Bug 68649

Summary: SIGSEGV in shell_surface_move
Product: Wayland Reporter: Ross Lagerwall <rosslagerwall>
Component: westonAssignee: Wayland bug list <wayland-bugs>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: medium    
Version: unspecified   
Hardware: x86-64 (AMD64)   
OS: All   
Whiteboard:
i915 platform: i915 features:

Description Ross Lagerwall 2013-08-28 10:12:52 UTC 
Sometimes clicking on the titlebar of a client causes weston to segfault.
This happened when I was testing wayland and weston master with eog and
nautilus.

[11:58:54.490] caught signal: 11
[11:58:54.490] 0: /home/ross/blead/wl/bin/weston (on_caught_signal+0x2c) [0x40f320]
[11:58:54.491] 1: /usr/lib/libc.so.6 (__restore_rt+0x0) [0x7f6c15b9f44f]
[11:58:54.491] 2: /home/ross/blead/wl/lib/weston/desktop-shell.so (shell_surface_move+0xc9) [0x7f6c0c2511de]
[11:58:54.492] 3: /usr/lib/libffi.so.6 (ffi_call_unix64+0x4c) [0x7f6c17176d8c]
[11:58:54.493] 4: /usr/lib/libffi.so.6 (ffi_call+0x1fc) [0x7f6c171766bc]
[11:58:54.493] 5: /home/ross/blead/wl/lib/libwayland-server.so.0 (wl_closure_invoke+0x15a) [0x7f6c17382afa]
[11:58:54.494] 6: /home/ross/blead/wl/lib/libwayland-server.so.0 (wl_client_connection_data+0x19e) [0x7f6c1737f47e]
[11:58:54.495] 7: /home/ross/blead/wl/lib/libwayland-server.so.0 (wl_event_loop_dispatch+0x62) [0x7f6c173811b2]
[11:58:54.495] 8: /home/ross/blead/wl/lib/libwayland-server.so.0 (wl_display_run+0x25) [0x7f6c1737fa55]
[11:58:54.495] 9: /home/ross/blead/wl/bin/weston (main+0x586) [0x40fd5d]
[11:58:54.496] 10: /usr/lib/libc.so.6 (__libc_start_main+0xf5) [0x7f6c15b8bbc5]
[11:58:54.496] 11: /home/ross/blead/wl/bin/weston (_start+0x29) [0x407f99]
[11:58:54.497] 12: ? (?+0x29) [0x29]
child 3579 exited
Trace/breakpoint trap (core dumped)

The troublesome code is in shell.c/shell_surface_move -- seat->touch is NULL which
clearly causes a SEGV:
	} else if (seat->touch->grab_serial == serial) {

I don't have any touch devices. Should there be some extra check here?
Comment 1 Kristian Høgsberg 2013-08-29 06:19:18 UTC 
...
> The troublesome code is in shell.c/shell_surface_move -- seat->touch is NULL
> which
> clearly causes a SEGV:
> 	} else if (seat->touch->grab_serial == serial) {
> 
> I don't have any touch devices. Should there be some extra check here?

There should indeed, thanks.  Committed to weston master (and will be in 1.2.2):

commit e1b655df922d1feb2409a1401c83041747645175
Author: Kristian Høgsberg <krh@bitplanet.net>
Date:   Wed Aug 28 23:16:20 2013 -0700

    shell: Make sure we have seat->pointer and seat->touch before dereferencing
    
    Either of these may not be available when we handle wl_shell_surface.move,
    and we need to not crash when that's the case.
    
    https://bugs.freedesktop.org/show_bug.cgi?id=68649

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.