored
Fix demarshal of invalid size in message header Closes #52 See merge request wayland/wayland!2
-
Pekka Paalanen authored
The size argument to wl_connection_demarshal() is taken from the message by the caller wl_client_connection_data(), therefore 'size' is untrusted data controllable by a Wayland client. The size should always be at least the header size, otherwise the header is invalid. If the size is smaller than header size, it leads to reading past the end of allocated memory. Furthermore if size is zero, wl_closure_init() changes behaviour and leaves num_arrays uninitialized, leading to access of arbitrary memory. Check that 'size' fits at least the header. The space for arguments is already properly checked. This makes the request_bogus_size test free of errors under Valgrind. Fixes: #52 Signed-off-by: Pekka Paalanen <pekka.paalanen@collabora.com> Reviewed-by: Simon Ser <contact@emersion.fr>
-
Pekka Paalanen authored
This attempts to reproduce the error conditions from wayland/wayland#52 and make it crash. While the crash was repeatable in my tests, it depends on garbage on stack leading to access of invalid memory, which is not guaranteed. This is a FAIL_TEST, so that the following fix commit can be verified. Signed-off-by: Pekka Paalanen <pekka.paalanen@collabora.com> Reviewed-by: Simon Ser <contact@emersion.fr>
-
- Mar 07, 2019
-
-
Pekka Paalanen authored
The experience from Weston shows that the Gitlab merge request based workflow works really well. Recently there have also been issues with the mailing list that have made the email based workflow more painful than it used to be. Those issues might have been temporary or occasional, but they probably are only going to increase. The MR workflow is different, it has its issues (freedesktop/freedesktop#74) and we likely lose the explicit Reviewed-by etc. tags from commit messages, but it is also much easier to work with: no more whitespace damaged patches, lost email, setting up git-send-email; we gain automated CI before any human reviewer even looks at anything, and people can jump in to an ongoing discussion even if they weren't subscribed before. If you still want email, you can subscribe to that selectively(!) in Gitlab yourself. This text has been copied from Weston's CONTRIBUTING.md of the 5.0.91 release and slightly altered for Wayland. Fixes: wayland/wayland#49 v2: fixed two left-over mentions of Weston Signed-off-by: Pekka Paalanen <pekka.paalanen@collabora.com> v1 Reviewed-by: Simon Ser <contact@emersion.fr> Reviewed-by: Daniel Stone <daniels@collabora.com> Reviewed-by: Scott Anderson <scott.anderson@collabora.com> Acked-by: Ian Ray <ian.ray@ge.com> Acked-by: Derek Foreman <derek.foreman.wayland@gmail.com>
-
The definition of wl_argument in wayland-util.h references wl_object, so wl_object ought to be defined in wayland-util.h. This resolves gitlab issue #78. Fixes: wayland/wayland#78 Signed-off-by: Pekka Paalanen <pekka.paalanen@collabora.com>
-
- Mar 05, 2019
-
-
Derek Foreman authored
-
- Feb 25, 2019
-
-
So far I got these errors before patching: libtool: link: cc -o .libs/headers-test -pthread -Wall -Wextra -Wno-unused-parameter -g -Wstrict-prototypes -Wmissing-prototypes -fvisibility=hidden -O2 -pipe tests/headers-test.o tests/headers-protocol-test.o tests/headers-protocol-core-test.o /tmp/obj/wayland-1.16.0/build-amd64/.libs/libtest-runner.a -L.libs -lwayland-client -lffi -lm -lwayland-server -lkvm -Wl,-rpath-link,/usr/local/lib ld: error: duplicate symbol: main >>> defined at headers-test.c:53 (/tmp/obj/wayland-1.16.0/wayland-1.16.0/tests/headers-test.c:53) >>> tests/headers-test.o:(main) >>> defined at test-runner.c:377 (/tmp/obj/wayland-1.16.0/wayland-1.16.0/tests/test-runner.c:377) >>> test-runner.o:(.text+0x250) in archive /tmp/obj/wayland-1.16.0/build-amd64/.libs/libtest-runner.a libtool: link: cc -o .libs/exec-fd-leak-checker -pthread -Wall -Wextra -Wno-unused-parameter -g -Wstrict-prototypes -Wmissing-prototypes -fvisibility=hidden -O2 -pipe tests/exec-fd-leak-checker.o /tmp/obj/wayland-1.16.0/build-amd64/.libs/libtest-runner.a -L.libs -lwayland-client -lffi -lm -lwayland-server -lkvm -Wl,-rpath-link,/usr/local/lib ld: error: duplicate symbol: main >>> defined at exec-fd-leak-checker.c:57 (/tmp/obj/wayland-1.16.0/wayland-1.16.0/tests/exec-fd-leak-checker.c:57) >>> tests/exec-fd-leak-checker.o:(main) >>> defined at test-runner.c:377 (/tmp/obj/wayland-1.16.0/wayland-1.16.0/tests/test-runner.c:377) >>> test-runner.o:(.text+0x250) in archive /tmp/obj/wayland-1.16.0/build-amd64/.libs/libtest-runner.a Makefile.am: error: object 'tests/test-helpers.$(OBJEXT)' created both with libtool and without libtool: link: cc -o .libs/fixed-benchmark -pthread -Wall -Wextra -Wno-unused-parameter -g -Wstrict-prototypes -Wmissing-prototypes -fvisibility=hidden -O2 -pipe tests/fixed-benchmark.o /tmp/obj/wayland-1.16.0/build-amd64/.libs/libtest-runner.a -L.libs -lwayland-client -lffi -lm -lwayland-server -lkvm -Wl,-rpath-link,/usr/local/lib ld: error: duplicate symbol: main >>> defined at fixed-benchmark.c:100 (/tmp/obj/wayland-1.16.0/wayland-1.16.0/tests/fixed-benchmark.c:100) >>> tests/fixed-benchmark.o:(main) >>> defined at test-runner.c:377 (/tmp/obj/wayland-1.16.0/wayland-1.16.0/tests/test-runner.c:377) >>> test-runner.o:(.text+0x250) in archive /tmp/obj/wayland-1.16.0/build-amd64/.libs/libtest-runner.a This commit fixes all of that. Signed-off-by: Leonid Bobrov <mazocomp@disroot.org> Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.com>
-
- Feb 20, 2019
-
-
All wl_output properties don't always make sense for all compositors. Some compositors might not implement a "global compositor space", (e.g. 3D compositors) in which case properties like x and y don't make sense. Some compositors might expose virtual outputs, in which case modes, make and model are not relevant. In a lot of these situations, information from xdg_output is better suited. Compositors also expose output refresh rate, which shouldn't be used for synchronization purposes. Signed-off-by: Simon Ser <contact@emersion.fr> Reviewed-by: Daniel Stone <daniels@collabora.com> Reviewed-by: Jonas Ådahl <jadahl@gmail.com> Reviewed-by: Derek Foreman <derek.foreman.wayland@gmail.com>
-
- Feb 19, 2019
-
-
Derek Foreman authored
-
- Feb 05, 2019
-
-
Upstream SDL supports Wayland since v2.0.4 (June 2015): https://forums.libsdl.org/viewtopic.php?t=11294 Just set SDL_VIDEODRIVER=wayland and SDL will do the right thing :) Signed-off-by: Eric Engestrom <eric.engestrom@intel.com> Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.com>
-
- Jan 30, 2019
-
-
Calling printf("%s", NULL) is undefined behaviour. Signed-off-by: Simon Ser <contact@emersion.fr> Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.com>
-
- Jan 29, 2019
-
-
Many languages such as C++ or Rust have an unwinding error-reporting mechanism. Code in these languages can (and must!) wrap request handling callbacks in unwind guards to avoid undefined behaviour. As a consequence such code will detect internal server errors, but have no way to communicate such failures to the client. This adds a WL_DISPLAY_ERROR_IMPLEMENTATION error to wl_display so that such code can notify (and disconnect) clients which hit internal bugs. While servers can currently abuse other wl_display errors for the same effect, adding an explicit error code allows clients to tell the difference between errors which are their fault and errors which are the server's fault. This is particularly interesting for automated bug reporting. v2: Rename error from "internal" to "implementation", in sympathy with X11's BadImplementation error. Add more justification in the commit message. Signed-off-by: Christopher James Halse Rogers <christopher.halse.rogers@canonical.com> Acked-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk> Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.com>
-
This will allow other wrappers around wl_resource_post_error to accept variable argument lists. Signed-off-by: Christopher James Halse Rogers <christopher.halse.rogers@canonical.com> Acked-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk> Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.com>
-
- Nov 30, 2018
-
-
This commit makes wl_surface.damage_buffer preferred over wl_surface.damage. wl_surface.damage can be implemented in a non-optimal way by the compositor (e.g. by always damaging the whole buffer). Having two requests makes it complicated for the compositor to handle damage, making it necessary to transform one into the other's coordinates. Moreover, integration with wp_viewporter is tricky. Signed-off-by: Simon Ser <contact@emersion.fr> Acked-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk> Reviewed-by: Derek Foreman <derek.foreman.samsung@gmail.com>
-
Derek Foreman authored
Weston commit 76829fc4 (and similar commits for other compositors) protects the compositor's keyboard mapping from client damage by duplicating the keymap for every client. On some systems there are other potential fixes for this - such as using sealed memfds on linux - but we can't use them since essentially all client code anywhere has mapped the keyboard map with a MAP_SHARED mmap() call. While we can't break years worth of code, we can require any future clients to use MAP_PRIVATE if they use a seat version above 6. If a compositor can't use sealing or a similar facility, it should still protect itself with copied keymaps, but clients must always assume shared mapping of a keymap will fail. Signed-off-by: Derek Foreman <derek.foreman.samsung@gmail.com> Reviewed-by: Simon Ser <contact@emersion.fr> Reviewed-by: Daniel Stone <daniels@collabora.com> Reviewed-by: Philipp Kerling <pkerling@casix.org> Acked-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
-
- Aug 29, 2018
-
-
Daniel Stone authored
There are far better ways to detect memory leaks, such as either valgrind or ASan. Having Meson makes it really easy to use these tools in our tests, and we can do that in CI as well. Having these local wrappers actually completely broke ASan usage, so remove them in favour of using the more powerful options. Signed-off-by: Daniel Stone <daniels@collabora.com> Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk> Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
-
Daniel Stone authored
Clang will rightly point out that example_sockaddr_un in socket-test will get discarded from the compilation unit as it is completely unused. Put in a couple of lines which of no value other than stopping Clang from complaining. Signed-off-by: Daniel Stone <daniels@collabora.com> Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk> Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
-
Daniel Stone authored
Clang warns that it can silently discard a non-volatile write to a NULL pointer (perhaps it constitutes undefined behaviour?), and recommends changing it to volatile. This patch slavishly complies with the demand of the unfeeling machine. Signed-off-by: Daniel Stone <daniels@collabora.com> Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk> Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
-
Daniel Stone authored
libxml2 unconditonally defines XMLCALL to nothing. Expat does not redefine XMLCALL if it is already defined, but if it is not, and we are building with gcc on i386 (not x86-64), it will define it as 'cdecl'. Including Expat before libxml thus results in a warning about XMLCALL being redefined. Luckily we can get around this by just reversing the include order: cdecl is a no-op on Unix-like systems, so by having libxml first define XMLCALL to nothing and including Expat afterwards, we avoid the warning and lose nothing. Signed-off-by: Daniel Stone <daniels@collabora.com> Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk> Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
-
Daniel Stone authored
Help static analysers by letting them know that once we fail(), execution will terminally complete. Signed-off-by: Daniel Stone <daniels@collabora.com> Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk> Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
-
Daniel Stone authored
Found with both ASan leak sanitizer and Valgrind. We were trivially leaking the enum name for every arg parsed by the scanner which had one. If libxml-based DTD validation was enabled, we would also leak the DTD itself, despite diligently freeing the document, context, etc. Signed-off-by: Daniel Stone <daniels@collabora.com> Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk> Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
-
- Aug 24, 2018
-
-
Derek Foreman authored
-
Derek Foreman authored
-
Attempting to demarshal message with array or string longer than its body should return failure. Handling the length correctly is tricky when it gets to near-UINT32_MAX values. Unexpected overflows can cause crashes and other security issues. These tests verify that demarshalling such message gives failure instead of crash. v2: Added consts, serialized opcode and size properly, updated style. Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk> Acked-by: Derek Foreman <derek.foreman.samsung@gmail.com>
-
- Aug 17, 2018
-
-
Derek Foreman authored
-
If the remote side sends sufficiently large `length` field, it will overflow the `p` pointer. Technically it is undefined behavior, in practice it makes `p < end`, so the length check passes. Attempts to access the data later causes crashes. This issue manifests only on 32bit systems, but the behavior is undefined everywhere. Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk> Reviewed-by: Derek Foreman <derek.foreman.samsung@gmail.com>
-
The DIV_ROUNDUP macro would overflow when trying to round values higher than MAX_UINT32 - (a - 1). The result is 0 after the division. This is potential security issue when demarshalling an array because the length check is performed with the overflowed value, but then the original huge value is stored for later use. The issue was present only on 32bit platforms. The use of size_t in the DIV_ROUNDUP macro already promoted everything to 64 bit size on 64 bit systems. Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk> Reviewed-by: Derek Foreman <derek.foreman.samsung@gmail.com> Style changes by Derek Foreman
-