Commit graph

3614 commits

Author SHA1 Message Date
Dominique Martinet
785ed4383b view_map: free criterias as the list it is 2018-07-05 08:13:10 +09:00
Dominique Martinet
ffbe91c245 container_free: free formatted title 2018-07-05 08:13:10 +09:00
Dominique Martinet
ffe9de6e24 ipc-server: free clients at destroy 2018-07-05 08:13:10 +09:00
Dominique Martinet
9f5d539657 config: add a couple of forgotten frees 2018-07-05 08:13:10 +09:00
Dominique Martinet
8a771785ad keyboard: free xkb keymap on destroy 2018-07-05 08:13:10 +09:00
Ryan Dwyer
fc826b921f Call view_set_tiled for mapping non-floating views
Fixes #2209.
2018-07-05 09:04:15 +10:00
Drew DeVault
eed0b5614f
Merge pull request #2205 from RyanDwyer/fix-border-weirdness
Fix border weirdness
2018-07-04 06:45:12 -07:00
Ryan Dwyer
50b401677b Fix use after free in transaction code
If we set an instruction as ready twice, it decreases the transaction's
num_waiting a second time and applies the transaction earlier than it
should. This no doubt has undesired effects, probably resulting in a use
after free.

Hopefully fixes the first part of #2207.
2018-07-04 22:58:17 +10:00
Ryan Dwyer
4cb6c368a7 Fix boolean 2018-07-04 20:33:38 +10:00
Ryan Dwyer
f156a25e64 Only call view_set_tiled when switching floating mode
Otherwise it repeatedly sets the view's border to the config's default.
2018-07-04 20:10:47 +10:00
Dominique Martinet
b0918b1058 ipc-server: add display destroy listener and remove ipc_terminate
wl_event_source_remove() is illegal after display has been destroyed,
so just destroy everything when we still can.

==20392==ERROR: AddressSanitizer: heap-use-after-free on address 0x607000001240 at pc 0x00000048e86e bp 0x7ffe4b557e00 sp 0x7ffe4b557df0
READ of size 8 at 0x607000001240 thread T0
    #0 0x48e86d in wl_list_insert ../common/list.c:149
    #1 0x7fdf673d4d7d in wl_event_source_remove src/event-loop.c:487
    #2 0x41b742 in ipc_terminate ../sway/ipc-server.c:94
    #3 0x40b1ad in main ../sway/main.c:440
    #4 0x7fdf6664c18a in __libc_start_main ../csu/libc-start.c:308
    #5 0x409359 in _start (/opt/wayland/bin/sway+0x409359)

0x607000001240 is located 48 bytes inside of 72-byte region [0x607000001210,0x607000001258)
freed by thread T0 here:
    #0 0x7fdf692c4880 in __interceptor_free (/lib64/libasan.so.5+0xee880)
    #1 0x7fdf673d371a in wl_display_destroy src/wayland-server.c:1097

previously allocated by thread T0 here:
    #0 0x7fdf692c4c48 in malloc (/lib64/libasan.so.5+0xeec48)
    #1 0x7fdf673d4d9e in wl_event_loop_create src/event-loop.c:522
    #2 0x40acb2 in main ../sway/main.c:363
    #3 0x7fdf6664c18a in __libc_start_main ../csu/libc-start.c:308
2018-07-04 18:47:11 +09:00
emersion
4afa18a0c0
Merge pull request #2202 from RyanDwyer/fix-focus-damage
Fix focus related damage
2018-07-04 09:23:07 +01:00
Ryan Dwyer
0bd41a0dae Fix focus related damage
When you have an unfocused container (so one view is focused_inactive),
and you focus any other view in that container, the view with
focused_inactive was not damaged. This is because we damaged the
previous focus and new focus, but needed to damage the parent of the new
focus.
2018-07-04 15:38:08 +10:00
Dominique Martinet
c092f1fe6a startup: move setenv WAYLAND_DISPLAY before config execs
We would previously run all config commands without the environment,
which would appear to work as our socket name is the default one, but
wayland clients would start up in the wrong sway session.

(This explains why 'sometimes' my swayidle processes wouldn't die with
sway, as they weren't listening to the correct socket)
2018-07-04 13:52:26 +09:00
emersion
8cc26130a6
Merge pull request #2194 from RyanDwyer/fix-incorrect-render
Don't return pending children in seat_get_active_current_child
2018-07-02 13:29:25 +01:00
Ryan Dwyer
1e4807efa0 Don't return pending children in seat_get_active_current_child
Fixes #2192.

seat_get_active_current_child is intended to return a child of the given
container which has finished its mapping transaction and is able to be
rendered on screen. The previous implementation was capable of returning
a pending child, which caused a child of a tabbed or stacked view to be
rendered prematurely while it was mapping.
2018-07-02 22:16:20 +10:00
Ryan Dwyer
d467452e5e Fix damage on swaybar when view requests to exit fullscreen
Fixes #2191
2018-07-02 21:58:21 +10:00
emersion
f611a4f9b1
Merge pull request #2187 from martinetd/idle-inhibit
Idle inhibit
2018-07-02 09:06:23 +01:00
Dominique Martinet
71224781c4 idle_inhibit: move server data to its own struct 2018-07-02 09:29:16 +09:00
Dominique Martinet
072b334abc idle_inhibit: stop inhibitor when views become invisible 2018-07-02 09:29:16 +09:00
Dominique Martinet
e4bfb3bc98 Add idle inhibit unstable v1 support 2018-07-02 09:29:16 +09:00
Dominique Martinet
4eeca10a8a load_config: move NULL path check before first use
Found through static analysis
2018-07-02 08:03:41 +09:00
Dominique Martinet
8c526bbb03 config include: fix leak on relative include path
Found through static analysis
2018-07-02 08:03:41 +09:00
Dominique Martinet
248ea93c1a bar config: fix uninitialized accesses on init error
If init fails halfway through it will call the destroy function,
which needs some coherent stuff filled.
Allocate with calloc and fill in what cannot fail first

Found through static analysis.
2018-07-02 08:03:41 +09:00
Dominique Martinet
e67c8cf1cb cmd_assign: fix leak on error
Found through static analysis.
2018-07-02 08:03:41 +09:00
Dominique Martinet
c73c552cae bar_cmd_modifier: fix use-after-free on error
Found through static analysis.
2018-07-02 08:03:41 +09:00
Dominique Martinet
6d2b82253a bar_cmd_font: fix leak of font
join_args is a freshly allocated string and can be used as is.

Found through static analysis.
2018-07-02 08:03:41 +09:00
Dominique Martinet
0c6149171b read_config: fix leak on error
Found through static analysis.
2018-07-02 08:03:41 +09:00
Dominique Martinet
a2354d5992 cmd_background: fix leak on error
Found through static analysis.
2018-07-02 08:03:41 +09:00
Dominique Martinet
df494a7e51 transaction_apply: use float for quotient
Pre-dividing 1000/60 would lose 2/3 due to round-up

Found through static analysis
2018-07-02 08:03:41 +09:00
Dominique Martinet
c78ab67877 workspace_next_name: fix string length for ws_num >= 100
The check didn't include && ws_num < 100 so l would always be 1 or 2
Instead of fixing logic it's simpler to just call snprintf twice to get
length and use that.

Also change malloc failure check to sway_assert because both callers of
this function do not do null check and would segfault...

Found through static analysis.
2018-07-02 08:03:41 +09:00
Dominique Martinet
9c9ee3e4ef find prev/next output/workspace: add NULL check
These could be called with NULL if there is no focus

Found through static analysis.
2018-07-02 08:03:41 +09:00
Dominique Martinet
ab18740529 output commands: move !argc checks after argc gets decremented
Found through static analysis.
2018-07-02 08:03:41 +09:00
Dominique Martinet
557a14a6fe config_commands_command: make alloc failure check more permanent
policy is accessed again later

Found through static analysis
2018-07-02 08:03:41 +09:00
Dominique Martinet
5690bea227 input_config: free new_input_config on error
Found through static analysis.
2018-07-02 08:03:41 +09:00
Dominique Martinet
ebe69583c7 ipc-server: fix more use-after-frees on ipc_send_reply error
Since ipc_send_reply frees the client on error, we need to check the
return value properly as we access client later on

Found through static analysis.
2018-07-02 08:03:41 +09:00
Dominique Martinet
0ab04b7434 ipc-server: minor code cleanup
No logic change here, this one is mostly to please static analyzer:
 - client->fd can never be -1 (and if it could, close() a few lines below
would have needed the same check)
 - we never send permission denied error (dead code)
2018-07-02 08:03:41 +09:00
Dominique Martinet
546ddbcd5b ipc-server: fix double-free on send error in ipc_send_event
ipc_send_reply already does client disconnect on error, so we shouldn't
do it again.
We also need to process current index again as disconnect removes client
from the list we currently are processing (this is an indexed "list")

Found through static analysis.
2018-07-02 08:03:41 +09:00
Dominique Martinet
9c8fb7d025 invoke_swaybar: fix message length header size
size_t/ssize_t are 8 bytes on 64bit systems, so use the proper size to
transmit that information.
This could lead to ridiculously large alloc as len is not initialized to zero

Found through static analysis
2018-07-02 08:03:41 +09:00
Dominique Martinet
1b7f554474 log_kernel: s/fclose/pclose/ (for popen'd FILE)
With recent glibc the functions are strictly identical, but this might
not be true for all libc implementations

Found through static analysis.
2018-07-02 08:03:41 +09:00
emersion
7abb4d63e2
Init screencopy manager 2018-07-01 22:55:25 +01:00
Dominique Martinet
ce17788533 exec_always: fix leaks
- child would leak in the workspace_record_pid path
 - removing malloc lets us get rid of That Comment nobody seems
to remember what it was about
 - we would leak pipe fds on first fork failling
 - we didn't return an error if second fork failed
 - the final executed process still had both pipe fds
(would show up in /proc/23560/fd in launched programs)
 - we would write twice to the pipe if execl failed for some reason
(e.g. if /bin/sh doesn't exist?!)
2018-07-02 00:09:56 +09:00
Drew DeVault
acd79e1505 Implement pid->workspace tracking
When you spawn a process with the exec command, sway now notes the
workspace you had focused and the pid of the child process, then assigns
that workspace to the child when its window appears.

Some of this is carried over from sway 0.15, but with some major
refactoring and centralization of state.
2018-07-01 09:58:18 -04:00
Dominique Martinet
bc1e99305a xdg_shell: listen to fullscreen request on map
That event comes from the toplevel and not the surface, so would cause
a use-after-free on destroy if the toplevel got destroyed first:

==5454==ERROR: AddressSanitizer: heap-use-after-free on address 0x6110001ed198 at pc 0x000000472d10 bp 0x7ffc19070a80 sp 0x7ffc19070a70
WRITE of size 8 at 0x6110001ed198 thread T0
    #0 0x472d0f in wl_list_remove ../common/list.c:157
    #1 0x42e159 in handle_destroy ../sway/desktop/xdg_shell_v6.c:243
    #2 0x7fa9e5b28ce8 in wlr_signal_emit_safe ../util/signal.c:29
    #3 0x7fa9e5afd6b1 in destroy_xdg_surface_v6 ../types/xdg_shell_v6/wlr_xdg_surface_v6.c:101
    #4 0x7fa9e5d98025 in destroy_resource src/wayland-server.c:688
    #5 0x7fa9e5d98091 in wl_resource_destroy src/wayland-server.c:705
    #6 0x7fa9e27f103d in ffi_call_unix64 (/lib64/libffi.so.6+0x603d)
    #7 0x7fa9e27f09fe in ffi_call (/lib64/libffi.so.6+0x59fe)
    #8 0x7fa9e5d9bf2c  (/lib64/libwayland-server.so.0+0xbf2c)
    #9 0x7fa9e5d983de in wl_client_connection_data src/wayland-server.c:420
    #10 0x7fa9e5d99f01 in wl_event_loop_dispatch src/event-loop.c:641
    #11 0x7fa9e5d98601 in wl_display_run src/wayland-server.c:1260
    #12 0x40a2f4 in main ../sway/main.c:433
    #13 0x7fa9e527318a in __libc_start_main ../csu/libc-start.c:308
    #14 0x40b749 in _start (/opt/wayland/bin/sway+0x40b749)

0x6110001ed198 is located 152 bytes inside of 240-byte region [0x6110001ed100,0x6110001ed1f0)
freed by thread T0 here:
    #0 0x7fa9e7c89880 in __interceptor_free (/lib64/libasan.so.5+0xee880)
    #1 0x7fa9e5affce9 in destroy_xdg_toplevel_v6 ../types/xdg_shell_v6/wlr_xdg_toplevel_v6.c:23
    #2 0x7fa9e5d98025 in destroy_resource src/wayland-server.c:688

previously allocated by thread T0 here:
    #0 0x7fa9e7c89e50 in calloc (/lib64/libasan.so.5+0xeee50)
    #1 0x7fa9e5b00eea in create_xdg_toplevel_v6 ../types/xdg_shell_v6/wlr_xdg_toplevel_v6.c:427
    #2 0x7fa9e27f103d in ffi_call_unix64 (/lib64/libffi.so.6+0x603d)

The toplevel only notifies the compositor on destroy if it was mapped,
so only listen to events at map time.
2018-06-30 22:42:24 +09:00
Dominique Martinet
9ea4cc13a0 sway views: add helpers to get view and layer from wlr_surface 2018-06-30 22:31:14 +09:00
Ryan Dwyer
e396af853b Merge remote-tracking branch 'upstream/master' into atomic 2018-06-30 22:46:25 +10:00
Rostislav Pehlivanov
0cc24dd9c8 Fix crash with stacking layout after f42bf0ad4
The "simple" rendering function only applies to tiled views.
2018-06-30 12:45:49 +01:00
Ryan Dwyer
fc6fde7d90 Fix compile error 2018-06-30 21:07:54 +10:00
Rostislav Pehlivanov
f42bf0ad4a container_at_view: don't offset the view by the window geometry
Fixes floating window input offsets. As discussed on IRC with emersion,
this shouldn't have been done in the first place.
2018-06-30 11:11:06 +01:00
Rostislav Pehlivanov
e0d0e8f840 Revert "Don't unmaximize floating views"
This reverts commit 97672295ed.
2018-06-30 11:10:47 +01:00