Bug 92316

Summary: weston segfault with broken client
Product: Wayland Reporter: Olivier Fourdan <fourdan>
Component: westonAssignee: Wayland bug list <wayland-bugs>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: medium CC: jadahl
Version: unspecified   
Hardware: Other   
OS: All   
Whiteboard:
i915 platform: i915 features:
Attachments: Simple reproducer with gtk+ alone

Description Olivier Fourdan 2015-10-06 12:39:20 UTC 
Created attachment 118712 [details]
Simple reproducer with gtk+ alone

Just found out that using this (broken) client will kill weston.

[14:30:41.416] caught signal: 11
[14:30:41.417] 0: weston (on_caught_signal+0x17) [0x41bd67]
[14:30:41.417] 1: /lib64/libc.so.6 (killpg+0x40) [0x7f00ae29eb5f]
[14:30:41.417] 2: /usr/lib64/weston/desktop-shell.so (xdg_get_xdg_popup+0xc0) [0x7f00a538acb0]
[14:30:41.418] 3: /lib64/libffi.so.6 (ffi_call_unix64+0x4c) [0x7f00aef3ad30]
[14:30:41.418] 4: /lib64/libffi.so.6 (ffi_call+0x2eb) [0x7f00aef3a79b]
[14:30:41.418] 5: /usr/lib64/libwayland-server.so.0 (wl_closure_invoke+0x148) [0x7f00af147858]
[14:30:41.419] 6: /usr/lib64/libwayland-server.so.0 (wl_client_connection_data+0x216) [0x7f00af144076]
[14:30:41.419] 7: /usr/lib64/libwayland-server.so.0 (wl_event_loop_dispatch+0x62) [0x7f00af145c62]
[14:30:41.419] 8: /usr/lib64/libwayland-server.so.0 (wl_display_run+0x25) [0x7f00af144565]
[14:30:41.419] 9: weston (main+0xbbb) [0x408bcb]
[14:30:41.420] 10: /lib64/libc.so.6 (__libc_start_main+0xf0) [0x7f00ae28a580]
[14:30:41.420] 11: weston (_start+0x29) [0x408d49]

The crash is reproducible at will with the attached client.

The client is broken, no doubt about this, but weston should be able to survive whatever clients throw at it.
Comment 1 Jonas Ådahl 2015-10-07 06:45:34 UTC 
This <http://patchwork.freedesktop.org/patch/61207/> patch fixes it.
Comment 2 Bryce Harrington 2016-02-02 02:05:36 UTC 
commit bc5d849c9d2088b22744d40840b5663c2ea4f385
Author:     Jonas Ådahl <jadahl@gmail.com>
AuthorDate: Wed Oct 7 14:44:50 2015 +0800
Commit:     Derek Foreman <derekf@osg.samsung.com>
CommitDate: Wed Oct 7 11:43:59 2015 -0500

    desktop-shell: NULL check whether a popup parent is a shell surface
    
    get_shell_surface(parent) may return NULL if the client passed a
    unassigned wl_surface or a wl_surface with a non-shell surface role
    (such as cursor role).
    
    https://bugs.freedesktop.org/show_bug.cgi?id=92316
    
    Signed-off-by: Jonas Ådahl <jadahl@gmail.com>
    Tested-by: Olivier Fourdan <ofourdan@redhat.com>
    Reviewed-by: Derek Foreman <derekf@osg.samsung.com>

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.