wayland: Disconnect signals when Wayland compositor object is finalized

Fixes potential use-after-free during mutter shutdown, e.g.:

==993876== Invalid read of size 8
==993876==    at 0x4A4FCA3: meta_wayland_presentation_time_ensure_feedbacks (meta-wayland-presentation-time.c:373)
==993876==    by 0x4A3F07F: on_presented (meta-wayland.c:282)
==993876==    by 0x661B7E9: ??? (in /usr/lib/x86_64-linux-gnu/libffi.so.8.1.0)
==993876==    by 0x661A922: ??? (in /usr/lib/x86_64-linux-gnu/libffi.so.8.1.0)
==993876==    by 0x4DFF4BC: g_cclosure_marshal_generic_va (gclosure.c:1648)
==993876==    by 0x4DFE948: _g_closure_invoke_va (gclosure.c:893)
==993876==    by 0x4E17498: g_signal_emit_valist (gsignal.c:3406)
==993876==    by 0x4E176BE: g_signal_emit (gsignal.c:3553)
==993876==    by 0x51D9DB5: clutter_stage_view_notify_presented (clutter-stage-view.c:1226)
==993876==    by 0x499ACD2: frame_cb (meta-stage-view.c:83)
==993876==    by 0x499ACD2: frame_cb (meta-stage-view.c:43)
==993876==    by 0x50CAA41: notify_event (cogl-onscreen.c:175)
==993876==    by 0x50CAA41: _cogl_onscreen_notify_complete (cogl-onscreen.c:545)
==993876==    by 0x4A877F5: meta_onscreen_native_notify_frame_complete (meta-onscreen-native.c:211)
==993876==  Address 0x24b7be58 is 296 bytes inside a block of size 344 free'd
==993876==    at 0x484217B: free (vg_replace_malloc.c:872)
==993876==    by 0x4E1F88B: g_type_free_instance (gtype.c:2001)
==993876==    by 0x49C793C: meta_context_dispose (meta-context.c:675)
==993876==    by 0x4E037E0: g_object_unref (gobject.c:3636)
==993876==    by 0x4E037E0: g_object_unref (gobject.c:3553)
==993876==    by 0x10F145: glib_autoptr_clear_GObject (gobject-autocleanups.h:27)
==993876==    by 0x10F145: glib_autoptr_clear_MetaContext (meta-context.h:32)
==993876==    by 0x10F145: glib_autoptr_cleanup_MetaContext (meta-context.h:32)
==993876==    by 0x10F145: main (mutter.c:126)
==993876==  Block was alloc'd at
==993876==    at 0x483F7B5: malloc (vg_replace_malloc.c:381)
==993876==    by 0x4B21178: g_malloc (gmem.c:125)
==993876==    by 0x4B395C0: g_slice_alloc (gslice.c:1072)
==993876==    by 0x4B39C29: g_slice_alloc0 (gslice.c:1098)
==993876==    by 0x4E1F544: g_type_create_instance (gtype.c:1901)
==993876==    by 0x4E03DFC: g_object_new_internal (gobject.c:2011)
==993876==    by 0x4E0538C: g_object_new_with_properties (gobject.c:2181)
==993876==    by 0x4E05D40: g_object_new (gobject.c:1821)
==993876==    by 0x4A3F864: meta_wayland_compositor_new (meta-wayland.c:585)
==993876==    by 0x49C7FA7: meta_context_start (meta-context.c:412)
==993876==    by 0x10F065: main (mutter.c:148)

Fixes: 2ce3a050f0 ("wayland: Wire up presentation-time machinery")
Fixes: 8cff3b84f7 ("wayland/compositor: Process frame callbacks on 'after-update'")
Part-of: <https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/2527>
This commit is contained in:
Michel Dänzer 2022-07-23 16:37:15 +02:00 committed by Marge Bot
parent 81b28a1d97
commit 39fd32c362

View File

@ -445,6 +445,11 @@ static void
meta_wayland_compositor_finalize (GObject *object)
{
MetaWaylandCompositor *compositor = META_WAYLAND_COMPOSITOR (object);
MetaBackend *backend = meta_context_get_backend (compositor->context);
ClutterActor *stage = meta_backend_get_stage (backend);
g_signal_handlers_disconnect_by_func (stage, on_after_update, compositor);
g_signal_handlers_disconnect_by_func (stage, on_presented, compositor);
g_clear_object (&compositor->dma_buf_manager);