Binding to wrong global name can trigger segfault in libwayland-client
Here is an excerpt of a WAYLAND_DEBUG=server log of a client binding to wl_compositor with an incorrect global name:
[383517.876] wl_display@1.get_registry(new id wl_registry@2)
[383517.910] -> wl_registry@2.global(1, "wl_compositor", 4)
[383517.968] -> wl_registry@2.global(2, "wl_subcompositor", 1)
[383518.028] -> wl_registry@2.global(3, "wp_viewporter", 1)
[383518.096] -> wl_registry@2.global(4, "wp_presentation", 1)
[383518.159] -> wl_registry@2.global(5, "zwp_relative_pointer_manager_v1", 1)
[383518.215] -> wl_registry@2.global(6, "zwp_pointer_constraints_v1", 1)
[383518.275] -> wl_registry@2.global(7, "zwp_input_timestamps_manager_v1", 1)
[383518.337] -> wl_registry@2.global(8, "wl_data_device_manager", 3)
[383518.397] -> wl_registry@2.global(9, "wl_shm", 1)
[383518.452] -> wl_registry@2.global(10, "wl_seat", 5)
[383518.511] -> wl_registry@2.global(11, "wl_drm", 2)
[383518.580] -> wl_registry@2.global(12, "zwp_linux_dmabuf_v1", 3)
[383518.644] -> wl_registry@2.global(13, "wl_output", 3)
[383518.706] -> wl_registry@2.global(14, "zwp_input_panel_v1", 1)
[383518.765] -> wl_registry@2.global(15, "zwp_input_method_v1", 1)
[383518.829] -> wl_registry@2.global(16, "zwp_text_input_manager_v1", 1)
[383518.892] -> wl_registry@2.global(17, "xdg_wm_base", 1)
[383518.960] -> wl_registry@2.global(18, "zxdg_shell_v6", 1)
[383519.010] -> wl_registry@2.global(19, "wl_shell", 1)
[383519.061] -> wl_registry@2.global(20, "weston_desktop_shell", 1)
[383519.117] -> wl_registry@2.global(21, "weston_screenshooter", 1)
[383519.444] wl_display@1.sync(new id wl_callback@3)
[383519.489] -> wl_callback@3.done(4)
[383519.517] -> wl_display@1.delete_id(3)
[383519.745] wl_registry@2.bind(4, "wl_compositor", 1, new id [unknown]@3)
[383519.839] -> wp_presentation@3.clock_id(4)
[383519.871] wl_registry@2.bind(5, "wl_shell", 1, new id [unknown]@4)
[383519.955] wp_presentation@3.destroy()
[383519.973] -> wl_display@1.delete_id(3)
[383519.993] zwp_relative_pointer_manager_v1@4.destroy()
[383520.006] -> wl_display@1.delete_id(4)
[383520.040] -> wl_display@1.error(wl_display@1, 0, "invalid object 6")
[16:08:46.629] libwayland: error in client communication (pid 4769)The client binds to global 4 as wl_compositor, but global 4 is wp_presentation.
First, the error is triggered very late in the logs and doesn't describe the issue properly. I believe it should be triggered right after wl_registry@2.bind(4, "wl_compositor", 1, new id [unknown]@3) and clearly say that the global interface doesn't match.
Second, this triggers a segfault in libwayland-client:
#0 wl_closure_init (message=0x0, size=12, num_arrays=0x7fffffffe3b8, args=0x0) at src/connection.c:562
#1 0x00007ffff7fad787 in wl_connection_demarshal (connection=0x555555566f10, size=12,
objects=0x55555555d420, message=0x0) at src/connection.c:710
#2 0x00007ffff7fab917 in queue_event (display=<optimized out>, len=<optimized out>)
at src/wayland-client.c:1368
#3 read_events (display=0x55555555d3a0) at src/wayland-client.c:1469
#4 wl_display_read_events (display=0x55555555d3a0) at src/wayland-client.c:1552
#5 0x00007ffff7fab6b4 in wl_display_dispatch_queue (display=0x55555555d3a0, queue=0x55555555d470)
at src/wayland-client.c:1791
#6 0x000055555555643a in parent_handle_event (fd=9, mask=1, data=0x55555555cea8) at client.c:30
#7 0x00007ffff7fc0f32 in wl_event_loop_dispatch (loop=0x55555555c3d0, timeout=<optimized out>)
at src/event-loop.c:641
#8 0x00007ffff7fbeedd in wl_display_run (display=0x555555560490) at src/wayland-server.c:1293
#9 0x0000555555556cc2 in main (argc=1, argv=0x7fffffffe828) at client.c:269I'm not sure how message can be NULL, since it's set to &proxy->object.interface->events[opcode] in queue_event. In any case, this shouldn't segfault.