1. 08 Oct, 2020 1 commit
  2. 01 Oct, 2020 2 commits
  3. 30 Sep, 2020 6 commits
  4. 25 Sep, 2020 1 commit
  5. 08 Sep, 2020 3 commits
  6. 25 Aug, 2020 5 commits
  7. 18 Aug, 2020 13 commits
  8. 12 Aug, 2020 1 commit
  9. 22 Jul, 2020 1 commit
    • Michel Dänzer's avatar
      xwayland: Hold a pixmap reference in struct xwl_present_event · 23c55ec3
      Michel Dänzer authored
      In the log of the commit below, I claimed this wasn't necessary on the
      1.20 branch, but this turned out to be wrong: It meant that
      event->buffer could already be destroyed in xwl_present_free_event,
      resulting in use-after-free and likely a crash.
      
      Fixes: 22c0808a "xwayland: Free all remaining events in
                           xwl_present_cleanup"
      23c55ec3
  10. 21 Jul, 2020 2 commits
  11. 20 Jul, 2020 5 commits
    • Lyude Paul's avatar
      xwayland: Store xwl_tablet_pad in its own private key · ccbcf083
      Lyude Paul authored
      When a slave device causes the master virtual pointer device to change
      device types, the device's private data pointer
      (device->public.devicePrivate) is also changed to match the type of the
      slave device. This can be a problem though, as tablet pad devices will
      set the device's private data pointer to their own xwl_tablet_pad
      struct. This can cause us to dereference the pointer as the wrong type,
      and result in a segfault:
      
      Thread 1 "Xwayland" received signal SIGSEGV, Segmentation fault.
      wl_proxy_marshal (proxy=0x51, opcode=opcode@entry=0) at src/wayland-client.c:792
      792             va_start(ap, opcode);
      (gdb) bt
      0  wl_proxy_marshal (proxy=0x51, opcode=opcode@entry=0) at
        src/wayland-client.c:792
      1  0x00005610b27b6c55 in wl_pointer_set_cursor (hotspot_y=0,
        hotspot_x=0, surface=0x0, serial=<optimized out>, wl_pointer=<optimized
        out>) at /usr/include/wayland-client-protocol.h:4610
      2  xwl_seat_set_cursor (xwl_seat=xwl_seat@entry=0x5610b46d5d10) at
        xwayland-cursor.c:137
      3  0x00005610b27b6ecd in xwl_set_cursor (device=<optimized out>,
        screen=<optimized out>, cursor=<optimized out>, x=<optimized out>,
        y=<optimized out>) at xwayland-cursor.c:249
      4  0x00005610b2800b46 in miPointerUpdateSprite (pDev=0x5610b4501a30) at
        mipointer.c:468
      5  miPointerUpdateSprite (pDev=0x5610b4501a30) at mipointer.c:410
      6  0x00005610b2800e56 in miPointerDisplayCursor (pCursor=0x5610b4b35740,
        pScreen=0x5610b3d54410, pDev=0x5610b4501a30) at mipointer.c:206
      7  miPointerDisplayCursor (pDev=0x5610b4501a30, pScreen=0x5610b3d54410,
        pCursor=0x5610b4b35740) at mipointer.c:194
      8  0x00005610b27ed62b in CursorDisplayCursor (pDev=<optimized out>,
        pScreen=0x5610b3d54410, pCursor=0x5610b4b35740) at cursor.c:168
      9  0x00005610b28773ee in AnimCurDisplayCursor (pDev=0x5610b4501a30,
        pScreen=0x5610b3d54410, pCursor=0x5610b4b35740) at animcur.c:197
      10 0x00005610b28eb4ca in ChangeToCursor (pDev=0x5610b4501a30,
        cursor=0x5610b4b35740) at events.c:938
      11 0x00005610b28ec99f in WindowHasNewCursor
        (pWin=pWin@entry=0x5610b4b2e0c0) at events.c:3362
      12 0x00005610b291102d in ChangeWindowAttributes (pWin=0x5610b4b2e0c0,
        vmask=<optimized out>, vlist=vlist@entry=0x5610b4c41dcc,
        client=client@entry=0x5610b4b2c900) at window.c:1561
      13 0x00005610b28db8e3 in ProcChangeWindowAttributes (client=0x5610b4b2c900)
        at dispatch.c:746
      14 0x00005610b28e1e5b in Dispatch () at dispatch.c:497
      15 0x00005610b28e5f34 in dix_main (argc=16, argv=0x7ffc7a601b68,
        envp=<optimized out>) at main.c:276
      16 0x00007f8828cde042 in __libc_start_main (main=0x5610b27ae930 <main>,
        argc=16, argv=0x7ffc7a601b68, init=<optimized out>, fini=<optimized
        out>, rtld_fini=<optimized out>, stack_end=0x7ffc7a601b58) at
        ../csu/libc-start.c:308
      17 0x00005610b27ae96e in _start () at cursor.c:1064
      
      Simple reproducer in gnome-shell: open up an Xwayland window, press some
      tablet buttons, lock and unlock the screen. Repeat if it doesn't crash
      the first time.
      
      So, let's fix this by registering our own device-specific private key
      for storing a backpointer to xwl_tablet_pad, so that all input devices
      have their private data pointers set to their respective xwl_seat.
      Reviewed-by: Peter Hutterer's avatarPeter Hutterer <peter.hutterer@who-t.net>
      Signed-off-by: Lyude Paul's avatarLyude Paul <lyude@redhat.com>
      (cherry picked from commit ba0e789b)
      ccbcf083
    • SimonPilkington's avatar
      xwayland: Initialise values in xwlVidModeGetGamma() · cc361355
      SimonPilkington authored
      ProcVidModeGetGamma() relies on GetGamma() to initialise values if it
      returns TRUE. Without this, we're sending uninitialised values to
      clients.
      
      Fixes: #1040
      (cherry picked from commit 6748a409)
      cc361355
    • Sjoerd Simons's avatar
      xwayland: Fix crashes when there is no pointer · 533cc6ca
      Sjoerd Simons authored
      When running with a weston session without a pointer device (thus with
      the wl_seat not having a pointer) xwayland pointer warping and pointer
      confining should simply be ignored to avoid crashes.
      Signed-off-by: default avatarSjoerd Simons <sjoerd@collabora.com>
      (cherry picked from commit d35f6833)
      533cc6ca
    • Olivier Fourdan's avatar
      xwayland: Clear private on device removal · 3aa31823
      Olivier Fourdan authored
      Xwayland uses the device private to point to the `xwl_seat`.
      
      Device may be removed at any time, including on suspend.
      
      On resume, if the DIX code ends up calling a function that requires the
      `xwl_seat` such as `xwl_set_cursor()` we may end up pointing at random
      data.
      
      Make sure the clear the device private data on removal so that we don't
      try to use it and crash later.
      Signed-off-by: default avatarOlivier Fourdan <ofourdan@redhat.com>
      Reviewed-by: Peter Hutterer's avatarPeter Hutterer <peter.hutterer@who-t.net>
      #709
      (cherry picked from commit 4195e803)
      3aa31823
    • Michel Dänzer's avatar
      xwayland: Free all remaining events in xwl_present_cleanup · 22c0808a
      Michel Dänzer authored
      At the end of xwl_present_cleanup, these events aren't reachable
      anymore, so if we don't free them first, they're leaked.
      
      (cherry picked from commit 64565ea344fef0171497952ef75f019cb420fe3b)
      
      v2:
      * Simpler backport, no need to keep a reference to the pixmap on the
        1.20 branch.
      22c0808a