wayland/activation: Don't grab if no serial or surface was provided

A client can create a token without any seat, serial, or surface. In
this case, we'd still try to grab, which would run into some unforseen
code paths, potentially resulting in the following crash:

  0) meta_wayland_tablet_seat_device_added (tablet_seat=0x55dff4271c90,
                                            device=0x7f87b80655b0) at
       ../src/wayland/meta-wayland-tablet-seat.c:200
  1) meta_wayland_tablet_seat_new (seat=0x0, manager=0x55dff3ec7b40) at
       ../src/wayland/meta-wayland-tablet-seat.c:283
  2) meta_wayland_tablet_manager_ensure_seat (manager=manager@entry=0x55dff3ec7b40,
                                              seat=seat@entry=0x0) at
       ../src/wayland/meta-wayland-tablet-manager.c:239
  3) meta_wayland_tablet_manager_ensure_seat (seat=0x0, manager=0x55dff3ec7b40) at
       ../src/wayland/meta-wayland-touch.c:595
  4) meta_wayland_seat_get_grab_info (seat=0x0, surface=0x55dff43ff5b0,
                                      serial=0, require_pressed=0, x=0x0, y=0x0) at
       ../src/wayland/meta-wayland-seat.c:479
  5) activation_activate (...) at
       ../src/wayland/meta-wayland-activation.c:261

Fix this by not trying to grab if not enough parameters was passed when
creating the token. Also add a test case that reproduces the above
crash.

Part-of: <https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/2081>
This commit is contained in:
Jonas Ådahl 2021-11-08 11:13:06 +01:00
parent d420a39a02
commit 7f720a40b4
4 changed files with 357 additions and 1 deletions

View File

@ -51,6 +51,7 @@ wayland_test_clients = [
'invalid-subsurfaces', 'invalid-subsurfaces',
'invalid-xdg-shell-actions', 'invalid-xdg-shell-actions',
'xdg-apply-limits', 'xdg-apply-limits',
'xdg-activation',
] ]
foreach test : wayland_test_clients foreach test : wayland_test_clients

View File

@ -0,0 +1,340 @@
/*
* Copyright (C) 2021 Red Hat, Inc.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License as
* published by the Free Software Foundation; either version 2 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, see <http://www.gnu.org/licenses/>.
*/
#include "config.h"
#include <glib.h>
#include <sys/mman.h>
#include <unistd.h>
#include <wayland-client.h>
#include "wayland-test-client-utils.h"
#include "test-driver-client-protocol.h"
#include "xdg-shell-client-protocol.h"
#include "xdg-activation-v1-client-protocol.h"
static struct wl_display *display;
static struct wl_registry *registry;
static struct wl_compositor *compositor;
static struct xdg_wm_base *xdg_wm_base;
static struct wl_seat *seat;
static struct wl_shm *shm;
static struct xdg_activation_v1 *activation;
static struct wl_surface *surface;
static struct xdg_surface *xdg_surface;
static struct xdg_toplevel *xdg_toplevel;
static gboolean running;
static void
init_surface (const char *token)
{
xdg_toplevel_set_title (xdg_toplevel, "startup notification client");
xdg_activation_v1_activate (activation, token, surface);
wl_surface_commit (surface);
}
static void
handle_buffer_release (void *data,
struct wl_buffer *buffer)
{
wl_buffer_destroy (buffer);
}
static const struct wl_buffer_listener buffer_listener = {
handle_buffer_release
};
static gboolean
create_shm_buffer (int width,
int height,
struct wl_buffer **out_buffer,
void **out_data,
int *out_size)
{
struct wl_shm_pool *pool;
static struct wl_buffer *buffer;
int fd, size, stride;
int bytes_per_pixel;
void *data;
bytes_per_pixel = 4;
stride = width * bytes_per_pixel;
size = stride * height;
fd = create_anonymous_file (size);
if (fd < 0)
{
fprintf (stderr, "Creating a buffer file for %d B failed: %m\n",
size);
return FALSE;
}
data = mmap (NULL, size, PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0);
if (data == MAP_FAILED)
{
fprintf (stderr, "mmap failed: %m\n");
close (fd);
return FALSE;
}
pool = wl_shm_create_pool (shm, fd, size);
buffer = wl_shm_pool_create_buffer (pool, 0,
width, height,
stride,
WL_SHM_FORMAT_ARGB8888);
wl_buffer_add_listener (buffer, &buffer_listener, buffer);
wl_shm_pool_destroy (pool);
close (fd);
*out_buffer = buffer;
*out_data = data;
*out_size = size;
return TRUE;
}
static void
fill (void *buffer_data,
int width,
int height,
uint32_t color)
{
uint32_t *pixels = buffer_data;
int x, y;
for (y = 0; y < height; y++)
{
for (x = 0; x < width; x++)
pixels[y * width + x] = color;
}
}
static void
draw (struct wl_surface *surface,
int width,
int height,
uint32_t color)
{
struct wl_buffer *buffer;
void *buffer_data;
int size;
if (!create_shm_buffer (width, height,
&buffer, &buffer_data, &size))
g_error ("Failed to create shm buffer");
fill (buffer_data, width, height, color);
wl_surface_attach (surface, buffer, 0, 0);
}
static void
draw_main (void)
{
draw (surface, 700, 500, 0xff00ff00);
}
static void
handle_xdg_toplevel_configure (void *data,
struct xdg_toplevel *xdg_toplevel,
int32_t width,
int32_t height,
struct wl_array *state)
{
}
static void
handle_xdg_toplevel_close (void *data,
struct xdg_toplevel *xdg_toplevel)
{
g_assert_not_reached ();
}
static const struct xdg_toplevel_listener xdg_toplevel_listener = {
handle_xdg_toplevel_configure,
handle_xdg_toplevel_close,
};
static void
handle_xdg_surface_configure (void *data,
struct xdg_surface *xdg_surface,
uint32_t serial)
{
draw_main ();
wl_surface_commit (surface);
g_assert_cmpint (wl_display_roundtrip (display), !=, -1);
running = FALSE;
}
static const struct xdg_surface_listener xdg_surface_listener = {
handle_xdg_surface_configure,
};
static void
handle_xdg_wm_base_ping (void *data,
struct xdg_wm_base *xdg_wm_base,
uint32_t serial)
{
xdg_wm_base_pong (xdg_wm_base, serial);
}
static const struct xdg_wm_base_listener xdg_wm_base_listener = {
handle_xdg_wm_base_ping,
};
static void
handle_registry_global (void *data,
struct wl_registry *registry,
uint32_t id,
const char *interface,
uint32_t version)
{
if (strcmp (interface, "wl_compositor") == 0)
{
compositor = wl_registry_bind (registry, id, &wl_compositor_interface, 1);
}
else if (strcmp (interface, "xdg_wm_base") == 0)
{
xdg_wm_base = wl_registry_bind (registry, id,
&xdg_wm_base_interface, 1);
xdg_wm_base_add_listener (xdg_wm_base, &xdg_wm_base_listener, NULL);
}
else if (strcmp (interface, "wl_seat") == 0)
{
seat = wl_registry_bind (registry,
id, &wl_seat_interface, 1);
}
else if (strcmp (interface, "wl_shm") == 0)
{
shm = wl_registry_bind (registry,
id, &wl_shm_interface, 1);
}
else if (strcmp (interface, "xdg_activation_v1") == 0)
{
activation = wl_registry_bind (registry,
id, &xdg_activation_v1_interface, 1);
}
}
static void
handle_registry_global_remove (void *data,
struct wl_registry *registry,
uint32_t name)
{
}
static const struct wl_registry_listener registry_listener = {
handle_registry_global,
handle_registry_global_remove
};
static void
token_done (gpointer user_data,
struct xdg_activation_token_v1 *provider,
const char *token)
{
char **token_ptr = user_data;
*token_ptr = g_strdup (token);
}
static const struct xdg_activation_token_v1_listener token_listener = {
token_done,
};
static char *
get_token (void)
{
struct xdg_activation_token_v1 *token;
char *token_string = NULL;
token = xdg_activation_v1_get_activation_token (activation);
xdg_activation_token_v1_add_listener (token,
&token_listener,
&token_string);
xdg_activation_token_v1_commit (token);
while (!token_string)
{
if (wl_display_roundtrip (display) == -1)
break;
}
xdg_activation_token_v1_destroy (token);
return token_string;
}
static void
test_startup_notifications (void)
{
g_autofree char *token = NULL;
display = wl_display_connect (NULL);
registry = wl_display_get_registry (display);
wl_registry_add_listener (registry, &registry_listener, NULL);
wl_display_roundtrip (display);
g_assert_nonnull (shm);
g_assert_nonnull (seat);
g_assert_nonnull (xdg_wm_base);
g_assert_nonnull (activation);
wl_display_roundtrip (display);
token = get_token ();
surface = wl_compositor_create_surface (compositor);
xdg_surface = xdg_wm_base_get_xdg_surface (xdg_wm_base, surface);
xdg_surface_add_listener (xdg_surface, &xdg_surface_listener, NULL);
xdg_toplevel = xdg_surface_get_toplevel (xdg_surface);
xdg_toplevel_add_listener (xdg_toplevel, &xdg_toplevel_listener, NULL);
init_surface (token);
running = TRUE;
while (running)
{
if (wl_display_dispatch (display) == -1)
return;
}
wl_display_roundtrip (display);
g_clear_pointer (&xdg_toplevel, xdg_toplevel_destroy);
g_clear_pointer (&xdg_surface, xdg_surface_destroy);
g_clear_pointer (&xdg_wm_base, xdg_wm_base_destroy);
g_clear_pointer (&activation, xdg_activation_v1_destroy);
g_clear_pointer (&compositor, wl_compositor_destroy);
g_clear_pointer (&seat, wl_seat_destroy);
g_clear_pointer (&shm, wl_shm_destroy);
g_clear_pointer (&registry, wl_registry_destroy);
g_clear_pointer (&display, wl_display_disconnect);
}
int
main (int argc,
char **argv)
{
test_startup_notifications ();
return EXIT_SUCCESS;
}

View File

@ -247,6 +247,17 @@ toplevel_apply_limits (void)
g_test_assert_expected_messages (); g_test_assert_expected_messages ();
} }
static void
toplevel_activation (void)
{
ApplyLimitData data = {};
data.loop = g_main_loop_new (NULL, FALSE);
data.wayland_test_client = wayland_test_client_new ("xdg-activation");
wayland_test_client_finish (data.wayland_test_client);
g_test_assert_expected_messages ();
}
static void static void
pre_run_wayland_tests (void) pre_run_wayland_tests (void)
{ {
@ -271,6 +282,8 @@ init_wayland_tests (void)
subsurface_invalid_xdg_shell_actions); subsurface_invalid_xdg_shell_actions);
g_test_add_func ("/wayland/toplevel/apply-limits", g_test_add_func ("/wayland/toplevel/apply-limits",
toplevel_apply_limits); toplevel_apply_limits);
g_test_add_func ("/wayland/toplevel/activation",
toplevel_activation);
} }
int int

View File

@ -278,7 +278,9 @@ activation_activate (struct wl_client *client,
if (!token) if (!token)
return; return;
if (meta_wayland_seat_get_grab_info (token->seat, if (token->seat &&
token->surface &&
meta_wayland_seat_get_grab_info (token->seat,
token->surface, token->surface,
token->serial, token->serial,
FALSE, NULL, NULL)) FALSE, NULL, NULL))