Clang warns that it can silently discard a non-volatile write to a NULL
pointer (perhaps it constitutes undefined behaviour?), and recommends
changing it to volatile.
This patch slavishly complies with the demand of the unfeeling machine.
Signed-off-by: Daniel Stone <daniels@collabora.com>
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
libxml2 unconditonally defines XMLCALL to nothing. Expat does not
redefine XMLCALL if it is already defined, but if it is not, and we are
building with gcc on i386 (not x86-64), it will define it as 'cdecl'.
Including Expat before libxml thus results in a warning about XMLCALL
being redefined. Luckily we can get around this by just reversing the
include order: cdecl is a no-op on Unix-like systems, so by having
libxml first define XMLCALL to nothing and including Expat afterwards,
we avoid the warning and lose nothing.
Signed-off-by: Daniel Stone <daniels@collabora.com>
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Help static analysers by letting them know that once we fail(),
execution will terminally complete.
Signed-off-by: Daniel Stone <daniels@collabora.com>
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Found with both ASan leak sanitizer and Valgrind. We were trivially
leaking the enum name for every arg parsed by the scanner which had one.
If libxml-based DTD validation was enabled, we would also leak the DTD
itself, despite diligently freeing the document, context, etc.
Signed-off-by: Daniel Stone <daniels@collabora.com>
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Attempting to demarshal message with array or string longer than its
body should return failure. Handling the length correctly is tricky when
it gets to near-UINT32_MAX values. Unexpected overflows can cause
crashes and other security issues.
These tests verify that demarshalling such message gives failure instead
of crash.
v2: Added consts, serialized opcode and size properly, updated style.
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Acked-by: Derek Foreman <derek.foreman.samsung@gmail.com>
If the remote side sends sufficiently large `length` field, it will
overflow the `p` pointer. Technically it is undefined behavior, in
practice it makes `p < end`, so the length check passes. Attempts to
access the data later causes crashes.
This issue manifests only on 32bit systems, but the behavior is
undefined everywhere.
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Reviewed-by: Derek Foreman <derek.foreman.samsung@gmail.com>
The DIV_ROUNDUP macro would overflow when trying to round values higher
than MAX_UINT32 - (a - 1). The result is 0 after the division. This is
potential security issue when demarshalling an array because the length
check is performed with the overflowed value, but then the original huge
value is stored for later use.
The issue was present only on 32bit platforms. The use of size_t in the
DIV_ROUNDUP macro already promoted everything to 64 bit size on 64 bit
systems.
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Reviewed-by: Derek Foreman <derek.foreman.samsung@gmail.com>
Style changes by Derek Foreman
Note that Weston uses GitLab MRs for review, not mail.
Signed-off-by: Daniel Stone <daniels@collabora.com>
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
The protocol spec used to live here, but it's now part of the regular
doc build. The PNG files are created as part of the doc build. Delete
the pre-generated versions.
Signed-off-by: Daniel Stone <daniels@collabora.com>
Reviewed-by: Derek Foreman <derek.foreman.samsung@gmail.com>
The Expat XML library has shipped a pkg-config file for long enough to
be in Debian's oldstable (Jessie, April 2015) and Ubuntu's oldest
supported LTS (Trusty, 14.04). The pkg-config file was added in Expat
upstream's commit 352cfc8f59a7, in September 2007.
Drop build support for versions of Expat which do not ship a
pkg-config file.
Signed-off-by: Daniel Stone <daniels@collabora.com>
Reviewed-by: Derek Foreman <derek.foreman.samsung@gmail.com>
Reviewed-by: Emil Velikov <emil.velikov@collabora.com>
The check for the execinfo.h header is only advisory; the build will not
fail if it is not present, and set HAVE_EXECINFO_H if it is. The check
was added in commit bc3e020475 ("build: Add declaration checks to check for
required syscall flags") with no obvious use or reasoning.
Remove the no-op check.
Signed-off-by: Daniel Stone <daniels@collabora.com>
Reviewed-by: Derek Foreman <derek.foreman.samsung@gmail.com>
Reviewed-by: Emil Velikov <emil.velikov@collabora.com>
commit d94a8722cb
warned this was coming, back in 2013.
I've seen libraries that have wayland client and server using functions
in the same file. Since struct wl_buffer still exists as an opaque
entity in client code, the vestigial deprecated wl_buffer from the
server include will generate warnings when not building with
WL_HIDE_DEPRECATED.
Signed-off-by: Derek Foreman <derekf@osg.samsung.com>
Acked-by: Emil Velikov <emil.velikov@collabora.com>
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Reviewed-by: Daniel Stone <daniels@collabora.com>
Physical size doesn't always make sense for all outputs. In case
it's not available or not relevant, allow compositors to send zero.
Acked-by: Daniel Stone <daniels@collabora.com>
Acked-by: Jonas Ådahl <jadahl@gmail.com>
Acked-by: Olivier Fourdan <ofourdan@redhat.com>
These should be the conventions we have been using since 1.0, written
down more accurately.
Signed-off-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Reviewed-by: Daniel Stone <daniels@collabora.com>
Reviewed-by: Derek Foreman <derek.foreman.samsung@gmail.com>
This is what is generally expected from people who re-send patches,
whether the patches are their own or not.
Signed-off-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Reviewed-by: Daniel Stone <daniels@collabora.com>
Reviewed-by: Derek Foreman <derek.foreman.samsung@gmail.com>
Half of the ideas came from Daniel but most of them are reworded, the
rest are my thoughts.
Mention compiler warnings specifically, and be more explicit on what
kind of code or bugs or bug fixes are acceptable or not. Clarify commit
scope.
v2: move the "In a patch series" rule to the bottom, reworded.
Cc: Daniel Stone <daniels@collabora.com>
Signed-off-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Reviewed-by: Daniel Stone <daniels@collabora.com>
Reviewed-by: Derek Foreman <derek.foreman.samsung@gmail.com>
This is to avoid fighting around the letter of the guidelines. This is
not a protocol spec.
Signed-off-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Reviewed-by: Daniel Stone <daniels@collabora.com>
Reviewed-by: Derek Foreman <derek.foreman.samsung@gmail.com>
Nothing on the client side uses it since
9fe75537ad which was just before the 0.99
release.
Signed-off-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Reviewed-By: Markus Ongyerth <wl@ongy.net>
Use a more official one, served over HTTP rather than FTP.
Reviewed-by: Matheus Santana <embs@cin.ufpe.br>
Acked-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
This sets up the standards for patch review, and defines when a patch
can be merged. I believe these are the practises we have been using
already for a long time, now they are just written down explicitly.
It's not an exhaustive list of criteria and likely cannot ever be, but
it should give a good idea of what level of review we want to have.
It has been written in general terms, so that we can easily apply the
same text not just to Wayland, but also Weston and other projects as
necessary.
This addition is not redundant with
https://wayland.freedesktop.org/reviewing.html .
The web page is a friendly introduction and encouragement for people to
get involved. The guidelines here are more specific and aimed for people
who seek commit rights or maintainership.
Signed-off-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Reviewed-by: Matheus Santana <embs@cin.ufpe.br>
Reviewed-by: Daniel Stone <daniels@collabora.com>
Reviewed-by: Emil Velikov <emil.velikov@collabora.com>
Reviewed-by: Derek Foreman <derek.foreman.samsung@gmail.com>
Currently we issue both check and distcheck, as reportedly there has
been cases in the past one works, while the other doesn't.
Yet we only collect the check artefacts (test logs).
Correct that, by picking the distcheck ones as well.
Note: the build-*/wayland*/ directory is purged by distcheck if it runs
successfully.
Signed-off-by: Emil Velikov <emil.l.velikov@gmail.com>
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Format for nice viewing through Gitlab.
Conduct and Licensing were raised to first level headings as they are
not technical guidelines for contributing patches. It's nice to use the
first level headings more.
Reformat patchwork link and add Xorg patchwork link for Xwayland.
v2: Unfortunately Gitlab harcodes a tab character to mean 4 spaces, so we
cannot reasonably spell the coding style examples correctly. Hence, tab
characters have been replaced with eight spaces so that they at least
look right in both the file and through gitlab web UI.
Signed-off-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Daniel Stone <daniels@collabora.com>
Gitlab expects a CONTRIBUTING.md in the root directory, so move our
guide there.
Conversion to proper markup is a follow-up patch.
Signed-off-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Daniel Stone <daniels@collabora.com>
Update bug and Git URLs for GitLab; the site has also been served over
HTTPS for quite some time.
Signed-off-by: Daniel Stone <daniels@collabora.com>
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
It's already possible to reference foreign interfaces, so it
should also be possible to reference foreign enums.
Signed-off-by: Simon Ser <contact@emersion.fr>
Reviewed-by: Silvan Jegen <s.jegen@gmail.com>
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Add a GitLab CI configuration which tests building, 'make check', and
'make distcheck' of the tree inside a Debian Stretch container. The
choice of distribution base was arbitrary and may easily be changed.
When commits are pushed to upstream, the commits will run this CI
pipeline to run these tests, and capture the result as an artifact
bundle, including the compiled binaries and full test suite logs.
Results can be seen at:
https://gitlab.freedesktop.org/wayland/wayland/pipelines/
Signed-off-by: Daniel Stone <daniels@collabora.com>
In the past much code (weston, efl/enlightenment, mutter) has
freed structures containing wl_listeners from destroy handlers
without first removing the listener from the signal. As the
destroy notifier only fires once, this has largely gone
unnoticed until recently.
Other code does not (Qt, wlroots) - and removes itself from
the signal before free.
If somehow a destroy signal is listened to by code from both
kinds of callers, those that free will corrupt the lists for
those that don't, and Bad Things will happen.
To avoid these bad things, remove every item from the signal list
during destroy emit, and put it in a list all its own. This way
whether the listener is removed or not has no impact on the
following emits.
Signed-off-by: Derek Foreman <derekf@osg.samsung.com>
Reviewed-by: Simon Ser <contact@emersion.fr>
Reviewed-by: Markus Ongyerth <wl@ongy.net>
For years it's been common practice to free the object containing
the wl_listener inside resource destruction notifiers, but not
remove the listener from the list.
That is: It's been safe to assume (when only one listener is present)
that the wl_listener will never be touched again, since this is
a destruction callback.
Recently some patches were reviewed that made some positive changes
to our internal signal handling code, but would've violated this
assumption, and changed free()d memory in several existing compositors
(weston, mutter, enlightenment).
Since the breakage was extremely subtle, codify this assumption in
a test case (thus promoting it to an ABI promise).
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Reviewed-by: Markus Ongyerth <wl@ongy.net>
Signed-off-by: Derek Foreman <derekf@osg.samsung.com>
commit 3cddb3c692 casted len to an
unsigned value to compare to sizeof results. However,
wl_connection_read() can fail, setting errno to EAGAIN and returning
a value of -1.
When cast to an unsigned type this leads to a loop condition of true
when it should be false.
Signed-off-by: Dipen Somani <dipen.somani@samsung.com>
Signed-off-by: Derek Foreman <derekf@osg.samsung.com>
Reviewed-by: Derek Foreman <derekf@osg.samsung.com>
Instruct git go ignore the file, in case we've done an in-tree build.
Cc: Derek Foreman <derekf@osg.samsung.com>
Signed-off-by: Emil Velikov <emil.velikov@collabora.com>
Reviewed-by: Derek Foreman <derekf@osg.samsung.com>
Rather than a hard-coded list of platform symbols, just ignore anything
prefaced with an underscore. This fixes breakage on ARM, which declares
several slightly different platform symbols to x86.
Signed-off-by: Daniel Stone <daniels@collabora.com>
Fixes: 21b1f22eb0 ("wayland-egl: enhance the symbol test")
Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=105620
Cc: Emil Velikov <emil.velikov@collabora.com>
Reviewed-by: Derek Foreman <derekf@osg.samsung.com>
The previous rewrite of the wayland-egl ABI checker introduced checks
for removed symbols as well as added symbols, but broke some failure
conditions. Add an explict return-code variable set in failure paths,
rather than chaining or conditions.
If we cannot find the binary or nm, we regard this as an error
condition, rather than test failure.
v2: Don't test if we can execute $NM.
Signed-off-by: Daniel Stone <daniels@collabora.com>
Reported-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Fixes: 21b1f22eb0 ("wayland-egl: enhance the symbol test")
Cc: Emil Velikov <emil.velikov@collabora.com>
Reviewed-by: Emil Velikov <emil.velikov@collabora.com>
A previous patch used $NM as an environment variable, but this was only
set as a make variable. Make sure it is passed through from make to the
environment we use to run tests.
v2: Quote argument when passing to shell.
Signed-off-by: Daniel Stone <daniels@collabora.com>
Reported-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
Fixes: 6903e4d539 ("wayland-egl: use correct `nm` path when cross-compiling")
Cc: Emil Velikov <emil.velikov@collabora.com>
Reviewed-by: Quentin Glidic <sardemff7+git@sardemff7.net>
Seems like I was overoptimistic with my earlier assumption, namely:
"... 17.3.x should be the last version that ships the library."
Mesa 18.0.0 and its wayland-egl is about to be released any time soon,
so bump the number since it must no be smaller. As soon as we get
a wayland release I'll drop the Mesa copy but for now.
Signed-off-by: Emil Velikov <emil.velikov@collabora.com>
Reviewed-by: Daniel Stone <daniels@collabora.com>
The current test had a few fall-outs:
- it was checking only for T (.text) symbols
- did not consider symbol removal
Fix that by fetching all the symbols and doing a bidirectional check -
for added and removed symbols. Error out with informative message for
each case.
v2: Rebase on top of $NM patch.
Signed-off-by: Emil Velikov <emil.velikov@collabora.com>
Reviewed-by: Daniel Stone <daniels@collabora.com>
Based on a similar patch (in Mesa) by Eric Engestrom.
v2: Rebase on top of $NM patch
v3: Rebase
Reviewed-by: Eric Engestrom <eric@engestrom.ch> (v1)
Signed-off-by: Emil Velikov <emil.velikov@collabora.com>
Reviewed-by: Daniel Stone <daniels@collabora.com>
Earlier commit changed to passing the binary name as env. variable
introducing a typo.
That went unnoticed, since we do not check if the file is present or
not.
Cc: Pukka Paalanen <ppaalanen@gmail.com>
Cc: Daniel Stone <daniels@collabora.com>
Fixes: 85cb5ed64a ("wayland-egl-symbols-check: pass the DSO name via
the build system")
Signed-off-by: Emil Velikov <emil.velikov@collabora.com>
Reviewed-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
One should always be using the shared libraries.
Spotted while going through the Debian packaing.
Signed-off-by: Emil Velikov <emil.velikov@collabora.com>
Reviewed-by: Peter Hutterer <peter.hutterer@who-t.net>
Acked-by: Pekka Paalanen <pekka.paalanen@collabora.co.uk>
