From bab6b79af203762c10c31eaef3494dd4e4e4ac4f Mon Sep 17 00:00:00 2001 From: Alexander Orzechowski Date: Fri, 18 Mar 2022 08:42:30 -0400 Subject: [PATCH] Fix SIGSEGV on surface destroy ``` Program terminated with signal SIGSEGV, Segmentation fault. warning: Section `.reg-xstate/3960717' in core file too small. 0 container_get_siblings (container=0x55bcde4797f0) at ../sway/tree/container.c:1228 1228 if (list_find(container->pending.workspace->tiling, container) != -1) { [Current thread is 1 (Thread 0x7fa23b4a2940 (LWP 3960717))] (gdb) bt full= No symbol "full" in current context. (gdb) bt full 0 container_get_siblings (container=0x55bcde4797f0) at ../sway/tree/container.c:1228 1 0x000055bcdb62c704 in edge_is_external (cont=0x55bcde4797f0, edge=(WLR_EDGE_TOP | WLR_EDGE_LEFT)) at ../sway/input/seatop_default.c:54 siblings = 0x55bcde4797f0 index = 32766 layout = L_NONE __PRETTY_FUNCTION__ = "edge_is_external" 2 0x000055bcdb62c96f in find_resize_edge (cont=0x55bcde4797f0, surface=0x0, cursor=0x55bcddd5c2e0) at ../sway/input/seatop_default.c:106 edge = (WLR_EDGE_TOP | WLR_EDGE_LEFT) 3 0x000055bcdb620b3c in cursor_update_image (cursor=0x55bcddd5c2e0, node=0x55bcde4797f0) at ../sway/input/cursor.c:144 edge = WLR_EDGE_NONE 4 0x000055bcdb62eb8f in handle_rebase (seat=0x55bcddd5a740, time_msec=488992944) at ../sway/input/seatop_default.c:773 e = 0x55bcddd5c8e0 cursor = 0x55bcddd5c2e0 surface = 0x0 sx = 0 sy = 0 5 0x000055bcdb62c531 in seatop_rebase (seat=0x55bcddd5a740, time_msec=488992944) at ../sway/input/seat.c:1585 6 0x000055bcdb620a7d in cursor_rebase (cursor=0x55bcddd5c2e0) at ../sway/input/cursor.c:126 time_msec = 488992944 7 0x000055bcdb620ac4 in cursor_rebase_all () at ../sway/input/cursor.c:136 seat = 0x55bcddd5a740 8 0x000055bcdb61cc95 in transaction_apply (transaction=0x55bcde5b28c0) at ../sway/desktop/transaction.c:704 9 0x000055bcdb61ccdb in transaction_progress () at ../sway/desktop/transaction.c:716 10 0x000055bcdb61d1f9 in transaction_commit_pending () at ../sway/desktop/transaction.c:836 transaction = 0x55bcde5b28c0 11 0x000055bcdb61d596 in _transaction_commit_dirty (server_request=true) at ../sway/desktop/transaction.c:912 12 0x000055bcdb61d5ac in transaction_commit_dirty () at ../sway/desktop/transaction.c:916 13 0x000055bcdb65f579 in view_unmap (view=0x55bcde2ff180) at ../sway/tree/view.c:847 parent = 0x55bcde489010 ws = 0x55bcdde19080 seat = 0x55bcddd5a198 14 0x000055bcdb61e461 in handle_unmap (listener=0x55bcde2ff368, data=0x0) at ../sway/desktop/xdg_shell.c:394 xdg_shell_view = 0x55bcde2ff180 view = 0x55bcde2ff180 __PRETTY_FUNCTION__ = "handle_unmap" 15 0x00007fa23c4ae87f in wlr_signal_emit_safe (signal=0x55bcde46cf38, data=0x0) at ../util/signal.c:29 pos = 0x55bcde2ff368 l = 0x55bcde2ff368 cursor = {link = {prev = 0x55bcde2ff368, next = 0x7ffe240702a0}, notify = 0x7fa23c4ae7c9 } end = {link = {prev = 0x7ffe24070280, next = 0x55bcde46cf38}, notify = 0x7fa23c4ae7c9 } 16 0x00007fa23c47c3c7 in unmap_xdg_surface (surface=0x55bcde46ce30) at ../types/xdg_shell/wlr_xdg_surface.c:40 __PRETTY_FUNCTION__ = "unmap_xdg_surface" popup = 0x55bcde46ce60 popup_tmp = 0x55bcde46ce60 configure = 0x7ffe24070360 tmp = 0x55bcde488020 17 0x00007fa23c47cd47 in xdg_surface_role_precommit (wlr_surface=0x55bcde488020, state=0x55bcde4881a8) at ../types/xdg_shell/wlr_xdg_surface.c:330 surface = 0x55bcde46ce30 18 0x00007fa23c4813b2 in surface_commit_state (surface=0x55bcde488020, next=0x55bcde4881a8) at ../types/wlr_compositor.c:407 __PRETTY_FUNCTION__ = "surface_commit_state" invalid_buffer = false subsurface = 0xbd8e9aecae023300 --Type for more, q to quit, c to continue without paging-- 19 0x00007fa23c48192a in surface_handle_commit (client=0x55bcde488850, resource=0x55bcde2fdb80) at ../types/wlr_compositor.c:523 surface = 0x55bcde488020 20 0x00007fa23bb5ed4a in () at /usr/lib/libffi.so.8 21 0x00007fa23bb5e267 in () at /usr/lib/libffi.so.8 22 0x00007fa23c517323 in () at /usr/lib/libwayland-server.so.0 23 0x00007fa23c5125cc in () at /usr/lib/libwayland-server.so.0 24 0x00007fa23c5151ca in wl_event_loop_dispatch () at /usr/lib/libwayland-server.so.0 25 0x00007fa23c512d37 in wl_display_run () at /usr/lib/libwayland-server.so.0 26 0x000055bcdb616885 in server_run (server=0x55bcdb68c5c0 ) at ../sway/server.c:307 27 0x000055bcdb61594e in main (argc=3, argv=0x7ffe24070af8) at ../sway/main.c:433 ``` It seems to be happening because of this set of events all happening in the span of a single transaction: 1. You kill a tiled window that is the only window in a workplace. 2. Sway will destroy the workspace but not yet the container - this makes `con->pending.workspace` NULL. 3. Cursor glyphs get recomputed causing sway to recompute if the cursor is on a container edge. 4. That computation causes an access to the NULL workspace. Crash. --- sway/input/seatop_default.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/sway/input/seatop_default.c b/sway/input/seatop_default.c index 62261c77..0f4d0385 100644 --- a/sway/input/seatop_default.c +++ b/sway/input/seatop_default.c @@ -56,6 +56,9 @@ static bool edge_is_external(struct sway_container *cont, enum wlr_edges edge) { while (cont) { if (container_parent_layout(cont) == layout) { list_t *siblings = container_get_siblings(cont); + if (!siblings) { + return false; + } int index = list_find(siblings, cont); if (index > 0 && (edge == WLR_EDGE_LEFT || edge == WLR_EDGE_TOP)) { return false;