wayland: Disconnect signals when Wayland compositor object is finalized
Fixes potential use-after-free during mutter shutdown, e.g.: ==993876== Invalid read of size 8 ==993876== at 0x4A4FCA3: meta_wayland_presentation_time_ensure_feedbacks (meta-wayland-presentation-time.c:373) ==993876== by 0x4A3F07F: on_presented (meta-wayland.c:282) ==993876== by 0x661B7E9: ??? (in /usr/lib/x86_64-linux-gnu/libffi.so.8.1.0) ==993876== by 0x661A922: ??? (in /usr/lib/x86_64-linux-gnu/libffi.so.8.1.0) ==993876== by 0x4DFF4BC: g_cclosure_marshal_generic_va (gclosure.c:1648) ==993876== by 0x4DFE948: _g_closure_invoke_va (gclosure.c:893) ==993876== by 0x4E17498: g_signal_emit_valist (gsignal.c:3406) ==993876== by 0x4E176BE: g_signal_emit (gsignal.c:3553) ==993876== by 0x51D9DB5: clutter_stage_view_notify_presented (clutter-stage-view.c:1226) ==993876== by 0x499ACD2: frame_cb (meta-stage-view.c:83) ==993876== by 0x499ACD2: frame_cb (meta-stage-view.c:43) ==993876== by 0x50CAA41: notify_event (cogl-onscreen.c:175) ==993876== by 0x50CAA41: _cogl_onscreen_notify_complete (cogl-onscreen.c:545) ==993876== by 0x4A877F5: meta_onscreen_native_notify_frame_complete (meta-onscreen-native.c:211) ==993876== Address 0x24b7be58 is 296 bytes inside a block of size 344 free'd ==993876== at 0x484217B: free (vg_replace_malloc.c:872) ==993876== by 0x4E1F88B: g_type_free_instance (gtype.c:2001) ==993876== by 0x49C793C: meta_context_dispose (meta-context.c:675) ==993876== by 0x4E037E0: g_object_unref (gobject.c:3636) ==993876== by 0x4E037E0: g_object_unref (gobject.c:3553) ==993876== by 0x10F145: glib_autoptr_clear_GObject (gobject-autocleanups.h:27) ==993876== by 0x10F145: glib_autoptr_clear_MetaContext (meta-context.h:32) ==993876== by 0x10F145: glib_autoptr_cleanup_MetaContext (meta-context.h:32) ==993876== by 0x10F145: main (mutter.c:126) ==993876== Block was alloc'd at ==993876== at 0x483F7B5: malloc (vg_replace_malloc.c:381) ==993876== by 0x4B21178: g_malloc (gmem.c:125) ==993876== by 0x4B395C0: g_slice_alloc (gslice.c:1072) ==993876== by 0x4B39C29: g_slice_alloc0 (gslice.c:1098) ==993876== by 0x4E1F544: g_type_create_instance (gtype.c:1901) ==993876== by 0x4E03DFC: g_object_new_internal (gobject.c:2011) ==993876== by 0x4E0538C: g_object_new_with_properties (gobject.c:2181) ==993876== by 0x4E05D40: g_object_new (gobject.c:1821) ==993876== by 0x4A3F864: meta_wayland_compositor_new (meta-wayland.c:585) ==993876== by 0x49C7FA7: meta_context_start (meta-context.c:412) ==993876== by 0x10F065: main (mutter.c:148) Fixes:2ce3a050f0
("wayland: Wire up presentation-time machinery") Fixes:8cff3b84f7
("wayland/compositor: Process frame callbacks on 'after-update'") Part-of: <https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/2527>
This commit is contained in:
parent
81b28a1d97
commit
39fd32c362
@ -445,6 +445,11 @@ static void
|
|||||||
meta_wayland_compositor_finalize (GObject *object)
|
meta_wayland_compositor_finalize (GObject *object)
|
||||||
{
|
{
|
||||||
MetaWaylandCompositor *compositor = META_WAYLAND_COMPOSITOR (object);
|
MetaWaylandCompositor *compositor = META_WAYLAND_COMPOSITOR (object);
|
||||||
|
MetaBackend *backend = meta_context_get_backend (compositor->context);
|
||||||
|
ClutterActor *stage = meta_backend_get_stage (backend);
|
||||||
|
|
||||||
|
g_signal_handlers_disconnect_by_func (stage, on_after_update, compositor);
|
||||||
|
g_signal_handlers_disconnect_by_func (stage, on_presented, compositor);
|
||||||
|
|
||||||
g_clear_object (&compositor->dma_buf_manager);
|
g_clear_object (&compositor->dma_buf_manager);
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user