isa/mutter
1
0
Fork 0
mirror of https://github.com/brl/mutter.git synced 2024-11-09 23:46:33 -05:00
Code Issues Packages Projects Releases Wiki Activity

backend: Keep a refcount on backend's current_device

Browse Source 
Otherwise we might run into a use-after-free and crash on (virtual)
device removal:

 Invalid read of size 8
   at clutter_input_device_get_device_type (clutter-input-device.c:811)
   by update_last_device (meta-backend.c:1282)
   by g_main_dispatch (gmain.c:3325)
   by g_main_context_dispatch (gmain.c:4016)
   by g_main_context_iterate.constprop.0 (gmain.c:4092)
   by g_main_loop_run (gmain.c:4290)
   by meta_run_main_loop (main.c:708)
   by meta_run (main.c:723)
   by main (main.c:550)
 Address is 32 bytes inside a block of size 504 free'd
   at free (vg_replace_malloc.c:538)
   by g_type_free_instance (gtype.c:1939)
   by clutter_event_free (clutter-event.c:1420)
   by _clutter_stage_process_queued_events (clutter-stage.c:830)
   by handle_frame_clock_before_frame (clutter-stage-view.c:1064)
   by clutter_frame_clock_dispatch (clutter-frame-clock.c:405)
   by frame_clock_source_dispatch (clutter-frame-clock.c:456)
   by g_main_dispatch (gmain.c:3325)
   by g_main_context_dispatch (gmain.c:4016)
   by g_main_context_iterate.constprop.0 (gmain.c:4092)
   by g_main_loop_run (gmain.c:4290)
   by meta_run_main_loop (main.c:708)
   by meta_run (main.c:723)
 Block was alloc'd at
   at malloc (vg_replace_malloc.c:307)
   by g_malloc (gmem.c:106)
   by g_slice_alloc (gslice.c:1025)
   by g_slice_alloc0 (gslice.c:1051)
   by g_type_create_instance (gtype.c:1839)
   by g_object_new_internal (gobject.c:1939)
   by g_object_new_valist (gobject.c:2264)
   by g_object_new (gobject.c:1782)
   by meta_input_device_native_new_virtual (meta-input-device-native.c:1365)
   by meta_virtual_input_device_native_constructed (meta-virtual-input-device-native.c:705)
   by g_object_new_internal (gobject.c:1979)
   by g_object_new_valist (gobject.c:2264)

Suggested-by: Carlos Garnacho <carlosg@gnome.org>
https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/1529
This commit is contained in:
Olivier Fourdan 2020-10-26 18:34:05 +01:00 committed by Carlos Garnacho
parent b1700c3f7b
commit 8711d8d591
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/backends/meta-backend.c
View File

@ -199,6 +199,7 @@ meta_backend_finalize (GObject *object)
g_list_free_full (priv->gpus, g_object_unref); g_list_free_full (priv->gpus, g_object_unref);
g_clear_object (&priv->current_device);
g_clear_object (&priv->monitor_manager); g_clear_object (&priv->monitor_manager);
g_clear_object (&priv->orientation_manager); g_clear_object (&priv->orientation_manager);
g_clear_object (&priv->input_settings); g_clear_object (&priv->input_settings);
@ -412,7 +413,7 @@ on_device_removed (ClutterSeat *seat,
gboolean has_touchscreen, has_pointing_device; gboolean has_touchscreen, has_pointing_device;
ClutterInputDeviceType device_type; ClutterInputDeviceType device_type;
priv->current_device = NULL; g_clear_object (&priv->current_device);
g_clear_handle_id (&priv->device_update_idle_id, g_source_remove); g_clear_handle_id (&priv->device_update_idle_id, g_source_remove);
device_type = clutter_input_device_get_device_type (device); device_type = clutter_input_device_get_device_type (device);
@ -1297,7 +1298,7 @@ meta_backend_update_last_device (MetaBackend *backend,
clutter_input_device_get_device_mode (device) == CLUTTER_INPUT_MODE_LOGICAL) clutter_input_device_get_device_mode (device) == CLUTTER_INPUT_MODE_LOGICAL)
return; return;
priv->current_device = device; g_set_object (&priv->current_device, device);
if (priv->device_update_idle_id == 0) if (priv->device_update_idle_id == 0)
{ {