81194 – Weston sends input events from freed surface

Bug 81194 - Weston sends input events from freed surface

Summary: Weston sends input events from freed surface

Status:	RESOLVED NOTABUG

Alias:	None

Product:	Wayland
Classification:	Unclassified
Component:	weston (show other bugs)
Version:	1.5.0
Hardware:	Other All

Importance:	medium normal
Assignee:	Wayland bug list
QA Contact:

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2014-07-10 22:24 UTC by Ricardo Vieira
Modified:	2014-07-11 07:24 UTC (History)
CC List:	0 users

See Also:
i915 platform:
i915 features:

Attachments
gdb backtrace (1000 bytes, text/plain) 2014-07-10 22:29 UTC, Ricardo Vieira	Details
View All

Description Ricardo Vieira 2014-07-10 22:24:56 UTC

when a wl_surface is destroyed it looks like the pointer and keyboard signals are sent after the window is destroyed (for example the leave singnal)  and the surface argument was already freed for example if we call  wl_surface_get_user_data(surface) from pointer leave signal it segfaults

Steps to reproduce:

-Create a window
-Wait until the pointer handle enter event
-destroy the wl_surface from the window
-wait for events
-call wl_surface_get_user_data(surface) from pointer handle leave
-Segfault


I found this bug running the reopen test from glfw a multi-platform library for OpenGL

Tested on Weston 7b9820766(master)

Comment 1 Ricardo Vieira 2014-07-10 22:29:55 UTC

Created attachment 102583 [details]
gdb backtrace

Comment 2 Jason Ekstrand 2014-07-11 07:24:22 UTC

This is well-known behavior.  The protocol specifies that a leave event is sent whenever the pointer is no longer focussed on the surface.  Your app gets a zombie object which it gets as null from libwayland.  Unfortunately, zombie objects can happen in cases like this and your app needs to gracefully handle them.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.