struct wl_buffer has other meaning in wayland, thus making this a pretty
confusing structure name. Function names like wl_buffer_put() just
compound the confusion.
Rename the struct and the associated functions (none of which are called
from outside this file anyway). The struct retains a wl_ prefix, as is
the custom for wayland internal data structures. The function names
have not retained this prefix, as we have many static function that
aren't prefixed.
Signed-off-by: Derek Foreman <derek.foreman@collabora.com>
Use the new flagged marshal+destroy function in generated code.
It's intended as a replacement for all existing wl_proxy_marshal_*
functions, so I've used it to replace them all. This results in a large
update to the scanner test files as well.
We now pass the new WL_MARSHAL_FLAG_DESTROY flag when appropriate, so
the race condition in #86 caused by releasing the display mutex between
marshalling the proxy and destroying the proxy is now gone.
Fixes#86
Signed-off-by: Derek Foreman <derek.foreman@collabora.com>
There's a race when destroying wayland objects in a multi-threaded client.
This occurs because we call:
wl_proxy_marshal(foo);
wl_proxy_destroy(foo);
And each of these functions takes, and releases, the display mutex.
Between the two calls, the display is not locked.
In order to allow atomically marshalling the proxy and destroying the
proxy without releasing the lock, add yet more wl_proxy_marshal_*
functions. This time add flags and jam in all existing warts with the
hope that we can make it future proof this time.
Signed-off-by: Derek Foreman <derek.foreman@collabora.com>
Split wl_proxy_destroy into two pieces, wl_proxy_destroy_unlocked which
performs the critical section code with no locking, and wl_proxy_destroy
which locks before calling that.
We'll use the new unlocked variant later in code that already holds the
lock.
There is a slight functional change - an aborting check is now called
with the lock held. This should be harmless as wl_abort() performs
no locking.
Signed-off-by: Derek Foreman <derek.foreman@collabora.com>
Specifically, in the log formed when WAYLAND_DEBUG is set, this commit
ensures that floating point numbers are formatted using '.' instead of
the locale-specific decimal separator. As the debug logs are not
otherwise localized for end-users, and may be parsed by scripts, it is
better to have consistent output here.
The 24.8 fixed point numbers are now represented with 8 digits after
the decimal, since this is both exact and simpler to compute.
Signed-off-by: Manuel Stoeckl <code@mstoeckl.com>
This function constructs a socket path in sun_path using snprintf, which
returns the amount of space that would have been used if the buffer was
large enough. It then checks if this is larger then the actual buffer size
and, if so, returns ENAMETOOLONG. This is correct.
However, after calling snprintf and before checking that the length isn't too
long, it tries to compute a pointer to the part of the path that matches the
input name. It does this by adding the computed path length to the pointer to
the start of the path buffer, which will take it to one-past the null
terminator, and then walking backwards. If the path fits in the buffer, this
will take it at most one-past-the-end of the allocation, which is allowed, but
if the path is longer then the buffer then the pointer addition is undefined behavior.
Fix this by moving the display name computation past the check that the path
length is not too long.
This is detected by the test socket_path_overflow_server_create under ubsan.
Signed-off-by: Fergus Dall <sidereal@google.com>
for_each_helper tries to calculate a one-past-the-end pointer for its
wl_array input. This is fine when the array has one or more entries, but we
initialize arrays by setting wl_array.data to NULL. Pointer arithmetic is
only defined when both the pointer operand and the result point to the same
allocation, or one-past-the-end of that allocation. As NULL points to no
allocation, no pointer arithmetic can be performed on it, not even adding 0,
even if the result is never dereferenced.
This is caught by clang's ubsan from version 10.
Many tests already hit this case, but I added an explicit test for iterating
over an empty wl_map.
Signed-off-by: Fergus Dall <sidereal@google.com>
Before this patch, setting WAYLAND_DEBUG=1 or WAYLAND_DEBUG=client made
a program log all requests sent and events that it processes. However,
some events received are not processed. This can happen when a Wayland
server sends an event to an object that does not exist, or was recently
destroyed by the client program (either before the event was decoded,
or after being decoded but before being dispatched.)
This commit prints all discarded messages in the debug log, producing
lines like:
[1234567.890] discarded [unknown]@42.[event 0](0 fd, 12 byte)
[1234567.890] discarded wl_callback@3.done(34567)
[1234567.890] discarded [zombie]@13.[event 1](3 fd, 8 byte)
The first indicates an event to an object that does not exist; the
second, an event to an object that was deleted after decoding, but
before dispatch; the third, an event to an object that left a
'zombie' marker behind to indicate which events have associated
file descriptors.
Signed-off-by: Manuel Stoeckl <code@mstoeckl.com>
The problem was found running Weston, with both Weston and Wayland built
with ASan:
../../git/wayland/src/wayland-util.c:150:2: runtime error: null pointer passed as argument 1, which is declared to never be null
../../git/wayland/src/wayland-util.c:150:2: runtime error: null pointer passed as argument 2, which is declared to never be null
This turns out to be caused by copying an empty array into an empty
array.
That seems to be completely valid thing to do, and wl_array_init()
initializes the pointers to NULL and size to zero. Copying initialized
arrays must always be valid.
The error are caused by calling memcpy() with NULL pointers. It doesn't
explode, because also the size is zero.
Fix the problem by calling memcpy() only if size is not zero. This
should keep things like copying an empty array into a non-empty array
work.
Signed-off-by: Pekka Paalanen <pekka.paalanen@collabora.com>
entry may have a description according to the DTD. This is used in
some protocols including xdg-shell.
Fixes the code comment on an enum declaration using the description of
the last enum that had one, adds the descriptions to the comments on
enumerators, and avoids leaking the previously missing descriptions.
Fixes#208
Signed-off-by: James Legg <lankyleggy@gmail.com>
Signed-off-by: Pekka Paalanen <pekka.paalanen@collabora.com>
Catch any API mis-use with an assert. This should abort when the
user calls unreferences the pool more times than it's referenced.
Also change the refcount check to explicitly check for positive
counts. That makes the condition more readable.
Signed-off-by: Simon Ser <contact@emersion.fr>
Currently a null string passed into a non-nullable argument of a message
will decode succesfully, probably resulting in the handler function
crashing. Instead treat it the same way we do non-nullable objects and ids.
Signed-off-by: Fergus Dall <sidereal@google.com>
wl_shm_buffer.pool is never set to NULL. The only time it's set is
in shm_pool_create_buffer, and the pool is guaranteed to be non-NULL
there.
Signed-off-by: Simon Ser <contact@emersion.fr>
This allows Meson to properly track dependencies and re-build the scanner when
editing the dtd. We also stop depending on GNU as' .incbin and make the
embedding less obscure.
Signed-off-by: Simon Ser <contact@emersion.fr>
The fcntl() argument is defined to be an int and not a long. This does not
matter on most architectures since the value is passed in registers, but
it causes issues on big-endian architectures that pass variadic arguments
on the stack.
Signed-off-by: Alex Richardson <Alexander.Richardson@cl.cam.ac.uk>
Reviewed-by: Simon Ser <contact@emersion.fr>
This code is only required for building wayland-scanner so it should be
scoped accordingly. libxml-2.0 will only be required if both "scanner"
and "dtd_validation" are set to true.
Signed-off-by: Michael Weiss <dev.primeos@gmail.com>
While MAP_FAILED is generally defined to that value, we should not be
relying on implementation details of system headers.
Signed-off-by: Alex Richardson <Alexander.Richardson@cl.cam.ac.uk>
Reviewed-by: Simon Ser <contact@emersion.fr>
This can be useful if the compositor wants to call wl_global_destroy() with some
delay but it doesn't have the wl_display object associated with the global,
which is needed to get access to the event loop.
Signed-off-by: Vlad Zahorodnii <vlad.zahorodnii@kde.org>
In wl_proxy_set_queue, passing a wl_event_queue from a completely
unrelated wl_display could lead to object IDs mismatches.
Add an assertion to catch this case. It's always a user bug if this
happens.
Signed-off-by: Simon Ser <contact@emersion.fr>
The compositor should handle absolute paths in WAYLAND_DISPLAY like the clients, ie not
adding the XDG_RUNTIME_DIR prefix if it's an absolute path.
This allows to create the wayland socket in a separate directory for system compositors if
desired. Clients could then directly inherit the environment variable.
Signed-off-by: Loïc Yhuel <loic.yhuel@softathome.com>
This allows to include client and server headers in the same file
fixing warnings like
In file included from ../subprojects/wlroots/include/wlr/types/wlr_layer_shell_v1.h:16,
from ../src/desktop.h:16,
from ../src/server.h:13,
from ../tests/testlib.c:8:
tests/59830eb@@footest@sta/wlr-layer-shell-unstable-v1-protocol.h:80:34: warning: redundant redeclaration of ‘zwlr_layer_shell_v1_interface’ [-Wredundant-decls]
80 | extern const struct wl_interface zwlr_layer_shell_v1_interface;
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from ../tests/testlib.h:8,
from ../tests/testlib.c:7:
tests/59830eb@@footest@sta/wlr-layer-shell-unstable-v1-client-protocol.h:77:34: note: previous declaration of ‘zwlr_layer_shell_v1_interface’ was here
77 | extern const struct wl_interface zwlr_layer_shell_v1_interface;
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from ../subprojects/wlroots/include/wlr/types/wlr_layer_shell_v1.h:16,
from ../src/desktop.h:16,
from ../src/server.h:13,
from ../tests/testlib.c:8:
tests/59830eb@@footest@sta/wlr-layer-shell-unstable-v1-protocol.h:106:34: warning: redundant redeclaration of ‘zwlr_layer_surface_v1_interface’ [-Wredundant-decls]
106 | extern const struct wl_interface zwlr_layer_surface_v1_interface;
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In file included from ../tests/testlib.h:8,
from ../tests/testlib.c:7:
tests/59830eb@@footest@sta/wlr-layer-shell-unstable-v1-client-protocol.h:103:34: note: previous declaration of ‘zwlr_layer_surface_v1_interface’ was here
103 | extern const struct wl_interface zwlr_layer_surface_v1_interface;
Signed-off-by: Guido Günther <agx@sigxcpu.org>
Closes: #158
Add a paragraph about WAYLAND_SOCKET and describe what happens when the display
name is a relative path.
Signed-off-by: Simon Ser <contact@emersion.fr>
Wayland requires a binary, wayland-scanner, to be run during the build
process. For any configuration other than native builds (including
cross compiling and even 32-bit x86 builds on an x86-64 build machine)
Wayland's build process builds and uses its own wayland-scanner.
For any builds using a cross file, wayland-scanner is built for the host
machine and therefore cannot be executed during the build of the Wayland
libraries. Instead builds using a cross file must execute the build
machine's wayland-scanner (typically /usr/bin/wayland-scanner).
As such, to build Wayland's libraries for a non-native ABI a package
manager must build and install /usr/bin/wayland-scanner first. But then
the build for the native ABI then rebuilds wayland-scanner itself and
doesn't use the system's, and worse, wants to install its own, which
conflicts with the /usr/bin/wayland-scanner already installed!
So, add the -Dscanner=... option to control whether to install
wayland-scanner.
Signed-off-by: Matt Turner <mattst88@gmail.com>
We have always built libwayland with the scanner from the same build so
that the generated code and installed headers are exactly up-to-date
with the libwayland version. If libwayland was to use a scanner later
than itself, the scanner might do things that are not available in the
libwayland at hand, leading to a broken build or a broken library
(headers).
Signed-off-by: Matt Turner <mattst88@gmail.com>
libwayland now uses only one file descriptor to keep track of all
the timer event sources associated with an event loop. An array-based
binary heap is used to determine which event source has the earliest
deadline.
(Previously, each timer event source had its own timerfd, making it easy
for the a process using many timer event sources to run out of file
descriptors.)
Signed-off-by: Manuel Stoeckl <code@mstoeckl.com>
Meson is a next generation build system, simpler than Autotools and also faster
and more portable. Most importantly, it will make integrating ASan easier in
CI.
The goal is to maintain feature parity of the Meson build with the
Autotools build, until such time when we can drop the latter.
Add a script which generates the desired Doxygen configuration for our various
output formats and executes it using that configuration. This is not something
Meson can or should do.
Fixes: https://gitlab.freedesktop.org/wayland/wayland/issues/80
[daniels: Changed to bump version, use GitLab issues URL, remove header
checks not used in any code, remove pre-pkg-config Expat
support, added missing include paths to wayland-egl and
cpp-compile-test, added GitLab CI.
Bumped version, removed unnecessary pkg-config paths.]
[daniels: Properly install into mandir/man3 via some gross
paramaterisation, generate real stamp files.]
Pekka:
- squashed patches
- removed MAKEFLAGS from meson CI
- remove unused PACKAGE* defines
- fix up scanner dependency handling
- instead of host_scanner option, build wayland-scanner twice when cross-compiling
- changed .pc files to match more closely the autotools versions
- reorder doxygen man sources to reduce diff to autotools
- fix pkgconfig.generate syntax warnings (new in Meson)
- bump meson version to 0.47 for configure_file(copy) and run_command(check)
- move doc tool checks into doc/meson.build, needed in more places
- make all doc tools mandatory if building docs
- check dot and doxygen versions
- add build files under doc/publican
- reindent to match Weston Meson style
Simon:
- Remove install arg from configure_file
- Don't build wayland-scanner twice during cross-build
- Fix naming of the threads dependency
- Store tests in dict
- Add missing HAVE_* decls for functions
- Remove unused cc_native variable
- Make doxygen targets a dict
- Make dot_gv a dict
- Use dicts in man_pages
- Make decls use dicts
- Make generated_headers use dicts
- Align Meson version number with autotool's
Signed-off-by: Pekka Paalanen <pekka.paalanen@collabora.com>
Signed-off-by: Simon Ser <contact@emersion.fr>
Meson will need to build wayland-scanner twice with different config.h files,
once for build and another for host machine. It will be easier to include the
right config.h from compiler command line than playing with files.
Signed-off-by: Pekka Paalanen <pekka.paalanen@collabora.com>
Including wayland-server-core.h in wayland-private.h is problematic
because wayland-private.h is included by wayland-scanner which should be
able to build against non-POSIX platforms (e.g. MinGW). The only reason
that wayland-server-core.h was included in wayland-private.h was for the
wl_private_signal definitions, so move those to a
wayland-server-private.h file that can be included by both
wayland-server.c and the tests.
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
Some platforms may not have strndup() (e.g. MinGW), so provide a
equivalent implementation if it's not found.
Signed-off-by: Joshua Watt <JPEWhacker@gmail.com>
This commit adds a new wl_global_remove function that just sends a global
remove event without destroying it. See [1] for details.
Removing a global is racy, because clients have no way to acknowledge they
received the removal event.
It's possible to mitigate the issue by sending the removal event, waiting a
little and then destructing the global for real. The "wait a little" part is
compositor policy.
[1]: https://gitlab.freedesktop.org/wayland/wayland/issues/10
Signed-off-by: Simon Ser <contact@emersion.fr>
If a client set the F_SEAL_SHRINK seal on the fd before passing it to
the compositor, the kernel will ensure this fd won’t be able to shrink,
ever. This allows us to avoid setting up the SIGBUS handlers on such
file descriptors.
Signed-off-by: Emmanuel Gil Peyrot <linkmauve@linkmauve.fr>
When implementing a workaround for [1], one needs to accept a global to be
bound even though it has become stale.
Often, a global's user data is free'd when the global needs to be destroyed.
Being able to set the global's user data (e.g. to NULL) can help preventing a
use-after-free.
(The alternative is to make the compositor responsible for keeping track of
stale user data objects via e.g. refcounting.)
[1]: https://gitlab.freedesktop.org/wayland/wayland/issues/10
Signed-off-by: Simon Ser <contact@emersion.fr>
When doing unity builds via meson (example project:
https://github.com/swaywm/sway) multiple source files are glued together
via #include directives. Having every wayland-scanner generated source
file have an identifier named '*types[]' will lead to errors in these
unity builds if two or more of these are joined.
Signed-off-by: Marty E. Plummer <hanetzer@startmail.com>
Instead, set a fatal display error which will let an application
using libwayland-client shutdown cleanly.
Signed-off-by: Manuel Stoeckl <code@mstoeckl.com>
Once there has been a fatal display error, any new object requests
potentially rely on invalid state. (For example, a failure to read
from the compositor could hide a important event.) The safest way to
handle the new requests is not to make them.
Proxies produced by the request are still created, to ensure that
any code using the library does not crash from an unexpected NULL
pointer.
Signed-off-by: Manuel Stoeckl <code@mstoeckl.com>
The interface name provided by the client isn't used at all.
Check it matches the global's interface name to prevent object interface
mismatches between the client and the server. These are especially easy to get
when mixing up global names and other IDs in the client.
Signed-off-by: Simon Ser <simon.ser@intel.com>
Closes: https://gitlab.freedesktop.org/wayland/wayland/issues/113
