- Apr 03, 2019
-
-
Kevin Strasser authored
Add 64 bpp 16:16:16:16 half float pixel formats. Each 16 bit component is formatted in IEEE-754 half-precision float (binary16) 1:5:10 MSb-sign:exponent:fraction form. Mesa uses WL_SHM_FORMAT_* for swrast path. Signed-off-by: Kevin Strasser <kevin.strasser@intel.com>
-
- Mar 21, 2019
-
-
Derek Foreman authored
-
- Mar 14, 2019
-
-
Derek Foreman authored
-
- Mar 13, 2019
-
-
Derek Foreman authored
Fix demarshal of invalid size in message header Closes #52 See merge request wayland/wayland!2
-
Pekka Paalanen authored
The size argument to wl_connection_demarshal() is taken from the message by the caller wl_client_connection_data(), therefore 'size' is untrusted data controllable by a Wayland client. The size should always be at least the header size, otherwise the header is invalid. If the size is smaller than header size, it leads to reading past the end of allocated memory. Furthermore if size is zero, wl_closure_init() changes behaviour and leaves num_arrays uninitialized, leading to access of arbitrary memory. Check that 'size' fits at least the header. The space for arguments is already properly checked. This makes the request_bogus_size test free of errors under Valgrind. Fixes: wayland/wayland#52 Signed-off-by: Pekka Paalanen <pekka.paalanen@collabora.com> Reviewed-by: Simon Ser <contact@emersion.fr>
-
Pekka Paalanen authored
This attempts to reproduce the error conditions from wayland/wayland#52 and make it crash. While the crash was repeatable in my tests, it depends on garbage on stack leading to access of invalid memory, which is not guaranteed. This is a FAIL_TEST, so that the following fix commit can be verified. Signed-off-by: Pekka Paalanen <pekka.paalanen@collabora.com> Reviewed-by: Simon Ser <contact@emersion.fr>
-
- Mar 07, 2019
-
-
Pekka Paalanen authored
The experience from Weston shows that the Gitlab merge request based workflow works really well. Recently there have also been issues with the mailing list that have made the email based workflow more painful than it used to be. Those issues might have been temporary or occasional, but they probably are only going to increase. The MR workflow is different, it has its issues (freedesktop/freedesktop#74) and we likely lose the explicit Reviewed-by etc. tags from commit messages, but it is also much easier to work with: no more whitespace damaged patches, lost email, setting up git-send-email; we gain automated CI before any human reviewer even looks at anything, and people can jump in to an ongoing discussion even if they weren't subscribed before. If you still want email, you can subscribe to that selectively(!) in Gitlab yourself. This text has been copied from Weston's CONTRIBUTING.md of the 5.0.91 release and slightly altered for Wayland. Fixes: wayland/wayland#49 v2: fixed two left-over mentions of Weston Signed-off-by: Pekka Paalanen <pekka.paalanen@collabora.com> v1 Reviewed-by: Simon Ser <contact@emersion.fr> Reviewed-by: Daniel Stone <daniels@collabora.com> Reviewed-by: Scott Anderson <scott.anderson@collabora.com> Acked-by: Ian Ray <ian.ray@ge.com> Acked-by: Derek Foreman <derek.foreman.wayland@gmail.com>
-
The definition of wl_argument in wayland-util.h references wl_object, so wl_object ought to be defined in wayland-util.h. This resolves gitlab issue #78. Fixes: wayland/wayland#78 Signed-off-by: Pekka Paalanen <pekka.paalanen@collabora.com>
-
- Mar 05, 2019
-
-
Derek Foreman authored
-
- Feb 25, 2019
-
-
So far I got these errors before patching: libtool: link: cc -o .libs/headers-test -pthread -Wall -Wextra -Wno-unused-parameter -g -Wstrict-prototypes -Wmissing-prototypes -fvisibility=hidden -O2 -pipe tests/headers-test.o tests/headers-protocol-test.o tests/headers-protocol-core-test.o /tmp/obj/wayland-1.16.0/build-amd64/.libs/libtest-runner.a -L.libs -lwayland-client -lffi -lm -lwayland-server -lkvm -Wl,-rpath-link,/usr/local/lib ld: error: duplicate symbol: main >>> defined at headers-test.c:53 (/tmp/obj/wayland-1.16.0/wayland-1.16.0/tests/headers-test.c:53) >>> tests/headers-test.o:(main) >>> defined at test-runner.c:377 (/tmp/obj/wayland-1.16.0/wayland-1.16.0/tests/test-runner.c:377) >>> test-runner.o:(.text+0x250) in archive /tmp/obj/wayland-1.16.0/build-amd64/.libs/libtest-runner.a libtool: link: cc -o .libs/exec-fd-leak-checker -pthread -Wall -Wextra -Wno-unused-parameter -g -Wstrict-prototypes -Wmissing-prototypes -fvisibility=hidden -O2 -pipe tests/exec-fd-leak-checker.o /tmp/obj/wayland-1.16.0/build-amd64/.libs/libtest-runner.a -L.libs -lwayland-client -lffi -lm -lwayland-server -lkvm -Wl,-rpath-link,/usr/local/lib ld: error: duplicate symbol: main >>> defined at exec-fd-leak-checker.c:57 (/tmp/obj/wayland-1.16.0/wayland-1.16.0/tests/exec-fd-leak-checker.c:57) >>> tests/exec-fd-leak-checker.o:(main) >>> defined at test-runner.c:377 (/tmp/obj/wayland-1.16.0/wayland-1.16.0/tests/test-runner.c:377) >>> test-runner.o:(.text+0x250) in archive /tmp/obj/wayland-1.16.0/build-amd64/.libs/libtest-runner.a Makefile.am: error: object 'tests/test-helpers.$(OBJEXT)' created both with libtool and without libtool: link: cc -o .libs/fixed-benchmark -pthread -Wall -Wextra -Wno-unused-parameter -g -Wstrict-prototypes -Wmissing-prototypes -fvisibility=hidden -O2 -pipe tests/fixed-benchmark.o /tmp/obj/wayland-1.16.0/build-amd64/.libs/libtest-runner.a -L.libs -lwayland-client -lffi -lm -lwayland-server -lkvm -Wl,-rpath-link,/usr/local/lib ld: error: duplicate symbol: main >>> defined at fixed-benchmark.c:100 (/tmp/obj/wayland-1.16.0/wayland-1.16.0/tests/fixed-benchmark.c:100) >>> tests/fixed-benchmark.o:(main) >>> defined at test-runner.c:377 (/tmp/obj/wayland-1.16.0/wayland-1.16.0/tests/test-runner.c:377) >>> test-runner.o:(.text+0x250) in archive /tmp/obj/wayland-1.16.0/build-amd64/.libs/libtest-runner.a This commit fixes all of that. Signed-off-by: Leonid Bobrov <mazocomp@disroot.org> Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.com>
-
- Feb 20, 2019
-
-
All wl_output properties don't always make sense for all compositors. Some compositors might not implement a "global compositor space", (e.g. 3D compositors) in which case properties like x and y don't make sense. Some compositors might expose virtual outputs, in which case modes, make and model are not relevant. In a lot of these situations, information from xdg_output is better suited. Compositors also expose output refresh rate, which shouldn't be used for synchronization purposes. Signed-off-by: Simon Ser <contact@emersion.fr> Reviewed-by: Daniel Stone <daniels@collabora.com> Reviewed-by: Jonas Ådahl <jadahl@gmail.com> Reviewed-by: Derek Foreman <derek.foreman.wayland@gmail.com>
-
- Feb 19, 2019
-
-
Derek Foreman authored
-
- Feb 05, 2019
-
-
Upstream SDL supports Wayland since v2.0.4 (June 2015): https://forums.libsdl.org/viewtopic.php?t=11294 Just set SDL_VIDEODRIVER=wayland and SDL will do the right thing :) Signed-off-by: Eric Engestrom <eric.engestrom@intel.com> Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.com>
-
- Jan 30, 2019
-
-
Calling printf("%s", NULL) is undefined behaviour. Signed-off-by: Simon Ser <contact@emersion.fr> Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.com>
-
- Jan 29, 2019
-
-
Many languages such as C++ or Rust have an unwinding error-reporting mechanism. Code in these languages can (and must!) wrap request handling callbacks in unwind guards to avoid undefined behaviour. As a consequence such code will detect internal server errors, but have no way to communicate such failures to the client. This adds a WL_DISPLAY_ERROR_IMPLEMENTATION error to wl_display so that such code can notify (and disconnect) clients which hit internal bugs. While servers can currently abuse other wl_display errors for the same effect, adding an explicit error code allows clients to tell the difference between errors which are their fault and errors which are the server's fault. This is particularly interesting for automated bug reporting. v2: Rename error from "internal" to "implementation", in sympathy with X11's BadImplementation error. Add more justification in the commit message. Signed-off-by: Christopher James Halse Rogers <christopher.halse.rogers@canonical.com> Acked-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk> Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.com>
-
This will allow other wrappers around wl_resource_post_error to accept variable argument lists. Signed-off-by: Christopher James Halse Rogers <christopher.halse.rogers@canonical.com> Acked-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk> Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.com>
-
- Nov 30, 2018
-
-
This commit makes wl_surface.damage_buffer preferred over wl_surface.damage. wl_surface.damage can be implemented in a non-optimal way by the compositor (e.g. by always damaging the whole buffer). Having two requests makes it complicated for the compositor to handle damage, making it necessary to transform one into the other's coordinates. Moreover, integration with wp_viewporter is tricky. Signed-off-by: Simon Ser <contact@emersion.fr> Acked-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk> Reviewed-by: Derek Foreman <derek.foreman.samsung@gmail.com>
-
Derek Foreman authored
Weston commit 76829fc4 (and similar commits for other compositors) protects the compositor's keyboard mapping from client damage by duplicating the keymap for every client. On some systems there are other potential fixes for this - such as using sealed memfds on linux - but we can't use them since essentially all client code anywhere has mapped the keyboard map with a MAP_SHARED mmap() call. While we can't break years worth of code, we can require any future clients to use MAP_PRIVATE if they use a seat version above 6. If a compositor can't use sealing or a similar facility, it should still protect itself with copied keymaps, but clients must always assume shared mapping of a keymap will fail. Signed-off-by: Derek Foreman <derek.foreman.samsung@gmail.com> Reviewed-by: Simon Ser <contact@emersion.fr> Reviewed-by: Daniel Stone <daniels@collabora.com> Reviewed-by: Philipp Kerling <pkerling@casix.org> Acked-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
-
- Aug 29, 2018
-
-
Daniel Stone authored
There are far better ways to detect memory leaks, such as either valgrind or ASan. Having Meson makes it really easy to use these tools in our tests, and we can do that in CI as well. Having these local wrappers actually completely broke ASan usage, so remove them in favour of using the more powerful options. Signed-off-by: Daniel Stone <daniels@collabora.com> Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk> Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
-
Daniel Stone authored
Clang will rightly point out that example_sockaddr_un in socket-test will get discarded from the compilation unit as it is completely unused. Put in a couple of lines which of no value other than stopping Clang from complaining. Signed-off-by: Daniel Stone <daniels@collabora.com> Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk> Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
-
Daniel Stone authored
Clang warns that it can silently discard a non-volatile write to a NULL pointer (perhaps it constitutes undefined behaviour?), and recommends changing it to volatile. This patch slavishly complies with the demand of the unfeeling machine. Signed-off-by: Daniel Stone <daniels@collabora.com> Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk> Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
-
Daniel Stone authored
libxml2 unconditonally defines XMLCALL to nothing. Expat does not redefine XMLCALL if it is already defined, but if it is not, and we are building with gcc on i386 (not x86-64), it will define it as 'cdecl'. Including Expat before libxml thus results in a warning about XMLCALL being redefined. Luckily we can get around this by just reversing the include order: cdecl is a no-op on Unix-like systems, so by having libxml first define XMLCALL to nothing and including Expat afterwards, we avoid the warning and lose nothing. Signed-off-by: Daniel Stone <daniels@collabora.com> Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk> Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
-
Daniel Stone authored
Help static analysers by letting them know that once we fail(), execution will terminally complete. Signed-off-by: Daniel Stone <daniels@collabora.com> Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk> Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
-
Daniel Stone authored
Found with both ASan leak sanitizer and Valgrind. We were trivially leaking the enum name for every arg parsed by the scanner which had one. If libxml-based DTD validation was enabled, we would also leak the DTD itself, despite diligently freeing the document, context, etc. Signed-off-by: Daniel Stone <daniels@collabora.com> Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk> Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
-
- Aug 24, 2018
-
-
Derek Foreman authored
-
Derek Foreman authored
-
Attempting to demarshal message with array or string longer than its body should return failure. Handling the length correctly is tricky when it gets to near-UINT32_MAX values. Unexpected overflows can cause crashes and other security issues. These tests verify that demarshalling such message gives failure instead of crash. v2: Added consts, serialized opcode and size properly, updated style. Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk> Acked-by: Derek Foreman <derek.foreman.samsung@gmail.com>
-
- Aug 17, 2018
-
-
Derek Foreman authored
-
If the remote side sends sufficiently large `length` field, it will overflow the `p` pointer. Technically it is undefined behavior, in practice it makes `p < end`, so the length check passes. Attempts to access the data later causes crashes. This issue manifests only on 32bit systems, but the behavior is undefined everywhere. Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk> Reviewed-by: Derek Foreman <derek.foreman.samsung@gmail.com>
-
The DIV_ROUNDUP macro would overflow when trying to round values higher than MAX_UINT32 - (a - 1). The result is 0 after the division. This is potential security issue when demarshalling an array because the length check is performed with the overflowed value, but then the original huge value is stored for later use. The issue was present only on 32bit platforms. The use of size_t in the DIV_ROUNDUP macro already promoted everything to 64 bit size on 64 bit systems. Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk> Reviewed-by: Derek Foreman <derek.foreman.samsung@gmail.com> Style changes by Derek Foreman
-
- Aug 10, 2018
-
-
Derek Foreman authored
-
- Aug 07, 2018
-
-
Daniel Stone authored
Note that Weston uses GitLab MRs for review, not mail. Signed-off-by: Daniel Stone <daniels@collabora.com> Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
-
- Jul 27, 2018
-
-
Derek Foreman authored
-
The protocol spec used to live here, but it's now part of the regular doc build. The PNG files are created as part of the doc build. Delete the pre-generated versions. Signed-off-by: Daniel Stone <daniels@collabora.com> Reviewed-by: Derek Foreman <derek.foreman.samsung@gmail.com>
-
- Jul 26, 2018
-
-
Daniel Stone authored
The Expat XML library has shipped a pkg-config file for long enough to be in Debian's oldstable (Jessie, April 2015) and Ubuntu's oldest supported LTS (Trusty, 14.04). The pkg-config file was added in Expat upstream's commit 352cfc8f59a7, in September 2007. Drop build support for versions of Expat which do not ship a pkg-config file. Signed-off-by: Daniel Stone <daniels@collabora.com> Reviewed-by: Derek Foreman <derek.foreman.samsung@gmail.com> Reviewed-by: Emil Velikov <emil.velikov@collabora.com>
-
Daniel Stone authored
The check for the execinfo.h header is only advisory; the build will not fail if it is not present, and set HAVE_EXECINFO_H if it is. The check was added in commit bc3e0204 ("build: Add declaration checks to check for required syscall flags") with no obvious use or reasoning. Remove the no-op check. Signed-off-by: Daniel Stone <daniels@collabora.com> Reviewed-by: Derek Foreman <derek.foreman.samsung@gmail.com> Reviewed-by: Emil Velikov <emil.velikov@collabora.com>
-
- Jul 25, 2018
-
-
commit d94a8722 warned this was coming, back in 2013. I've seen libraries that have wayland client and server using functions in the same file. Since struct wl_buffer still exists as an opaque entity in client code, the vestigial deprecated wl_buffer from the server include will generate warnings when not building with WL_HIDE_DEPRECATED. Signed-off-by: Derek Foreman <derekf@osg.samsung.com> Acked-by: Emil Velikov <emil.velikov@collabora.com> Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk> Reviewed-by: Daniel Stone <daniels@collabora.com>
-
- Jul 24, 2018
-
-
Physical size doesn't always make sense for all outputs. In case it's not available or not relevant, allow compositors to send zero. Acked-by: Daniel Stone <daniels@collabora.com> Acked-by: Jonas Ådahl <jadahl@gmail.com> Acked-by: Olivier Fourdan <ofourdan@redhat.com>
-
- Jul 13, 2018
-
-
Derek Foreman authored
-
These should be the conventions we have been using since 1.0, written down more accurately. Signed-off-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk> Reviewed-by: Daniel Stone <daniels@collabora.com> Reviewed-by: Derek Foreman <derek.foreman.samsung@gmail.com>
-