Callers may check errno when wl_map_insert_* functions return an
error (since [1]). Make sure it's always set to a meaningful value
when returning an error, otherwise callers might end up checking an
errno coming from a completely different function.
[1]: https://gitlab.freedesktop.org/wayland/wayland/-/merge_requests/205
Signed-off-by: Simon Ser <contact@emersion.fr>
Fixes: b19488c715 ("util: Limit size of wl_map")
Ensure dynamically created and destroyed globals which are filtered
don't trigger any global/global_remove event.
Signed-off-by: Simon Ser <contact@emersion.fr>
See the previous discussion at [1]: libwayland incorrectly skips
the visibility checks when sending global/global_remove events.
The check is only performed when a client performs a
wl_display.get_registry request.
[1]: https://gitlab.freedesktop.org/wayland/wayland/-/merge_requests/148
Signed-off-by: Simon Ser <contact@emersion.fr>
If os_resize_anonymous_file() called from os_create_anonymous_file()
fails with EINTR (Interrupted system call), then the buffer allocation
fails.
To avoid that, retry posix_fallocate() on EINTR.
However, in the presence of an alarm, the interrupt may trigger
repeatedly and prevent a large posix_fallocate() to ever complete
successfully, so we need to first block SIGALRM to prevent this.
Signed-off-by: Olivier Fourdan <ofourdan@redhat.com>
Assignments to a wl_proxy's queue member are currently not synchronized
with potential reads of that member during event reading/queuing.
Assuming atomic pointer value reads and writes (which is a reasonable
assumption), and using the documented best practices to handle event
queue changes, a queue change should still be safe to perform.
That being said, such implicitly atomic accesses are difficult to assess
for correctness, especially since they do not introduce memory barriers.
To make the code more obviously correct, and handle any potential races
we are not currently aware of, this commit updates wl_proxy_set_queue()
to set the proxy's event queue under the display lock (all other
proxy queue accesses are already done under the display lock).
Signed-off-by: Alexandros Frantzis <alexandros.frantzis@collabora.com>
Suggested-by: Pekka Paalanen <pekka.paalanen@collabora.com>
Document the proper way to deal with event queue changes, in order to
guarantee proper handing of all events which were queued before the
queue change takes effect, especially in multi-threaded setups.
Make a special note about queue changes of newly created proxies,
which require the use of a proxy wrapper for thread safety.
Signed-off-by: Alexandros Frantzis <alexandros.frantzis@collabora.com>
Suggested-by: Pekka Paalanen <pekka.paalanen@collabora.com>
The [spec][1] reads:
> All paths set in these environment variables must be absolute. If an
> implementation encounters a relative path in any of these variables it should
> consider the path invalid and ignore it.
and
> If $XDG_DATA_HOME is either not set or empty, a default equal to
> $HOME/.local/share should be used.
Testing that the path is absolute also entails that is is non-empty.
[1]: https://specifications.freedesktop.org/basedir-spec/basedir-spec-latest.html
Signed-off-by: Antonin Décimo <antonin.decimo@gmail.com>
- Use early returns
- De-duplicate XDG_DATA_HOME code-paths
- Don't crash on allocation failure
- Use size_t when appropriate
- Fix indentation
Signed-off-by: Simon Ser <contact@emersion.fr>
We don't ever need to set the name multiple times for a single
struct xcursor_images, so we can just set the field directly. Also
replace the hand-rolled logic with strdup.
Signed-off-by: Simon Ser <contact@emersion.fr>
This allows projects to use Wayland as a Meson subproject and get the
wayland-scanner executable when doing find_program('wayland-scanner').
Signed-off-by: Xavier Claessens <xavier.claessens@collabora.com>
Improves readability since there's no need for so many parentheses
anymore, adds type safety. The compiler will inline the function
automatically as necessary.
Signed-off-by: Simon Ser <contact@emersion.fr>
Add a helper to check the advertised version of a global. This can
be handy when checking whether a compositor feature is supported,
instead of having to store the version passed to wl_global_create
separately.
Signed-off-by: Simon Ser <contact@emersion.fr>
Since server IDs are basically indistinguishable from really big client
IDs at many points in the source, it's theoretically possible to overflow
a map and either overflow server IDs into the client ID space, or grow
client IDs into the server ID space. This would currently take a massive
amount of RAM, but the definition of massive changes yearly.
Prevent this by placing a ridiculous but arbitrary upper bound on the
number of items we can put in a map: 0xF00000, somewhere over 15 million.
This should satisfy pathological clients without restriction, but stays
well clear of the 0xFF000000 transition point between server and client
IDs. It will still take an improbable amount of RAM to hit this, and a
client could still exhaust all RAM in this way, but our goal is to prevent
overflow and undefined behaviour.
Fixes#224
Signed-off-by: Derek Foreman <derek.foreman@collabora.com>
Without this, DocBook picks the output encoding and on some setups
we end up with ISO-8859-1. Tested by booting a fresh Alpine VM,
verifying that the generated HTML is using the incorrect charset,
applying the patch, and verifying that the generated HTML is fixed.
Signed-off-by: Simon Ser <contact@emersion.fr>
Fail when tests/documentation is enabled without libraries. Fail
when neither scanner nor libraries is enabled, because we don't
build anything in that case.
Signed-off-by: Simon Ser <contact@emersion.fr>
