isa/mutter
1
0
Fork 0
mirror of https://github.com/brl/mutter.git synced 2024-11-27 10:30:47 -05:00
Code Issues Packages Projects Releases Wiki Activity
87e1d72cd4
mutter/src/wayland
History
Max Zhao 87e1d72cd4 wayland: Fix null pointer deference in meta_get_first_subsurface_node. 
In fcfe90aa, multiple for loops were replaced with
META_WAYLAND_SURFACE_FOREACH_SUBSURFACE.

However, this substitution was not side-effect free, and introduced a
null-pointer dereference risk as shown in the example below:

Old:

    for (n = g_node_first_child (surface->subsurface_branch_node);
         n;
         n = g_node_next_sibling (n))
      {
        if (G_NODE_IS_LEAF (n))
          continue;

        meta_wayland_surface_update_outputs_recursively (n->data);
      }

n is checked for NULL during each loop in the condition expression.
Therefore, when `G_NODE_IS_LEAF (n)` is called, `n` is guaranteed not to
be NULL. Note also that g_node_first_child is also NULL-safe since it
performs a NULL check internally.

New:

    META_WAYLAND_SURFACE_FOREACH_SUBSURFACE (surface, subsurface_surface)
      meta_wayland_surface_update_outputs_recursively (subsurface_surface);
    =
    for (GNode *G_PASTE(__n, __LINE__) = meta_get_first_subsurface_node ((surface)); \
     (subsurface = (G_PASTE (__n, __LINE__) ? G_PASTE (__n, __LINE__)->data : NULL)); \
     G_PASTE (__n, __LINE__) = meta_get_next_subsurface_sibling (G_PASTE (__n, __LINE__)))

In the new logic `subsurface` is still checked for NULL in the loop
condition. However, in the new loop init:

    ...
    meta_get_first_subsurface_node (MetaWaylandSurface *surface)
    ...

    n = g_node_first_child (surface->subsurface_branch_node);
    if (!G_NODE_IS_LEAF (n))
    ...

The above implementation performs a `G_NODE_IS_LEAF` call, which
performs a dereference on `n`, without first checking for NULLs.

This NULL dereference triggers the following gnome-shell crash:

    Core was generated by `/usr/bin/gnome-shell'.
    Program terminated with signal SIGSEGV, Segmentation fault.
    #0  meta_get_first_subsurface_node (surface=0x55d589623450) at ../src/wayland/meta-wayland-surface.h:399
    #1  pointer_can_grab_surface (pointer=0x7f6dc4012700, surface=0x55d589623450) at ../src/wayland/meta-wayland-pointer.c:1306
    #2  0x00007f6ddb94d509 in meta_wayland_pointer_can_grab_surface (pointer=<optimized out>, surface=surface@entry=0x55d589623450, serial=serial@entry=996) at ../src/wayland/meta-wayland-pointer.c:1321
    #3  0x00007f6ddb950d05 in meta_wayland_seat_get_grab_info (seat=seat@entry=0x55d586c24f20, surface=0x55d589623450, serial=996, require_pressed=require_pressed@entry=0, x=x@entry=0x0, y=y@entry=0x0)
        at ../src/wayland/meta-wayland-seat.c:467

Part-of: <https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/2655>
2022-10-17 12:38:21 +00:00
..
protocol wayland: Remove Gtk primary selection protocol 2022-05-18 20:15:08 +00:00
meta-cursor-sprite-wayland.c cursor-sprite: Register all cursor sprites with the cursor tracker 2021-12-22 16:22:08 +00:00
meta-cursor-sprite-wayland.h cursor-sprite: Register all cursor sprites with the cursor tracker 2021-12-22 16:22:08 +00:00
meta-pointer-confinement-wayland.c wayland/pointer-confinement: Scale region with the geometry scale 2022-06-13 18:38:51 +00:00
meta-pointer-confinement-wayland.h backends: Delegate pointer confinements to an impl object 2020-11-27 15:14:33 +00:00
meta-pointer-lock-wayland.c pointer-constraints: Move min edge distance from backend to Wayland 2022-06-13 18:38:50 +00:00
meta-pointer-lock-wayland.h backends: Delegate pointer confinements to an impl object 2020-11-27 15:14:33 +00:00
meta-selection-source-wayland-private.h wayland: Move MetaWaylandDataSourcePrimary to its own file 2020-04-17 00:46:23 +02:00
meta-selection-source-wayland.c wayland: Simplify MetaSelectionSourceWayland 2019-10-11 23:04:01 +02:00
meta-wayland-activation.c Consistently pass timestamp as uint64 when creating MetaStartupSequence 2022-09-02 15:21:27 +00:00
meta-wayland-activation.h wayland: Clean up xdg-activation state 2022-07-25 14:55:59 +00:00
meta-wayland-actor-surface.c wayland/actor-surface: Consider clones in is_on_logical_monitor() 2022-07-11 18:18:56 +00:00
meta-wayland-actor-surface.h wayland/surface-role: Make geometry scale API return int 2022-06-13 18:38:50 +00:00
meta-wayland-buffer.c wayland: Ensure to remove destroy listener for MetaWaylandBuffer 2022-08-23 17:06:07 +00:00
meta-wayland-buffer.h wayland: Add single pixel buffer support 2022-08-02 12:19:42 +00:00
meta-wayland-client.c wayland/client: Restore the NOFILE limit 2022-02-07 16:11:47 +01:00
meta-wayland-cursor-surface.c wayland/cursor-surface: Pass buffer-transform to cursor sprite 2022-08-05 20:30:50 +02:00
meta-wayland-cursor-surface.h Clean up include macros mess 2018-11-06 17:17:36 +01:00
meta-wayland-data-device-primary.c wayland: Cancel selection data sources that are set while unfocused 2021-03-23 17:07:31 +00:00
meta-wayland-data-device-primary.h wayland: Add support for wayland-protocols primary selection protocol 2020-05-13 18:27:46 +02:00
meta-wayland-data-device.c wayland/data-device: Clean up coding style a bit 2022-09-19 14:46:01 +00:00
meta-wayland-data-device.h dnd: Notify about events during compositor grab from event filter 2022-03-02 15:12:23 +00:00
meta-wayland-data-offer-primary.c src: Stop using GSlice 2021-02-22 13:52:27 +01:00
meta-wayland-data-offer-primary.h wayland: Add support for wayland-protocols primary selection protocol 2020-05-13 18:27:46 +02:00
meta-wayland-data-offer.c wayland/data-offer: Fix indentation in data_offer_finish() 2021-10-14 21:08:42 +00:00
meta-wayland-data-offer.h wayland: Move primary data offers to their own file 2020-04-17 00:46:23 +02:00
meta-wayland-data-source-primary.c wayland: Add support for wayland-protocols primary selection protocol 2020-05-13 18:27:46 +02:00
meta-wayland-data-source-primary.h wayland: Add support for wayland-protocols primary selection protocol 2020-05-13 18:27:46 +02:00
meta-wayland-data-source.c wayland: Split MetaWaylandDataSource into a separate file 2020-04-17 00:46:21 +02:00
meta-wayland-data-source.h wayland: Split MetaWaylandDataSource into a separate file 2020-04-17 00:46:21 +02:00
meta-wayland-dma-buf.c wayland/dma-buf: Use meta_renderer_native_send_modifiers 2022-09-22 08:32:02 +00:00
meta-wayland-dma-buf.h wayland/dma-buf: Make manager object a GObject 2022-01-05 16:36:48 +00:00
meta-wayland-dnd-surface.c wayland/surface-role: Make geometry scale API return int 2022-06-13 18:38:50 +00:00
meta-wayland-dnd-surface.h wayland: Move DND surface role into its own file 2019-01-22 18:32:28 +01:00
meta-wayland-egl-stream.c wayland/buffer: Only query Wayland EGL buffer if display bound 2022-05-17 10:09:27 +00:00
meta-wayland-egl-stream.h wayland/egl-stream: Cache texture snippet 2020-01-10 16:01:21 +00:00
meta-wayland-gtk-shell.c Consistently pass timestamp as uint64 when creating MetaStartupSequence 2022-09-02 15:21:27 +00:00
meta-wayland-gtk-shell.h wayland: Add MetaWaylandGtkShell object 2018-11-27 15:34:13 +01:00
meta-wayland-inhibit-shortcuts-dialog.c cleanup: Use g_clear_signal_handler() where possible 2019-11-21 15:02:27 +00:00
meta-wayland-inhibit-shortcuts-dialog.h Clean up include macros mess 2018-11-06 17:17:36 +01:00
meta-wayland-inhibit-shortcuts.c cleanup: Use g_clear_signal_handler() where possible 2019-11-21 15:02:27 +00:00
meta-wayland-inhibit-shortcuts.h Clean up include macros mess 2018-11-06 17:17:36 +01:00
meta-wayland-input-device.c wayland/input-device: Add next serial helper 2016-10-11 22:51:50 +08:00
meta-wayland-input-device.h wayland/input-device: Add next serial helper 2016-10-11 22:51:50 +08:00
meta-wayland-keyboard.c wayland/keyboard: Remove unnused define 2022-02-22 11:05:36 +01:00
meta-wayland-keyboard.h wayland: Check keyboard serials for activation 2021-12-13 14:49:14 +00:00
meta-wayland-outputs.c monitor: Allow vendor/product/serial to return NULL 2022-09-01 14:31:40 +00:00
meta-wayland-outputs.h wayland: Clean up output state 2022-07-25 14:55:59 +00:00
meta-wayland-pointer-constraints.c wayland: Ensure pointer constraint region consistency 2021-01-12 12:32:24 +01:00
meta-wayland-pointer-constraints.h Clean up include macros mess 2018-11-06 17:17:36 +01:00
meta-wayland-pointer-gesture-hold.c wayland: Add pointer gesture cancellation internal API 2022-09-29 12:36:43 +00:00
meta-wayland-pointer-gesture-hold.h wayland: Add pointer gesture cancellation internal API 2022-09-29 12:36:43 +00:00
meta-wayland-pointer-gesture-pinch.c wayland: Add pointer gesture cancellation internal API 2022-09-29 12:36:43 +00:00
meta-wayland-pointer-gesture-pinch.h wayland: Add pointer gesture cancellation internal API 2022-09-29 12:36:43 +00:00
meta-wayland-pointer-gesture-swipe.c wayland: Add pointer gesture cancellation internal API 2022-09-29 12:36:43 +00:00
meta-wayland-pointer-gesture-swipe.h wayland: Add pointer gesture cancellation internal API 2022-09-29 12:36:43 +00:00
meta-wayland-pointer-gestures.c wayland/pointer-gestures: Implement hold gesture 2021-12-02 20:48:24 +00:00
meta-wayland-pointer-gestures.h Clean up include macros mess 2018-11-06 17:17:36 +01:00
meta-wayland-pointer.c wayland: Cancel active pointer gestures with wl_pointer.leave 2022-09-29 12:36:43 +00:00
meta-wayland-pointer.h wayland: Keep track of active pointer gestures 2022-09-29 12:36:43 +00:00
meta-wayland-popup.c wayland: Make implicit grabs during popups be owner_events=TRUE 2021-06-09 19:00:15 +00:00
meta-wayland-popup.h Clean up include macros mess 2018-11-06 17:17:36 +01:00
meta-wayland-presentation-time-private.h wayland: Clean up presentation-time state 2022-07-25 14:55:59 +00:00
meta-wayland-presentation-time.c wayland: Clean up presentation-time state 2022-07-25 14:55:59 +00:00
meta-wayland-private.h xwayland: Only warn on X IO errors when X11 is mandatory 2022-05-31 12:00:55 +00:00
meta-wayland-region.c src: Stop using GSlice 2021-02-22 13:52:27 +01:00
meta-wayland-region.h Clean up include macros mess 2018-11-06 17:17:36 +01:00
meta-wayland-seat.c wayland: Remove Gtk primary selection protocol 2022-05-18 20:15:08 +00:00
meta-wayland-seat.h wayland: Remove Gtk primary selection protocol 2022-05-18 20:15:08 +00:00
meta-wayland-shell-surface.c window/wayland: Update buffer and frame rect in the same place 2022-10-10 18:16:51 +00:00
meta-wayland-shell-surface.h wayland: Rework asynchronous window configuration 2019-12-09 10:09:40 +01:00
meta-wayland-single-pixel-buffer.c wayland: Add single pixel buffer support 2022-08-02 12:19:42 +00:00
meta-wayland-single-pixel-buffer.h wayland: Add single pixel buffer support 2022-08-02 12:19:42 +00:00
meta-wayland-subsurface.c wayland: Ensure to unlink destroy listeners for subsurfaces 2022-08-23 17:06:07 +00:00
meta-wayland-subsurface.h wayland/subsurface: Avoid placement ops for detached subsurfaces 2021-04-19 11:55:49 +00:00
meta-wayland-surface.c window/wayland: Update buffer and frame rect in the same place 2022-10-10 18:16:51 +00:00
meta-wayland-surface.h wayland: Fix null pointer deference in meta_get_first_subsurface_node. 2022-10-17 12:38:21 +00:00
meta-wayland-tablet-cursor-surface.c Clean up include macros mess 2018-11-06 17:17:36 +01:00
meta-wayland-tablet-cursor-surface.h Clean up include macros mess 2018-11-06 17:17:36 +01:00
meta-wayland-tablet-manager.c wayland: Clean up tablet manager state 2022-07-25 14:55:59 +00:00
meta-wayland-tablet-manager.h wayland: Clean up tablet manager state 2022-07-25 14:55:59 +00:00
meta-wayland-tablet-pad-group.c src: Stop using GSlice 2021-02-22 13:52:27 +01:00
meta-wayland-tablet-pad-group.h Clean up include macros mess 2018-11-06 17:17:36 +01:00
meta-wayland-tablet-pad-ring.c src: Stop using GSlice 2021-02-22 13:52:27 +01:00
meta-wayland-tablet-pad-ring.h Clean up include macros mess 2018-11-06 17:17:36 +01:00
meta-wayland-tablet-pad-strip.c src: Stop using GSlice 2021-02-22 13:52:27 +01:00
meta-wayland-tablet-pad-strip.h Clean up include macros mess 2018-11-06 17:17:36 +01:00
meta-wayland-tablet-pad.c wayland/tablet-pad: Fix fallthrough warning 2022-03-04 23:12:24 +00:00
meta-wayland-tablet-pad.h Clean up include macros mess 2018-11-06 17:17:36 +01:00
meta-wayland-tablet-seat.c wayland: Fix thinko in paired tablet loop filter 2022-08-13 00:39:54 +02:00
meta-wayland-tablet-seat.h wayland: Replace ClutterDeviceManager usage in favor of ClutterSeat 2020-01-30 18:02:34 +01:00
meta-wayland-tablet-tool.c wayland: Remove unnecessary COMPOSITOR_GRAB checks 2022-05-28 10:25:29 +00:00
meta-wayland-tablet-tool.h backends: Replace MetaCursorSprite::prepare-at with in-place function 2021-12-07 20:04:08 +00:00
meta-wayland-tablet.c src: Stop using GSlice 2021-02-22 13:52:27 +01:00
meta-wayland-tablet.h Clean up include macros mess 2018-11-06 17:17:36 +01:00
meta-wayland-text-input.c wayland: Ignore text_input requests from unfocused clients 2022-09-02 09:19:42 +00:00
meta-wayland-text-input.h Clean up include macros mess 2018-11-06 17:17:36 +01:00
meta-wayland-touch.c wayland: Move away from clutter_event_get_source() 2022-03-04 10:58:28 +00:00
meta-wayland-touch.h wayland: Simplify wl_touch.frame handling 2020-10-23 18:48:18 +00:00
meta-wayland-types.h wayland: Add getter for XWayland manager object 2022-05-31 12:00:54 +00:00
meta-wayland-versions.h wayland: Add single pixel buffer support 2022-08-02 12:19:42 +00:00
meta-wayland-viewporter.c wayland/surface: Rename MetaWaylandPendingState to MetaWaylandSurfaceState 2019-12-09 10:09:40 +01:00
meta-wayland-viewporter.h wayland/surface: Add support for wp_viewporter 2019-02-06 12:24:03 +00:00
meta-wayland-window-configuration.c window/wayland: Calculate position also for acked fullscreen configs 2022-10-10 18:16:51 +00:00
meta-wayland-window-configuration.h window/wayland: Calculate position also for acked fullscreen configs 2022-10-10 18:16:51 +00:00
meta-wayland-xdg-foreign.c wayland: Drop xdg-shell v6 protocol 2022-05-18 19:29:08 +00:00
meta-wayland-xdg-foreign.h wayland: Add support for the xdg-foreign protocol 2016-08-22 21:03:41 +08:00
meta-wayland-xdg-shell.c window/wayland: Update buffer and frame rect in the same place 2022-10-10 18:16:51 +00:00
meta-wayland-xdg-shell.h wayland: Add support for stable xdg-shell 2018-02-23 18:57:53 +08:00
meta-wayland.c wayland: Add single pixel buffer support 2022-08-02 12:19:42 +00:00
meta-wayland.h wayland/compositor: Add MetaContext getter 2022-08-02 10:04:52 +00:00
meta-window-wayland.c window-actor/wayland: Draw black background for fullscreen windows 2022-10-10 18:16:51 +00:00
meta-window-wayland.h tests/wayland-fullscreen: Also test toggling fullscreen 2022-10-10 18:16:51 +00:00
meta-window-xwayland.c backends: Shuffle ClutterBackendX11 code into MetaClutterBackendX11 2021-07-16 19:08:06 +02:00
meta-window-xwayland.h xwayland: Add MetaWindowXwayland 2017-12-18 13:15:09 +01:00
meta-xwayland-dnd-private.h wayland: Reduce MetaXWaylandSelection to just DnD 2019-05-02 16:31:45 +02:00
meta-xwayland-dnd.c core: Move remaining default focus window handling to workspace 2022-09-20 17:14:53 +00:00
meta-xwayland-grab-keyboard.c xwayland-grab-keyboard: Switch to g_pattern_spec_match_string() 2021-08-12 13:11:31 +00:00
meta-xwayland-grab-keyboard.h Clean up include macros mess 2018-11-06 17:17:36 +01:00
meta-xwayland-private.h xwayland: Init/shutdown DND using MetaX11Display 2021-10-26 16:55:12 +02:00
meta-xwayland-surface.c wayland/surface-role: Make geometry scale API return int 2022-06-13 18:38:50 +00:00
meta-xwayland-surface.h xwayland: Move out surface role related logic 2020-02-19 22:34:28 +00:00
meta-xwayland.c xwayland: Move "code like" declarations to the bottom 2022-09-19 14:46:00 +00:00
meta-xwayland.h xwayland: Add API to send signal to the Xwayland process 2022-05-31 12:00:55 +00:00