92316 – weston segfault with broken client

Bug 92316 - weston segfault with broken client

Summary: weston segfault with broken client

Status:	RESOLVED FIXED

Alias:	None

Product:	Wayland
Classification:	Unclassified
Component:	weston (show other bugs)
Version:	unspecified
Hardware:	Other All

Importance:	medium normal
Assignee:	Wayland bug list
QA Contact:

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2015-10-06 12:39 UTC by Olivier Fourdan
Modified:	2016-02-02 02:05 UTC (History)
CC List:	1 user (show)

See Also:
i915 platform:
i915 features:

Attachments
Simple reproducer with gtk+ alone (4.00 KB, text/plain) 2015-10-06 12:39 UTC, Olivier Fourdan	Details
View All

Description Olivier Fourdan 2015-10-06 12:39:20 UTC

Created attachment 118712 [details]
Simple reproducer with gtk+ alone

Just found out that using this (broken) client will kill weston.

[14:30:41.416] caught signal: 11
[14:30:41.417] 0: weston (on_caught_signal+0x17) [0x41bd67]
[14:30:41.417] 1: /lib64/libc.so.6 (killpg+0x40) [0x7f00ae29eb5f]
[14:30:41.417] 2: /usr/lib64/weston/desktop-shell.so (xdg_get_xdg_popup+0xc0) [0x7f00a538acb0]
[14:30:41.418] 3: /lib64/libffi.so.6 (ffi_call_unix64+0x4c) [0x7f00aef3ad30]
[14:30:41.418] 4: /lib64/libffi.so.6 (ffi_call+0x2eb) [0x7f00aef3a79b]
[14:30:41.418] 5: /usr/lib64/libwayland-server.so.0 (wl_closure_invoke+0x148) [0x7f00af147858]
[14:30:41.419] 6: /usr/lib64/libwayland-server.so.0 (wl_client_connection_data+0x216) [0x7f00af144076]
[14:30:41.419] 7: /usr/lib64/libwayland-server.so.0 (wl_event_loop_dispatch+0x62) [0x7f00af145c62]
[14:30:41.419] 8: /usr/lib64/libwayland-server.so.0 (wl_display_run+0x25) [0x7f00af144565]
[14:30:41.419] 9: weston (main+0xbbb) [0x408bcb]
[14:30:41.420] 10: /lib64/libc.so.6 (__libc_start_main+0xf0) [0x7f00ae28a580]
[14:30:41.420] 11: weston (_start+0x29) [0x408d49]

The crash is reproducible at will with the attached client.

The client is broken, no doubt about this, but weston should be able to survive whatever clients throw at it.

Comment 1 Jonas Ådahl 2015-10-07 06:45:34 UTC

This <http://patchwork.freedesktop.org/patch/61207/> patch fixes it.

Comment 2 Bryce Harrington 2016-02-02 02:05:36 UTC

commit bc5d849c9d2088b22744d40840b5663c2ea4f385
Author:     Jonas Ådahl <jadahl@gmail.com>
AuthorDate: Wed Oct 7 14:44:50 2015 +0800
Commit:     Derek Foreman <derekf@osg.samsung.com>
CommitDate: Wed Oct 7 11:43:59 2015 -0500

    desktop-shell: NULL check whether a popup parent is a shell surface
    
    get_shell_surface(parent) may return NULL if the client passed a
    unassigned wl_surface or a wl_surface with a non-shell surface role
    (such as cursor role).
    
    https://bugs.freedesktop.org/show_bug.cgi?id=92316
    
    Signed-off-by: Jonas Ådahl <jadahl@gmail.com>
    Tested-by: Olivier Fourdan <ofourdan@redhat.com>
    Reviewed-by: Derek Foreman <derekf@osg.samsung.com>

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.