Bug 81194

Summary: Weston sends input events from freed surface
Product: Wayland Reporter: Ricardo Vieira <ricardo.vieira>
Component: westonAssignee: Wayland bug list <wayland-bugs>
Status: RESOLVED NOTABUG QA Contact:
Severity: normal    
Priority: medium    
Version: 1.5.0   
Hardware: Other   
OS: All   
Whiteboard:
i915 platform: i915 features:
Attachments: gdb backtrace

Description Ricardo Vieira 2014-07-10 22:24:56 UTC 
when a wl_surface is destroyed it looks like the pointer and keyboard signals are sent after the window is destroyed (for example the leave singnal)  and the surface argument was already freed for example if we call  wl_surface_get_user_data(surface) from pointer leave signal it segfaults

Steps to reproduce:

-Create a window
-Wait until the pointer handle enter event
-destroy the wl_surface from the window
-wait for events
-call wl_surface_get_user_data(surface) from pointer handle leave
-Segfault


I found this bug running the reopen test from glfw a multi-platform library for OpenGL

Tested on Weston 7b9820766(master)
Comment 1 Ricardo Vieira 2014-07-10 22:29:55 UTC 
Created attachment 102583 [details]
gdb backtrace
Comment 2 Jason Ekstrand 2014-07-11 07:24:22 UTC 
This is well-known behavior.  The protocol specifies that a leave event is sent whenever the pointer is no longer focussed on the surface.  Your app gets a zombie object which it gets as null from libwayland.  Unfortunately, zombie objects can happen in cases like this and your app needs to gracefully handle them.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.