Commit Graph

2338 Commits

Author SHA1 Message Date
Alex Richardson
c0e8990e65 gitlab-ci: Fix copy-paste error in a comment
Signed-off-by: Alex Richardson <Alexander.Richardson@cl.cam.ac.uk>
2021-09-10 11:35:54 +00:00
Alex Richardson
3288a076eb gitlab-ci: remove duplicated lines in ci-templates include
The file key can have multiple values, so we don't need another "project".

Signed-off-by: Alex Richardson <Alexander.Richardson@cl.cam.ac.uk>
2021-09-10 11:35:54 +00:00
Alex Richardson
c260d57750 gitlab-ci: update ci-templates to the latest commit
This is in preparation for adding FreeBSD CI support.

Signed-off-by: Alex Richardson <Alexander.Richardson@cl.cam.ac.uk>
2021-09-10 11:35:54 +00:00
Alex Richardson
c65f852fc8 Use epoll-shim to emulate epoll(7) on FreeBSD
FreeBSD does not provide epoll(7) and instead requires an external library,
epoll-shim, that implements epoll() using kqueue(2)

Co-authored-by: Jan Beich <jbeich@FreeBSD.org>
Signed-off-by: Alex Richardson <Alexander.Richardson@cl.cam.ac.uk>
2021-09-10 11:35:54 +00:00
Alex Richardson
8ec25be6db os-wrappers-test: Handle fcntl() being declared as a macro
On some systems (e.g. FreeBSD with the latest epoll-shim), fcntl is
declared as a macro instead of a function. Wrap the definition here in
parantheses to avoid function-macro expansion.

Signed-off-by: Alex Richardson <Alexander.Richardson@cl.cam.ac.uk>
2021-09-10 11:35:54 +00:00
Derek Foreman
bf98c1a8f2 tests: Destroy custom global object
Destroy our custom global object at end of run so we no longer "leak"
it.

Signed-off-by: Derek Foreman <derek.foreman@collabora.com>
2021-08-27 09:56:17 -05:00
Derek Foreman
f736f11f99 connection: Rename wl_buffer
struct wl_buffer has other meaning in wayland, thus making this a pretty
confusing structure name. Function names like wl_buffer_put() just
compound the confusion.

Rename the struct and the associated functions (none of which are called
from outside this file anyway). The struct retains a wl_ prefix, as is
the custom for wayland internal data structures. The function names
have not retained this prefix, as we have many static function that
aren't prefixed.

Signed-off-by: Derek Foreman <derek.foreman@collabora.com>
2021-08-09 11:51:58 -05:00
Derek Foreman
0e0274af0c scanner: Use the new atomic marshal/destroy function
Use the new flagged marshal+destroy function in generated code.

It's intended as a replacement for all existing wl_proxy_marshal_*
functions, so I've used it to replace them all. This results in a large
update to the scanner test files as well.

We now pass the new WL_MARSHAL_FLAG_DESTROY flag when appropriate, so
the race condition in #86 caused by releasing the display mutex between
marshalling the proxy and destroying the proxy is now gone.

Fixes #86

Signed-off-by: Derek Foreman <derek.foreman@collabora.com>
2021-08-07 11:53:23 +00:00
Derek Foreman
23e4a70600 client: Add new proxy marshalling functions with flags
There's a race when destroying wayland objects in a multi-threaded client.
This occurs because we call:
wl_proxy_marshal(foo);
wl_proxy_destroy(foo);

And each of these functions takes, and releases, the display mutex.
Between the two calls, the display is not locked.

In order to allow atomically marshalling the proxy and destroying the
proxy without releasing the lock, add yet more wl_proxy_marshal_*
functions.  This time add flags and jam in all existing warts with the
hope that we can make it future proof this time.

Signed-off-by: Derek Foreman <derek.foreman@collabora.com>
2021-08-07 11:53:23 +00:00
Derek Foreman
942f1d8843 client: Refactor wl_proxy_destroy critical section
Split wl_proxy_destroy into two pieces, wl_proxy_destroy_unlocked which
performs the critical section code with no locking, and wl_proxy_destroy
which locks before calling that.

We'll use the new unlocked variant later in code that already holds the
lock.

There is a slight functional change - an aborting check is now called
with the lock held. This should be harmless as wl_abort() performs
no locking.

Signed-off-by: Derek Foreman <derek.foreman@collabora.com>
2021-08-07 11:53:23 +00:00
Simon Ser
6ebe3cfed0 cursor: remove unused wl_cursor_theme.name
Let's just delete this field since it's not used anywhere and not
exposed in our public API.

Signed-off-by: Simon Ser <contact@emersion.fr>
2021-08-06 09:26:03 +00:00
Simon Ser
2dfa0dcb24 cursor: rename load_default_theme to load_fallback_theme
The theme getting loaded by this function is not to be confused
with the theme named "default" located on the filesystem. Instead,
it's a minimal theme directly bundled into libwayland-cursor.

Make this clearer by naming this theme "fallback".

Signed-off-by: Simon Ser <contact@emersion.fr>
2021-08-05 17:24:02 +02:00
Olivier Tilloy
f80879c03c cursor: Try to fall back to a default xcursor theme first
The use case is systems where for some reason the current xcursor theme
cannot be accessed (an application packaged as a strictly confined snap,
for example).

Before falling back to wayland's default cursor theme, it is worth
trying the xcursor theme called "default", which hopefully looks better
than the former.

Fixes: https://gitlab.gnome.org/Community/Ubuntu/gnome-sdk/-/issues/6

Signed-off-by: Olivier Tilloy <olivier.tilloy@canonical.com>
2021-08-05 17:09:40 +02:00
Daniel Stone
c4453ce1a5 ci: Sanitise build and install paths
No sense in generating enormously long paths. This also happens to fix
artifacts not actually recording anything because we had a mismatch in
artifact paths vs. actual paths.

Signed-off-by: Daniel Stone <daniels@collabora.com>
2021-08-04 18:20:27 +01:00
Daniel Stone
7769b63141 ci: Use Werror
No point warning on stuff if we don't make it fail.

Signed-off-by: Daniel Stone <daniels@collabora.com>
2021-08-04 18:20:27 +01:00
Daniel Stone
0d3e47abdc ci: Use appropriate concurrency level
The appropriate concurrency level is not necessarily the number of
available CPUs; limit it to what the runners tell us we should be using.

Signed-off-by: Daniel Stone <daniels@collabora.com>
2021-08-04 18:20:27 +01:00
Daniel Stone
71ff5fe0af ci: Add release builds
Signed-off-by: Daniel Stone <daniels@collabora.com>
2021-08-04 18:20:26 +01:00
Daniel Stone
705154a09d ci: Use consistent YAML indendation
Signed-off-by: Daniel Stone <daniels@collabora.com>
2021-08-04 18:16:59 +01:00
Daniel Stone
e4deb4dc66 ci: Only run ci-fairy on MRs
This requires adding rules to all the jobs, as it's all or nothing.

Signed-off-by: Daniel Stone <daniels@collabora.com>
2021-08-04 18:16:59 +01:00
Daniel Stone
c4865c774b ci: Add ARMv7 build
Signed-off-by: Daniel Stone <daniels@collabora.com>
2021-08-04 18:16:59 +01:00
Daniel Stone
33767673bc ci: Add AArch64 build
Signed-off-by: Daniel Stone <daniels@collabora.com>
2021-08-04 18:16:55 +01:00
Daniel Stone
b88e1d40b0 ci: Parameterise and template build
This will make it a lot easier to add other variants later.

Signed-off-by: Daniel Stone <daniels@collabora.com>
2021-08-03 21:22:15 +01:00
Daniel Stone
7940bbb735 ci: Add comments, rename build stages
No non-cosmetic changes, just making things more accessible.

Signed-off-by: Daniel Stone <daniels@collabora.com>
2021-08-03 21:10:51 +01:00
Simon Ser
2aa0a83d36 connection: print array size
This makes it easier to understand how an xdg_toplevel is configured for
instance.

Signed-off-by: Simon Ser <contact@emersion.fr>
2021-07-31 16:54:57 +00:00
Manuel Stoeckl
2f05ceeb4d connection, client: Avoid locale-dependent float printing
Specifically, in the log formed when WAYLAND_DEBUG is set, this commit
ensures that floating point numbers are formatted using '.' instead of
the locale-specific decimal separator. As the debug logs are not
otherwise localized for end-users, and may be parsed by scripts, it is
better to have consistent output here.

The 24.8 fixed point numbers are now represented with 8 digits after
the decimal, since this is both exact and simpler to compute.

Signed-off-by: Manuel Stoeckl <code@mstoeckl.com>
2021-07-31 16:49:54 +00:00
Fergus Dall
91d98b622f os-wrappers-test: Make syscall intercepts work with sanitizers
Sanitizers need to intercept syscalls in the compiler run-time library, as
do these tests. We try to make this work by using dlsym(RTLD_NEXT) to find
the next definition in the chain, but here this approach won't work because
the compiler run-time library is linked into the same elf object as the test
interceptors are.

The sanitizer library supports this by giving the intercept functions a
prefix and making them only weakly alias the real names, so our interceptors
can call the sanitizers interceptors explicitly, which will then use dlsym
to call the real function.

By making our declarations of the sanitizer interceptor function weak we can
handle any combination of intercepts (including none, if there is no
sanitizer). If our declaration is resolves to a NULL pointer, we just use
dlsym.

Signed-off-by: Fergus Dall <sidereal@google.com>
2021-07-22 22:27:45 +00:00
Fergus Dall
e5c3ac9bcd connection-test: Pad out strings with null bytes
The connection_demarshal test writes a 10 byte string into a wayland message,
but doesn't pad it out to a four byte boundary. This leads to the last 32-bit
word of the message being partially uninitialized, which triggers an msan
violation when the message is written to the socket.

Signed-off-by: Fergus Dall <sidereal@google.com>
2021-07-22 22:27:45 +00:00
Fergus Dall
f6b78b76b2 server: Fix undefined behavior in wl_socket_init_for_display_name
This function constructs a socket path in sun_path using snprintf, which
returns the amount of space that would have been used if the buffer was
large enough. It then checks if this is larger then the actual buffer size
and, if so, returns ENAMETOOLONG. This is correct.

However, after calling snprintf and before checking that the length isn't too
long, it tries to compute a pointer to the part of the path that matches the
input name. It does this by adding the computed path length to the pointer to
the start of the path buffer, which will take it to one-past the null
terminator, and then walking backwards. If the path fits in the buffer, this
will take it at most one-past-the-end of the allocation, which is allowed, but
if the path is longer then the buffer then the pointer addition is undefined behavior.

Fix this by moving the display name computation past the check that the path
length is not too long.

This is detected by the test socket_path_overflow_server_create under ubsan.

Signed-off-by: Fergus Dall <sidereal@google.com>
2021-07-21 11:42:42 +00:00
Fergus Dall
80164ef300 util: Avoid undefined behaviour in for_each_helper
for_each_helper tries to calculate a one-past-the-end pointer for its
wl_array input. This is fine when the array has one or more entries, but we
initialize arrays by setting wl_array.data to NULL. Pointer arithmetic is
only defined when both the pointer operand and the result point to the same
allocation, or one-past-the-end of that allocation. As NULL points to no
allocation, no pointer arithmetic can be performed on it, not even adding 0,
even if the result is never dereferenced.

This is caught by clang's ubsan from version 10.

Many tests already hit this case, but I added an explicit test for iterating
over an empty wl_map.

Signed-off-by: Fergus Dall <sidereal@google.com>
2021-07-21 11:42:42 +00:00
Manuel Stoeckl
ada25fbd52 client: print discarded events in debug log
Before this patch, setting WAYLAND_DEBUG=1 or WAYLAND_DEBUG=client made
a program log all requests sent and events that it processes. However,
some events received are not processed. This can happen when a Wayland
server sends an event to an object that does not exist, or was recently
destroyed by the client program (either before the event was decoded,
or after being decoded but before being dispatched.)

This commit prints all discarded messages in the debug log, producing
lines like:

[1234567.890] discarded [unknown]@42.[event 0](0 fd, 12 byte)
[1234567.890] discarded wl_callback@3.done(34567)
[1234567.890] discarded [zombie]@13.[event 1](3 fd, 8 byte)

The first indicates an event to an object that does not exist; the
second, an event to an object that was deleted after decoding, but
before dispatch; the third, an event to an object that left a
'zombie' marker behind to indicate which events have associated
file descriptors.

Signed-off-by: Manuel Stoeckl <code@mstoeckl.com>
2021-07-20 09:20:38 +00:00
Pekka Paalanen
13ccd1c4db wayland-util: avoid memcpy(NULL) in wl_array_copy()
The problem was found running Weston, with both Weston and Wayland built
with ASan:

../../git/wayland/src/wayland-util.c:150:2: runtime error: null pointer passed as argument 1, which is declared to never be null
../../git/wayland/src/wayland-util.c:150:2: runtime error: null pointer passed as argument 2, which is declared to never be null

This turns out to be caused by copying an empty array into an empty
array.

That seems to be completely valid thing to do, and wl_array_init()
initializes the pointers to NULL and size to zero. Copying initialized
arrays must always be valid.

The error are caused by calling memcpy() with NULL pointers. It doesn't
explode, because also the size is zero.

Fix the problem by calling memcpy() only if size is not zero. This
should keep things like copying an empty array into a non-empty array
work.

Signed-off-by: Pekka Paalanen <pekka.paalanen@collabora.com>
2021-07-14 07:21:40 +00:00
Simon Ser
8899310fc8 shm: document wl_shm_buffer
The main motivation is to make it clear when a wl_shm_buffer is
destroyed.

Signed-off-by: Simon Ser <contact@emersion.fr>
2021-07-13 15:52:31 +02:00
James Legg
b7153f2273 tests: Test wayland-scanner with a description in an entry
This previously would have caused a memory leak and incorrect
comments.

Signed-off-by: James Legg <lankyleggy@gmail.com>
Signed-off-by: Pekka Paalanen <pekka.paalanen@collabora.com>
2021-07-07 12:11:42 +00:00
James Legg
51d336ec14 scanner: Use descriptions in entries
entry may have a description according to the DTD. This is used in
some protocols including xdg-shell.

Fixes the code comment on an enum declaration using the description of
the last enum that had one, adds the descriptions to the comments on
enumerators, and avoids leaking the previously missing descriptions.

Fixes #208

Signed-off-by: James Legg <lankyleggy@gmail.com>
Signed-off-by: Pekka Paalanen <pekka.paalanen@collabora.com>
2021-07-07 12:11:42 +00:00
Simon Ser
767765d584 protocol: clarify wl_seat.name description
Define the expected properties of the seat name.

Signed-off-by: Simon Ser <contact@emersion.fr>
2021-07-06 11:57:39 +00:00
Pekka Paalanen
92038fa394 CI: turn on ASan and UBSan
I just noticed that libwayland test suite is ASan and UBSan clean, so
let's turn that on in CI to avoid regressing.

Signed-off-by: Pekka Paalanen <pekka.paalanen@collabora.com>
2021-07-01 16:28:08 +03:00
Simon Ser
817fdb9009 shm: add safety assertions
Catch any API mis-use with an assert. This should abort when the
user calls unreferences the pool more times than it's referenced.

Also change the refcount check to explicitly check for positive
counts. That makes the condition more readable.

Signed-off-by: Simon Ser <contact@emersion.fr>
2021-06-29 11:17:44 +02:00
Fergus Dall
ccc9612e82 connection: Handle non-nullable strings in wl_connection_demarshal
Currently a null string passed into a non-nullable argument of a message
will decode succesfully, probably resulting in the handler function
crashing. Instead treat it the same way we do non-nullable objects and ids.

Signed-off-by: Fergus Dall <sidereal@google.com>
2021-06-22 20:15:39 +10:00
Fergus Dall
4f53613e70 connection-test: Encode size in message headers correctly
In these tests, message sizes are inconsistently encoded in either the upper
or lower 16 bits of the second word of the message. Resolve this in favour
of using the upper 16 bits, as this is how messages are supposed to be
encoded, even though that aspect of message decoding isn't being tested
here.

Signed-off-by: Fergus Dall <sidereal@google.com>
2021-06-22 20:15:32 +10:00
Simon Ser
3e897faa29 protocol: allow immediate wl_buffer.destroy if not re-used
Allow wl_buffer objects to be destroyed without having to wait for
wl_buffer.release if the underlying storage isn't going to be
re-used.

The main motivation for this is to avoid glitches when a client is
torn down. When a client disconnects, all of its objects are destroyed
in arbitrary order. However some compositors will still need to
access the destroyed buffer's underlying storage afterwards, e.g. for
visual effects (fade-out) or for atomic layout updates (wait for other
clients to commit a new buffer before hiding the buffer).

It's still incorrect for clients to destroy a wl_buffer and mutate
the underlying storage without waiting for wl_buffer.release.

Signed-off-by: Simon Ser <contact@emersion.fr>
Closes: https://gitlab.freedesktop.org/wayland/wayland/-/issues/185
2021-06-11 14:05:27 +00:00
Simon Ser
ba0c63dee8 shm: remove wl_shm_buffer.pool NULL checks
wl_shm_buffer.pool is never set to NULL. The only time it's set is
in shm_pool_create_buffer, and the pool is guaranteed to be non-NULL
there.

Signed-off-by: Simon Ser <contact@emersion.fr>
2021-06-10 14:33:32 +00:00
Tobias Stoeckmann
abcf1048e2 cursor: fix crash with weird input files
If a cursor file contains multiple images for the same size, this
typically indicates an animation. The compositor weston uses
wl_cursor_frame_and_duration to figure out at which time a specific image
should be shown.

The total delay is the sum of all image delays. But if all images have a
delay of 0, the total delay is 0 as well. The code does not check for this
special condition and triggers a floating point exception by eventually
performing a modulo operation with 0.

This, of course, could also happen if the sum of all image delays
triggers an unsigned int overflow. But since a comment in the code
already indicates that it does not try to "fix" handling of weird files,
I would argue that it's "okay" if that happens. At least the program
won't crash.

Proof of Concept:

install -D ~/.icons/poc/cursors
base64 -d > ~/.icons/poc/cursors/left_ptr << EOF
WGN1chAAAAAAAAEAAgAAAAIA/f8BAAAAKAAAAAIA/f8BAAAAKAAAACQAAAACAP3/AQAAAAEAAAAB
AAAAAQAAAAEAAAABAAAAAAAAAAAAAAA=
EOF
cat > /tmp/weston.ini << EOF
[shell]
cursor-theme=poc
EOF
weston -c /tmp/weston.ini

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
2021-06-02 13:46:33 +00:00
Simon Ser
f8bea2450d protocol: drop reference to wl_drm
Change the wl_drm reference to linux-dmabuf. wl_drm is a legacy,
private Mesa protocol that shouldn't be used by regular clients.

Signed-off-by: Simon Ser <contact@emersion.fr>
2021-05-27 10:48:40 +02:00
Simon Ser
f452e41264 build: replace assembly embedding with Python script
This allows Meson to properly track dependencies and re-build the scanner when
editing the dtd. We also stop depending on GNU as' .incbin and make the
embedding less obscure.

Signed-off-by: Simon Ser <contact@emersion.fr>
2021-05-10 22:08:45 +00:00
Marius Vlad
e475decf1d src: Add missing new lines to log messages
Signed-off-by: Marius Vlad <marius.vlad@collabora.com>
2021-05-07 11:07:54 +03:00
Nick Diego Yamane
208fc99e66 Document serial param usage in wl_pointer.set_cursor
Serial is supposed to contain the latest wl_pointer.enter value received
by clients but it was not even mentioned in the docs, so add it to avoid
misinterpretations.

Signed-off-by: Nick Diego Yamane <nickdiego@igalia.com>
2021-05-04 15:26:48 +00:00
Tobias Stoeckmann
ed55438366 cursor: fix CVE-2013-2003
The libXcursor fix for CVE-2013-2003 has never been imported into
wayland, leaving it vulnerable to it.

Changing the argument type to an unsigned type is an effective merge of
Ilja Van Sprundel's commit in libXcursor.

Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
2021-05-02 21:35:23 +02:00
Alexander Dunaev
0aebb5b94d cursor: add one more directory to XCURSORPATH
The user may install cursor themes manually, and the desktop environment
may provide a special directory for storing them.  For instance, GTK puts
those themes into ~/.local/share/icons, and many Linux distributions suggest
using that directory for user-specific themes.  However, users of
libwayland-cursor cannot load these themes using the API provided by the
library because the latter does not look into that directory.

This patch adds ~/.local/share/icons to the search path, so user-specific
themes can be loaded through the API provided by libwayland-cursor.

Signed-off-by: Alexander Dunaev <adunaev@igalia.com>
Reviewed-by: Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
Reviewed-by: Simon Ser <contact@emersion.fr>
2021-04-27 11:16:17 +00:00
James Hilliard
88f1605a82 build: add option to disable tests
When building for a product, tests are not needed.

Besides, one test requires a C++ compiler, which is not always
available.

So, add an option to configure to disable building tests altogether.

Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Alexey Brodkin <abrodkin@synopsys.com>
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
2021-04-16 03:45:06 -06:00
James Hilliard
4c21053123 meson: only require cpp for tests
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
2021-04-16 03:04:56 -06:00